Cybercriminals exploit URL protection to mask phishing attacks
According to Barracuda Networks' latest Threat Spotlight report, cybercriminals are exploiting legitimate URL protection services to conceal malicious URLs in phishing emails.
Researchers from Barracuda began observing these phishing attacks from mid-May 2024. The attackers took advantage of three different URL protection services, all provided by reputable brands, to mask their phishing URLs. These attacks have reportedly targeted hundreds of companies to date.
URL protection services work by copying URLs found in emails, rewriting them, and then embedding the original link within the rewritten one. When recipients click on the link, an email security scan is triggered. If the scan deems the URL safe, users are redirected to the URL. In these phishing attacks, users were redirected to malicious pages designed to steal sensitive information.
Barracuda researchers believe that attackers gained entry to the URL protection services by compromising legitimate user accounts. Once an attacker takes control of an email account, they can impersonate the owner and infiltrate their email communications, a method often referred to as business email compromise (BEC) or conversation hijacking. By examining these communications, attackers could determine if a URL protection service was being used and identify which one.
Saravanan Mohankumar, Manager and Threat Analyst at Barracuda, said, "This inventive tactic helps attackers to evade security detection, and the abuse of trusted, legitimate security brands means that recipients are more likely to feel safe and click on the malicious link." He added that the URL protection provider might not be able to verify whether the redirect URL is being used by a customer or by an intruder who has taken over the account.
Barracuda recommends a multilayered, AI-powered defence approach to safeguard against such threats. This approach can detect and block unusual or unexpected activity, regardless of complexity. Additionally, regular security awareness training for employees on the latest threats and how to identify and report them is also recommended.
Barracuda Networks distinguishes itself in the cybersecurity sector with a comprehensive array of solutions to safeguard businesses from dynamic threats. Focused on email security, network and application security, and data protection, Barracuda offers robust tools to shield organisations from phishing attacks, malware, spam, and other cyber threats.
Their offerings feature advanced email filtering, encryption, and archiving services, ensuring secure communication channels. Barracuda also provides firewall and VPN solutions to secure networks against unauthorised access and cyber intrusions. Additionally, their application security tools bolster web applications against vulnerabilities and attacks. Furthermore, Barracuda's data protection services encompass backup and disaster recovery solutions, crucial for safeguarding critical data and ensuring uninterrupted business operations.