A recent cybersecurity threat report highlights a tactic known as “native phishing,” where attackers exploit the trusted, built-in features of Microsoft 365 to launch attacks from within an organization. This method moves beyond traditional phishing emails with malicious attachments, instead leveraging the trust users have in their own company’s systems.
The core of native phishing is its subtlety and legitimacy. After compromising a single user’s Microsoft 365 account, an attacker can use integrated apps like OneNote and OneDrive to share malicious content. Since these notifications come from a legitimate internal account and the links point to the organization’s own OneDrive, they bypass both security systems and the suspicions of trained users.
Modus operandi
Attackers have found Microsoft OneNote to be a particularly effective tool. While OneNote doesn’t support macros, it is not subject to Microsoft’s “Protected View,” which typically warns users about potentially unsafe files. Its flexible formatting allows attackers to create deceptive layouts and embed malicious links . […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: