July 29, 2024 at 02:48PM
Guardio Labs reported that threat actors exploited a misconfiguration in Proofpoint’s email protection service to conduct a large-scale phishing campaign. The vulnerability, named EchoSpoofing, allowed attackers to send millions of phishing emails per day and bypass security measures, spoofing well-known brands. Proofpoint has been working to address the issue and notify customers.
From the meeting notes, the key takeaways are:
– Threat actors exploited a misconfiguration issue in Proofpoint’s email protection service, using a vulnerability dubbed EchoSpoofing to send millions of phishing messages per day.
– The attackers were able to relay phishing messages through Microsoft Exchange and then Proofpoint’s service to bypass email security protections and make the emails appear legitimate.
– The phishing emails were created using attacker-controlled Office365 accounts, relayed through the Exchange server, and then delivered through the Proofpoint relay, which authenticated and signed them.
– The attack started around January 2024 and targeted well-known brands such as Disney, BestBuy, Coca-Cola, IBM, and Nike to steal victims’ funds and credit card information.
– Proofpoint was aware of the abuse since March and engaged in a broad effort to notify its customers of the misconfigurations, but many compromised Office365 accounts used in the attack remain unpatched.
– Proofpoint deployed mitigations and updates to address the permissive configurations and potential risks associated with the exploit.
If you need further details or specific information, please let me know.