Cybercriminals Target Cisco Secure Links to Bypass Network Filters and Evade Link Scanners
A sophisticated attack campaign has been uncovered, revealing that cybercriminals are weaponising Cisco’s own security infrastructure to conduct phishing attacks. The attackers exploit Cisco Safe Links technology, which is designed to protect users from malicious URLs, to evade detection systems and bypass network filters by leveraging the trust associated with Cisco’s security brand. Attackers utilise legitimate Cisco Safe Links to conceal malicious URLs, taking advantage of Cisco’s trusted reputation. Security systems inherently trust Cisco domains, allowing these malicious wrapped URLs to pass through filters undetected. Context-aware AI has been developed to detect these attacks through behavioural analysis, identifying patterns that traditional security solutions often miss.
According to Raven AI analysis, the attack vector exploits Cisco Safe Links, a component of Cisco’s Secure Email Gateway and Web Security suite that rewrites suspicious URLs in emails, routing clicks through Cisco’s scanning infrastructure at secure-web.cisco[.]com. Attackers have discovered various methods to generate legitimate Cisco Safe Links for malicious purposes, including compromising accounts within Cisco-protected organisations and recycling previously generated Safe Links. When users encounter URLs beginning with secure-web[.]cisco.com, they instinctively trust the link due to Cisco’s reputation in cybersecurity, creating a phenomenon known as “trust by association.” Raven AI’s context-aware artificial intelligence successfully identifies these attacks by analysing multiple signals, including inconsistent sender identities and suspicious URL structures, allowing it to detect deviations from expected communication patterns, even when the emails appear professionally crafted.
Categories: Cybersecurity Threats, Phishing Techniques, AI Detection Methods
Tags: Attack Campaign, Cisco Safe Links, Phishing Attacks, Cybercriminals, Security Infrastructure, Behavioral Analysis, Trust by Association, Email Security, Context-aware AI, Malicious URLs