fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Canva Design Platform Actively Abused In Credentials Phishing

Canva Design Platform Actively Abused In Credentials Phishing

Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages.

Canva is a graphic design platform that lets users create posters, letterheads, holiday cards, and other digital media that can then be downloaded as an image, shared as HTML with clickable links, or printed.

As part of its service, designers can generate shareable URLs so that friends and colleagues can view their work on canva.com.

Sharing a Canva design
Sharing a Canva design

When sharing designs, a user who clicks on the link will see a full-page view and be able to interact with any embedded links or forms.

Also Read: How To Anonymised The Data: What Are The Importance Of This?

Canva’s hosting is abused in phishing scams.

In a new report by cybersecurity firm Cofense, threat actors are increasingly using Canva to create hosted HTML landing pages that are then used to redirect phishing victims to fake login forms.

As you can see from the spam email below, threat actors conduct a Phishing campaign pretending to be SharePoint eFax delivery notification. Embedded in this notification is a link to a phishing landing page hosted on canva.com.

Phishing email
Phishing email

When a phishing victim clicks on the link, they will be brought to a Canva-designed intermediary HTML page hosted on Canva.com. This landing page pretends to be information about the Fax you received, with a clickable link that states it can be used to review the fax document.

Canva intermediary page
Canva intermediary page

Clicking on the link brings a victim to the final phishing landing page, where they are prompted to log in to see the document.

Phishing landing page
Phishing landing page

As you can expect, any login credentials you enter into this page will be stolen by the attackers.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Why use Canva?

It may be confusing why phishing campaigns are using Canva to host their pages rather than Google Docs, Sheets, or even Dropbox.

The likely reason is that Google and Dropbox have a long history of dealing with malicious threats and have better systems in place to detect and remove them.

Canva, on the other hand, is not designed to be a hosting platform but rather a platform for creating content that is not generally associated with malicious behavior.

Due to this, Cofense has found them to be far less efficient at finding hosted threats, and the landing pages tend to stay active for longer periods.

“Canva is probably aware of the problem, removing malicious files as and when they’re found but, as our research has concluded, many of these malicious files have remained on Canva’s hosted platform for hours and even days at a time. Sites, such as Google where hackers have traditionally hosted their phishing emails, appear to be a lot faster in detecting and removing them, which is another reason threat actors have begun to exploit the Canva platform,” Cofense explains in their report.

Furthermore, using Canva as an intermediary redirect page, when the final phishing landing page is taken down, the attackers can update their Canva designs to point to a new final phishing URL so that their campaign is not broken.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us