Channel Next, an emerging value-added distributor (VAD) has taken on the exclusive distribution of Perception Point, a global leader in advanced email and collaboration security threat prevention solutions, in the UAE.
Perception Point’s platform intercepted a unique, 3-stage attack that uses multiple evasion techniques, in order to infiltrate the targeted organization. In this post, we will present the complex attack and how Perception Point’s unique engines prevented it.
Attackers are always evolving in their pursuit to keep trying to bypass security vendors and get to the end-user, using many creative techniques to achieve this. Recently, Perception Point’s platform intercepted a unique, 3-stage attack that uses multiple evasion techniques, in order to infiltrate the targeted organization. In this post, we will present the complex attack and how Perception Point’s unique engines prevented it.
The attack is based on 3 stages with each stage using evasion techniques and target a US-based enterprise. Each stage has its own purpose and role, in order to trick the end-user and make them to step-by-step act wrongfully.
The attack starts with a phishing email that impersonates Dropbox, a leading cloud storage platform. The disguise is comprised of:
But the interesting part is actually related to where the payload is stored. The email itself doesn’t include any malicious payload on its own – but only a legitimate link that later points to a malicious piece of content (a file). This first level of evasion will successfully bypass most email security, vendors.
Once the user clicks on the link, a Dropbox link is opened – This is a real clean Dropbox domain. As with any Dropbox sharing, there is a button to download a file. This means that the email security solution needs to somehow click that link, download the file, and then scan it with their detection engines.
Once the end-user clicks on the download button, a PDF is downloaded. The file its self does not have a malicious payload. However, as can be seen below, once opened, the document requires the end-user to log-in to open the contents.
One would expect the file to be the final stage of evasion, but you’re in for a surprise. The attacker took another step to ensure the success of the attack. Instead of creating a simple Microsoft login page to steal the user’s credentials, he chose to create it as a Google Form. This means that the page is a “legitimate” form which can be created in Google freely, without any limitation and without any security solution “blacklisting” docs.google.com. Google is aware of the fact that many security solutions cannot prevent these attacks, as such, they even inserted a warning about this option (“never send passwords using google forms”). With Perception Point, we can also detect this trick, as is explained below.
In the screenshot below, taken from our X-Ray viewer, we see that the attack was caught by the Threat Intelligence and Anti-phishing layers. But, before that, we had our “secret sauce” in action – the “Recursive Unpacker”. We uncovered the attacks using the following technologies:
Channel Next, an emerging value-added distributor (VAD) has taken on the exclusive distribution of Perception Point, a global leader in advanced email and collaboration security threat prevention solutions, in the UAE.
Listen to this short podcast to learn about content-based threats, the potential cyber threats of collaboration tools, and how the COVID-19 pandemic affects the current threat landscape. At the end of this session, you can also learn how Perception Point solves these issues and how we’re bringing PREVENTION is back.
Perception Point was selected to present its solution in DoiT’s webinar. Tune in to learn about Cloud Storage Security from Shlomi Levin, our Co-founder & CTO had to say.
An interview by Safety Detective with our CEO, Yoram Salinger, on his cybersecurity journey, his thoughts about the impact of COVID-19, and about Perception Point in a nutshell.
After testing a range of email hosted protection services, Perception Point wins SE Labs Email Security Services Protection Award
Next gen solution recognized within cloud email security (CESS) category
This website uses cookies. By continuing to browse this site, you agree to this use. Learn more.