How Legacy URL Reputation Evasion (LURE) Attacks Easily Bypass Current Security Tech
Menlo Security, Tuesday, July 11,2023
Whether it's the push for fully remote work, in-office work, or a hybrid workstyle, the conversation around how and where employees will work continues. But guess what? To cybercriminals, this conversation doesn't really matter.
Not one bit. That's because no matter where today's enterprise worker resides and where the work is happening geographically, it's happening digitally within a web browser. Today, the web browser is the go-to tool to get work done. It's transformed how we communicate, work, and entertain ourselves. Its significance is undeniable.
The significance of the browser is, likewise, undeniable to attackers. And they are employing evasive techniques when attacking enterprise systems and data via social engineering and vulnerabilities found within web browsers. We've recently covered some methods, including HTML smuggling, malicious password-protected files, and MFA bypass attacks. Yet, these aren't the only evasive attack techniques the Menlo Labs research team has been tracking.