3 posts tagged with "Phishing"

By the end of 2024, threat actors began employing a new technique to deliver phishing attacks using handcrafted Office files. The legitimate document content is preceded by specifically crafted data, which disrupts format detection mechanisms. Surprisingly, Microsoft Office, when opening such a file based on its extension, offers to recover the data. It scans for a valid header and opens the Office content embedded within the manipulated file.

According to our research, existing protections offered by major vendors are ineffective, and it remains relatively easy to create files that evade detection. Here, we demonstrate how to create a scenario in Contextal Platform to block all attacks of this type!

According to recent research, newly registered domain names used in phishing attacks remain one of the biggest threats to internet users. The study found that domain names used in phishing attacks have an average lifetime of 21 days, with the majority being used within 4 days of registration.

We will create a scenario that detects and blocks Office, ODF, and PDF documents containing links to domain names registered less than 30 days ago.

In this example, we demonstrate how to detect and block obfuscated JavaScript within Email objects (and their child objects). This technique can also be adapted to any other data type that might contain JavaScript.

The Text backend makes use of machine learning to identify common scripting languages, such as JavaScript. By combining this detection with a common characteristic of malicious scripts—obfuscation into one-liners—we can build an effective filter. Here's how: