fbpx
Techitup Middle East
B2B TechnologyCybersecurity

Attackers Exploiting URL Protection Services in Phishing Attacks 

In a novel attack technique, cybercriminals are abusing legitimate URL protection services to hide malicious URLs in phishing emails, according to a new Threat Spotlight from Barracuda Networks.  

From mid-May 2024 onwards, Barracuda researchers observed phishing attacks taking advantage of three different URL protection services to mask their phishing URLs. The services are provided by trusted, legitimate brands. To date, these attacks have targeted hundreds of companies, if not more. 

URL protection services work by copying URL links found in emails, rewriting them, and then embedding the original within the rewritten one, rather like a wrap. When the email recipient clicks on the link, it triggers an email security scan of the original URL. If the scan is clear, the user is redirected to the URL. In the attacks seen, the users were redirected to phishing pages designed to steal sensitive information.  

Barracuda researchers believe it is likely that the attackers initially gained entry to the URL protection services after compromising the accounts of legitimate users.  

Once the attacker had taken over an email account, they could impersonate the owner, and infiltrate and examine their email communications, also known as business email compromise (BEC) or conversation hijacking. Links in emails connected to the account, or in the user’s email signature, would have shown whether a URL protection service was being used, and which one. 

Using the compromised account to send themselves a phishing email carrying their malicious link, the attackers would have been able to get the protection URL they needed for their phishing campaigns. 

Barracuda recommends a multilayered, AI-powered approach to defence, which can detect and block unusual or unexpected activity, however complex. These security measures should be complemented by active and regular security awareness training for employees on the latest threats and how to spot and report them. 

Related posts

ServiceNow’s Latest Release Embeds Generative AI in All Workflows

Editor

OPSWAT Releases Email Security Threats Report

Editor

Equinix Enhances Multicloud Networking with AWS

Editor

Leave a Comment