In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote files.
The interaction then executes an embedded malicious payload. Since macros have been disabled by default in Office, attackers have turned to leveraging other Microsoft products for embedding malicious payloads. As a result, malicious OneNote files have grown in popularity.
Read more…
Source: Palo Alto Unit 42
Related:
- Government Cybersecurity Contractor Hit in W-2 Phishing Scam
March 17, 2017
Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that ...
- Social Media Phishing Rose 500% in 2016 Q4
February 9, 2017
Throughout 2016, social media phishing attacks have climbed 500%, a new Proofpoint research reveals. The data includes cases of angler phishing, where attackers intercept customer support channels on social media in their attempt to steal people’s credentials, which proved to be the most common among financial services, but also entertainment accounts. According to Proofpoint’s Quarterly Threat ...
- Netflix Users Under Attack As Hackers Try to Steal Credit Card Info
January 10, 2017
Security company FireEye detected a new wave of attacks aimed at Netflix users, with cybercriminals now turning to phishing schemes in order to steal their personal information, including credit card data, social security numbers, and other details. Although it seems that the attacks have been suspended, Netflix users in the United States should always keep an ...