More and more criminals are using legitimate websites to obfuscate malicious payloads

By Nick Heyman On May 29, 2023

Hackers are increasingly using legitimate websites to deliver malicious payloads to unsuspecting victims, researchers have revealed.

A report by cybersecurity experts Egress claims some of the world’s most popular websites are being abused to deliver malware, thus effectivelly bypassing standard link checks performed by antivirus and endpoint security solutions.

The paper, based on data taken from Egress’ integrated cloud email security platform, Egress Defend, says YouTube, Amazon AWS, Google Docs, Firebase Storage, and DocuSign are among the top 10 most frequently used websites for this purpose. Furthermore, there has been a 21% increase in the use of this method in Q1 2023, compared to Q4 2022.

Enhancing defenses

“The evolution of phishing emails continues to pose a major threat to organizations, emphasizing the need to enhance defenses to prevent attacks,” said Jack Chapman, VP of Threat Intelligence, Egress. “Every attack we analyzed had bypassed other forms of anti-phishing detection, including secure email gateways (SEGs).”

YouTube has long been used to deploy malware, with hackers creating videos demonstrating how a certain crack, or key generator, work, and then provide the download link in the description (or in the video itself). The program being demonstrated is actually malware, and people who download it often end up losing either their data, or their money or cryptocurrencies.

Google Docs was also observed being abused to deliver malware. Threat actors would create a Docs file with a malicious link inside, and then use the Share option to deliver the document to the victims. The link to the file is then shared via email, and given that it’s coming through Google’s domain, email security solutions usually allow it through to the inbox.

To protect against such attacks, the report argues, businesses need to adapt their defenses. Behavior-based email security needs to be prioritized, which also means deploying AI to mitigate the increase in threats evading signature-based and reputation-based perimeter security. Furthermore, businesses should deploy natural language processing and natural language understanding to defend themselves from sophisticated attacks, the report concludes.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.