"Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge"
A new analysis of threat data reveals that phishing attacks leveraging unvalidated redirects on Google Meet and Google DoubleClick platforms increased by 85 percent between the first and second quarters of 2021. The security vendor GreatHorn reported that most of the attacks were primarily aimed at luring users to sites performing credential harvesting, payment fraud, and auto-downloads of malware. According to the Open Web Application Security Project (OWASP), an unvalidated or open redirect vulnerability stems from the acceptance of untrusted input by a Web application that could result in the Web application redirecting users to another URL. For example, modifying the URL of a site by adding a link to another destination to the end of the original URL can allow an attacker to easily redirect users to websites that they have chosen. OWASP emphasizes that the modification of untrusted input to a malicious site can lead to successful phishing scams and user credential theft. Since the server name in the modified link is the same as the original site, phishing attempts are likely to appear more trustworthy. GreatHorn said its threat intelligence team discovered that attackers are adding a link redirect instruction with a URL to a different destination to the end of Google's actual URL for Google Meet. The attackers have included these redirect links in phishing emails to increase the rate at which recipients click on the URL since the server's name belongs to Google. They have also been adding an advertising URL to the end of the legitimate URL for Google's DoubleClick advertising platform. As the Google platforms accept open redirects, they do not verify the target URL. Therefore, any user who clicks on a link thinking it is a Google domain would be redirected to the malicious one. This article continues to discuss findings surrounding the leveraging of open redirects on Google's sites in a phishing campaign and how organizations can prevent open redirects.
Dark Reading reports "Attacks Leveraging Open Redirects on Google Meet, DoubleClick Surge"