Hackers Turn to Obfuscation Tactics in Phishing Campaigns
Hackers are constantly updating their tactics with new tools and techniques to make their phishing campaigns more convincing and successful. In a recent campaign analyzed by Avanan, cybercriminals hid malicious links behind glossy advertising photos from trusted brands like Delta Airlines and Kohl’s to trick users into visiting credential harvesting sites and giving up their personal information. Avanan researchers dubbed this obfuscation technique “picture in picture,” where attackers simply link the marketing photos to malicious URLs. Although this method is not as complex as steganography, which encodes malicious payloads at the pixel level within an image, it still poses a significant threat to users.
How “Picture in Picture” Obfuscation Works
Despite being straightforward, the picture-in-picture approach makes it more difficult for URL filters to pick up the threat, as email filters don’t usually scan within the image. According to Avanan researchers, “the email will look clean [to filters] if they aren’t scanning within the image.” The attackers often link a file, image, or QR code to something malicious. The malware payload becomes apparent when someone uses OCR to convert the images to text or parses QR codes and decodes them. Unfortunately, many security services either don’t or can’t do this.
Attackers use social engineering to make the user act on the malicious link. By tying in social engineering to obfuscation, attackers present end-users with something very tempting to click on and act on. Jeremy Fuchs, cybersecurity researcher and analyst at Avanan, cautioned users that although this attack is fairly sophisticated, “if users hover over the image, the URL link is clearly not related to the spoofed brand.”
Using AI to Update Old Tactics
The use of generative AI to aid obfuscation tactics in image-based phishing attacks will only make it harder to spot these attacks. “It’s super easy with generative AI,” Fuchs stated. For instance, using only ChatGPT prompts, a Forcepoint researcher convinced the AI into building undetectable steganography malware, despite its directive to refuse malicious requests.
Phil Neray, vice president of cyber defense strategy at CardinalOps, said that the AI trend is growing. “What’s new is the level of sophistication that can now be applied to make these emails appear to be almost identical to emails you would receive from a legitimate brand.” AI makes it much easier to create emails with the same textual content, tone, and imagery as a legitimate email.
Implications of the Attack for Businesses
Businesses and individuals should be aware of these tactics, especially since airline loyalty program communications often go to corporate inboxes. In the age of remote work, employees may also use personal devices for business or access personal services on business-issued laptops, making the business vulnerable to phishing attacks.
The potential implications of the attack for businesses are monetary loss and data loss. Organizations should first look to educate users about these types of attacks, stressing the importance of hovering over URLs and looking at the full link before clicking. They should also leverage URL protection that uses phishing techniques as an indicator of an attack and implement security that looks at all components of a URL and emulates the page behind it.
Editorial
This article serves as a warning to businesses and individuals to be vigilant about phishing attacks since hackers are using new tactics and technologies to make them more effective. The use of AI is particularly concerning since it can be used to create almost identical emails to those from legitimate brands. While it’s essential to educate users about these types of attacks, businesses must also implement robust security measures to protect themselves against these evolving threats.
Advice
Users should be mindful of any emails they receive that ask for personal information or offer enticing rewards or discounts. They should also hover over URLs and look at the full link before clicking. Businesses should implement URL protection that uses phishing techniques as an indicator of an attack and implement security that looks at all components of a URL and emulates the page behind it. Educating employees about these types of attacks can also go a long way in preventing successful phishing attempts. Finally, businesses should be aware of new technologies like AI and keep security measures up to date to protect against evolving threats.
<< photo by Kenny Eliason >>
You might want to read !
- The rise of Dark web streaming after Netflix password sharing ban.
- “Apple iMessage Turned Spy Tool: The Vulnerability of Privacy and National Security”
- The Implications of the Alleged Windows “Backdoor” for Gigabyte Motherboards
- “Is the Healthcare Industry Prepared for the Growing Threat of Ransomware Attacks?”
- ‘Rising Threat: ‘Horabot’ Malware Targets Spanish-Speaking Users in Latin America’
- “Exploring the Risks of PyPI Malware and its Evasion Techniques”
- The Rapid Expansion of Southeast Asian Hacking Crew with a Long List of Victims
- Uncovering the Latest Iranian Cyber Attack: A Look into the New PowerExchange Backdoor
- The Middle Ground: Balancing Technology and Education for Sustainable Security
- How Moxa Addresses MXsecurity Vulnerabilities in OT Attacks
- “The Growing Threat of Ransomware Attacks: Enzo Biochem Latest Victim with 2.5M Individuals’ Information Exposed”
- The Vulnerability Exploited in MOVEit File Transfer Software: Analyzing the Impact on Organizations.
