SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Surge in malicious emails using Adobe InDesign, warns cybersecurity firm
Mon, 4th Dec 2023

In an alarming development, Barracuda security researchers have identified a significant rise in phishing attacks exploiting Adobe InDesign, a widely recognized document publishing platform. According to their findings, there has been an almost 30-fold increase in emails carrying Adobe InDesign links since October, with daily occurrences jumping from approximately 75 to 2,000. Notably, nearly 10% of these emails contain active phishing links, while about 20% feature removed content.

The attacks exhibit a range of sophistication, from highly targeted to more generic mass-distributed messages. In certain cases, emails are specifically tailored towards particular organizations or individuals, featuring legitimate brand logos likely copied or scraped from websites. This suggests a deliberate effort by attackers to use familiar and trusted symbols to deceive targets. Conversely, other attacks are less intricate, utilizing widely recognized logos from OneDrive, SharePoint, and Adobe, combined with basic text and minimal effort.

A consistent theme across these phishing emails is the invitation for recipients to click on a link. This link, ostensibly under the indd.adobe[.]com subdomain, is in reality controlled by the attackers, serving as a gateway to the next stage of the attack. These emails often feature a “.ru” top-level domain and are masked behind content delivery networks (CDNs), complicating efforts to trace the source and evade detection by standard security measures.

The success of these phishing attacks lies in their execution. Firstly, they exploit a known and trusted domain that isn't typically blacklisted. Secondly, by leveraging a publishing program, attackers can craft convincing social engineering attacks. Thirdly, by redirecting recipients to another webpage, they avoid embedding known malicious URLs directly in the email, thus bypassing traditional security tools. Lastly, the use of CDNs to host these attacks further obscures their malicious origins, presenting additional challenges for security technologies.

To combat these sophisticated threats, Barracuda emphasizes the need for advanced, AI-powered email security systems that can identify both emerging and known threats. However, technology alone is not enough. Regular cybersecurity awareness training for employees is vital, especially in light of evolving threat landscapes. Such training should be routinely updated to reflect new trends, enabling employees to recognize and appropriately respond to suspicious or malicious emails.

Barracuda's data highlights that some phishing attacks targeting Adobe InDesign have been directed at multiple employees within the same organization. Prompt reporting and response to these attacks are crucial in halting their progression.

As a protective measure, Barracuda Email Protection includes LinkProtect, a feature that wraps every email link through its gateway product. LinkProtect performs real-time analysis of each URL at the time of click, determining its safety. This serves as a crucial last line of defence, especially against new or unknown threats, by acting as an intermediary layer between the email and the recipient.