With the rise of applications intended for collaboration in the workplace, largely driven by the COVID-19 pandemic, it was inevitable for them to catch cybercriminals’ attention. Such applications include the obvious choices of Microsoft Teams, Slack, and Zoom, but other applications also fall under this classification. In particular, Milanote has seen great usage in the pandemic workplace, namely due to its ability to organize creative ideas into visual boards. This popularity, however, has come at a cost that security researchers are now warning about. According to a research blog post released by analysts at Avanan, Milanote is currently being used to create effective phishing campaigns. The campaigns themselves are standard fare: send an email with a malicious attachment, and hope the target takes the bait. However, what makes this simple approach effective is that these phishing attacks occur within the ecosystem of Milanote.
Here is an excerpt from the post that gives statistical data as well as an extrapolation on said data:
Of the 1,430 most recent emails where Milanote is used, 1,367, or a staggering 95.5%, of them have been phishing.
Other services use static scanners to scan attachments or links for malicious payloads. In response, hackers are bypassing those detection mechanisms by nesting the payloads in deeper layers within legitimate services, fooling the static scanners.
This is part of a larger trend of hackers utilizing legitimate services to host malicious content. Because the scanner doesn’t go that deep, hackers can leverage these services to host their content and easily send it to users.
Researchers suggest that the way to counter this is by having an adaptive AI-driven filter that recognizes typical phishing attempts. This can mean catching phrases often used by phishing emails and trying to identify language that seems to not reflect the normal email content found in a company’s correspondences. While this may be a little too much Big Brother for some, it is certainly not the only counter to phishing like that used in the Milanote campaign. In most cases, common sense and defensive awareness of phishing techniques should be enough to counter cybercriminals.
Featured image: Shutterstock