Hackers are using Adobe Creative Cloud to target Office 365 in an ongoing phishing campaign. The malicious links within the phishing emails appear to come from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered.
Cybersecurity researchers with Avanan discovered the campaign in December, according to a recent report they published.
Adobe Creative Cloud is a popular suite of apps for file-sharing and creating and includes widely used apps such as Photoshop and Acrobat.
The phishing attacks are mostly targeting Office 365 users, a popular platform for phishing emails owing to its high amount of business users. The phishing attacks have also hit Gmail inboxes, according to Jeremy Fuchs at Avanan.
According to Fuchs, the attacker creates a free account in Adobe Cloud, then creates an image or a PDF file that has a link embedded within it, which they share by email to an Office 365 or Gmail user.
“Think of it like when you create a Docusign,” Fuchs explained to reporters. “You create the document and then send it to the intended recipient. On the receiving end, they get an email notification, where they click to be directed to the link.”
Though the links inside the documents sent to users are malicious, they themselves are not hosted within Adobe Cloud but, rather, from another domain controlled by attackers, he added.
Researchers shared screenshots of the attack they observed in the report. One shows attackers sending what looks like a legitimate PDF called Closing.pdf sent from Adobe with a button that says “Open” to open the file.
When the user clicks on the link, he or she is redirected to an Adobe Document Cloud page that includes an “Access Document” button that supposedly leads them to the Adobe PDF. However, that link actually leads to “a classic” credential-harvesting page, which is hosted outside the Adobe suite, according to the report.
Attackers can use this model for sending various legitimate-looking Adobe Cloud documents or images to unsuspecting users, Fuchs told Threatpost.
“Though the several hops to get to the final page may cause some red flags from discerning end-users, it won’t stop all who are eager to receive their documents, especially when the title of the PDF – in this case ‘Closing’ – can instill urgency,” researchers wrote in the report.
Researchers at this point don’t know who is behind the campaign, which for now is sticking to its goal of harvesting credentials.
Avanan recommended users have robust security in place, as well as employee training that focuses on avoiding phishing attempts.
Protection Against Phishing
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.