German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user’s computer.
While the remote code execution part of Mailsploit is worrisome, the real issue is the email spoofing attack that circumvents all modern anti-spoofing protection mechanisms such as DMARC (DKIM/SPF) or various spam filters.
This allows miscreants to send emails with spoofed identities that both users and email servers have a hard time detecting as fakes. This, in turn, makes phishing attacks and malware-laden emails much harder to spot. IT security experts commented below.
Eyal Benishti, CEO and Founder at IRONSCALES:
“This is a perfect example of how Phishing campaigns are becoming increasingly sophisticated and targeted. As is the case here, fraudsters are frequently adopting spoofing and impersonation techniques in a quick, easy, and incredibly successful way to lure their potential victims into a false sense of security. As a result, it is becoming virtually impossible for end users to identify these phishing emails as they land in inboxes across the workforce.
“We must employ machine learning algorithms to continuously study every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioural analysis.”
“Here are four steps IRONSCALES recommends organisations follow to detect and deflect phishing messages:
- Check for ‘spoofing’ through sender policy framework (SPF) records, display name, email address and domain similarity.
- Augment the representation of senders inside the email client by learning true sender indicators and score sender reputation through visual cues and meta data associated with every email.
- Integrate automatic smart real-time email scanning into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected, or reported.
- Allow quick reporting via an augmented email experience, thus helping the user make better decisions.”
Bob Noel, Director of Strategic Relationships and Marketing at Plixer:
“Phishing attacks are one of the most effective ways for bad actors to infiltrate and infect organizations. MailSploit is the latest example of how users can be tricked into opening emails with malicious payloads and links. End users must be trained to no longer implicitly trust emails they receive from either known or unknown senders. Given the continued high rate of phishing success, IT departments should implement Network Traffic Analytics platforms to monitor all network traffic and have access to forensic data when users fall victim to phishing attacks. This visibility enables organizations to understand what happened, return to normal, and protect themselves against the spread of malware like ransomware.”