Hello, welcome to the Friday, March 12, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Fishing, of course, is still going strong, and attackers are coming up with new ways to present the user with malicious content.

Of course, including it directly in the email often fails because of mail filters.

More recently, we have seen at hackers use various cloud services,

but those cloud services are also getting better in filtering

this content.

So they have to keep coming up with new services to host malicious content.

And according to a guest diary that was submitted by J.B. Bowers. We do have a new service that's being used here.

Picto chart. I actually didn't hear about it, but apparently it's a somewhat popular service

that allows you to create infographics and distribute them among colleagues. Well, these infographics are often distributed as

PDFs and that's what the attacker is abusing here. The PDF that they will offer via pictogram chart

is not an infographic. It's just a simple text document with a link that then links to the actual

fishing site. And of course, they're claiming that in order to view whatever fancy infographics

they offer, you first have to log in to Outlook 365. And that's how they are stealing

your Outlook 365 credentials.

So overall a pretty ingenious use of this service.

Not sure what Picta chart can do about this other than being more careful in filtering

content, maybe trying to proactively discover these fishing documents.

And yes, Microsoft Exchange, of course, still a problem and being exploited now by multiple groups.

While we also get a little bit more detail about the actual exploits being used.

...