According to the latest Barracuda Networks Threat Spotlight report, cybercriminals are exploiting legitimate URL protection services to hide malicious URLs in phishing emails.
Barracuda researchers began observing these phishing attacks starting in mid-May 2024. The attackers leveraged three different URL protection services, all provided by reputable brands, to mask their phishing URLs. These attacks have reportedly targeted hundreds of companies to date.
URL protection services work by copying URLs found in emails, rewriting them, and then embedding the original link in the rewritten link. When recipients click on the link, an email security scan is triggered. If the scan finds the URL safe, users are redirected to the URL. In these phishing attacks, users were redirected to malicious pages designed to steal sensitive information.
Barracuda researchers believe that attackers were able to gain access to URL protection services by compromising legitimate user accounts. Once an attacker gains control of an email account, they can impersonate the owner and infiltrate their email communications, a method often referred to as business email compromise (BEC) or conversation hijacking. By examining these communications, attackers can determine if a URL protection service is being used and identify which one.
Saravanan Mohankumar, director and threat analyst at Barracuda, said: “This inventive tactic allows attackers to evade security detection, and the misuse of legitimate and trusted security brands means recipients are more likely to feel safe and click on the malicious link.” He added that the URL protection vendor may not be able to verify whether the redirect URL is being used by a customer or an intruder who has taken control of the account.
Barracuda recommends a multi-layered, AI-powered defense approach to protect against such threats. This approach can detect and block any unusual or unexpected activity, no matter how complex. Additionally, regular security training for employees on the latest threats and how to identify and report them is also recommended.
Barracuda Networks differentiates itself in the cybersecurity industry with a comprehensive portfolio of solutions designed to protect businesses from dynamic threats. Focused on email security, network and application security, and data protection, Barracuda offers robust tools to protect organizations from phishing attacks, malware, spam, and other cyber threats.
Their offerings include advanced email filtering, encryption, and archiving services, ensuring secure communication channels. Barracuda also provides firewall and VPN solutions to secure networks from unauthorized access and cyber intrusions. Additionally, their application security tools harden web applications against vulnerabilities and attacks. Additionally, Barracuda’s data protection services include backup and disaster recovery solutions, essential to protect critical data and ensure business continuity.