Malformed URL Phishing Grabs the Spotlight

Phishing campaigns using malicious or malformed URLs are probably never going to vanish from the cyber threat landscape. They are here for the long run and to make it worse, cleverly-crafted techniques to bypass security gateways have emerged.

What’s new?

  • A report from GreatHorn revealed a rise in phishing attacks that hid fake links in the HTTP prefixes.
  • First detected in October 2020, the tactic began gaining momentum through the end of the year. Between January and February, the volume of phishing attacks using malformed URL prefixes had increased by 5,000%.
  • Some of the most hit organizations included those in the pharmaceutical, lending, contracting and construction, and telecommunications sectors.
  • In addition, organizations running Office 365 were also targeted more frequently with the newly emerging tactic.

When Morse code is turned evil

  • Phishers pulled out an old tactic from their bag of tricks to launch a new phishing scam recently.
  • In a display of bewildering creativity, these criminals used Morse code to conceal malicious URLs from secure mail gateways and mail filters.
  • Launched through phishing emails, the campaign had targeted eleven companies including SGS, Dimensional, Metrohm, SBI (Mauritius) Ltd, NUOVO IMAIE, Bridgestone, Cargeas, ODDO BHF Asset Management, Dea Capital, Equinti, and Capital Four.
  • Even though quite old, this tactic is still highly effective in today’s time that signifies how wide the scope of a phishing attack can be.

Another commonly used tactic

  • Cybercriminals used the drive-by-download attack to hide a malicious URL in an attempt to lure Twitter users to a malicious web page.  
  • The attack preyed on the victims’ fear to spread the virus and spyware across Twitter.
  • Once infected, sensitive information was exposed to unauthorized users, which could be used for further attacks.

Bottom line

Obfuscating URLs is one of the most widely-leveraged techniques in phishing attacks to mislead users. While the technique gets trickier and harder, setting a standard security defense to detect and prevent such attacks is the need of the hour.