So-called vanity URLs failed to validate subdomains by BOX, and GOOGLE DOC, which enhances their phishing campaigns, as revealed by security researchers.
Vanity URLs can be customized to include a brand name and description of the link’s purpose and typically redirect to the longer URL.
Vanity URLs are widely used by software-as-a-service(SaaS) applications, share or request files and invite users to register for events, etc.
The vulnerabilities discovered by attackers in BOX, ZOOM, and GOOGLE DOC, allow the attackers to abuse the apparent reassurance vanity URLs of recipients that they are dealing with a legal organization rather than the cybercriminals.
Varonis threat lab researchers found that the SaaS application confirmed vanity URLs URI, but not its descriptive subdomains.
This enables threat actors to use their SaaS accounts to generate links to malicious content which appears to be hosted by the company sensation SaaS account.
In a case, where they would normally block a facked or misspelled URL since we are spoofing the real URL these types of technologies can not filter or flag the URL as malicious automatically.
BOX is the popular cloud content management app, patched flows affecting vanity URLs for file sharing and public forms which are used to request files and their information.
An attacker can also brand a google form requesting sensitive confidential data with targeted companies’ logs as yourcomapanydmoain.doc.google.com/forms/d/e/:form _id/ viewform.
Varonis said that to make it more thrust worthy, the form could require registering with an email from your company domain.
