Phishing attack targeting financial organisations using SHTML file attachments

Phishing attack targeting financial organisations using SHTML file attachments

Phishing attack targeting financial organisations using SHTML file attachments

Security researchers recently detected and blocked a sophisticated phishing campaign targeting financial institutions that involved the use of SHTML file attachments (server-parsed HTML) and JavaScript for obfuscating a malicious URL by online fraudsters.
Researchers at Mimecast noted that the use of SHTML file attachments in phishing emails is a unique phenomenon and has been observed on very rare occasions. An SHTML file is one that allows a server to look into the contents of a file and modify a file with standard headers, footers, dynamic information, and other information, thereby making web pages more dynamic.
Researchers who observed and analysed the phishing attack found that the SHTML file attachments included in phishing emails contained JavaScript that helped obfuscate a malicious URL. When a user clicked on such an attachment, the user was redirected to a malicious site that asked them to provide sensitive information.
The phishing attack involving the use of SHTML file attachments originated in the UK and while 55 percent of emails that were part of this campaign were distributed in the UK, another 31 percent of such emails were distributed in Australia. A very small number of such emails also targeted organisations in the financial and accounting sectors in South Africa and other countries.
After observing the presence of this phishing campaign, the Mimecast gateway was updated with an advanced custom rule that directly identified the SHTML construction. This way, Mimecast has been able to prevent phishing emails containing malicious SHTML file attachments from reaching more than 100,000 individual users at financial organisations since April this year.
“This seemingly-innocent attachment redirecting unsuspecting users to a malicious site might not be a particularly sophisticated technique, but it does present businesses with a big lesson. Simple still works. That’s a huge challenge for organisations trying their best to keep their systems secure,” says Tomasz Kojm, senior engineering manager at Mimecast.
He adds that businesses should firstly put the right technologies in place to take care of known threats and reduce the number of threats that reach their employees. Secondly, businesses should proactively train their employees to spot malicious emails and the exercise needs to be regular and engaging.
According to Mimecast, 91% of all cyberattacks originate via email and it only takes a momentary lapse in user vigilance for a scam to wreak havoc. Many phishing emails use images in place of written text to evade mail filters, or code obfuscation techniques to prevent detection by security software.
Malicious actors who deploy phishing tactics to obtain sensitive information or to steal money also take advantage of employees’ natural emotional reactions such as curiosity, fear, and urgency to lure them into taking urgent actions.
“Phishing is not going away any time soon, so you need to ensure your employees can act as a final line of defence against these threats. Not sure if an email is legitimate? Know that a human that needs your feedback will follow up via a different route. If in doubt, follow the basic rule to ignore, delete and report,” Kojm adds.
ALSO READ: Five uncomfortable truths about phishing defence

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]