By the end of 2024, threat actors began exploiting a new technique to deliver phishing attacks. This method involves crafting Office files with a malicious twist: prepending specifically crafted data before the legitimate document content. This technique disrupts format detection mechanisms used by many antivirus and security solutions, allowing the malicious file to evade detection.
The Problem
Despite the tampered format, Microsoft Office applications can still open these files. When such a file is accessed, Office attempts to “recover” the data by searching for a valid header. If found, the software proceeds to open the document as if it were normal, exposing users to potential phishing attempts, malware, or other cyber threats.
Our research indicates that many major security vendors have yet to adapt their solutions to address this threat, leaving users exposed. Furthermore, we found the existing protections ineffective, as they focus on specific data and remain relatively easy to evade. We believe threat actors are fully aware of this gap, and it’s only a matter of time before they launch even more aggressive campaigns.
The Solution
We have created a scenario for Contextal Platform that fully addresses this problem. It analyzes data for relevant indicators and blocks suspicious objects effectively.
See the details on the platform’s website.
This scenario is just one example of how you can use the platform’s flexible, powerful mechanisms to create simple yet efficient and future-proof defenses against new threats. Whether it’s detecting hidden Office documents, identifying campaigns, or uncovering anomalous relationships in data, Contextal Platform is your ultimate tool for proactive threat detection!