Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway.
The phishing attacks are targeting organizations in the technology, manufacturing, and finance sectors in Asia and North America.
Most of these attacks involved QR code phishing (quishing) to trick victims into visiting the malicious sites.
“Attackers instruct their victims to use their mobile devices to scan the QR code in hopes that these mobile devices lack the stringent security measures typically found on corporate issued ones, ensuring unrestricted access to the phishing site,” Netskope explains.
“Additionally, these QR phishing campaigns employ two techniques from previous posts: the use of transparent phishing and Cloudflare Turnstile. Transparent phishing ensures victims access the exact content of the legitimate login page and can allow them to bypass additional security measures like multi-factor authentication. Meanwhile, Cloudflare Turnstile was used to hide the phishing payload from static content scanners, preserving the good reputation of its domain.”
Notably, the threat actors abused Sway, a free Microsoft 365 presentation app, to evade security technologies.
“By using legitimate cloud applications, attackers provide credibility to victims, helping them to trust the content it serves,” the researchers write. “Additionally, a victim uses their Microsoft 365 account that they’re already logged-into when they open a Sway page, that can help persuade them about its legitimacy as well.
Sway can also be shared through either a link (URL link or visual link) or embedded on a website using an iframe. Over the past six months, Netskope Threat Labs observed little to no malicious traffic using Microsoft Sway. However, in July 2024, we observed a 2,000-fold increase in traffic to unique Microsoft Sway phishing pages. The pages we investigated were targeting Microsoft 365 accounts.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Netskope has the story.
Here's how it works:
