They gained initial access through phishing, and used legacy protocols such as IMAP/POP3 to evade MFA. In 2021, threat actors were able to bypass Office 365 (now Microsoft 365) multi-factor authentication (MFA) in a series of BEC attacks. The same threat actor created auto-forwarding rules within a manufacturing company’s web-based email: any email with search terms such as “bank,” “payment,” and “check” would automatically be sent to the threat actor’s inbox. The threat actors were able to obtain $175,000 from the victim by communicating with the vendor. The attackers accessed the network and created a domain with similar spelling to the victim, impersonating a known international vendor. In one incident, threat actors created auto forwarding rules on the victim’s web client, but since the victim only monitored forwarding rules on the desktop client, the activity went unnoticed. The FBI cited two examples of cybercriminals using email forwarding rules in BEC attacks, both of which occurred in August 2020. In 2020, the FBI warned that threat actors were increasingly relying on email forwarding to hide within hacked email accounts. However, threat actors commonly use email forwarding rules to access mailboxes and leak data in business email compromise (BEC) attacks, so it’s important to understand the risks associated with email forwarding and how to prevent them. There are some legitimate use cases for this for example, an employee on vacation may want to forward their incoming emails to a colleague. Email forwarding can be a convenient feature for users - but unfortunately for defenders, it’s even more convenient for threat actors.Įmail forwarding rules enable an email account owner to automatically redirect incoming emails to a separate account.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |