Attackers use Adobe Cloud to host phishing documents
Adobe Creative Cloud hosts popular apps including Photoshop and Acrobat, it also aids collaboration by allowing users to share documents.
Cybersecurity researchers at Avanan have discovered that hackers are now exploiting these file-sharing services as a phishing attack vector by sending legitimate emails through a trusted sender, bypassing ATP protection via Adobe’s SaaS offering.
Hackers create an account within the Adobe Cloud Suite. Once they've done this, they can easily import a PDF file with a link that leads to a credential harvesting page. This can then be sent out to other users. Because a legitimate email from Adobe will hit the recipient's inbox this bypasses ATP protection since Adobe is a trusted sender and there’s nothing malicious inside the PDF itself.
If the user clicks the link to access the document they're taken to a spoofed login page that will seek to steal their credentials.
To guard against the attacks users are advised to inspect all Adobe cloud pages for grammar and spelling, and hover over links to ensure the page is legitimate, deploy protection that doesn't rely on static Allow Lists, but rather dynamic, AI-driven analysis, and ensure their security solution can open PDF files in a sandbox and inspect all links.
Read more on the Avanan blog.