Risk actors are abusing a way known as “URL rewriting” to cover their phishing hyperlinks from safety filters, based on researchers at Notion Level.
Safety instruments from main distributors use URL rewriting to stop phishing assaults, however the identical method may be abused to trick these instruments into considering a malicious hyperlink is reputable.
There are a number of methods to perform this, however the researchers clarify that “the extra possible tactic is for attackers to first compromise reputable electronic mail accounts protected by a URL rewriting function after which to ship an electronic mail to themselves containing their ‘clean-later-to-be-phishing’ URL. As soon as the e-mail passes by way of the URL safety service, the hyperlink is changed, and consists of the e-mail safety vendor’s title and area, giving it an additional layer of legitimacy.”
The attacker can then redirect the URL to a phishing web site, making the hyperlink seem secure to each the safety software and the human wanting on the hyperlink.
“This ‘branded’ rewritten URL is later weaponized,” the researchers clarify. “After it has been ‘whitelisted’ by the safety service, the attackers can modify the vacation spot of the URL to redirect customers to a phishing web site. This method permits the malicious hyperlink to bypass additional safety checks, as many companies depend on the preliminary scan and don’t rescan recognized URLs. Instead plan of action, attackers typically make use of superior evasion strategies corresponding to CAPTCHA evasion or geo-fencing to avoid even a radical evaluation by the e-mail safety vendor.”
Notion Level provides, “This manipulation of URL rewriting is especially harmful as a result of it takes benefit of the belief that customers place in recognized safety manufacturers, making even extremely conscious workers extra prone to click on on the seemingly secure hyperlink. The risk actors exploit the hole between the time a URL is rewritten and when it’s weaponized, bypassing most conventional safety instruments.”
KnowBe4 empowers your workforce to make smarter safety choices each day. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Notion Level has the story.