Fast Facts
-
Emerging Threat: A new phishing tool, Quantum Route Redirect, simplifies attack processes for low-skilled cybercriminals, making sophisticated phishing campaigns more accessible.
-
Bypassing Security: This tool incorporates an evasive redirect feature that effectively circumvents even advanced email protections like Microsoft 365’s security systems.
-
Global Impact: Researchers have observed Quantum Route Redirect being used in phishing campaigns affecting users in 90 countries, predominantly the United States, highlighting its extensive reach.
-
Defensive Strategies: Organizations are encouraged to enhance security by utilizing advanced natural language processing and implementing robust URL filtering and sandboxing technologies to combat such sophisticated attacks.
[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Phishing Tool Uses Smart Redirects to Bypass Detection’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘
A new phishing tool targeting Microsoft 365 users has entered the chat, further democratizing social engineering campaigns for lower-skilled cybercriminals.
The tool, called Quantum Route Redirect, simplifies what was once a technically complex campaign flow, as well as offers a uniquely evasive redirect feature that can bypass even robust email protections. Researchers from KnowBe4 observed the tool in the wild beginning in August when they uncovered a phishing campaign aimed at stealing credentials of 365 users, they revealed in a blog post this week.
Currently, about 1,000 domains are hosting the Quantum Route Redirect, which offers an “advanced automation platform” that is designed to streamline campaign functions such as traffic rerouting and victim tracking.
So far, the campaign researchers observed using the tool has successfully compromised victims across 90 countries, “demonstrating remarkable international reach,” KnowBe4 analysts Jeewang Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke wrote in the post. Most of the attacks have occurred in the US, accounting for 76% percent of affected users, while the remaining 24% are distributed across the globe on all continents except Australia.
“Quantum Route Redirect represents a concerning evolution in cybercrime accessibility,” they observed. “By removing technical barriers, it’s enabling a new generation of threat actors to launch sophisticated campaigns with minimal expertise.”
Simple Phishing Campaign Development
There are two key ingredients in its secret sauce that make Quantum Route Redirect a powerful new weapon for fledgling phishing attackers, the researchers noted. One is its simplicity, offering “a preconfigured setup that removes the technical expertise needed to launch such a sophisticated phishing campaign — which in turn can increase the volume of advanced phishing attacks targeting organizations globally,” the researchers noted.
The tool turns previously tricky-to develop attack steps into one-click launches that make it simple for even the least sophisticated attacker to develop a solid campaign with diverse themes and tactics designed to maximize victim engagement. These include: Docusign and other service agreement impersonation; payroll impersonation; payment notification emails; missed voicemail messages, and QR code phishing, or quishing.
Moreover, the URLs consistently follow the pattern “/([\w\d-]+\.)Expand Your Tech Knowledge[\w]Explore the future of technology with our detailed insights on Artificial Intelligence.\/quantum.php/” and are typically hosted on parked or compromised domains, which can help attackers socially engineer the human targets of these attacks and give them the power of brand impersonation to fool victims. “Each variant ultimately funnels recipients toward the same goal: credential harvesting pages that are managed via Quantum Route Redirect,” the researchers wrote.
Quantum Route Redirection Bypasses Security
This is where the second key aspect of the tool comes into play: a redirect system that allows it to quickly bypass protections on Microsoft 365 email systems. On a business or enterprise deployment of Microsoft 365, these typically include Microsoft Exchange Online Protection (EOP), a secure email gateway (SEG), and potentially integrated cloud email security (ICES) products, which are the most difficult to penetrate.
These detection technologies depend on URL scanning, with some analyzing URLs at the point of delivery only, quarantining suspicious emails and routing seemingly safe ones to a user’s inbox. Cybercriminals already have cracked this defense by changing the end destination of the email once it has passed this initial analysis. Therefore, some products also perform time-of-click analysis and block users from visiting a link if the URL is weaponized after delivery.
To bypass even these advanced detections, Quantum Route Redirect payloads delivered by phishing hyperlinks can automatically differentiate between and manage types of “visitors” — i.e., whether they are security tools or people — through an intelligent redirect system.
Thus, a security tool scanning a hyperlink will be redirected to legitimate websites and therefore led to believe the original email is harmless, allowing the recipient to interact with it. People who engage with the hyperlink, however, are sent directly to phishing webpages.
KnowBe4 researchers said they have observed Quantum Route Redirect deceiving even Web application firewall products, “enabling attacks to bypass multiple different layers of security,” they said.
How to Defend Against Advanced Phishing Campaigns
As attackers level up in their use of ever-more sophisticated tools that leverage AI and other tactics to bypass the latest security technologies, defenders also must consider improving their security posture to protect corporate email systems.
For attacks that use Quantum Route Redirect technology, organizations should consider the difference between integrated cloud email security products and traditional email security such as SEG, specifically in their use of natural language processing (NLP) and natural language understanding to analyze the content of an email message. NLP can be used along with domain and URL analysis, impersonation detection and other defenses to can help pick up the context of messages and bust intelligent redirection employed by the tool, the researchers noted.
Additionally, organizations should ensure that both their email security and web application firewall products have URL filtering to mitigate attacks like the ones Quantum Route Redirection facilitates. KnowBe4 also recommended that organizations deploy sandboxing technologies, either internally or through managed security service providers, to inspect potentially malicious emails.
‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of
[/gpt3]
Discover archived knowledge and digital history on the Internet Archive.
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Stay inspired by the vast knowledge available on Wikipedia.
CyberRisk-V1
