card

More and more criminals are using legitimate websites to obfuscate malicious payloads

13.06.2023
177

A report by cybersecurity experts Egress revealed that hackers are increasingly using legitimate websites to deliver malicious payloads to unsuspecting victims. Security experts said that the reason hackers are using the world’s most popular legitimate websites, just like they did with the fake ChatGPT app, to deliver malware was the ease involved in evading detection and bypassing standard link checks performed by antivirus and endpoint security solutions.

The sites mostly used, as mentioned by Egress, are YouTube, Amazon AWS, Google Docs, Firebase Storage, and Docusign ranking top among the ten discovered websites. Hackers usually create videos on YouTube demonstrating how a certain crack or key generator works and providing a download link in the description or the video. The link is actually malware, and people who downloaded it often end up losing either their data, money or cryptocurrencies.

Google Docs was also observed being abused to deliver malware. Threat actors would create a Doc file with a malicious link inside and then use the Share option to deliver the document to the victims. The link to the file is then shared via email, and given that it is coming through Google’s domain, email security solutions usually allow it through the inbox.

This shows how creative hackers are as they revolutionise phishing attacks. Jack Chapman, VP of Threat Intelligence Egress, disclosed: “Every attack we analysed had bypassed other forms of anti-phishing detection, including secure email gateways (SEGs).” Workers with porous internet connections not protected by hide Vpn are often used as bait.

To protect against such attacks, the Egress report emphasises organisations need to adapt their defences while prioritising behaviour-based email security. Also, organisations need to embrace AI-enhanced security systems to mitigate the increase in threats evading signature-based and reputation-based perimeter security. While all these tips are effective, businesses should also deploy natural language processing and natural language understanding to defend themselves from sophisticated attacks.