Phishing is a fraudulent tactic used to obtain sensitive user information (credit card numbers, passwords, etc.). Attackers appear to be trusted entities (usually imitating a larger brand) to deceive victims into disclosing personal information.
When phishing is effective, the enemy steals third party confidential information. Financial or identity theft is done using stolen information. Hackers use it to access victims’ accounts and to blackmail them for convenience.
What happened?
Researchers in the field of information security have combined the use of URL shorteners and reverse tunneling services with large-scale phishing efforts. This makes it more difficult to stop malicious behavior.
This strategy deviates from the more common practice of registering domains with hosting providers, who are more likely to respond to complaints and remove them if phishing websites are found to be active.
Threatening actors can host phishing sites locally through reverse tunnels on their own machines, and connections will be routed through external services. They are able to create new links whenever they want to avoid identification by using a service that shortens the URL for them.
Since many phishing URLs are updated in less than 24 hours, attempts to track them and block their domains have become more difficult.
An increase in the number of phishing attempts that combine services for reverse tunneling and URL shortening has been seen in CloudSE, a business that specializes in defending against digital risks.
As Blipping computer Reverse Tunnel reports reports of frequently exploited services including Ngrok, LocalhostRun, and Cloudflare’s Argo. They also noticed that URL shortening services such as Bit.ly, is.gd and cutt.ly became increasingly common.
Even if a URL is reported or blocked, threat actors can easily host another page using the same template
According to CloudSEK, threatening actors can hide their identities by using URL shorteners to cover the name of the URL, which is usually a series of random characters. Therefore, a domain name that can cause concern is clocked in a short uniform resource locator (URL).
What can you do to protect your company from phishing attacks?
- Safety awareness training
Human negligence is a cyber security liability. With the advent of new cyber attacks, it is difficult for the average person to contain them. You should provide safety training to your company’s employees.
Most attacks come via email, so securing your company’s digital communications should be a priority in your approach.
Antivirus software can help prevent phishing attempts by scanning files for malicious code inserts. After the threat is discovered, this utility stops the infected file from running, so hackers cannot distribute their payloads on your organization’s network.
Attackers exploit the vulnerabilities of obsolete apps to enter the business, and browsers are the most risky. Developers often issue security fixes, but many workers neglect to implement them.
Use a DNS traffic filtering solution to enhance your company’s digital defenses. This program scans, logs and blocks dangerous websites.
- Disable pop-ups and macros
You can disable pop-up and macro attachments as a last line of protection against phishing. However, enterprise-level management can be difficult. Case-by-case: Is the work worthy of reward? If not, ignore this point.
- Implement a report-incident policy
No defense fool. Malicious actors can deceive even the greatest cyber security technology and employees. An incident reporting and mitigation policy can make all the difference.
How can Heimdal help?
Phishing is a dangerous email security threat, but it is also one that can be avoided with a little care and proper security solutions.
Hymdal Security offers the latest in cyber security protection against advanced cyber attacks. Our security solutions are designed to work with your company’s needs and budget.
