In 2024, we're shifting gears to address a pressing issue: a new breed of cybercriminals exploiting Adobe InDesign. This blog sheds light on their tactics and how they're targeting specific companies, particularly those in the graphic design and marketing sectors.
These cybercriminals are not your typical hackers; they conduct thorough research to identify potential targets before launching phishing campaigns. Small businesses, with multiple computers running InDesign, are particularly vulnerable. The attackers send phishing emails, meticulously crafted to appear legitimate, often mimicking Adobe or SharePoint communications.
What makes this threat even more sophisticated is their use of well-known domains, making it challenging for traditional security measures to flag them. This strategy has contributed to a staggering 30-fold increase in phishing emails carrying Adobe InDesign links, as reported by Barracuda in the fall of 2023.
The cybercriminals are exploiting an undisclosed vulnerability in Adobe InDesign, leading to a surge in daily phishing emails, with one in ten containing active links. The attackers route users to a site hosted in the indd.adobe.com subdomain, cleverly disguising their activities behind a content delivery network to evade detection.
This cat-and-mouse game poses a challenge for cybersecurity professionals. The attackers employ convincing social engineering tactics, using trusted domains not blocked by existing security tools. With no known malicious URLs in the message body, traditional email scanning tools struggle to detect and block these threats.
The urgency of this situation suggests a potential zero-day vulnerability in Adobe InDesign. Although there might be a patch released by Adobe, the lack of a public vulnerability notification raises concerns. The cybercriminals' increased efforts indicate a lucrative opportunity for them, and companies must stay vigilant.
To defend against these evolving threats, businesses are urged to adopt a robust, multi-layered, and AI-powered approach to email security systems. Regular cybersecurity assessments and ongoing awareness training for employees are vital components of an effective defense strategy.
Cybersecurity is an ever-evolving landscape, and staying ahead requires a proactive approach. In our comprehensive report on the new breed of cybercriminals, you'll find valuable insights into their changing tactics and ways to enhance your company's defenses. Click this link to download this free report today.