Malicious site hopping

B2B Cyber ​​Security ShortNews

Share post

Recently, a new technique for bypassing security scanners has been increasingly used, namely “site hopping”. This technology is subject to constant development, which makes it more difficult to detect, but not impossible.

Historically, there have been similar phenomena to jumping on trains. People without a ticket took the opportunity to walk alongside moving trains and jump into the last carriage that suited their needs in order to travel. This practice constituted an abuse of a legitimate service as long as it met travel needs.

It is striking how parallels emerge between such historical phenomena and cyberattacks, in which legitimate web services are temporarily exploited for attacks. This has led to the introduction of a new term in cybersecurity, namely “site hopping”. This term describes situations in which attackers use the features of various websites to disguise their true intentions and redirect victims of phishing scams to other targets.

Examples of site hopping

Some examples of site hopping have already occurred, such as the abuse of the Salesforce website. The attackers apparently have two goals: exploiting the legitimacy of the affected website or disrupting the security systems in order to impair their functions. Another example of site hopping is the Baidu website and security company Cloudflare, according to cybersecurity provider VadeSecure's Q3 2023 Phishing and Malware Report. The latest attack first abused the Baidu website redirect function by pointing a malicious link to the Baidu website redirect link in an email to feign legitimacy. This was followed by a jump to Cloudflare, where a fake Microsoft 365 login page was hosted. Cloudflare's antibot functionality was used to trick security scanners.

The method aims to bypass security solutions, meaning internet users' attention and awareness are crucial to preventing attacks. Fake websites, like in the example mentioned, must be recognized by users in order to prevent attacks such as so-called site hopping. Continuous security awareness training with modern and varied content can help raise users' awareness of these risks.

More at KnowBe4.com

 


About KnowBe4

KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.


 

Matching articles on the topic

Researchers find 26 billion access data on the web

A package with 26 billion data records containing access data appeared online. It is said to contain user access data at many companies ➡ Read more

Data offering: Every third company appears on the dark web

In the last two years, one in three companies worldwide have offered compromised data for sale on the dark web. A big ➡ Read more

Fast food chain Subway probably victim of Lockbit

Many sources indicate that the Subway company was the victim of a cyberattack by LockBit. The operator Subway is there ➡ Read more

Russian APT group attacked Microsoft 

According to its own information, Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors had ➡ Read more

Many German chambers of crafts remain offline

The IT service provider ODAV was the victim of a cyber attack at the beginning of January. Because the service provider provides many services for the German Chamber of Crafts ➡ Read more

Security awareness against phishing attacks

The increasing spread of deepfake and AI technologies poses a serious threat, particularly in the area of ​​phishing attacks. These technologies enable ➡ Read more

Cat and mouse game in IT security

Looking back at 2023, we can see that the topic of AI has had a significant impact on IT security. That will too ➡ Read more

Politically motivated attacks by hackers

The nature of cyberattacks is changing. In the past it was mostly about blackmail, today it's also about destruction. That political tensions are increasing ➡ Read more

[starbox id=USER_ID] <🔎> ff7f00 Installation of a hinged box
Chrome on Windows