Menace actors are abusing a method known as “URL rewriting” to cover their phishing hyperlinks from safety filters, based on researchers at Notion Level.
Safety instruments from main distributors use URL rewriting to forestall phishing assaults, however the identical method may be abused to trick these instruments into pondering a malicious hyperlink is reputable.
There are a number of methods to perform this, however the researchers clarify that “the extra possible tactic is for attackers to first compromise reputable e mail accounts protected by a URL rewriting function after which to ship an e mail to themselves containing their ‘clean-later-to-be-phishing’ URL. As soon as the e-mail passes by the URL safety service, the hyperlink is changed, and consists of the e-mail safety vendor’s identify and area, giving it an additional layer of legitimacy.”
The attacker can then redirect the URL to a phishing website, making the hyperlink seem secure to each the safety device and the human trying on the hyperlink.
“This ‘branded’ rewritten URL is later weaponized,” the researchers clarify. “After it has been ‘whitelisted’ by the safety service, the attackers can modify the vacation spot of the URL to redirect customers to a phishing website. This method permits the malicious hyperlink to bypass additional safety checks, as many companies depend on the preliminary scan and don’t rescan recognized URLs. Instead plan of action, attackers usually make use of superior evasion strategies akin to CAPTCHA evasion or geo-fencing to bypass even an intensive evaluation by the e-mail safety vendor.”
Notion Level provides, “This manipulation of URL rewriting is especially harmful as a result of it takes benefit of the belief that customers place in recognized safety manufacturers, making even extremely conscious workers extra prone to click on on the seemingly secure hyperlink. The risk actors exploit the hole between the time a URL is rewritten and when it’s weaponized, bypassing most conventional safety instruments.”
KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.
Notion Level has the story.