March 19, 2024 at 06:48AM
Threat actors are exploiting digital document publishing (DDP) sites like FlipSnack and Issuu for phishing attacks. These legitimate platforms allow the hosting of malicious documents, evading email security controls. The attackers create multiple accounts using free trial periods, and the DDP sites’ features make it challenging to detect and extract malicious links. Cisco Talos researcher Craig Jackson highlights the risk of a false sense of security and the effectiveness of these attacks.
Key Takeaways from the Meeting Notes:
– Threat actors are using digital document publishing (DDP) sites like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for phishing, credential harvesting, and session token theft.
– Hosting phishing lures on DDP sites increases the chances of successful phishing attacks due to favorable reputation and evasion of web filter blocklists.
– Threat actors abuse free tier or no-cost trial periods of DDP sites to create multiple accounts and publish malicious documents.
– DDP services’ transient file hosting allows content to become automatically unavailable after a specific expiration date and time, adding to the challenge of detection.
– Productivity features in DDP sites like Publuu can prevent extraction and detection of malicious links in phishing messages, acting as a deterrent.
– DDP-hosted documents are used as gateways to phishing emails, ultimately leading to bogus sites mimicking legitimate login pages to steal credentials or session tokens.
– DDP sites represent a blind spot for defenders and can be abused by threat actors to increase the efficacy of phishing attacks.
Would you like me to draft a summary or take any further actions based on these notes?