Skip to content
Kymatio
Home
Services
Partners
Blog
Contact
[Español]
Log in
Log in

2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”

By Fernando MateusIn About Kymatio, Artificial intelligence, Cyberpsychology, Employee Cyber Risk, Kymatio A&A - Assessment & Awareness, Kymatio Account Breach Scanner - ABS (Credentials Exposition), Kymatio Trickster (Attack Simulation)Posted 15 January, 2023
Kymatio News New Phishing Attack - Imagen generada por Dall-e
  • We started the year, and before the end of the first month, new forms of phishing attacks have already been detected.

Cybersecurity is a crucial issue in an increasingly digitized world. Cybercriminals are constantly looking for new ways to attack businesses and individuals, and it’s important to always stay on top of the latest techniques used.

This week, an unusual phishing technique has been detected. Avanan, a specialized cybersecurity company, has published an article on its blog describing a new attack where hackers hide malicious content within an empty image within an HTML attachment in phishing emails that appear to come from DocuSign.

digital era cyber threats, digital art
AI generted image (Dall-e)

The attack begins with an email that appears to have been sent by DocuSign, containing a link and an HTML attachment. The mail requests the review and signature of a document referred to as a “payment notice.” If the recipient clicks the “View Entire Document” button, they are directed to a legitimate web page, but the attachment is not. If the file is opened, the attack begins. The attached file includes a Base64-encoded SVG image containing Javascript code that redirects to the malicious link. 

 

Cybercriminals use this technique to hide their true intent as it contains a legitimate link, allowing the email to bypass link checking and security scanners. Experts recommend caution with emails that contain HTML and suggest blocking all HTML attachments by treating them as executables. 

According to Avanan, the novelty of this attack is the use of an empty image with active content inside it, that is, a javascript image, which redirects to a malicious URL. It is important to note that this type of attack is unique and so far has not been detected by specialized services such as VirusTotal.

 

"Get human firewalls to complete the defense of your organization" 

The best way to protect against these types of attacks is through security awareness, training employees to recognize social engineering attacks, even the most innovative ones like the one in this article. Threat actors are constantly evolving, so it is crucial to keep employees’ common sense awake, so that even if the attack is novel or a technical variant that evades security systems, they can identify and stop it in time, getting human firewalls to complement your organization’s defense.

Do you want to protect your employees?
Contact us to find out more

Related information:

Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks

 

2023, we premiere a new year with a new type of phishing attack: "The Blank Image Attack" 3
Tags: Englishhuman cyber riskHuman factorHuman firewallNeurophishingPhishingSmishingSpear phishingVishing
Fernando Mateus

Fernando Mateus

https://www.linkedin.com/in/mateus/

Post navigation

Previous
Previous

Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat

Next
Next

Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats

Related Posts

SMS Smishing
2 March, 2023
Beware off SMS text messages! The ‘Smishing’ returns
Kymatio News data breach / brechas de seguridad
27 January, 2023
The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions
Kymatio Testimonio Palladium Hotels Group
16 January, 2023
Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
riesgo cibernético de la cadena de suministro
7 January, 2023
Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat

Search in Kymatio

News Categories

Cyber Insider

Kymatio

Recent Posts

  • Beware off SMS text messages! The ‘Smishing’ returns
  • Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks
  • The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions
  • Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
  • 2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”
  • Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat
  • 2023 Cybersecurity Trends: Human Factor
  • The 7 key elements to improve the Cybersecurity Awareness Program and its relationship with compliance requirements.
  • 6 cybersecurity solutions that every company needs
  • I have been infected with ransomware. Now what?
  • Social Engineering: An Unknown Concept
  • Cybernews – Fernando Mateus, Kymatio: “traditional forms of cybersecurity training are neither engaging nor effective”
  • The challenge of Cybersecurity in SMEs
  • Sale! Cyberattacks at 50% discount… They’re running out!
  • Account Breach Scanner (ABS). The new functionality of Kymatio that scans online the credentials of users filtered in security breaches

Categories

  • About Kymatio
  • Articles
  • Artificial intelligence
  • Awards and honours
  • Cyber Insider News
  • Cyberpsychology
  • Employee Cyber Risk
  • European Cyber Security Organisation (ECSO)
  • Events
  • External articles
  • INCIBE
  • Insider intelligence
  • Insiders
  • Interviews
  • Investors
  • Kymatio A&A – Assessment & Awareness
  • Kymatio Account Breach Scanner – ABS (Credentials Exposition)
  • Kymatio in the media
  • Kymatio Trickster (Attack Simulation)
  • Partnerships
  • Recruiting
  • RSA
  • Sin categoría
  • Strategic direction
  • Talent
  • Testimonials
  • Xmas

RSS Kymatio RSS feed English

Suscríbete a nuestra newsletter

subscribe
Kymatio

+34 644 765 240 

contact@kymatio.com 

Producto

Análisis del Riesgo Interno
Plan Prevención Riesgo Interno
Fortalecimiento empleados

Empresa

Home
Services
Partners
Blog
Contact
[Español]

Redes Sociales

Youtube Linkedin-in Facebook-f Twitter
Sello PYME INNOVADORA 11/02/2024
PYME INNOVADORA
Válido hasta el 11 de febrero de 2024
escudo de MEIC 11/02/2024

Copyright © 2021 Kymatio

Política de Privacidad
Política de Cookies
We use our own and third-party cookies, analytics and statistics to outline your browsing habits and show you content and publicity of your interest, collect statistics on the use of the website, identify faults and, in short, provide you with the best possible user experience. For more information about our use of cookies and information on how to revoke your consent, click on "Read More"
AcceptReject Read more Settings
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT