Functionality Misuse from Multiple Legitimate Company Websites is the Latest Example of ‘Site Hopping’

Misuse Websites Site Hopping

A new technique is becoming increasingly common as a way to bypass security scanners. The challenge is that the specific execution is constantly evolving, making it difficult to detect, but not impossible to spot.

In an earlier time when trains served as the primary mode of long-distance transportation, individuals without tickets would often run alongside moving trains and hop onto the last train car to hitch a ride until it suited their needs.

They would then transition to the next train and repeat the process until they reached their desired destination. This practice - called "train hopping" -  constituted the misuse of a legitimate service, serving the interests of the 'traveler' as long as it met their needs.

I've noticed a similarity concerning cyber attacks, where legitimate web services are momentarily misused within a cyber attack. As a result, I've decided to introduce a new cybersecurity term - '"ite hopping." This term describes when an attacker exploits several website's legitimate functions to obscure the final web destination to which victims of a phishing scam are directed.

We've recently observed in-the-wild examples of this, including the misuse of the Salesforce website. The objectives of site hopping seem to be twofold: either to take advantage of the 'hopped' site's legitimacy or to exploit the site's technology in a way that hinders security solutions from effectively performing their tasks.

While I don’t know if it will take off beyond this blog, you heard it here first!

While writing an article about the recent increases in phishing attacks based on cybersecurity vendor VadeSecure’s Q3 2023 Phishing and Malware Report, I came across yet another example of site hopping involving both the website of Chinese internet technology company Baidu and the website security company Cloudflare.

According to the report, the site hopping is super simple, but effective. Initially, the attack misuses a redirect function built into the Baidu website. Phishing scammers would initially point a malicious link within an email to the Baidu website’s redirect link (to establish legitimacy with scanners) that then site hop to Cloudflare, where an impersonated Microsoft 365 login page is being hosted. Cloudflare’s antibot functionality is taken advantage of to keep out security scanning solutions.

This use of site hopping is designed to render security solutions somewhat useless, leaving your users to be the final layer of security. But those users will only help to stop attacks if they remain vigilant when interacting with email and the web – something taught through continual security awareness training.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Email Security

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews