Hackers are carrying out phishing campaigns on the InDesign tool in the Adobe suite to collect credentials.
The new discovery by CheckPoint researchers should interest you if you are a fan of brochures, magazines, leaflets, posters or others, and you use Adobe InDesign to create them. Hackers are increasingly using the software to send phishing documents. Experts are sounding the alarm.
Hackers create content in InDesign and send you phishing emails
It is well known that to exploit legitimate services for malicious purposes and gain credibility with potential victims, simply register on any free online service. Hackers have acquired such expertise in this area that they are able to bypass the vigilance of security services and end users, who become incapable of deciphering them.
These new services are multiplying and appearing in ever greater numbers. Over the past month, Check Point Software tells us it has recorded millions of attacks of this type. Including that of Adobe InDesign, which results in the collection of identifiers.
The attack here involves hackers creating content in Adobe InDesign to send phishing links. Here we have e-mail as a vector; email compromise as a type; social engineering and credential harvesting techniques; and any end user as target. Now let’s see how it works.
An ordinary Adobe link that passes through detection
The electronic message takes the form of sending an invoice. The object contains an invoice number and an order number. The link in the email, Indd.adobe.com, is to the cloud (online) version of Adobe InDesign. But in reality here, the link redirects the user to a malicious document.
Since the link is legitimate, link detectors are blind to it, and hovering over the link reveals nothing suspicious. So, obviously, you will probably be surprised to receive an invoice or statement from InDesign, but Adobe remains a legitimate brand. The shared PDF file links to an Adobe page.
In this type of attack (BEC 3.0), the speed of execution is decisive. “ This type of attack benefits because it uses a common and easy-to-use tool such as Adobe InDesign », notes Jeremy Fuchs, researcher-analyst for Check Point Software. “ The link is legitimate, so it will pass through standard scanners and under the nose of the end user. In this case, you have to emulate the action behind the link to really understand what’s happening. This is not always what security services do. Stopping attacks is a bit like playing cat and mouse. A hacker finds something that works. And it will continue until the security services, all sectors combined, can stop it definitively. Then he’ll change his approach and try something new. »
At the moment, and this is the difficulty, most security services are struggling to stop BEC 3.0 attacks. Pirates do not deprive themselves of this and continue to operate. Adobe, for its part, was warned on July 25 by cyber experts.
3