Introduction

Recent developments in phishing tactics have seen a sophisticated evolution, particularly through the use of Microsoft Visio files in two-step phishing attacks. These attacks exploit trusted platforms to deceive users and harvest credentials, marking a significant shift from traditional methods.

Description

A surge in two-step phishing attacks leveraging Microsoft Visio files [4], particularly in the vsdx format [1], has been identified [2] [4], marking a sophisticated evolution in phishing tactics [4]. These attacks exploit compromised SharePoint environments to host fake documents, which are sent via emails from compromised accounts that appear legitimate. Victims receive emails containing eml files, which are Outlook messages that include links to Visio documents. Attackers embed malicious URLs within these Visio files [2], often styled to match the branding of the targeted organization [3], enhancing their credibility [3].

This covert method allows attackers to disguise malicious links effectively, utilizing Visio’s format—commonly used for business diagrams—to evade traditional security scans. The Visio documents may contain interactive elements, such as buttons that conceal phishing links [3], and may instruct users to hold the ‘control’ key while clicking [3], ensuring human interaction rather than automated processes. Users are often deceived into clicking these links, which direct them to counterfeit Microsoft 365 login pages where their credentials can be harvested [1].

This trend signifies a departure from traditional phishing techniques [1], with attackers increasingly leveraging trusted platforms such as SharePoint and Visio. Microsoft has recognized this growing threat and emphasizes the importance of user vigilance and enhanced security measures [1]. To mitigate such phishing attempts [3], cybersecurity experts recommend measures like Dynamic URL Analysis and AI security tools designed to detect malicious objects [3], as this method represents an emerging trend in phishing campaigns [2].

Conclusion

The rise of sophisticated phishing attacks using Microsoft Visio files highlights the need for heightened awareness and advanced security measures. Organizations must prioritize user education and implement robust cybersecurity tools to counteract these evolving threats. As attackers continue to refine their methods, staying informed and proactive is crucial in safeguarding sensitive information and maintaining digital security.

References

[1] https://www.newsminimalist.com/articles/phishing-attacks-rise-as-microsoft-visio-files-become-new-tool-for-cybercriminals-1c369ce4
[2] https://www.msspalert.com/news/mssp-market-update-top-cybersecurity-solutions-in-the-channel
[3] https://www.techzine.nl/nieuws/security/556629/hackers-hebben-visio-bestanden-ontdekt-voor-het-verspreiden-van-phishinglinks/
[4] https://www.infosecurity-magazine.com/news/microsoft-visio-files-phishing/