Attackers opt for web flaws and malicious links.
Web application vulnerabilities are commonly exploited in phishing attacks, most commonly exploiting reflected Cross-Site Scripting (XSS) flaws.
According to Vipre’s Q1 2024 Email Threat Trends report, attackers use the tag attribute “href” to circumvent detection, and often use a variety of tactics such as the entire email content as an image, encoding URLs, and directing the victim through multiple URLs.
Malicious actors also conduct thread hijacking of NTLM (NT LAN Manager) - a security protocol used by Microsoft Windows operating systems for authentication. By hijacking the authentication thread, attackers extract NTLM challenge-response hashes from legitimate SMB (Server Message Block) sessions, to enable them to impersonate authenticated users and gain unauthorised access.
The report also found that malware is often hidden in cloud storage platforms, with attackers opting for malicious links in malspam emails instead of attachments. Where attachments are used, .ics calendar invite and .rtf attachment file formats are used to trick recipients into opening malicious content.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.