Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Sneaky Office 365 Phishing Inverts Images To Evade Detection

Sneaky Office 365 Phishing Inverts Images To Evade Detection

A creative Office 365 phishing campaign has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by crawlers designed to spot phishing sites.

These inverted backgrounds are commonly used as part of phishing kits that attempt to clone legitimate login pages as closely as possible to harvest a target’s credentials by tricking them into entering them into a fake login form.

This tactic has been used by several Office 365 credential phishing sites according to WMC Global analysts who spotted while being deployed as part of the same phishing kit created and sold by a single threat actor to multiple users.

“Because image recognition software is improving and becoming more accurate, this new technique aims to deceive scanning engines by inverting the colors of the image, causing the image hash to differ from the original,” WMC Global explains. “This technique can hinder the software’s ability to flag this image altogether.”

Original version next to inverted background (PhishFeed)

Also Read: Limiting Location Data Exposure: 8 Best Practices

CSS used to revert background

The tricky part that makes this detection evasion method viable is that potential victims would immediately notice the unusual inverted image and would instantly become suspicious and, most probably, leave the site immediately.

However, to avoid this, the phishing kit designed to use this novel tactic automatically reverts the backgrounds using Cascading Style Sheets (CSS) to make them look just like the original backgrounds of the Office 365 login pages they are trying to mimic.

The targets that get redirected to one of these phishing landing pages will see the original background instead of the inverted image backgrounds that the web crawlers will be served with.

Using this tactic allows the phishing kit to display different versions of the same phishing landing page to victims and scanning engines, effectively hindering the latters’ attempts to detect the website it’s deployed on as a malicious site.

CSS code used to revert image (PhishFeed)

Method adapted to the new Office 365 background

It’s also important to mention that this image inversion tactic was observed within an actively used Office 365 credential phishing kit according to WMC Global’s analysts.

“Our team reviewed other campaigns deployed by this threat actor, discovering that the individual was using the same inversion technique on the newer Office 365 background,” they further explain.

Also Read: 10 Practical Benefits of Managed IT Services

Earlier this year, another Office 365 phishing campaign made use of CSS tricks to bypass Secure Email Gateways (SEGs) by reversing text in a phishing emails’ HTML code to fill the email gateways’ Bayesian statistical models.

Other phishing campaigns targeting Office 365 users have also used innovative techniques such as testing the stolen login in real-timeabusing Google Ads to bypass secure email gateways, as well as Google Cloud ServicesMicrosoft Azure, Microsoft Dynamics, and IBM Cloud to host the phishing landing pages.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us