A new technique is becoming increasingly common as a way to bypass security scanners. The challenge is that the specific execution is constantly evolving, making it difficult to detect, but not impossible to spot.
In an earlier time when trains served as the primary mode of long-distance transportation, individuals without tickets would often run alongside moving trains and hop onto the last train car to hitch a ride until it suited their needs.
They would then transition to the next train and repeat the process until they reached their desired destination. This practice - called "train hopping" - constituted the misuse of a legitimate service, serving the interests of the 'traveler' as long as it met their needs.
I've noticed a similarity concerning cyber attacks, where legitimate web services are momentarily misused within a cyber attack. As a result, I've decided to introduce a new cybersecurity term - '"ite hopping." This term describes when an attacker exploits several website's legitimate functions to obscure the final web destination to which victims of a phishing scam are directed.
We've recently observed in-the-wild examples of this, including the misuse of the Salesforce website. The objectives of site hopping seem to be twofold: either to take advantage of the 'hopped' site's legitimacy or to exploit the site's technology in a way that hinders security solutions from effectively performing their tasks.
While I don’t know if it will take off beyond this blog, you heard it here first!
While writing an article about the recent increases in phishing attacks based on cybersecurity vendor VadeSecure’s Q3 2023 Phishing and Malware Report, I came across yet another example of site hopping involving both the website of Chinese internet technology company Baidu and the website security company Cloudflare.
According to the report, the site hopping is super simple, but effective. Initially, the attack misuses a redirect function built into the Baidu website. Phishing scammers would initially point a malicious link within an email to the Baidu website’s redirect link (to establish legitimacy with scanners) that then site hop to Cloudflare, where an impersonated Microsoft 365 login page is being hosted. Cloudflare’s antibot functionality is taken advantage of to keep out security scanning solutions.
This use of site hopping is designed to render security solutions somewhat useless, leaving your users to be the final layer of security. But those users will only help to stop attacks if they remain vigilant when interacting with email and the web – something taught through continual security awareness training.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Here's how it works:
