Hackers are increasingly using Microsoft Visio files to lure unsuspecting computer users to phishing sites. This concerns false documents in compromised Sharepoint environments. Via emails, victims end up in a detour on a fake login page for Microsoft 365.
It works according to cybersecurity specialist Perception Point for so-called two-step attacks. The hackers first send their emails via compromised email accounts. The malicious parties manage to lure unsuspecting recipients via a link in such an email to a Visio file in a (also hacked) Sharepoint environment. This contains the link to the actual phishing site.
Bron: Perception Point
The whole purpose of this multi-layered approach is to appear as reliable as possible. First of all, the initial email arrives via a ‘real’ email address. A cracked address, yes, but the recipient does not know that. The malicious party also bypasses standard security checks in this way. The messages are about purchase orders or business proposals, so there is also a social engineering aspect to these types of operations.
Compromised Sharepoint environment
The email often also contains an .eml file, an Outlook email message. In fact, an email with a saved email message as an attachment. The attachment will then contain a link to a file in a Sharepoint environment. In many cases, this environment has also been compromised.
The document in the Sharepoint environment is a .vsdx file, a document type for Microsoft Visio. Visio is a program to quickly create flowcharts, diagrams, tables, organizational charts and other visual aids for business purposes. These documents are interactive, so it is possible to insert buttons that link to another document or website. The hackers hide their phishing links in exactly such buttons.
Bron: Perception Point
Instill confidence
By using .vsdx files, the hackers try to establish trust. These can, for example, be styled with the corporate identity of the company whose systems have been hacked. Such documents also contain instructions to hold down the ‘control’ button when clicking on the link. The reason for this is simple: the hackers ensure that it is a human who opens the link and not a bot or other automated process.
The final step is then the fake Microsoft 365 environment opens, where the victim supposedly has to log in. If he does that, the login credentials have been stolen. To stay ahead of such phishing attempts, Perception Point recommends measures such as Dynamic URL Analysis and AI security tools that specialize in the detection of malicious objects.
Also read: Microsoft warns against spear phishing with RDP files
The Art of Deception: Hackers Use Visio Files for Phishing
Oh, dear readers, it seems hackers have found a new tool in their nefarious toolbox: the humble Microsoft Visio file. Yes, you heard it right! If you thought the only ‘flow’ happening with these files was to create snazzy diagrams, think again! Who knew those fancy flowcharts could serve as the gateway to phishing scams? It’s like inviting a vampire into your house because, let’s be honest, that’s what hackers are—modern-day digital vampires, lurking in the shadows of your inbox!
According to the cybersecurity gurus over at Perception Point, these hackers are concocting what they call “two-step attacks.” So, if you ever wanted to feel like you were part of a secret agent movie where the real action doesn’t happen until the very end, brace yourself! First, they slip into your email like that one friend who always crashes the party. They’ve compromised real accounts to send you an email that looks eerily legitimate—like seeing a ‘friend’ at the pub who really just wants to use your phone.
Compromised SharePoint Environment: Not Your Average Picnic
In their wicked master plan, the hackers ensnare the unsuspecting victims with invitations to click on Visio files hosted in a hacked SharePoint environment. Sounds a bit like a tech-themed horror movie, doesn’t it? And just like that suspenseful flick, the tension builds as you find out that these Visio files aren’t merely aimed at streamlining your workflow. Oh no, they’re the seductive sirens leading you straight to a fake Microsoft 365 login page—a phishing site as inviting as that free Wi-Fi at the airport.
You see, these emails often come adorned with .eml file attachments which, if you’re wondering, are like those dusty family photos no one wants to look at but almost can’t resist! These attachments are actually just links masquerading as emails—think of them as the digital version of a Trojan horse. Inside this digital contraption, the hackers have embedded links that, upon clicking them, lead to those charming .vsdx files tailored to look like they belong to your corporate identity. Trust me, it’s all about ‘style over substance’—you know, like the latest fashion trends that just look good but are as comfortable as spikes in your shoes.
Instilling Confidence: The Sneaky Sales Tactics of Cybercriminals
And how do these dastardly hackers coax you into clicking that irresistible link? Ah, that’s the cherry on top of their malicious cake! They design these documents so well that you could mistake them for official company memos. They even include specific instructions urging you to hold down the ‘control’ button while clicking the link. Makes you feel all important, doesn’t it? Just like the time you were asked to click ‘Yes’ on the ‘Are you sure you want to delete this important file?’ pop-up—except this time, the only thing you’re deleting is your own digital security!
What awaits you after you obediently log in? Bam! Your credentials are flying off into the cyber abyss faster than you can say “phosphorescent phishing”! The final nail in the coffin, folks, is the fake Microsoft 365 environment where your credentials are stolen quicker than you can say ‘I need an IT support line!’
So how do we combat this sneaky prank? Well, according to Perception Point, employing measures like Dynamic URL Analysis and AI security tools specializing in detecting these dastardly malicious objects would be like installing a bouncer at the door of your digital nightclub—one that actually checks IDs!
In conclusion, my digital warriors, the world of cyberattacks is constantly evolving, and utilizing seemingly innocuous tools like Microsoft Visio to carry out phishing scams is the name of the game. Stay alert, keep your wits about you, and remember: if it looks too good to be true, it probably is—in this case, it certainly is!
Cybercriminals are progressively leveraging Microsoft Visio files as bait to entrap unsuspecting computer users into visiting phishing websites. This troubling trend revolves around counterfeit documents hosted within compromised SharePoint environments. Victims are often duped into navigating through emails that ultimately lead them to a fraudulent Microsoft 365 login page.
According to cybersecurity experts from Perception Point, these operations employ a sophisticated strategy known as two-step attacks. Initially, hackers disseminate emails via accounts that have been previously compromised. Via a deceptive link embedded within these emails, unsuspecting individuals are directed to a Visio file located in a similarly hacked SharePoint environment. This file is cleverly designed to conceal a link to the actual phishing site.
The objective behind this intricate tactic is to create the illusion of authenticity. Victims receive emails that appear to originate from legitimate addresses, albeit from accounts that have been infiltrated. This subterfuge allows malicious actors to circumvent conventional security protocols. The messages often discuss business-related matters such as purchase orders or proposals, cleverly employing social engineering techniques to manipulate their targets.
Compromised SharePoint Environment
The phishing email frequently includes an .eml file, which is essentially an Outlook email message saved as an attachment. This attachment leads the recipient to a file stored within the compromised SharePoint environment. Subsequent access may also lead to a dangerous security breach.
The actual document in the compromised SharePoint environment is formatted as a .vsdx file, specifically designed for Microsoft Visio. This powerful software enables users to swiftly generate flowcharts, diagrams, organizational charts, and other business-related visual aids. Importantly, these Visio documents can contain interactive elements, allowing the inclusion of buttons that redirect users to different documents or websites. Cybercriminals cleverly hide their phishing links within these buttons, making detection challenging.
Instill Confidence
By utilizing .vsdx file formats, hackers aim to foster trust with their victims. These documents can be crafted to align with the corporate branding of the compromised organization, enhancing their credibility. Additionally, the documents often carry explicit instructions for recipients to hold down the ‘control’ key when clicking on the link. This tactic ensures that the link is activated by a human user rather than an automated bot, increasing the chances of successful deception.
The final phase of this malicious operation occurs when the fraudulent Microsoft 365 environment appears, prompting the victim to enter login details. Once the user complies, their login credentials are seamlessly stolen by the attackers. To combat such phishing assaults, Perception Point advocates for advanced measures, including Dynamic URL Analysis and AI-driven security tools specialized in the rapid identification of malicious content.
Also read: Microsoft warns against spear phishing with RDP files
Omised SharePoint environment, which has also been targeted by the hackers. The Visio document itself, typically a .vsdx file, is crafted to mimic legitimate corporate documents, taking advantage of the trust associated with the Microsoft brand and familiar business tools.
Hackers exploit the interactive nature of Visio files by embedding clickable buttons that redirect recipients to malicious websites. These buttons often contain phishing links disguised as genuine requests for login credentials. The manipulation is subtle yet effective; on opening the document, victims are not only presented with a seemingly professional layout but are also instructed to use the ‘Control’ key while clicking—an act designed to circumvent any automated detection measures that might be in place.
The phishing scheme culminates in presenting a counterfeit Microsoft 365 login page. Once the victim inputs their credentials, those details are captured by the attackers, representing a significant breach of security and personal data.
To combat such sophisticated phishing attempts, cybersecurity experts recommend implementing advanced security measures—including Dynamic URL Analysis, which evaluates links in real-time to determine their authenticity, and AI-driven security tools that specialize in identifying and mitigating threats before they reach potential victims. These strategies act as a safeguard, protecting users from falling prey to phishing scams that utilize trusted applications like Microsoft Visio as delivery mechanisms.
as cybercriminals continue to innovate and adapt their methods, it is essential for users to remain vigilant and educated about potential threats. Being aware of the signs of phishing attacks—especially those leveraging trusted software—can help maintain digital security and prevent unauthorized access to sensitive information.
