Issuu, FlipSnack, Simplebooklet, and other digital document publishing sites have been exploited by threat actors to facilitate new phishing attacks that better bypass email security controls, The Hacker News reports.
Attackers have been leveraging free or trial versions of the DDPs to create and host malicious files attached to phishing emails, which when clicked would redirect to an attacker-controlled website spoofing the Microsoft 365 login page that then allows credential and session token exfiltration, a report from Cisco Talos revealed. Detection of malicious activity is being hampered by the utilization of several redirects requiring CAPTCHA solving, as well as DDP features that avert phishing link detection and extraction, according to researchers. "DDP sites create advantages for threat actors seeking to thwart contemporary phishing protections. The same features and benefits that attract legitimate users to these sites can be abused by threat actors to increase the efficacy of a phishing attack," said researcher Craig Jackson.
