How cybercriminals are creating malicious hyperlinks that bypass security software

Hackers are using a technique known as Quoted-printable to trick security defenses into thinking a malicious link is legitimate, says Avanan.

Image: Andriy Onufriyenko / Getty Images

Finding ways to sneak past cybersecurity defenses is always uppermost on the minds of cybercriminals. The more easily they can thwart your security tools, the greater the chances that their attacks will be successful. A report released Thursday by email security provider Avanan reveals how a coding practice called Quoted-printable is being used in phishing emails to present malicious links as legitimate.

SEE: Mobile device security policy (TechRepublic Premium)

Hackers who create phishing emails often will turn to certain deceptive coding techniques. As one example, they may encode a letter not by using the actual letter but by using its ASCII code, such as using &#65 to represent the letter a. Your email program doesn’t reveal the ASCII character but rather converts the code into its actual letter.

In the same vein, attackers are taking advantage of an encoding system called Quoted-printable. In this technique, 8-bit text such as foreign characters are turned into 7-bit text, which is readable in the email program. Starting in February, Avanan found that the attackers are using Quoted-printable to disguise malicious links as legitimate text, thereby fooling security scanners.

Image: Avanan. This phishing email attempts to fool security tools into thinking the malicious link is legitimate.

Specifically, the hackers add an equal sign to the end of the URL for the malicious link. But rather than type the equal sign as =, they encode the phrase “=3D,” which is an obscure method of writing the sign using Quoted-printable. Your email reader can understand and interpret the Quoted-printable code, but the cybercriminals are betting that your security product won’t be able to detect the malicious link.

In the phishing campaign analyzed by Avanan, the scammers send emails impersonating Microsoft, telling the recipient that their password has expired. A button called Keep Your Password contains the malicious link, which is written as <a href=3D" http://xx.xx.xx.org.za/[email protected]" style=3D"c=. Clicking on that button takes the user to a phishing page where they’re prompted to enter their Microsoft or business account credentials, which are then harvested by the criminals behind the attack.

To help protect yourself and your organization from phishing emails using Quoted-printable and other deceptive tactics, Avanan offers the following tips:

  • Detecting these types of phishing emails with traditional security tools can be a challenge. That’s why it’s important that you implement a multi-tiered security posture that combines artificial intelligence and machine learning with such defenses as IP/domain and sender reputation.
  • Set up a security environment that uses more than one factor to determine whether to block an email.
  • Train your users on how to analyze suspicious and potentially malicious emails for subtle discrepancies. In the email cited in Avanan’s report, the dates were mismatched between the subject line and the body, and the sender address didn’t match.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.