July 30, 2024 at 03:24AM
A new phishing campaign, known as OneDrive Pastejacking, targets Microsoft OneDrive users through social engineering tactics to execute a malicious PowerShell script. The attack tricks users by simulating a OneDrive page and providing false instructions to fix a DNS error. The campaign has been observed in various countries, signaling a growing prevalence of such phishing attacks. Other similar techniques involving email-based social engineering and invoice-themed lures have also been identified, highlighting the adversaries’ constant efforts to evade Secure Email Gateways and increase attack success.
Based on the meeting notes, the key takeaways are:
1. A new phishing campaign targeting Microsoft OneDrive users has been identified. The campaign relies heavily on social engineering tactics to trick users into executing a PowerShell script, compromising their systems. The attack starts with an email containing an HTML file that simulates a OneDrive page and prompts the user to take steps that lead to the execution of the malicious script.
2. The campaign, known as OneDrive Pastejacking, has been observed targeting users in several countries, including the U.S., South Korea, Germany, India, Ireland, Italy, Norway, and the U.K. Additionally, similar findings from other cybersecurity companies indicate that phishing attacks using this technique, also known as ClickFix, are becoming more prevalent.
3. There has been a discovery of a new email-based social engineering campaign distributing fake Windows shortcut files that lead to the execution of malicious payloads hosted on Discord’s Content Delivery Network (CDN) infrastructure. These phishing campaigns are increasingly observed, often using legitimate-looking forms on Microsoft Office Forms to trick targets into divulging their Microsoft 365 login credentials.
4. Adversaries are constantly seeking new ways to infiltrate malware past Secure Email Gateways (SEGs). A recent report from Cofense highlights how bad actors are evading detection by disguising HTML payloads as MPEG files within ZIP archive attachments.
These takeaways summarize the major points from the meeting notes, providing a clear understanding of the current cybersecurity threats discussed.