Lucy Awareness
Visit our WebsiteContact Support
  • Wiki Overview
  • Guides
    • Quick Guides
      • Create Your First Campaign
        • Adding a New Client
        • Register an Attack Domain
        • Campaign Setup
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Whitelisting
    • Installing Lucy
      • On-Premise vs Cloud Installation
      • Architecture
      • Hardware Requirements
      • Network Communication
      • Installing Lucy
      • Post Installation
    • Manage Blacklisted Domains
      • Managing Google SafeBrowsing Alerts
    • Whitelisting a Lucy Server
      • Google Workspace Whitelisting
      • Microsoft O365 Whitelisting
      • File Attack Whitelisting
    • Attack Simulations
      • Attack Types
        • Data Entry Attack
        • Hyperlink Attack
        • File Attack
        • Portable Media
        • Smishing
        • Lures
        • QR Codes
        • Ransomware Emulation
        • Technical Malware Test
          • Malware Toolkit Test Suite
        • Mail & Web Filter Test
        • Email Spoofing Test
      • Attack Template Customization
      • Firewall Protection Interval
      • Email Tracking Technologies
      • Advanced Information Gathering
      • Regular Expressions in Login Fields
      • Copy a Website
      • Redirecting Users
    • Awareness Training
      • Awareness Template Customization
      • Awareness Only Campaigns
        • Using Multiple Awareness Trainings
      • Use extended method of tracking the end of the quiz
    • Reporting Plugin
      • Deploying Office 365
      • Deploying Outlook Native
      • Deploying Gmail
  • Application Screens Reference
    • Statistics Dashboard
    • Campaigns Dashboards
    • Campaigns
      • New Campaign
        • Wizard Mode
          • Selecting an Attack
          • Attack Settings
          • Awareness Settings
          • Recipients
          • Review
        • Expert Mode
      • Campaign Settings
        • Configuration
          • Base Settings
          • Awareness Settings
          • Attack Settings
          • Schedule
            • Schedule Plan
          • Recipients
        • Advanced Settings
          • User Settings
          • Filters
          • Custom Fields
          • Reminders
        • Campaign Checks
        • Logs
        • Results
          • Summary
          • Statistics
          • Reports
          • Exports
    • Templates
      • Attack Templates
      • Awareness Templates
      • File Templates
      • Report Templates
      • Campaign Templates
      • Training Diploma
      • Download templates
      • Variables in Lucy
    • Users
      • Recipient Groups
      • End Users
      • End User Portal Settings
      • Administrative Users
      • Reputation Levels
    • Settings
      • Common System Settings
        • Domains
          • Supported TLDs
        • Firewall
        • Web Proxy
        • Mail Settings
        • SMTP Servers
        • SSL Settings
          • SSL for Campaigns
        • SMS Settings
        • Filter Settings
        • API Whitelist
        • LDAP Servers
          • LDAP Sync Tool
        • LDAP Settings
        • Azure Applications
        • Azure AD Settings
        • SSO Configuration
      • Advanced System Settings
        • Advanced Settings
        • SSH Password
      • Submitted Email Settings
        • Custom Rules & Score Factors
        • Abuse Reports
        • Incident Autoresponder
        • Plugin Settings
      • Clients
        • Client Invoices
        • Client Invoice Settings
      • Backup and Restore
        • Backup Settings
      • Benchmark Sectors
      • Whitelabeling
      • File Browser
    • Incidents
    • Support
      • Status
        • Status
        • System Monitoring
        • System Health Check
        • Notifications
      • System Tests
        • Test Email
        • Performance Test
        • Spam Test
        • Mail Spoofing Test
        • Mail and Web Filter Test
      • System Logs
      • Manual
      • Update
      • Reboot
      • Mail Manager
      • Terms & Conditions
    • Account Settings
      • Two Factor Authentication
      • License
      • Invoices
    • Notifications
  • Release Notes
    • 5.4
    • 5.3.5
    • 5.3.4
    • 5.3.3
    • 5.3.2
    • 5.3.1
    • 5.3
    • 5.2.1
    • 5.2
    • 5.1
    • 5.0
    • Version 4
      • 4.14
      • 4.13
      • 4.12.1
      • 4.11
      • 4.10.1
      • 4.9.5
      • 4.9.2
      • 4.9.1
  • Legal
    • EULA
    • Privacy Policy
    • DPA, Customer and Partner Info
    • Service Level Agreement
    • Confidentiality of Campaign Data
  • When to Contact Us
    • Contact Technical Support
Powered by GitBook
On this page
  • Understanding the Attack
  • Checklist
  • Real-world Examples
  • File Attack Simulation Templates
  • User Detection Methods

Was this helpful?

  1. Guides
  2. Attack Simulations
  3. Attack Types

File Attack

PreviousHyperlink AttackNextPortable Media

Last updated 8 months ago

Was this helpful?

Understanding the Attack

Definition

A file attack is a type of cyber attack where malicious files are sent via email as attachments or links to web pages hosting the files. These files come in various formats, such as .exe, .SVG, Word macros, and Excel macros. The attack is successful if the user downloads, opens, and executes the file, with the executed data sent to Lucy.


Checklist


Real-world Examples

  • An employee in the finance department receives an email appearing to be from HR, prompting them to download and fill out a timesheet attached as a Word document with a macro. Upon enabling and executing the macro, the malicious payload is delivered.

  • An employee receives an email with a link to an .SVG file purportedly containing new branding materials. When the file is downloaded and opened, it executes a script that compromises the user's system.

  • A finance executive receives an urgent email seemingly from the CEO, with an attached .exe file labeled as critical software for an emergency task. When the file is downloaded and executed, it installs malware, and the executed data is sent to the attacker.


File Attack Simulation Templates

Lucy can compile different custom Malware Simulations:

Each file type can be modified (layout, filetype, name) before using it in a campaign. Currently, Lucy comes with the following file types:

Want to start adapting your File Attack template? Navigate to Templates -> File Templates

Setting Name

Description

Success Action

Preferable Delivery Method

Console Interactive

Establishes a reverse HTTP/HTTPS channel to Lucy. Runs in memory and allows command execution in Windows shell. Only works with Windows 7/8 with IE and Firefox.

File download

Landing page

Console Outlook

Executes commands and sends the output back via Outlook to a predefined email address.

File download

Landing page

Console post

Executes commands within Windows shell and sends output to Lucy. Allows a limited set of commands.

File download

Landing page

Console (POST-only)

Pings back to Lucy when the user opens the executable file, without collecting any data.

File download/open

Landing page

Excel Macros (GET-only)

Pings back to Lucy when the document is opened, without sending any data.

Click/download/open

Email/Landing page

GoggleDocs

Pings back to Lucy when the document is opened, without collecting any data.

File download

Email/Portable device (USB)

HTML (Redirect)

Redirects to the phishing website when opened, without transferring any data.

File download

Landing page

Keylogger

Records keys pressed on the keyboard.

File download/submit

Email/Landing page

Macros

Runs console commands through an Office file that contains a Macro.

File download/open

Email/Landing page

Malware Testing Toolkit

Tests if the target system is vulnerable to miscellaneous malware technologies.

File download/open

Email/Portable device (USB)

Microphone

Gets audio recordings from the microphone.

File download/submit

Portable device (USB)

Ransomware (Screen Locker)

Locks the PC screen and asks the user to enter a password. Intended to prompt user to call helpdesk for password, enhancing learning effect.

File download/submit

Email/Portable device (USB)

Recent Documents

Sends back a predefined number of documents listed in the recent doc cache to Lucy.

File download/submit

Email/Portable device (USB)

Screen Recorder

Records screenshots and attempts to access the webcam to record a few seconds.

File download/submit

Email/Portable device (USB)

SVG (Redirect)

Redirects to the phishing website when opened, without transferring any data.

File download/click/submit

Email/Portable device (USB)


User Detection Methods

To help employees recognize and respond to file-based phishing attempts effectively, the following user detection methods can be incorporated into training programs:

Email Analysis

Check Sender Details: Verify the sender's email address and domain to ensure they match the legitimate source.

Look for Red Flags: Be wary of emails with poor grammar, spelling errors, or unusual formatting.

File Inspection

Verify Attachments: Be cautious of unsolicited attachments, especially those with executable or macro-enabled formats.

Content Verification

Suspicious Attachments: Avoid opening unexpected attachments or downloading files from unknown sources.

Urgency and Threats: Be cautious of emails that create a sense of urgency, pressure to act quickly, or threaten negative consequences.

Execution Verification

Disable Macros: By default, keep macros disabled in Office documents and only enable them if absolutely necessary and from a trusted source.

Manual File Type Checks: Instead of clicking on attachments, manually verify the file type and source before opening.

Communication Verification

Cross-Check Requests: If an email or message asks to download or execute a file, verify the request through a separate communication channel, such as a phone call to the supposed sender.

Incident Reporting

Report Suspicious Files: Immediately report any suspicious files or download links to the IT or security department for further analysis.


Ready to set up your File Attack? See our platform reference article on .

Email file attacks might be blocked by server security policies. Admins should ensure that such emails aren't filtered out before running the campaign. This can involve excluding the file by path using.

Use Reporting Tools: Deploy the for all users to use as a reporting tool.

Add a File Attack to your Campaign
Ensure the File is excluded from Anti-Virus scanning in your infrastructure
Ensure the sending Domain is whitelisted
Adding an Attack to your campaign
GPO or whitelisting the file name
Lucy Phish Button
Register an Attack Domain
Choose a success action: File Download; File Data Received or File Opened
This is an example of a File Attack, using a downloaded SVG to redirect to a malicious site