Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  CYREN Ltd.    CYRN   IL0010832371

CYREN LTD.

(CYRN)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsOther languagesPress ReleasesOfficial PublicationsSector news

CYREN : Phishing campaign masquerading Excel template in the html attachment

03/19/2021 | 09:27am EDT
share with twitter
share with LinkedIn
share with facebook

Phishing remains one of the most popular types of corporate attacks in terms of its prevalence, and therefore it is not surprising that attackers are coming up with increasingly sophisticated methods to obtain the victim's personal data.

One of the most recent phishing attacks detected by Cyren Inbox Security was trying to gain the personal passwords of the emails' recipients through the attached html page that appeared to be an Excel file titled 'Microsoft Office Center'.

The Attack

Employees of several organizations using Cyren Inbox Security solution started to receive emails sent from the automatically generated email addresses all hosted on the compromised sender domain.

The sender's display name mirrored the targeted organization and the subject prompted 'Invoiće ID:XXXXXX is ready for paymeńt'. Phishers cleverly used the special characters in the subject and display name (é, ń) in order to minimize the chances of the automatic email spam filtering by the 'Invoice' and 'payment' keywords.

Email body was empty, but the email contained an html attachment passing for the xlsx file of an invoice mentioning the specific targeted company in its name, increasing the chances of the recipient to open the file. Once opened, the fake login page titled 'Microsoft Office Center' on the Excel background appeared aiming to steal the user's password.

Visually, this attack looks identical to the one mentioned in the recent article by Bleeping Computers, where Morse code is used in the html attachment code to hide a phishing URL. But in this case, instead of the Morse code in the html attachment, the obfuscated Javascript code is used that makes it harder to unveil its true purpose until it is executed.

The script contained the separate function personalizing the visuals of the phishing campaign:

The ml variable was responsible for the recipient's email address, and the var logi added the targeted brand logo image onto the phishing page. The images were taken from the logo.clearbit.com - a legitimate Logo API tool from Clearbit in which hundreds of company logos are freely available. This script not only makes the attack personalized, but also significantly expands the potential number of affected companies by the attacker changing the logo variable only.

The password field on the html attachment is responsible for stealing personal information. This is executed in a PHP form with method post and action URL that would send all the inserted credentials and password information to the attacker:

The action URL is exploiting the legitimate Japanese site for its hostile purposes: enctype='multipart/form-data' which indicates that all the submitted login and password information would have been divided into multiple parts and sent to the phishing server.

Cyren Inbox Security Detection

With Cyren Incident Response Service and its 24x7 support for phishing investigation, the attack was rapidly investigated and all the emails related to the attack were appropriately classified as phishing for all the targeted Cyren Inbox Security customers.

Disclaimer

Cyren Ltd. published this content on 18 March 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 19 March 2021 13:26:03 UTC.


© Publicnow 2021
All news about CYREN LTD.
09:27aCYREN  : Phishing campaign masquerading Excel template in the html attachment
PU
02/22CYREN  : Announces Fourth Quarter and Full Year 2020 Financial Results
PU
02/17CYREN  : “Are you satisfied?” Cyren sees increasing use of forms in ..
PU
02/16CYREN  : Announces Closing of $13.8 Million Registered Direct Offering
PU
02/12CYREN  : Schedules Fourth Quarter and Full Year 2020 Earnings Release for Monday..
PU
02/09CYREN  : Sika Group Chooses Cyren Inbox Security To Combat Microsoft 365 Phishin..
PU
02/05CYREN  : Short-lived Attacks with Excel4 Macro (XLM) Malware
PU
01/27CYREN  : Announces Appointment of Kenneth Tarpey as Chief Financial Officer
PU
01/19CYREN  : Inbox Security and Incident Response Service Expands Availability Throu..
PU
01/12CYREN  : Phishing through the prism of graphic design
PU
More news
Financials (USD)
Sales 2020 36,9 M - -
Net income 2020 - - -
Net Debt 2020 - - -
P/E ratio 2020 -
Yield 2020 -
Capitalization 68,6 M 68,6 M -
Capi. / Sales 2020 1,86x
Capi. / Sales 2021 1,95x
Nbr of Employees 226
Free-Float 35,7%
Chart CYREN LTD.
Duration : Period :
CYREN Ltd. Technical Analysis Chart | MarketScreener
Full-screen chart
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus BUY
Number of Analysts 1
Average target price 1,50 $
Last Close Price 0,92 $
Spread / Highest target 63,4%
Spread / Average Target 63,4%
Spread / Lowest Target 63,4%
Managers and Directors
NameTitle
Brett Michael Jackson Chief Executive Officer & Director
Kenneth J. Tarpey Chief Financial Officer
James A. Hamilton Chairman
Richard Ford Chief Technology Officer
Boris Bogod Vice President-Global Cloud Operations
Sector and Competitors
1st jan.Capitalization (M$)
CYREN LTD.-10.89%69
ADOBE INC.-12.19%214 541
TWILIO INC.4.00%63 005
WORKDAY INC.3.98%61 936
AUTODESK, INC.-13.72%60 034
ROPER TECHNOLOGIES, INC.-8.71%41 017
Categories
Free services
Mobile App
SOLUTIONS
About
Stock Market Quotes Interactive brokers The best of tweets Stock Market News Börse: Aktien, Kurse und Nachrichten
Copyright © 2021 Surperformance. All rights reserved. Stock quotes are provided by Factset, Morningstar and S&P Capital IQ