The activity of hackers and scammers never stops, especially in this period when the COVID-19 pandemic has forced the vast majority of people home and the emergence of new habits such as remote work is giving rise to greater security risks. As if that wasn't enough, the emotional stress resulting from the difficult situation we are experiencing often leads, even unconsciously, to lower our guard, creating the ideal terrain for web criminals.
A search for Barracuda Networks brought to light a new technique used by cybercriminals, which with increasing frequency make use of the reCAPTCHA system to hide dangerous content and harmful from email security systems and URL analysis and mislead unsuspecting users.
Hackers use reCAPTCHA to hide malicious web pages
reCAPTCHA that system, owned by Google, which is normally used to verify that a specific service or function of a website is used by a human user in order to prevent any automated attacks by bots to saturate the resources of a site in order to put it out of play. Web criminals are now using this system with a twofold intent: the main one, as mentioned, to conceal harmful content in the eyes of automated URL analysis systems, while the second is to make websites and counterfeit pages more credible to eyes of the potential victim.
Barracuda researchers have detected a single phishing email campaign that he has invited 128 thousand messages to various companies and employees, using just these reCAPTCHA-walls to hide Microsoft's obviously counterfeit log-on pages. The campaign uses a voicemail receipt as bait to trick users into passing the reCAPTCHA check before being directed to a counterfeit page, where log-in credentials are, if entered, delivered directly to the criminals.
There are proactive measures that can be taken by companies and individuals to prevent security breaches but, as we often want to clarify when we talk about these issues, it is important to remember that security should not be considered a simple "product", as much as a " process "whose strength is equal to that of the weak link of the whole chain. For this reason, solutions that can help prevent problems are obviously welcome, but knowledge and awareness of the risks is obviously important. It is the combination of knowledge of the risks and measures that makes a safety approach solid: therefore it is good that employees at the company level are trained to understand and know the various threats and therefore adopt the right degree of caution that alone can contribute to reduce the risks.