New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security darkstuffinfo, crdclubsu
Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros.
Security researchers at Avanan have discovered a new attack method where cybercriminals send phishing emails that contain what appears to be an Excel spreadsheet. The file is actually an SLK file – a “Symbolic Link” Excel file used to transfer data between spreadsheet programs and other databases – to host a macro that launches an MSI script.
There are a few aspects of this attack that make it particularly worrisome for organizations using Microsoft 365:
It’s dastardly, a bit brilliant, and VERY dangerous. Users that fall for the initial social engineering scam (again, one that is written specifically for the org and user targeted) will find themselves a victim upon opening the attachment.
Organizations need to first configure their Microsoft 365 tenant to block these extensions . But, because the SLK-based attack is just the next attack in a long line of those to come, it’s as important to teach users via Security Awareness Training to be mindful and vigilant with any inbound emails, looking for reasons to suspect they might be malicious in nature.