1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • RTF-based phishing attacks explode as malicious emails and attach

    From TechnologyDaily@1337:1/100 to All on Mon Oct 14 16:30:05 2024
    RTF-based phishing attacks explode as malicious emails and attachments look more trustworthy than ever

    Date:
    Mon, 14 Oct 2024 15:28:00 +0000

    Description:
    Customizable file names and URL obfuscation made RTF phishing campaign quite successful.

    FULL STORY ======================================================================

    Hackers have found a clever new way to abuse Rich Text Format (.RTF) files in phishing attacks, experts have warned.

    Cybersecurity researchers Ironscales claim to have observed a major spike in these campaigns during 2024, and in the space of just one month (March 2024), the experts say they spotted, and stopped, 6,755 such attacks.

    So what makes this attack so unique, and ultimately - successful? Three things, Ironscales says: the use of an outdated file format, attachment personalization, and URL obfuscation. Attachment personalization

    RTF files are quite uncommon these days, the researchers said, which means
    two things - victims are not that suspicious when they receive them in the email, and security solutions (especially traditional email security filters) dont flag them as often.

    So, when a threat actor sends a phishing email with an .RTF file attached, victims are somewhat more inclined to open it. Which led the researchers to the second point - attachment personalization. They say the criminals found a way to customize the file name in the email, to match the domain of the
    target recipient. Therefore, the attachment carries the name of the target company, boosting credibility.

    Finally, URL obfuscation. In the .RTF file, the crooks would attach a link that looks innocent enough, and often appear to lead to a well-known site, such as microsoft.com. However, a clever use of the @ symbol allows them to redirect the victim to a malicious site, instead. The usual link in these files would look something like this: https://www.microsoft.com@malicious-site.com/invoice.pdf.

    In the world of URLs, anything before the @ is treated as a username but can be written to look like a trusted domain, the researchers explained. The catch? The browser ignores everything before the @ and only cares about what comes after.

    In other words, if the victim is not carefully reading the entire link, they might think theyre visiting microsoft.com, but are instead being redirected elsewhere.

    In conclusion, crooks are getting smarter, Ironscales argues, meaning organizations must do the same - or suffer the consequences. More from TechRadar Pro New method for phishing discovered for Android and IPhone users Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/rtf-based-phishing-attacks-explode-as-m alicious-emails-and-attachments-look-more-trustworthy-than-ever


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)