There has been a surge in the number of attacks leveraging the document publishing system Adobe InDesign, according to a recent study by Barracuda, a trusted partner and leading provider of cloud-first security solutions.
 
According to Barracuda Telemetry, there has been a 30-fold increase in emails carrying InDesign links since October, jumping from around 75 per day to 2,000 per day, with almost 1 in 10 (9%) carrying active phishing links and around 20% including removed content. Researchers also highlighted how some of the attacks are targeted.
 
Phishing attacks continue to evolve to become more sophisticated, deploying different techniques and tactics to bypass security detection and trap victims.
 
Attackers leverage Adobe InDesign because it offers opportunities to evade detection and trick targets, including leveraging known or trusted domains that are not commonly blacklisted and using a publishing program to create convincing social engineering attacks. Once a recipient clicks on the links, they are moved to another web page, which means there is no known malicious URL link in the main body of the message for traditional security tools to detect and block.
 
Many of the phishing links seen by Barracuda researchers have the top-level domain of “.ru” and are hosted behind a content delivery network (CDN) that acts as a proxy for the source site. This helps to obscure the source of the content and makes it harder for security technologies to detect and block the attacks.
 
While many attacks are generic mass-distributed messages featuring OneDrive, Sharepoint and Adobe logos, according to Barracuda, some appear to be targeted at specific organisations or users. These emails carry legitimate brand logos, probably chosen because they are known and trusted by the targets, which suggests the attackers spent time and resources crafting the messages.
 
Commenting, Mark Lukie, Director of Solution Architects, Barracuda, Asia-Pacific, said: “We are seeing a surge in phishing attacks leveraging Adobe InDesign including both generic and targeted attacks affecting users and businesses in this region and across the globe. To stay protected, we recommend deploying an advanced, multilayered and AI-powered email security solution, capable of spotting emerging as well as known threats.
 
“This should be accompanied by regular cybersecurity awareness training for employees, so they can remain vigilant and are well prepared if they spot a suspicious or malicious email.”