Innovative, evasive, and targeted campaigns: Researchers pointed out that traditional endpoint detection, antivirus tools, and even email filters struggle to spot this threat because image files like SVGs are rarely considered dangerous. Compared to previous SVG-based attacks that used hosted payloads, this method keeps everything self-contained, further slipping past defenses.Victims span B2B service providers, utilities, and SaaS companies, organizations that naturally receive high volumes of email attachments. For additional targeting, the campaign uses geofencing to tailor attacks by region, researchers added.The Ontinue research recommended enforcing SPF, DKIM, and DMARC to block spoofed emails, and blocking or sanitizing SVG attachments. Using deep content inspection on inbound files, and enabling protections like Safe links, Safe Attachments, and ZAP in Microsoft Defender might also help. Soroko echoed Ontinue’s guidance and emphasized the need for proactive defense, stating, “Enforce strict DMARC alignment and auto purge questionable mail. Instrument telemetry to catch browser pivots triggered by window location changes that originate from image previews. Layered controls, like Safe Links content disarmament and lookalike domain monitoring, will disrupt the simple path attackers now rely on.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4022432/how-phishers-are-weaponizing-svg-images-in-zero-click-evasive-campaigns.html
