Proofpoint and Microsoft Office 365 advanced threat protections (ATPs) are considered as top email protection though, an effective spoofing campaign was recently discovered scooting past Proofpoint and Microsoft Office 356 ATPs. The attackers use important information about Coronavirus cases in their local area to fool users. According to researchers, the emails evade basic security checks and use common sense to circumvent detection and steal the user’s Microsoft log-in credentials. Even though the secure email gateways designed for safeguarding end-users from clicking on malicious links and attachments are enabled, it still failed in the new phishing attack mentioned above.
In order to evade the detection of ATPs, attackers impersonated the domain splashmath[.]com, an online learning game for children, with a spoofed IP address located in the United States. However, the emails, in fact, were from an IP corresponding with the Lithuanian city of Kaunas. Therefore, the email successfully slipped past basic domain-spoofing checks like DomainKeys Identified Mail (DKIM), a standard meant to ensure the content of your emails remains trusted, and Sender Policy Framework (SPF), hardens DNS servers and restricts emails from a given domain.
According to the research, the attackers are not only impersonating trusted sender’s email address but also using the keywords in the subject to trick the targeted victim into believing the emails come from a trusted source of information regarding COVID-19. In addition, the email content is socially engineered to take advantage of the current obsession with information about COVID-19, luring users by urging them to on the words expecting to be directed to a link that would include updated documents by the WHO with that kind of information. However, the user is actually directed to a Microsoft branded credential phish to steal their Microsoft log-in information.
Through LIFARS’ Phishing Attack Simulation service, we will help optimize the system to increase the overall security posture to help keep cybercriminals from entering your network based on the results collected and our in-depth analysis of the company email system (encryption, protocols, filters, etc). The details of this service include:
- Full-Scope Email Audit: Our team will follow up by conducting an audit of the entire email system to help identify gaps in your security. We will examine email use within your organization for a period of time and based on the results collected and our own experience we will set up filters, whitelists, and blacklists to prevent common and advanced (targeted) email attacks on your organization.
- Fine-Tuning Technology: Many businesses have technology in place capable of providing reasonably good email security. We will evaluate and fine-tune your existing technology to provide optimal security for email communication. We ensure that all security controls in place are properly configured and functioning optimally.
- Employee Training: Even with the most advanced technology in place, the human factor should not be underestimated. A well-educated and vigilant workforce plays a crucial role in preventing advanced social engineering attacks, including email attacks. Our Cyber Resiliency Experts will train your employees with real examples from the assessment stage to demonstrate the threat and importance of being prepared.