Cybercriminals are using three novel tactics to bypass scrutiny by security measures and launch phishing attacks. These include using Google Translate service, images, and special characters in text to hide malicious URLs.
While the overall volume of attacks using these tactics is currently low, with each tactic making up less than 1% of attempted phishing attacks, they are widespread, with between 11% and 15% of organisations affected, often with multiple attacks, a research report from Barracuda said.
In attacks that used the Google Translate service for websites to hide malicious URLs, attackers were found to use poorly-formed HTML pages or a non-supported language to prevent Google from translating the webpage. Google responds by providing a link back to the original URL stating that it cannot translate the underlying website.
Attackers embed these URLs in an email and if a recipient clicks on it, they are taken to a fake but authentic-looking website that is in fact a phishing website, the report said.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
In image-based phishing attacks, cybercriminals were found to be using images of invoices that include links or a callback phone number that, when followed up, leads to phishing.
Cyberattackers were also found to be using special characters, such as zero-width Unicode code points, punctuation, non-Latin script, or spaces, to evade detection.
This type of tactic, is also used in “typo-squatting” web address attacks, which mimic the genuine site but with a slight misspelling. When used in phishing emails, the special characters are not visible to the recipient and attackers insert a zero-width (no) space within the malicious URL embedded in a phishing email, breaking the URL pattern so that security technologies do not detect it as malicious.
Because these attacks do not include any text, traditional email security struggles to detect them, and these methods were found to be used to target around one-in-10 (11%) organisations in January 2023.
“Phishing is a common starting point for many cyberattacks, including ransomware, financial fraud and credential theft. With cyberattacks rising rampantly in India in recent times, cybercriminals continue to develop their phishing approaches to trap unwary recipients and avoid being spotted and blocked”, said Parag Khurana, Country Manager, Barracuda Networks India.
