Hackers hold found a manner to thunder email URL rewriting sides, a plot at the origin designed to guard customers from phishing threats. This novel tactic has raised alarms among security specialists, turning a holding measure into a vulnerability.

URL rewriting is a security function employed by email security vendors to guard customers from malicious links embedded in emails.

Consistent with the Concept Point report, When an person clicks on a link, it is first redirected to the vendor’s server, where it is scanned for threats. If deemed safe, the person is redirected to the meant web pages; internet admission to is blocked.

Types of URL Rewriting

There are two essential paradigms for URL rewriting:

1. Legacy Security Alternatives: These rely on tips and signatures based on known threats. They rewrite URLs to evaluate links later, leveraging updated risk intelligence. Alternatively, this generally happens after an preliminary victim has been affected.
2. Proactive Alternatives: These scan links at the time of the click on the thunder of technologies take care of pc vision and machine discovering out. In incompatibility to legacy programs, they evaluate the URL’s behavior in exact time.

Organizations generally mix these methods, the thunder of tools take care of Stable E-mail Gateway (SEG) and Built-in Cloud E-mail Security (ICES) options for enhanced protection.

Since mid-June 2024, attackers hold exploited URL rewriting sides to insert phishing links. This manipulation takes good thing referring to the have faith customers home in known security manufacturers, making even the most vigilant workers more liable to click on on reputedly safe links.

How Attackers Exploit URL Rewriting

Attackers in total hold two options:

1. Compromising E-mail Accounts: The more doable tactic involves compromising authentic email accounts safe by URL rewriting sides. Attackers ship an email to themselves containing a “easy-later-to-be-phishing” URL. Once the email passes by the URL protection service, the link is rewritten, along with the email security vendor’s title and enviornment, giving it a further layer of legitimacy.
2. Whitelisting Exploitation: Some email security companies and products whitelist their devoted rewriting domains, which attackers exploit. Once a rewritten URL is whitelisted, attackers can alter the destination to redirect customers to a phishing living, bypassing further security assessments.

Valid-World Examples of URL Rewriting Exploits

Security researchers from Concept Point hold noticed a surge in phishing attacks exploiting URL protection companies and products. Here are some examples:

Instance 1: Double Rewrite Attack

Two email security vendors, Proofpoint and INKY, were exploited in a complex phishing attack. The attacker sent an email with a rewritten phishing link disguised as a sound SharePoint doc notification.

The URL used to be rewritten twice, first by Proofpoint after which by INKY. After solving a CAPTCHA anxiousness, the person used to be redirected to a phishing living mimicking a Microsoft 365 login online page.

Instance 2: Exploiting Rewritten URLs Across Multiple Targets

In one other attack, a rewritten URL generated by compromised accounts safe by INKY and Proofpoint focused multiple organizations.

The attackers exploited the rewritten URL to elongate their reach, turning a single level of compromise into a popular phishing marketing campaign.

Instance 3: Mimecast’s URL Rewriting Exploit

Concept Point averted a phishing attack leveraging Mimecast’s URL rewriting service. The phishing link seemed safe due to the the Mimecast enviornment but redirected customers to a phishing living designed to arrangement terminate credentials.

Instance 4: IRS Phishing Attack by Sophos URL Rewriting

On this attack, Sophos’s URL rewriting service disguised a malicious link. The phishing email seemed as an urgent verification place an relate to from a sound group, and the rewritten URL added legitimacy, making it sophisticated for recipients to witness the risk.

Concept Point offers Dynamic URL Evaluation to strive in opposition to these sophisticated attacks, which offers superior protection to mature URL rewriting.

This model actively browses novel or unknown URLs and analyzes their behavior earlier than the email is delivered.

Key Aspects of Dynamic URL Evaluation

• Proactive Detection: Scans and evaluates URLs in exact time, combating attacks from coming into the inbox.
• Superior Anti-Evasion: Equipped to undo evasion tactics take care of CAPTCHA and geo-fencing.
• Put up-Delivery and Meta-Evaluation: Makes thunder of large data to rescan and reassess links after initiating autonomously.
• Superior Browser Security: Scans URLs upon click on, guaranteeing any malicious thunder is detected in exact-time.

Hackers’ exploitation of URL rewriting sides underscores the need for continuous innovation in email security. As attackers change into more sophisticated, security options must evolve to stop faraway from these threats.

Organizations are entreated to adopt progressed detection methods take care of Dynamic URL Evaluation to guard in opposition to these evolving phishing tactics.