KNOWN FACT: Malicious links are hosted on legitimate services like Google, Microsoft, AWS (Amazon Web Services), Wix, GoDaddy and many others, and these services are thought safe by many security services. The malicious links are open doors to breaches, which aren’t just the loss of critical business or customer data, there is also a risk of loss of IP, shareholder value, lawsuits, and financial payouts. Eighty-two percent of breaches start with a human compromise according to the Verizon 2022 Data Breach Investigations Report. And linked-based attacks using malicious URLs are one of the ways cybercriminals are initiating the breaches. In our latest State of Phishing Report, we found that malicious URLs from 2021 to 2022 increased by 61 percent, equating to 255 million phishing attacks detected in 2022.
Linked-based attacks, such as URLs that will lead people to web pages that impersonate another organization, is one of three categories of threats used to attack. The others are attachment-based attacks, such as PDF files that contain ransomware, and natural language attacks such as Business Email Compromise (BEC). In this post, we’ll take a look at the link-based attacks; however, it is noteworthy that SlashNext is virtually the only security vendor that offers zero-hour protection against all three categories.
Let’s take a look at link-based attacks, which are also known as malicious HTML links, malicious URLs, or malicious hyperlinks. They are links in a web page, messaging app, or email that redirect the user to a website hosting malicious software, such as a virus or a phishing scam. In essence, they are designed to trick the user into clicking on the link, which then infects their device or steals their personal information.
Here are a few examples of malicious site use cases:
- Credential stealing: Sites that mimic legitimate websites (like Google, Microsoft, and AWS) and ask for personal information such as login credentials or financial information.
- Malware delivery: URLs that lead to download pages for malicious software such as viruses, Trojans, and ransomware.
- Exploit kits: Sites that exploit vulnerabilities in software or operating systems to install malware without the user’s knowledge.
- Ad fraud: URLs that use malware to manipulate online advertisements and generate revenue for the attacker.
- Tech support scams: URLs that pretend to be from a legitimate tech support organization and trick the user into paying for unnecessary services.
- In addition to using a solution such as our SlashNext Integrated Cloud Email plus mobile and web messaging security, it’s also important to always be cautious when clicking on links, and to verify URLs before entering personal information or downloading any software.
Many companies have fallen as victims to attacks using malicious URLs. Some well-known examples include:
- Colonial Pipeline: In May 2021, the U.S. fuel pipeline operator suffered a ransomware attack that led to the shutdown of its operations. The attack was carried out through a malicious URL that installed ransomware on Colonial Pipeline’s systems.
- Twitter: Suffered a data breach in July 2021 that was caused by a malicious URL. The attackers used a phishing scam to gain access to the Twitter accounts of several high-profile individuals, including politicians, celebrities, and business leaders. The attackers used a malicious URL that led to the installation of malware on the victims’ systems, which allowed them to take control of their Twitter accounts and post unauthorized tweets.
- Accellion: In January 2022, the file sharing software company suffered a data breach that exposed the personal information of thousands of users. The attack was carried out through a malicious URL that exploited a vulnerability in Accellion’s software.
- Irish Health Services Executive (HSE): In May 2021, the HSE suffered a ransomware attack that disrupted the healthcare system in Ireland. The attack was carried out through a malicious URL that installed ransomware on HSE’s systems.
- JBS: In June 2021, the world’s largest meatpacking company suffered a ransomware attack that disrupted its operations. The attack was carried out by a group of hackers who demanded a ransom payment in exchange for the decryption of the encrypted data.
These are just a few examples of the many companies that have been affected by malicious URLs. Again, it’s important for companies to take steps to protect themselves and their customers from these types of attacks. They can regularly update their systems, use strong authentication methods, and train employees to identify and avoid malicious URLs, as well as implement a security platform like ours.
With SlashNext, you can stop the link-based threats that matter, including credential harvesting, spear phishing, scams, frauds, and smishing attacks. We use artificial intelligence (AI) and machine learning (ML) to analyze billions of URLs in real time and identify those that are malicious. SlashNext protects against malicious URLs and exploits that evade security solutions and lead to business disruption, financial loss, and customer trust.
Protecting email is only one part of a defense-in-depth strategy. SlashNext protects the modern workforce from malicious messages across all digital channels. Our patented HumanAI™, a combination of computer vision, natural language processing, and behavioral contextualization, detects threats in real time with 99.9% accuracy. SlashNext Complete™ integrated cloud messaging security platform stops zero-hour threats in email, mobile, and web messaging apps across M365, Gmail, LinkedIn, WhatsApp, Telegram, Slack, Teams, and other messaging apps to detect and prevent threats before they become a breach.
By using SlashNext, organizations can reduce the risk of data breaches, financial losses, and reputation damage caused by malicious URLs. The platform helps organizations to protect their users and systems from threats such as phishing, malware, ad fraud, and more.