A complex attack operation was recently discovered, in which cyber attackers used Cisco’s security infrastructure to perform online deception maneuvers. Attackers are targeting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network controls, taking advantage of the credibility associated with the Cisco name in the security industry.
According to Raven AI analysis, the attack vector leverages Cisco Safe Links, a component of Cisco’s Secure Email Gateway and Web Security Suite that rewrites suspicious URLs in emails, routing clicks through Cisco’s scanning infrastructure at secure-web.cisco[.]com. Attackers have discovered several methods to generate legitimate Cisco Safe Links for malicious purposes. malicious.
When users see URLs that begin with secure-web[.]cisco.com, they instinctively trust the link because of Cisco’s reputation for cybersecurity, creating what researchers call “trust by association.” The attack also bypasses traditional email security gateways because many systems focus their analysis on the domains visible in the URLs.
Key techniques include exploiting cloud services that send email through Cisco-secured environments and recycling previously generated secure links from previous campaigns. When the domain appears as secure-web.cisco[.]com, it often slips through filters that would otherwise flag suspicious content.
Recent examples detected by Raven AI include professional-looking “Document Review Request” emails from purported e-signature services, complete with appropriate branding and corporate terminology.
Raven AI’s contextual AI successfully identified these attacks by simultaneously analyzing multiple signals, including inconsistent sender identities, suspicious URL structures with encoded parameters, and document request patterns commonly used in credential phishing. The system’s ability to understand legitimate business workflows allows it to spot when communications deviate from expected patterns, even when they appear poorly crafted. professional.
This is leading to a radical transformation in the cyber threat landscape, where attackers are targeting organizational processes and user psychology, going beyond simple technological vulnerabilities.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
