Threat Watch

Stay informed of cybersecurity news & events

Attackers Abuse Cisco WebEx URLs to Redirect to Malware

Share on facebook
Share on twitter
Share on linkedin

Last week, security researcher Alex Lanstein found a phishing email abusing an open redirect from the Cisco WebEx website being used to deliver malware. An open redirect is a technique used to disguise the real destination of a link, abusing a situation in which a website will take any URL as one of the parameters it accepts and forwards the browser to that specified URL. For example, https://www.google.com/url?q=https://www.example.com will redirect to example.com (although Google has also implemented a warning page to make it clear the visitor will no longer be on Google’s site). Fixing open redirects can be very simple and implemented in a variety of ways, including the warning page used in the Google example. In the particular example that Alex gave, hovering over the “Join meeting” button shows what would appear to be the real secure-web.cisco.com domain but, looking more closely reveals the malicious address at the end.

ANALYST NOTES

Always be cautious of links sent from someone unexpected. Security awareness training almost always has some sections for phishing emails, but these open redirect ones can be harder to spot to the average person. If you weren’t expecting a WebEx invite, hover the mouse over the link to see the full link as shown above. It’s not always enough to look for a familiar domain name. To learn more: https://twitter.com/alex_lanstein/status/1192092706396233728

Contact Support

Please complete the form below and a member of our support team will respond as quickly as possible.