Phishing Campaign Uses Reverse Tunnels and URL Shorteners
This Makes Stopping Malicious Activities More Difficult.
Phishing is a deceptive tactic used to obtain sensitive user information (credit card numbers, passwords, etc.). Attackers appear to be trustworthy organizations (typically mimicking a large brand) to deceive victims into disclosing private data.
If phishing is effective, hostile third parties steal confidential data. Financial or identity theft is committed using stolen information. Hackers use it to access victims’ accounts and blackmail them for advantages.
Researchers in the field of information security have seen an increase in the usage of URL shorteners and reverse tunneling services in conjunction with large-scale phishing efforts. This makes it more difficult to put a halt to the malicious behavior.
This strategy deviates from the more typical practice of registering domains with hosting providers, who are more likely to react to complaints and take down phishing websites if they are found to be active.
Threat actors may host the phishing sites locally on their own machines via reverse tunnels, and connections will be routed through the external service. They are able to produce fresh links whenever they wish to avoid detection by using a service that shortens URLs on their behalf.
Because many of the phishing URLs are updated in less than twenty-four hours, the effort of tracking them down and shutting down their domains is made more difficult.
A rise in the number of phishing efforts that combine services for reverse tunneling and URL shortening has been spotted by CloudSEK, a business that specializes in the defense against digital risks.
As BleepingComputer reports the reverse tunnel services that are exploited the most often include Ngrok, LocalhostRun, and Cloudflare’s Argo. They also saw that URL shortening services such as Bit.ly, is.gd, and cutt.ly were becoming increasingly commonplace.
Even if a URL is reported or blocked, threat actors can easily host another page, using the same template
According to CloudSEK, the threat actor may conceal their identity by employing URL shorteners to cover the name of the URL, which is normally a series of random characters. Therefore, a domain name that can arouse concerns is cloaked in an abbreviated Uniform Resource Locator (URL).
What Can You Do to Protect Your Company from Phishing Attacks?
- Security awareness training
Human negligence is a cybersecurity liability. As new cyberattacks emerge, it’s hard for the ordinary individual to keep up. Your company should provide security training to staff.
- Boost email security
Most assaults come by email, therefore your approach should prioritize securing your company’s digital communications.
- Strong antivirus
Antivirus software may assist prevent phishing attempts by scanning files for harmful code insertion. Upon threat discovery, this utility stops the infected file from running, so hackers can’t distribute their payload in your organization’s network.
- Update browsers
Attackers leverage obsolete apps’ weaknesses to penetrate businesses, and browsers are the most vulnerable. Developers often issue security fixes, but many workers neglect to apply them.
- Filter DNS traffic
Use a DNS traffic filtering solution to boost your company’s digital defenses. This program scans, logs, and blocks dangerous websites.
- Disable Pop-Ups and Macros
You may deactivate pop-ups and macro attachments as the last line of protection against phishing. However, enterprise-level management might be difficult. Case-by-case: Is the work worth the reward? If not, ignore this point.
- Implement a report-incident policy
No defense is foolproof. Malicious actors may deceive even the greatest cybersecurity technologies and workers. Having an incident reporting and mitigation policy may make all the difference.
How Can Heimdal Help?
Phishing is a dangerous email security threat, but also one that can be avoided by paying a little attention and having the right security solutions in place.
Heimdal Security offers the latest in cybersecurity protection against advanced cyberattacks. Our security solutions are designed to work with your company’s needs and budget.