- Barracuda says that the tycoon now offers new ways to hide malicious links in emails
- URL coding, fake captchas, domain divisions and other techniques were seen in nature
- Researchers urge companies to use a several layer safety approach.
Tycoon, a popular phishing kit responsible for most email -transmitted attacks these days, has apparently updated with new techniques to help threat actors hide malware and malicious links in email messages.
Barracuda security researchers published an in -depth report that covers numerous new tactics that are observed in nature, including URL coding, fake captchas, the redundant protocol prefix technique, using the ‘@’ symbol and the abuse divided by subdomains.
With the URL coding technique, the attackers would insert a series of invisible spaces in web addresses to push the malicious parts of the link of safety scanning, or add odd characters as unicode symbols.
Multiple Defenses
“When using unexpected and unusual codes and symbols and make the visible web address look less suspicious and more as a normal website, the coding technique is designed to deceive security systems and make it difficult for the recipients and traditional filters to recognize the threat,” Barracuda explained.
The fake captchas, on the other hand, make the website look more legitimate while, at the same time, pass the basic security verifications.
The redundant protocol prefix technique implies elaboration of a URL that is only partially hyperlinks, or that contains non -valid elements (for example, two ‘https’ or not //). This hides the real destination of the link, while the active parties seem legitimate. The symbol @ can be used in a web direction to hide the malicious part of the URL.
Since everything before ‘@’ is treated as ‘user information’ by browsers, attackers can put something reliable there, such as ‘Office365’. The real destination of the link, the malicious destination page, comes after the ‘@’.
Your tycoon kit is also capable of a benign/malicious division in subdomains. It now allows threat actors to create false websites that use names apparently linked to known companies (for example, ‘Office365Scaffidips.azgcvhzauig.es)’. This could fool the victims to think they are dealing with a Microsoft subdomain, but the last part of the direction is the real phishing site of attackers.
Phishing is becoming more complex, more sophisticated and, therefore, more difficult to detect, per minute. Barracuda says that the best defense is a multilayer approach with several security levels that can detect, inspect and block an unusual or unexpected activity.
They also recommend automatic or automatic learning solutions, together with regular awareness of employees.
