Increase in Evolving Phishing Attacks Noted by Researchers
/ 4 min read
Quick take - Phishing attacks have evolved recently, with cybercriminals employing new tactics such as QR code phishing and URL rewriting to bypass email security measures, prompting researchers to develop advanced detection systems to counter these threats.
Fast Facts
- Phishing attacks have evolved, with cybercriminals using tactics like QR code phishing (“quishing”) and two-step delivery methods to bypass email security measures.
- Attackers exploit URL rewriting features, manipulating them to redirect users to phishing sites while appearing legitimate, leading to a rise in such attacks since mid-June 2024.
- Researchers at Perception Point report a significant increase in phishing attempts that compromise legitimate email accounts to send credible-looking URLs.
- Advanced evasion techniques, including CAPTCHA evasion and geo-fencing, are being used to avoid detection by email security vendors.
- Perception Point has developed Dynamic URL Analysis and Advanced Email Security systems to counter these threats, employing real-time scanning and post-delivery analysis for ongoing protection.
Evolution of Phishing Attacks
Phishing attacks have seen significant evolution in recent months, with cybercriminals adopting new tactics to circumvent both traditional and advanced email security measures.
Innovative Strategies
Among these innovative strategies is the use of QR code phishing, known as “quishing,” and two-step delivery methods that utilize legitimate services like Canva or Office Forms to mask malicious links. This trend has gained momentum since mid-June 2024, as attackers have started exploiting URL rewriting features intended to prevent phishing attempts.
URL rewriting is a security mechanism that alters original URLs, redirecting users to vendor servers for threat scanning. If a link is deemed safe, users are directed to the original content; if not, access is blocked. However, attackers have discovered ways to manipulate these features, leading to a surge in phishing attacks that exploit URL protection services from various email security vendors.
Researchers at Perception Point have observed a significant increase in such attacks, noting that hackers can compromise legitimate email accounts to send phishing URLs that appear credible. Different email security vendors use various terms for URL rewriting, such as URL protection or click-time protection.
Security Solutions and Evasion Techniques
Legacy security solutions rely on established rules and signatures based on previously identified threats. In contrast, newer systems use real-time scanning technologies, including machine learning and computer vision. Many organizations combine Secure Email Gateways (SEGs) with Integrated Cloud Email Security (ICES) solutions for enhanced protection.
By exploiting URL rewriting, attackers can manipulate rewritten URLs once they are whitelisted by certain security services. This allows them to change the destination of these URLs to direct users to phishing sites, effectively bypassing further security checks. Additionally, advanced evasion techniques, such as CAPTCHA evasion and geo-fencing, have been adopted to avoid detection by email security vendors. These techniques leverage user trust in recognized security brands.
Perception Point’s research has intercepted numerous sophisticated phishing attacks that exploit these vulnerabilities. For example, a “double rewrite” attack disguised a phishing link as a legitimate SharePoint document notification using Proofpoint and INKY. In another instance, a compromised account generated a rewritten URL that targeted multiple organizations. Other examples include attacks that leveraged Mimecast’s URL rewriting service and a phishing email masquerading as an urgent verification request, utilizing Sophos’s service to obscure the actual malicious destination.
Countermeasures and Ongoing Protection
To counter these threats, Perception Point has developed Dynamic URL Analysis, which actively analyzes URLs before email delivery. This system employs in-line computer vision, Large Language Models, and proprietary anti-evasion engines to detect potential threats. Additionally, the Advanced Email Security system is designed to combat evasion tactics, ensuring that even cleverly disguised threats are identified.
For ongoing protection, Perception Point’s infrastructure supports post-delivery analysis, continually updating threat assessments in response to emerging dangers. Their Advanced Browser Security extension further enhances security by monitoring URLs upon user click, providing real-time detection of malicious activities.
Original Source: Read the Full Article Here
