HQ/EMEAFind out how we can help your business
Hackers are using digital document publishing (DDP) sites as a means of carrying out sophisticated phishing attacks, credential harvesting, and session token theft. Malicious actors have recently taken to using platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet, which are usually connected to lawful document sharing.
The possibility of a successful attack is increased when phishing lures are hosted on DDP sites, according to security researchers. Because DDP sites are less likely to be blocked by web filters and have a positive reputation, they offer a layer of legitimacy as compared to typical phishing approaches. Users become increasingly vulnerable to these attacks because of this and their comfort level with these platforms, which gives them a false feeling of security.
Cybercriminals now target DDP sites, exploiting their features to bypass email security and amplify phishing attacks.
The increased focus on DDP website exploitation indicates a change in the strategies used by cybercriminals to get around email security measures. Previously, infected documents were hosted on cloud-based services such as Dropbox or Google Drive. However, hackers have shifted their focus to DDP services and are taking advantage of its characteristics to increase the effectiveness of their attacks.
Users of DDP services can upload and distribute PDF files in an interactive flipbook format, which is useful when making catalogues, pamphlets, or magazines. Malicious actors create many accounts and publish misleading content by abusing the free tiers or trial periods provided by these platforms. Additionally, DDP sites make it easier for temporary file storage by automatically removing published content from the internet after a predetermined amount of time, which makes it more difficult for defences to detect and neutralise threats.
The incorporation of DDP sites into the phishing email chain is one component of these attacks that is particularly alarming. By inserting links to documents housed on reputable DDP websites, attackers deceive users into visiting websites under the authority of their adversaries. These websites commonly mimic authentic services, such as phoney Microsoft 365 login pages, which provide hackers with sensitive data like login passwords and session tokens.
People and organisations should be alert to phishing attempts that seem to be coming from reputable sources. In order to mitigate this dynamic cyber threat scenario, it is crucial to start by informing users about the risks associated with DDP sites and implementing robust email security measures. People and organisations may be at risk of serious security breaches and data theft if this is overlooked.
