Attackers opt for web flaws and malicious links.
Web application vulnerabilities are commonly exploited in phishing attacks, most commonly exploiting reflected Cross-Site Scripting (XSS) flaws.
According to Vipre’s Q1 2024 Email Threat Trends report, attackers use the tag attribute “href” to circumvent detection, and often use a variety of tactics such as the entire email content as an image, encoding URLs, and directing the victim through multiple URLs.
Malicious actors also conduct thread hijacking of NTLM (NT LAN Manager) - a security protocol used by Microsoft Windows operating systems for authentication. By hijacking the authentication thread, attackers extract NTLM challenge-response hashes from legitimate SMB (Server Message Block) sessions, to enable them to impersonate authenticated users and gain unauthorised access.
The report also found that malware is often hidden in cloud storage platforms, with attackers opting for malicious links in malspam emails instead of attachments. Where attachments are used, .ics calendar invite and .rtf attachment file formats are used to trick recipients into opening malicious content.Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
