- Attackers misused Mimecast’s URL rewriting feature to mask malicious links in phishing emails
- More than 40,000 emails affect more than 6,000 organizations, especially consulting, technology
- The campaign bypassed filters globally, with most victims in the US, although Mimecast says no bugs exist
Cybercriminals are abusing a legitimate Mimecast feature to deliver convincing phishing emails to their victims – on a massive scale.
This is according to cyber security researchers Check Point, who claim to have seen more than 40,000 such emails sent to over 6,000 organizations around the world in just two weeks.
First, the crooks would create messages that look like e-mail messages from reputable brands (SharePoint, DocuSign, or other e-signature messages), paying attention to details such as logos, subject lines, and display names. Nothing in the messages stands out from routine notification emails.
Targeted advice, technology and real estate
At the same time, they would build phishing landing pages that capture credentials or deliver malware. These URLs are wrapped behind one or more legitimate redirect and tracking services, in this case – Mimecast.
Because this service rewrites links to route through a trusted domain, attackers submit their malicious links so that the final email shows a Mimecast domain instead of the real destination.
As a result, phishing emails successfully move past email security solutions and filters and land directly in their victims’ inboxes.
Check Point says that several industries were affected by this campaign, but a few – where contracts and invoice exchanges are an everyday thing – were hit particularly hard. These include consulting, technology and real estate. Other notable mentions include healthcare, finance, manufacturing and government.
The majority of victims are located in the United States (34,000), followed by Europe (4,500) and Canada (750).
Mimecast emphasized that this is not a vulnerability, but rather a legitimate feature being abused.
“The attacker campaign described by Check Point leveraged legitimate URL redirection services to obfuscate malicious links, not a Mimecast vulnerability. Attackers abused trusted infrastructure – including Mimecast’s URL rewriting service – to mask the true destination of phishing URLs. This is a common tactic where criminals exploit any recognized domain to avoid detection.”
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
