SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Breach Prevention
#
Email Security
#
Firewalls

Cybercriminals exploit URL protection to mask phishing attacks

Tue, 23rd Jul 2024
Author image
By Kaleah Salmon, Journalist

According to Barracuda Networks' latest Threat Spotlight report, cybercriminals are exploiting legitimate URL protection services to conceal malicious URLs in phishing emails.

Researchers from Barracuda began observing these phishing attacks from mid-May 2024. The attackers took advantage of three different URL protection services, all provided by reputable brands, to mask their phishing URLs. These attacks have reportedly targeted hundreds of companies to date.

URL protection services work by copying URLs found in emails, rewriting them, and then embedding the original link within the rewritten one. When recipients click on the link, an email security scan is triggered. If the scan deems the URL safe, users are redirected to the URL. In these phishing attacks, users were redirected to malicious pages designed to steal sensitive information.

Barracuda researchers believe that attackers gained entry to the URL protection services by compromising legitimate user accounts. Once an attacker takes control of an email account, they can impersonate the owner and infiltrate their email communications, a method often referred to as business email compromise (BEC) or conversation hijacking. By examining these communications, attackers could determine if a URL protection service was being used and identify which one.

Saravanan Mohankumar, Manager and Threat Analyst at Barracuda, said, "This inventive tactic helps attackers to evade security detection, and the abuse of trusted, legitimate security brands means that recipients are more likely to feel safe and click on the malicious link." He added that the URL protection provider might not be able to verify whether the redirect URL is being used by a customer or by an intruder who has taken over the account.

Barracuda recommends a multilayered, AI-powered defence approach to safeguard against such threats. This approach can detect and block unusual or unexpected activity, regardless of complexity. Additionally, regular security awareness training for employees on the latest threats and how to identify and report them is also recommended.

Barracuda Networks distinguishes itself in the cybersecurity sector with a comprehensive array of solutions to safeguard businesses from dynamic threats. Focused on email security, network and application security, and data protection, Barracuda offers robust tools to shield organisations from phishing attacks, malware, spam, and other cyber threats.

Their offerings feature advanced email filtering, encryption, and archiving services, ensuring secure communication channels. Barracuda also provides firewall and VPN solutions to secure networks against unauthorised access and cyber intrusions. Additionally, their application security tools bolster web applications against vulnerabilities and attacks. Furthermore, Barracuda's data protection services encompass backup and disaster recovery solutions, crucial for safeguarding critical data and ensuring uninterrupted business operations. 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cybercriminals use legitimate software for attacks increasing
Open Union partners with L2X Networks for advanced networking
Milestone Systems launches XProtect 2024 R1 with key updates
GenAI: A new era of social engineering threats for Australian businesses
BigID & Cohesity expand partnership for enhanced data security
Top stories
Forescout's 2024 H1 Threat Review reveals surge in cyber threats
Andre Schindler promoted to SVP at NinjaOne amid growth
Absolute Security acquires Syxsense to boost resilience platform
Navigating the evolving world of Artificial Intelligence
Action1 enters Australian market with local data centre