Attackers don’t need exploits; they need TRUST.
Changes in attack methods reflect changes in generations. Gen Z, a generation known for prioritizing ease and efficiency, is now entering the cybersecurity landscape on both sides. Some are protecting data, and others are stealing it.
With the rise of AI and no-code platforms in attackers’ phishing toolkits, building trust and deceiving users has never been easier. Threat actors are blending default-trusted tools with free, legitimate services to bypass traditional security defenses and human suspicions.
Attackers are still sending malicious email attachments. However, they’ve expanded their bag of tricks, sharing malicious files or links across the organization using trusted, built-in collaboration features from a compromised account — a tactic we’re calling “native phishing.”
Native phishing delivers malicious content in a way that feels completely legit to the victim. In this case, for example, it was sent via M365's file sharing system, the file is not scanned like attachments, feels native, and is a less common way to phish users.
All it takes is one compromised internal user, and suddenly, the entire organization is at risk. In this blog, we’ll break down recent real-world incidents showing how an attacker compromised one user and used AI/no-code tools with M365 for native phishing.
OneNOT: How attackers leverage OneNote
Microsoft OneNote, part of the Microsoft 365 suite, is a note-taking application that defenders often overlook.
Unlike Word or Excel, OneNote doesn’t support VBA Macros. However, Varonis Threat Labs has observed its growing use in phishing attacks due to several key factors:
It is not subject to Protected View
... continue reading