Reegun Richard Jayapaul, Lead Threat Architect at Trustwave SpiderLab, revealed a recent malware campaign that bypassed a specific email security system. As it turns out - the specially crafted malicious link parsing on the security system is “weak”, he claimed.
As Jayapaul explains, this is not about detection bypass: “it is more about the link parser of the email security systems that cannot identify the emails containing the link.”
Microsoft patches the flaw
Long story short - improper hyperlink translation results in email security systems allowing malicious links through to the end-user.
When using Microsoft Outlook on Mac, if a malicious actor sends the vulnerable vector (for example, http://trustwave.com) with hyperlinked file:///maliciouslinnk, the email gets delivered as file:///trustwave.com.
The link file then translates to the http version, after clicking.
It’s this link that’s not recognized by “any email security system”, and as such, gets delivered to the victim as a clickable link.
The report further claims that “multiple email security systems” were impacted, because some were not patched, while others have “logistics issues”. He did not name any specific systems, though, but added that the attack technique remains the same for all of them.
The researcher disclosed the vulnerability to Microsoft, and has since been labeled as CVE-2020-0696. The OS maker has issued a patch, and an automatic update.
Email is, by far, the most popular attack vector for most malicious actors. It is used to distribute malware, to phish victims out of their personally identifiable data, as well as payment data. Cybersecurity researchers are constantly warning how having an antivirus and firewall will not suffice, and that consumers and professionals should not +click on links, or download email attachments, unless they are absolutely certain in the sender’s good intentions.
- You might also want to check out our list of the best ransomware protection right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.