By the end of 2024, threat actors began exploiting a new technique to deliver phishing attacks. This method involves crafting Office files with a malicious twist: prepending specifically crafted data before the legitimate document content. This technique disrupts format detection mechanisms used by many antivirus and security solutions, allowing the malicious file to evade detection.
The Problem
Despite the tampered format, Microsoft Office applications can still open these files. When such a file is accessed, Office attempts to “recover” the data by searching for a valid header. If found, the software proceeds to open the document as if it were normal, exposing users to potential phishing attempts, malware, or other cyber threats.
Our research indicates that many major security vendors have yet to adapt their solutions to address this threat, leaving users exposed. Furthermore, we found the existing protections ineffective, as they focus on specific data and remain relatively easy to evade. We believe threat actors are fully aware of this gap, and it’s only a matter of time before they launch even more aggressive campaigns.
The Solution
Contextal Platform detects this kind of attacks automatically. It analyzes data for relevant indicators, recognizes misuses, and blocks suspicious objects effectively before they make harm to your organisation.
See Contextal Platform in action. Book a live demo with our team and experience the most advanced autonomous contextual detection system.