UPDATED 03:00 EDT / MAY 16 2024

SECURITY

Open redirect vulnerabilities exploited in ‘cat-phishing’ attacks, HP warns

A new report released today by HP Inc. is warning that cybercriminals are using “cat-phishing” techniques to deceive victims by redirecting them to malicious websites through seemingly legitimate links.

The finding came from the quarterly HP Wolf Security Threat Insights Report, which shows that attackers are relying on open redirects, overdue invoice lures and Living-off-the-Land techniques to sneak past defenses. Based on analysis of real-world cyberattacks, the report does a deep dive into explaining the cybersecurity landscape so organizations can keep up with the latest threats.

Cat-phishing was the key takeaway from the report, with attackers found to be using open redirects to cat-phish users. With cat phishing, attackers exploit vulnerabilities in legitimate websites, such as open redirect vulnerabilities, that allow them to manipulate URLs. With the seemingly legitimate URL in place, users can be deceived into clicking on a link that appears to lead to a trusted site but are then redirected to a malicious site without their knowledge.

Another campaign detailed in the report includes one that HP describes as “Living-off-the-BITS” that abused the Windows Background Intelligence Transfer Service. BITS is a legitimate mechanism used by programs and system administrators to download or upload files to web services and share files. The LotL technique helps attackers remain undetected by using BITS to download malicious files.

Fake invoices leading to HTML smuggling attacks are also an issue. HP’s researchers identified threat actors hiding malware inside HTML files posing as delivery invoices. The malicious invoices, once opened in a web browser, open the door for hacking, including deploying AsyncRAT, a form of open-source malware.

“Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative,” said Patrick Schläpfer, principal threat researcher at HP Wolf Security. “Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetize their access by selling it to cybercriminal brokers or by deploying ransomware.”

Other findings in the report included at least 12% of email threats identified by HP Sure Click Enterprise bypassing one or more email gateway scanners. The top threat vectors in the first quarter were email attachments sitting at 53%, followed by downloads from browsers at 25% and other infection vectors, such as USB thumb drives and file shares, coming in at 22%.

Image: ChatGPT 4o

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU