Researchers at Netskope final month noticed a 2000-fold enhance in visitors to phishing pages delivered by means of Microsoft Sway.
The phishing assaults are concentrating on organizations within the know-how, manufacturing, and finance sectors in Asia and North America.
Most of those assaults concerned QR code phishing (quishing) to trick victims into visiting the malicious websites.
“Attackers instruct their victims to make use of their cell gadgets to scan the QR code in hopes that these cell gadgets lack the stringent safety measures usually discovered on company issued ones, guaranteeing unrestricted entry to the phishing website,” Netskope explains.
“Moreover, these QR phishing campaigns make use of two methods from earlier posts: the usage of clear phishing and Cloudflare Turnstile. Clear phishing ensures victims entry the precise content material of the respectable login web page and might enable them to bypass extra safety measures like multi-factor authentication. In the meantime, Cloudflare Turnstile was used to cover the phishing payload from static content material scanners, preserving the great popularity of its area.”
Notably, the risk actors abused Sway, a free Microsoft 365 presentation app, to evade safety applied sciences.
“By utilizing respectable cloud functions, attackers present credibility to victims, serving to them to belief the content material it serves,” the researchers write. “Moreover, a sufferer makes use of their Microsoft 365 account that they’re already logged-into after they open a Sway web page, that may assist persuade them about its legitimacy as properly.
Sway may also be shared by means of both a hyperlink (URL hyperlink or visible hyperlink) or embedded on a web site utilizing an iframe. Over the previous six months, Netskope Risk Labs noticed little to no malicious visitors utilizing Microsoft Sway. Nonetheless, in July 2024, we noticed a 2,000-fold enhance in visitors to distinctive Microsoft Sway phishing pages. The pages we investigated have been concentrating on Microsoft 365 accounts.”
KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.
Netskope has the story.