URL Hunting: Proactive Cybersecurity Designed to Improve Outcomes

By Zack Schwartz, Chief Revenue Officer, Trustifi

As a provider of cybersecurity, we notice when certain trends begin to emerge, judging mostly from the interest and response levels that we hear from our end-clients and our managed services providers (MSPs) in the field. Lately, our sales teams have found a message that’s resonating within the business community:  IT administrators are looking for more proactive ways to identify and evaluate threats within their company’s email data. They want details on attempted cyberthreats, they want analysis, and they don’t necessarily want to wait for filters to catch this material. They want to be able to extend their tools into the email data network in search of malicious links.

URL hunting can accomplish this. URL hunting tools can search through email data and gather intelligence about potentially malicious links, giving IT teams the information they need in order to mitigate active threats in a more precise and immediate manner. A sophisticated URL hunting tool, in fact, is able to identify every link that’s been clicked on in a network. Such a capability comes in handy when an IT administrator wants to check for certain known viruses.

URL Hunting in Email Security, Defined

URL hunting, sometimes also known as threat hunting, is the proactive practice of searching for and investigating potentially malicious links that reside on an email server, which typically enter the network via phishing attempt or malware-infected message. This process can pinpoint compromising emails that were stealthy enough to circumvent an organization’s passive cybersecurity filters. This, unfortunately, is happening more frequently as hackers evolve their methods and acquire better, AI-based tools.

No solution is 100 percent perfect, but traditional SEG (security email gateway)-based solutions often rely on the whitelisting and blacklisting of known dangerous IP addresses, and therefore are less effective against advanced, AI-generated phishing attempts, where the convincing message itself is what deceives victims into clicking ill-intentioned links.

These URLs often direct to a clever impostor site that spoofs a recognizable vendor or financial institution, requesting log-in and password information. Links can also lead victims to supply credentials for their email accounts, resulting in those accounts being hacked. Cybercriminals often target high-level executives for this activity, since they can use an authoritative email account to demand wire transfers, access financial accounts, or gather personal identifying information about additional employees. This is referred to as BEC or Business Email Compromise, and its prevalence is escalating in the workplace. According to a Microsoft Cyber Signals report from May 2023, BEC attacks have increased by 38 percent over the past four years.

Only a limited amount of cybersecurity solutions incorporate URL hunting, which functions like a search engine that can root out dangerous material. IT administrators can proactively use these tools as a complementary strategy, or can reactively apply the tool when a known threat is suspected of being triggered on a business network. For instance, if an employee has fallen victim to a phishing scheme on his home computer, the IT team can check whether that same malicious URL has been visited on his office email server, and if others on the network have received and clicked on the perpetrating link. Or, if administrators get wind of certain link-based malware that is rearing its head in a particular industry, they can identify what users on their own system have visited the offending URL.

How Analytics Can Inform Remediation

Not only does a URL hunting tool enhance the administrator’s ability to discover this harmful activity, it can also provide administrators with intelligence to help determine the scope and details of the attack, such as the IP address where the impostor page is being hosted. A sophisticated URL hunting mechanism can perform advanced automated functions, such as presenting the email content to the administrator for examination, blacklisting both the link and the sender’s IP addresses for the future, and/or eradicating the message from the recipient’s inbox. Detailed analysis of these circumstances can empower IT teams to devise a targeted mitigation plan when an existing threat is revealed.

Proactive Link Hunting Will Improve Security Outcomes

Rather than waiting for screens and filters to catch questionable material, a URL hunting strategy proactively gives an IT team the insights necessary to identify a threat, assess damage, and take appropriate action to mitigate risks. When used in a multi-layered security stack, URL hunting allows a company to better thwart the damage done by unauthorized access or email account compromise. And in a security environment where hackers’ strategies are accelerating all the time, few businesses have the luxury to sit back and wait.

So, get hunting.

About the Author

Zack Schwartz is Trustifi’s Vice President of Strategic Partnerships, who oversees the company’s MSP Channel Program. He works to assemble resources for MSPs and MSSPs including online tools like the Trustifi MSSP multi-tenant dashboard, plus their self-paced sales training and virtual training labs to educate partners on the company’s breakthrough, relay-based approach to cyber security. Zack provides leadership to Trustifi’s sales, operations and marketing teams, and works closely with MSPs to ensure their email cybersecurity initiatives are well-implemented and supported. https://trustifi.com/