Malicious URL attacks using HTTPS surge across the enterprise

Organizations should be aware of the latest impersonation techniques and file service exploits.
Written by Charlie Osborne, Contributing Writer

Cyberattacks launched against the enterprise which makes use of the HTTPS protocol are increasing alongside spoofing and cloud-based threats, new research suggests.

According to FireEye's Q1 2019 Email Threat report, released on Tuesday, there has been a 26 percent increase in the use of malicious URLs made to appear legitimate through HTTPS, quarter-on-quarter, while the popularity of the traditional malware-laden email attachment is steadily falling.

"This indicated malicious actors are taking advantage of the common consumer perception that HTTPS is a "safer" option to engage on the Internet," FireEye says.

See also: FBI: US companies lost $1.3 billion in 2018 due to BEC scams

HTTPS is an updated version of HTTP which makes use of encryption and a security certificate which is validated by your browser on request when visiting a website implementing the system. Services including email providers, banks, and e-retailers will use the protocol which has now become synonymous with trustworthiness and legitimacy.

However, unsavory web developers are able to use HTTPS, too, through free, stolen, or fake security certificate issuers.

The report, based on the analysis of 1.3 billion emails, further suggests that phishing attacks have risen by 17 percent over Q1 2019. In total, almost 30 percent of all detections impersonate well-known brands including Microsoft, OneDrive, Apple, Amazon, and PayPal.

Nested emails, too, are appearing on the radar with increased frequency. Attackers send a phishing email which contains another email as an attachment, and it is the second message which contains malicious content. This technique, whilst not always successful, can make the detection of malware more difficult.

CNET: Emergency presidential alert texts could be faked, researchers say

In addition, file-sharing services are being used more frequently in cyberattacks against the enterprise. The report says there has been a "dramatic increase" in the use of such services -- including Google Drive and Dropbox -- to deploy malicious payloads during phishing campaigns.

Business Email Compromise (BEC) scams have historically often involved spoofed emails and messages which impersonate the chief executives of companies to elicit funds from victim firms or to gain an entryway into corporate networks. According to FireEye, threat actors are now increasingly striking payroll departments by requesting changes to an executive's personal information -- which may include bank details -- as well as through targeting weak links in the supply chain, such as by impersonating a supplier while in communication with an AP department.

TechRepublic: The KGB's eavesdropping and spying devices in everyday items

"We're seeing new variants of impersonation attacks that target new contacts and departments within organizations," said Ken Bagnall, VP of Email Security at FireEye. "The danger is these new targets may not be prepared or have the necessary knowledge to identify an attack. Unfortunately, once the fraudulent activity is discovered, the targeted organization thinks they've paid a legitimate invoice, when the transaction was actually made to an attacker's account."

These are the worst hacks, cyberattacks, and data breaches of 2019 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards