Within the multitude of cyber threats out there, malicious websites play a critical role in today’s attacks and scams. Malicious URLs can be delivered to users via email, text message, pop-ups or shady advertisements. The end result can often be downloaded malware, spyware, ransomware, compromised accounts, and all the headaches those threats entail. It should be evident that being aware of what a Malicious URL is, and how it can do damage, is key to your email security.
So, What is a Malicious URL?
Simply put, receiving a URL can be similar to a stranger inviting you to their house. Their invitation might promise food and drink, and you could go over for a visit, but you have no idea what will really happen until you walk inside. Who knows – in the best case scenario, there might be a homemade lasagna on the table and great company. A more “malicious invite” might mean your wallet will be stolen. It could also lead to you being kidnapped and held for ransom.
This doesn’t mean all strangers are out to get you, but when you click on a link from somewhere unexpected, how are you supposed to know where it will take you? You might actually win a prize (highly unlikely), but it is also highly probable it is a malicious URL and you’ll end up downloading a virus, malware, get phished or suffer any other scam.
It is also worth noting that sometimes malicious URLs may appear to be coming from a friend, but in many cases this is either them not being aware of what they’re sending you, or their email account has been compromised.
Malicious URLs Are Launchpads For Today’s Attacks
Malicious URLs are a big part of most of the cybersecurity threats we see today. They are a tool that cyber criminals use to:
- launch phishing campaigns meant to steal your personal information,
- get you to install malware, viruses or trojans, whether by downloading a file (without knowing it’s malicious) or as a drive-by-download that is prompted by something as simple as a mouse-over or other trick,
- launch a spam campaign against you that can involve phishing, malicious advertising, scams or other cyber-assisted fraud.
Stopping Malicious URLs
There are a variety of ways to block malicious URLs. Standard techniques would include comparing a potentially malicious URL against a blacklist, which would basically include known malicious domain names, hosts, and website content.
The challenge here is that many bad actors can circumvent these since they know what most filters are looking for. As well, the URL may redirect to a malicious site after you click, making it harder to detect initially.
This could also apply to famous, publicly known websites or services that have been “hijacked”. While their recognition drives more clicks, hosting malicious content after an abundance of links have been sent via email can pose an even more dangerous threat. Consider the case of Amazon’s cloud services getting hijacked for 2 hours earlier this year, allowing internet rascals to make off with $150,000 in cryptocurrency – what kind of risk would your users have faced if that attacked had been focused on pushing drive-by ransomware downloads instead?
The more successful method is to layer machine learning and predictive intelligence on top of these known malicious sources to infer whether a link is malicious or not. Other criteria that could be added to this include: Alexa Rankings, IP Reputation, email velocity, behavioural data from the sender and more.
The Importance of Time-of-Click Malicious URL Defense
With URL shorteners, email spoofing, and other developments in email threats, your method of protecting against malicious URLs needs to match today’s threats. It is key that when you click on a link, it ensures it is not malicious at the time of click. This means not only does an email get blocked if it contains a malicious URL, but also that users aren’t susceptible to URLs that become malicious after they’re delivered via email or other means. Reputation checks and other criteria may help, but ultimately, if a criminal controls a host environment for a malicious URL, they can make that website appear benign to filters, but then try to defraud users after the fact.
Time-of-click protection can be executed by a variety of means, whether it’s from applications or from solutions built into your users’ devices. However, for malicious links delivered through email (the most common kind), you need a solution that rewrites URLs at the email gateway and route them through a scanning environment that reviews host content with every click. This is the surest way to protect against malicious content. Especially if links are shared, forwarding, or viewed on private (BYOD) devices.
Malicious URL Defense is a Must
A frightening piece of research on the psychology of Phishing showed that a frighteningly large number of recipients, 10%, would click on a malicious link. That’s about 5 times the amount who would click on your standard marketing email. This is most likely because “phishers” are more willing to lie, but users are also susceptible to urgency, as well as to offers that appear too good to be true. This means that even a 10-person business is likely to have someone fall for a malicious link – so imagine the impact on organizations with 100, or even 1000 employees? Taking a chance with malicious URLs isn’t just a chance – you’re almost certain to face risks up close if you don’t get the right protection.
READ MORE:
A deep and rich technical exploration of work being done in Malicious URL research
The Vircom Datasheet on modusCloud’s URL Defense Solution
A technical look at Malicious URL Detection from Adaware
Leave a Comment