Threat Actors Ramp Up Use Of Encoded URLs To Bypass Secure Email
DARK Reading, Wednesday, July 17th, 2024
The tactic is not new, but there has been a steady increase in its use as of this spring.
Secure email gateways (SEG) do a lot to protect organizations from malware, spam, and phishing email. For some threat actors though, they also offer an attractive option for sneaking malicious mail past other SEGs.
Security researchers from Cofense this week reported observing a recent surge in attacks, where threat actors have used SEGs to encode or to rewrite malicious URLs embedded in their emails to potential victims. In many cases, when the emails arrived at their destination, SEGs allowed the malicious URLs to go through without properly vetting the link.