- Get link
- X
- Other Apps
Vade Secure has discovered a wave of spam emails arriving straight into inboxes without going through the transport layer. The wave, which had a daily high of 300,000 spam messages, was spotted across Europe, including France and Italy. Prevent spam messages by installing total security.
That's how it works
Vade Secure security researchers suspect that cybercriminals are using a new tool called Email Appender to get directly into hacked email accounts via IMAP. The Email Appender, available on the dark web, enables cybercriminals to validate hacked account data, configure a proxy to avoid IP detection, compose a malicious email, and bring spam into the mailboxes of the hacked user accounts.
The Email Appender, first reported by Gemini Advisory in October 2020, has a user interface that allows a hacker to customize the email, including changing the display name of the sender address and creating a reply address. The hacked account credentials are most likely acquired over the dark web and then validated using a tool like Email Appender to access the user's account via IMAP.
Here is a real-world example that shows what it means to "deliver" an email without going through the transport layers:
- You create a draft email in an email client.
- Drag and drop the .eml file into a folder on your computer.
- You log into your Microsoft Outlook account.
- The .eml file is dragged and dropped into Outlook.
The email never goes through Microsoft's security layers. It will be delivered.
Locking hacked accounts and resetting hacked account credentials will fix the current situation. To do this, users have to contact their ISP directly, which is costly. The average support call costs ISPs an average of 20 to 70 euros.
The emergence of the email appender as a subscription tool is a warning sign of what is in store for us in the cybercrime-as-a-service area. Ransomware-as-a-Service (RaaS ) helps a generation of low-tech criminals carry out successful ransomware attacks. If the Email Appender and other tools like it continue to show these types of results, it could spread into the cybercriminal community.
An emerging trend
While this latest threat is primarily spam, we expect hackers to refine their techniques before moving on to more advanced threats, including phishing and malware. Spam is easy to produce - and it's cheap, but phishing and malware require more sophisticated methods and tools to be successful.
We have seen in the past that hackers test their techniques in the consumer market with ISPs before going into the business market. There could be two reasons for this: First, companies have more sophisticated security solutions. Second, business users are savvier and less likely to fall for amateur scams. Therefore, hackers have to test and adjust their techniques to perfect them.
If and when this threat turns into phishing, business email compromise, or malware, a platform like Microsoft 365 is ripe for an attack. Most email security solutions for Microsoft 365 are not integrated into the platform via API but are located outside of the Microsoft tenant. This means that not only do they fail to scan internal Microsoft 365 emails for insider threats, but you also cannot respond to malicious emails once they have been successfully delivered.
Protect your company
2FA does not prevent a hacker from accessing a hacked account via IMAP. However, if a user has 2FA enabled, they could be notified of the connection and contact their ISP to reset their credentials. Unfortunately, 2FA is not mandatory and many consumers have not enabled the service.
The IMAP method is a strong argument against outdated border security and for an API-based approach. Border security solutions are located outside the system and have only one chance to intercept a threat. An API-based solution resides inside and can continuously scan inboxes.
Find the total security to prevent spam
The API approach enables both internal scannings of e-mails and correction after delivery. If IMAP takes hold in the business market, organizations must have a solution that has the ability to act from within when threats are detected.
Comments
Post a Comment