Header image

Phishing Trends Show Move to Exploit Flaws and Protocols

Attackers opt for web flaws and malicious links.

Web application vulnerabilities are commonly exploited in phishing attacks, most commonly exploiting reflected Cross-Site Scripting (XSS) flaws.

According to Vipre’s Q1 2024 Email Threat Trends report, attackers use the tag attribute “href” to circumvent detection, and often use a variety of tactics such as the entire email content as an image, encoding URLs, and directing the victim through multiple URLs.

Malicious actors also conduct thread hijacking of NTLM (NT LAN Manager) - a security protocol used by Microsoft Windows operating systems for authentication. By hijacking the authentication thread, attackers extract NTLM challenge-response hashes from legitimate SMB (Server Message Block) sessions, to enable them to impersonate authenticated users and gain unauthorised access.

The report also found that malware is often hidden in cloud storage platforms, with attackers opting for malicious links in malspam emails instead of attachments. Where attachments are used, .ics calendar invite and .rtf attachment file formats are used to trick recipients into opening malicious content.
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image