Researchers spoof ‘Vanity URL’ links of Box, Google and Zoom

News
Researchers on Wednesday found that some applications do not validate the legitimacy of a vanity URL’s subdomain, but only validate the Universal Resource Locator (URI). As a result, threat actors can use their own SaaS accounts to generate links to malicious content that appears to be hosted by a company’s sanctioned Software-as-a-Service account.

Phishing campaigns often have typos, fake links that are far too obvious, and other red flags that most individuals can identify with relative ease, said Corey O’Connor, director of products at DoControl. O’Connor was concerned that by simply changing the subdomain, a bad actor can create a link that appears completely legitimate.

“Negligent insiders continue to fall for less convincing phishing attempts,” O’Connor said. “This vulnerability widens the attack vector in SaaS, and does so in a very convincing way. It’s another example where SaaS security and insider risk need to be prioritized and more effectively managed by CISOs and practitioners respectively.”

Read the full article
Get updates to your inbox
Our latest tips, insights, and news
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
Get updates to your inbox
Our latest tips, insights, and news