At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    QBot Malware Attacks Use SVG files to Perform HTML Smuggling

    QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.

    HTML smuggling has been around for some time. It’s a technique used by threat actors to hide encoded malicious script within an HTML email attachment or a webpage. Once the attachment is opened, the embedded JavaScript decodes the contents and assembles a malicious payload on the victim’s endpoint.

    Security researchers at Cisco Talos have identified an attack method where part of the HTML attachment includes a scalable vector graphics (SVG) file – an XML-based file that describes two-dimensional based vector graphics. So rather than grabbing encoded text from the HTML file itself, the SVG file adds a twist to the attack that may be overlooked by some security solutions.

    According to Cisco Talos, a recent campaign started with a BEC attack where an email chain was hijacked by a threat actor impersonating one of the participants. Their malicious reply asked recipients to open an attached HTML file. This detail alone brings two attacks to light – first a credential compromise attack necessary to gain access to and take over an email thread. And, second, the BEC attack using the compromised account to install QBot.

    Both attacks use some form of social engineering to reach their malicious objectives. This makes it necessary for organizations to take advantage of Security Awareness Training to educate users on attacks like these, so recipients of an email being asked to open an HTML attachment will immediately set of red flags – regardless of who supposedly sent the email.

    The world’s largest library of security awareness training content is now just a click away!

    In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world’s largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

    You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

    The ModStore Preview includes:

    • Interactive training modules
    • Videos
    • Trivia Games
    • Posters and Artwork
    • Newsletters and more!
    Start Your Preview!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top