A phishing campaign exploiting a bug in Nespresso’s website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.
The campaign starts with a phishing email that appears to have been sent from an employee with Bank of America, with a message to “please check your recent [Microsoft] sign-in activity.” If a target clicks, they are then directed to a legitimate but infected URL controlled by Nespresso. according to research today from Perception Point.
Because the address is legitimate, the hijacked Nespresso site triggers no security warnings, the report explained. The Nespresso URL then delivers a malicious .html file doctored up to look like a Microsoft login page, intended to capture the victim’s credentials, the Perception Point team added.
The attackers are making use of an open redirect vulnerability in the coffee giant’s webpage, the researchers explained: “Open redirect vulnerabilities occur when an attacker manages to redirect users to an external, untrusted URL through a trusted domain. This is possible when a website or URL allows data to be controlled from an external source.”
Attackers know that some security vendors “only inspect the initial link, not digging further to discover any hidden or embedded links,” they added. “With this knowledge, it makes sense that the attacker would host the redirect on Nespresso, as the legitimate domain would likely be sufficient to bypass many security vendors, detecting only the reputable URL and not the subsequent malicious ones.”
This particular campaign has been launched from several different sender domains, but it consistently uses the infected Nespresso URL and the fake Bank of America email in the cyberattacks, the report added. Neither Perception Point nor Nespresso immediately returned a request for comment on whether the open-direct vulnerability has been fixed.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.darkreading.com/cyberattacks-data-breaches/nespresso-domain-phish-cream-sugar
