Threat actors have exploited cybersecurity firm Mimecast's secure-link rewriting capability to deploy over 40,000 phishing emails mimicking SharePoint and DocuSign worldwide, Cybernews reports.Malicious links wrapped in a trusted Mimecast Protect domain have been combined with seemingly legitimate emails that included Microsoft logos, SharePoint layouts, and fake display names that aimed to correspond with authentic notification patterns, an analysis from Check Point showed.Another scam involved the use of Bitdefender GravityZone and other legitimate redirect services to conceal a DocuSign-themed phishing page, said researchers, who noted that obfuscation of the destination URL hindered detection. Such an issue was not a system vulnerability, noted Mimecast."The attacker campaign described by Check Point exploited legitimate URL redirect services to obfuscate malicious links, not a Mimecast vulnerability. Attackers abused trusted infrastructure including Mimecast's URL rewriting service to mask the true destination of phishing URLs. This is a common tactic where criminals leverage any recognized domain to evade detection," Mimecast added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds