You are here

Threat Awareness – Actors Using DocuSign Theme with a Malicious Blank Image File

Threat Awareness – Actors Using DocuSign Theme with a Malicious Blank Image File

Created: Tuesday, January 24, 2023 - 14:05
Categories:
Cybersecurity

Avanan posted a blog covering its research into what they are calling the “Blank Image Attack,” a newly observed technique where attackers place an empty image file within an HTML file. In the wild, Avanan researchers observed the following steps to the attack. First, the victim is prompted to download an HTML file attached to a spoofed DocuSign lure. This file only consists of a blank SVG image that contains code which automatically redirects the victim to a malicious website – giving the victim the impression that nothing happened. This attack is made possible because many email security products ignore HTML files, so the malicious redirect isn’t detected. Avanan suggests security professionals can mitigate this technique by treating HTML attachments in their environment similar to how executables are treated. Read more at Avanan.