Phishing Attack Impersonates Law Firm

Netskope's Threat Research Labs today revealed details about a newly discovered phishing cyber-attack targeting the client bases of a law firm in Denver, Colorado, and across the US. Using a PDF file decoy hosted in Azure’s Blob Storage service, the attacker sends the file as attachment to its targets. The decoy is linked to an Office 365 phishing page and has a Microsoft-issued domain and SSL certificate. Because these attachments are often synced automatically to cloud storage services through collaboration settings in a variety of popular software and third-party apps in a number of enterprises, the campaign is very difficult to detect. Traditionally, the PDF is delivered as an email attachment that appears to come from a legitimate source. It’s not uncommon for these attachments to be saved to a cloud storage service, such as Google Drive.