New Phishing Attacks Bypass Secure Email Gateways
The ongoing battle between IT security and cybercrimals wages on. The minute security professionals put controls in place to block cyberthreats, the hackers begin devising ways to exploit them. It’s important that your IT team remains aware of new and ongoing threats. A strong offensive strategy is the most effective method of mitigating potential damage. At Kotman Technology, we are consistently monitoring the security environment to stay ahead of emerging threats.
Let’s take a look at the latest ongoing attack.
The Technical Stuff
An ongoing phishing operation that has stolen around 400,000 OWA and Office 365 credentials since December has now expanded to exploit new legitimate services in order to bypass secure email gateways (SEGs).
The attacks are part of several phishing campaigns collectively known as the “Compact Campaign”. It has been active since early 2020 and was first detected by the WMC Global Threat Intelligence Team.
Microsoft Security Intelligence warns of phishing attacks being sent from legitimate email addresses and IP ranges, taking advantage of gateway configuration settings to ensure delivery. Microsoft's alert identifies a few particular techniques being used to achieve this:
Over 400,000 Office 365 email accounts have been hacked by hackers, who then used them as the phishing sender. The likelihood that a gateway will block a phishing email is decreased when real email addresses and domains are used.
Additionally, they make use of accounts that have been compromised from email delivery platforms SendGrid and MailGun, which are classified as trustworthy senders by numerous email gateways.
To get over domain reputation-based defenses, they use Appspot to produce a variety of distinctive phishing URLs.
They pretend to be email notifications from video conferencing solutions.
What That Means
Cybercriminals know organizations have a layered defense sitting between threats and their employees. The use of secure email gateways (SEGs) is one of these defenses.
A Secure Email Gateway (SEG) is a device or software used for email monitoring that is being sent and received. An SEG is designed to prevent unwanted email and deliver good email. Microsoft, Cisco, and Proofpoint all offer SEGs that are used by many organizations worldwide
Hackers look for ways to bypass security controls like SEGs by attempting to look legitimate to the algorithms that determine whether an email is real or a scam. By using compromised email accounts, email delivery services, and multiple phishing URLs, they have been able to trick email gateways into delivering phishing emails to users’ inboxes.
How to Protect Yourself
Secure email gateways are an excellent asset to any IT security strategy. However, they can also lead to user complacency. If you believe a software is doing all of the security work behind the scenes and only delivering legitimate emails to your inbox, you may be less likely to scrutinize emails for phishing red flags.
The last line of defense remains the end user. So it’s important to consistently provide security awareness training to your employees. Teaching employees how to scrutinize emails for things like sender, branding, links and/or attachments, and solicited vs. unsolicited emails remains necessary - even when your organization employs security controls like SEGs.
Your IT provider should be monitoring the ongoing threat and staying abreast of any new developments or additional security protocols provided by secure email gateway providers.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.