This not only shows the scale with which this attack is being conducted, but it also demonstrates how much the attackers are investing in it, indicating potentially significant payoffs. As of this writing, we have observed at least 350 unique phishing domains used for this campaign.
#EMAIL REDIRECTOR CODE#
These include free email domains from numerous country code top-level domains (ccTLDs), compromised legitimate domains, and attacker-owned domain generated algorithm (DGA) domains. This phishing campaign is also notable for its use of a wide variety of domains for its sender infrastructure-another attempt to evade detection. Attack chain for the open redirect phishing campaign Likewise, traditional email gateway solutions may inadvertently allow emails from this campaign to pass through because their settings have been trained to recognize the primary URL without necessarily checking the malicious parameters hiding in plain sight.įigure 1. Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent.įor instance, users trained to hover on links and inspect for malicious artifacts in emails may still see a domain they trust and thus click it. However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. For example, sales and marketing campaigns use this feature to lead customers to a desired landing web page and track click rates and other metrics. The use of open redirects in email communications is common among organizations for various reasons. This ultimately leads to credential compromise, which opens the user and their organization to other attacks.
#EMAIL REDIRECTOR VERIFICATION#
Doing so leads to a series of redirections-including a CAPTCHA verification page that adds a sense of legitimacy and attempts to evade some automated analysis systems-before taking the user to a fake sign-in page. Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking. Microsoft has been actively tracking a widespread credential phishing campaign using open redirector links.
Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Intune Endpoint Privilege Management.Endpoint security & management Endpoint security & management.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.Azure Active Directory part of Microsoft Entra.
0 kommentar(er)
