Phishing Campaign Exploits Proofpoint to Send Spoofed Emails
Guardio Labs reported a phishing campaign, "EchoSpoofing," exploiting Proofpoint's email service, affecting major brands. Attackers sent spoofed emails via legitimate channels, prompting calls for improved cybersecurity measures.
Read original article
Guardio Labs has identified a significant phishing campaign named "EchoSpoofing," which exploits Proofpoint's email protection service, used by 87 of the Fortune 100 companies. This vulnerability allowed attackers to send millions of convincingly spoofed phishing emails that appeared to originate from reputable brands like Disney, IBM, and Coca-Cola. The emails were dispatched from Proofpoint's servers, utilizing authenticated SPF and DKIM signatures, thus bypassing standard security measures. The campaign involved the abuse of Microsoft’s Office365 accounts, enabling attackers to relay spoofed emails through legitimate channels.
The phishing emails were crafted to mimic official communications, such as notifications from Disney+, and directed recipients to fraudulent websites designed to steal personal and financial information. The attackers managed to configure their spoofed emails to pass through Proofpoint's security checks by exploiting a permissive configuration in the email relay system, which allowed any Office365 account to interact with Proofpoint's servers without stringent authentication.
Proofpoint has since taken action to mitigate the issue, emphasizing the need for ongoing vigilance and collaboration within the cybersecurity community to address such vulnerabilities. The incident highlights the persistent risks associated with email protocols and the sophistication of modern phishing tactics, necessitating enhanced security measures and awareness among organizations relying on email communication.
Related
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Blog.ethereum.org Mailing List Incident
A phishing email targeted 35,794 Ethereum blog subscribers, attempting to drain wallets through a malicious link. Security measures were promptly taken, no funds were lost, and further precautions are underway.
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Acces
Google fixed a security flaw that let criminals bypass email verification for Google Workspace accounts, enabling impersonation of domain holders. The issue was resolved within 72 hours, with new safeguards implemented.
1 comments“EchoSpoofing” — A Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails
Related
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Blog.ethereum.org Mailing List Incident
A phishing email targeted 35,794 Ethereum blog subscribers, attempting to drain wallets through a malicious link. Security measures were promptly taken, no funds were lost, and further precautions are underway.
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
Hackers bypass Windows SmartScreen flaw to launch malware
Cybercriminals are exploiting a Microsoft Defender vulnerability (CVE-2024-21412) to install malware undetected. Many systems remain unpatched, making them vulnerable. Users should update Windows and be cautious with email attachments.
Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Acces
Google fixed a security flaw that let criminals bypass email verification for Google Workspace accounts, enabling impersonation of domain holders. The issue was resolved within 72 hours, with new safeguards implemented.