Subj : Top document publishing services are being spoofed to send out ma To : All From : TechnologyDaily Date : Wed Mar 20 2024 12:30:05 Top document publishing services are being spoofed to send out malware Date: Wed, 20 Mar 2024 12:15:58 +0000 Description: Hackers are always looking for new ways to bypass email security, and DDP platforms are their newest solution. FULL STORY ====================================================================== Hackers have found yet another cloud-based service they can use to bypass email protection and land phishing emails straight into peoples inboxes. Last week, security researchers from Cisco Talos reported observing malicious files built on digital document publishing (DDP) platforms, such as Publuu, Marq, FlipSnack, Issuu, FlippingBook, RelayTo and SimpleBooklet. These platforms allow users to create interactive flipbooks out of PDF files. The hackers would create countless free trial accounts, and use them to generate flipbooks containing links to malicious landing pages. They then use the platforms to distribute the documents to their victims. Malicious files with an expiration date Since the emails would come from a legitimate, trusted source, most of them would make it past email security gateways and into peoples inboxes. Victims could also be inclined to open the documents, given the perceived trustworthiness of the sender. "Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable reputation, are unlikely to appear on web filter blocklists, and may instill a false sense of security in users who recognize them as familiar or legitimate," Cisco Talos researcher Craig Jackson said. Another advantage of DDP sites lies in the fact that the files hosted there have an expiry date, and get deleted after some time. That makes analysis difficult, since by the time security researchers are notified, the files are already long gone. The goal of the campaign, the researchers further explained, is to harvest Microsoft 365 credentials, as the links in the flipbook files usually lead to fake Microsoft 365 login pages. Hackers abusing software-as-a-service (SaaS) to deliver phishing emails is nothing new. Even Googles own productivity suite, Workspace, was abused, as Docs files, for example, can be shared with many recipients directly through the platform. More from TechRadar Pro Microsoft Outlook bug let hackers bypass email security protections Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/top-document-publishing-services-are-be ing-spoofed-to-send-out-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .