Cyberattacks seek to exploit trust in Microsoft and Adobe tech brands
The first quarter of 2023 has seen a significant increase in cyberattacks looking to exploit trust in established tech brands like Microsoft and Adobe.
A new report from Avast also finds a 40 percent rise in the share of phishing and smishing attacks over the previous year. Overall, two out of three threats people encounter online now seek to use social engineering techniques, taking advantage of human weaknesses.
"If you think your data has no value then why would scammers spend so much time trying to steal your data if it's worthless? The truth is that anyone can be affected and it is important to stay vigilant and use proper protection," says Jakub Kroustek, Avast malware research director. "Unfortunately, scammers have made it nearly impossible to take any message as face value -- all communications, whether seemingly from a friend, boss, or household brand, have potential to be fraudulent."
Cybercriminals know they can lure victims by using the names and appearance of well-known brands that consumers already trust. Avast has observed this trend among two popular applications commonly used for work: Microsoft OneNote and Adobe Acrobat Sign.
Microsoft OneNote files are sent as email attachments to victims. When someone opens the attachment, it triggers the download of malware onto a device. Avast has spotted malware such as Qbot and Raccoon using this distribution technique to steal information, and has also observed IceID, a banking Trojan, using OneNote attachments to steal money.
Adobe Acrobat Sign is exploited by adding malicious links into documents that are sent from legitimate Adobe email addresses. These links prompt victims to download .ZIP files, which contain a variant of the Redline Trojan that can steal passwords, crypto wallets, and more.
"My advice is to take extra caution with any email asking you to download files or click on a link, even those that appear to be from reputable brands," advises Kroustek. "Cyber Safety software can act as a safety net for providing an extra layer of security to these types of savvy attacks that are increasingly targeting people."
The Avast Q1 2023 Threat Report is available on the company's site.
Photo credit: marekuliasz / Shutterstock