SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Phishing

Autodesk Drive Abused in Phishing Attacks 

A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.

Threat actors are using compromised email accounts to send phishing emails containing links to PDF files hosted on Autodesk Drive, cybersecurity firm Netcraft warns.

As part of the observed incidents, the attackers use compromised email accounts to send phishing emails to existing contacts, and even use the senders’ signature footers, so that their messages appear legitimate.

In the message body, the attackers have included a shortened link to a malicious PDF hosted on the Autodesk Drive data sharing platform, which also includes the sender’s name and their company’s name, to further increase the sense of legitimacy.

When the recipient attempts to view the document, they are taken to a phishing page and asked to provide their Microsoft account username and password.

After entering their login information, one of the victims was redirected to a OneDrive-hosted document containing information about real estate investment, to hide the fact that the credentials had just been stolen.

“Armed with victims’ Microsoft credentials, the criminals behind these attacks could gain unauthorized access to sensitive company data, as well as being able to send even more phishing emails from the compromised Microsoft accounts,” Netcraft notes.

Autodesk Drive is a service that enables Autodesk customers to share design files, including PDF documents. 

According to the cybersecurity firm, the attackers have tailored their attacks for multiple countries and regions, as evidenced by the existence in Autodesk Drive of malicious PDF documents written in several languages.

Advertisement. Scroll to continue reading.

“The scale of these attacks and the use of customized PDF documents suggests some degree of templating and automation, leading to a series of well-targeted compromises that has the potential to spread worldwide like a virus,” Netcraft says.

Related: Phishing Platform LabHost Shut Down by Law Enforcement

Related: Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

Related: FCC Employees Targeted in Sophisticated Phishing Attacks

Related: LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

CIEM Chat: How to Reduce Cloud Identity Risk
March 26, 2024

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

Virtual Event: Ransomware Resilience & Recovery Summit
April 17, 2024

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Passwordless authentication firm Hawcx has appointed Lakshmi Sharma as Chief Product Officer.

Matt Hartley has been named Chief Revenue Officer at autonomous security solutions provider Horizon3.ai.

Trustwave has announced the appointment of Keith Ibarguen as Senior Vice President of Engineering.

More People On The Move

Expert Insights

Related Content

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Application Security

Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

December 12, 2022
Phishing Attacks: Best Practices for Not Taking the Bait

Phishing

Phishing Attacks: Best Practices for Not Taking the Bait

The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...

February 12, 2020
Famed Hacker Kevin Mitnick Dead at 59

Fraud & Identity Theft

Famed Hacker Kevin Mitnick Dead at 59

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

July 19, 2023
Enterprises Warned About Zix-Themed Credential Phishing Attacks

Cybercrime

Enterprises Warned About Zix-Themed Credential Phishing Attacks

Enterprise users have been warned that cybercriminals may be trying to phish their credentials by luring them with fake emails that appear to be...

September 28, 2021
Incident Response: Are You Ready for a Phishing Attack?

Phishing

Incident Response: Are You Ready for a Phishing Attack?

The Single Most Important Part of Dealing with a Phishing Attack is Preparing for the Attack Before it Actually Happens.

November 16, 2012
Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Application Security

Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

December 13, 2022
‘Scattered Spider’ Cybercrime Group Targets Mobile Carriers via Telecom, BPO Firms

Cybercrime

‘Scattered Spider’ Cybercrime Group Targets Mobile Carriers via Telecom, BPO Firms

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

December 6, 2022
North Korean hacking Ulchi Freedom Shield North Korean hacking Ulchi Freedom Shield

Nation-State

North Korean APT Expands Its Attack Repertoire

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

January 25, 2023