{"id":3208,"date":"2024-04-22T14:35:01","date_gmt":"2024-04-22T19:35:01","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/nespresso-domain-phish-cream-sugar"},"modified":"2024-04-22T14:35:01","modified_gmt":"2024-04-22T19:35:01","slug":"nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/04\/22\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar\/","title":{"rendered":"Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt587f16114c56b0e4\/6626ae952b9a4f4490ee857b\/Nespresso_Coffee_GOIMAGES_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A phishing campaign exploiting a bug in Nespresso&#8217;s website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The campaign starts with a <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/oil-gas-sector-falling-for-fake-vehicle-incident-email-lure\" rel=\"noopener\">phishing email<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that appears to have been sent from an employee with Bank of America, with a message to &#8220;please check your recent [Microsoft] sign-in activity.&#8221; If a target clicks, they are then directed to a legitimate but infected URL controlled by Nespresso. according to research today from Perception Point.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Because the address is legitimate, the hijacked Nespresso site triggers no security warnings, the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/perception-point.io\/blog\/phishing-attack-exploits-nespresso-open-redirect-vulnerability\/\" rel=\"noopener\">report <\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">explained. The Nespresso URL then delivers a malicious .html file doctored up to look like a Microsoft login page, intended to capture the victim&#8217;s credentials, the Perception Point team added.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The attackers are making use of an open redirect vulnerability in the coffee giant&#8217;s webpage, the researchers explained: &#8220;Open redirect vulnerabilities occur when an attacker manages to redirect users to an external, untrusted URL through a trusted domain. This is possible when a website or URL allows data to be controlled from an external source.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Attackers know that some security vendors &#8220;only inspect the initial link, not digging further to discover any hidden or embedded links,&#8221; they added. &#8220;With this knowledge, it makes sense that the attacker would host the redirect on&nbsp;Nespresso, as the legitimate domain would likely be sufficient to bypass many security vendors, detecting only the reputable URL and not the subsequent malicious ones.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">This particular campaign has been launched from several different sender domains, but it consistently uses the infected Nespresso URL and the fake Bank of America email in the cyberattacks, the report added. Neither Perception Point nor Nespresso immediately returned a request for comment on whether the open-direct vulnerability has been fixed.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/nespresso-domain-phish-cream-sugar\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A phishing campaign exploiting a bug in Nespresso&#8217;s website has<\/p>\n","protected":false},"author":12,"featured_media":3209,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3208","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=2560%2C1714&ssl=1",2560,1714,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=300%2C201&ssl=1",300,201,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=640%2C428&ssl=1",640,428,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=640%2C428&ssl=1",640,428,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=1536%2C1028&ssl=1",1536,1028,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=2048%2C1371&ssl=1",2048,1371,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=1024%2C685&ssl=1",1024,685,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/04\/nespresso-domain-serves-up-steamy-cup-of-phish-no-cream-or-sugar-scaled.jpg?fit=2560%2C1714&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3208"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3208\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3209"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}