Technology, cyber security and business news.

Do you have questions or concerns in the IT Industry? Contact our dedicated team of experts through social media or email for fast and personal assistance. If you are interested in advertising opportunities, please do not hesitate to inform us. We look forward to hearing from you!

Email attack on the industry

Cybercriminals adapt inbox rules to remain invisible and move data

In a new study, Barracuda Networks researchers show how attackers can abuse inbox rules once they have gained access to an email account. In this way, they avoid detection while stealing information from the company's network. That type of attack is based on the victims not seeing security warnings - and the attacker archiving selected messages in discreet folders that the attacked does not notice.

Abusing email inbox rules is a smart and effective stealth tactic.

It is easy to execute once an attacker has gained access to an account, says Prebh Dev Singh, Head of Email Protection Product Management at Barracuda.

Although email detection tools have evolved and machine learning has made it easier to detect suspicious rules, Barracuda's study shows that cybercriminals continue to target businesses in this way. Manipulated rules can therefore be a serious threat to their data and other assets.

Since it is a technique used after an account has been taken over, it is a sure sign that you have an attacker in your network. This means that immediate measures are required to get them out, says Peter Graymon, responsible for Barracuda Networks in the Nordics.

Stolen from an e-mail account in Braschen

Once an attacker gains access to an email account, for example through phishing or by using stolen credentials, they can set up one or more automated email rules that allow them to continue to access the mailbox undetected. It can be used for a variety of malicious purposes, including:

  • to steal information or money and delay detection. The attackers can set a rule to forward all emails containing sensitive and potentially lucrative keywords such as "payment", "invoice" or "confidential" to an external address.
  • to hide specific incoming emails such as security alerts by moving such messages to rarely used folders, marking emails as read or simply deleting them.
  • to monitor the activities of the victim and collect information about him (or the company) that can be used as part of further attacks.
  • for so-called CEO frauds (BEC), set up a rule that deletes all incoming emails from a specific colleague, such as the Chief Financial Officer (CFO). It allows the attackers to pretend to be the CFO and send fake emails to colleagues to convince them to transfer money to a bank account controlled by the attackers.

If the abused rule is not detected, it continues to apply even if the victim's password is changed or if multi-factor authentication is enabled, other strict conditional access policies are implemented, or the computer is rebuilt. As long as the rule remains in place, it risks becoming an effective tool for the attacker.

Read more here"

Share this article
Shareable URL
Prev Post

Orange Cyberdefense strengthens its ambitions in Europe when SCRT and Telsys become Orange Cyberdefense in Switzerland

Next Post

CONVENDUM launches new products, takes over the operation of Klarna's head office

Read next