Inbox Rules: The Concealed Threat to Your Email Security and How to Counter It

2023-09-22 04:49:18

A new study shows that if a hacker has compromised an email account, they can use inbox rules to hide in plain sight, while discreetly moving information out of your network through your inbox and into it. hiding security warnings.

The Barracuda report reveals techniques such as establishing a rule to forward all emails containing sensitive and potentially lucrative keywords, such as “payment” or “confidential”, to an external address in order to steal information or money.

“Misuse of email inbox rules is a brilliantly effective attack tactic that allows for concealment and is easy to implement once an attacker has compromised an account,” says Prebh Dev Singh , responsible for managing email protection products at Barracuda. “Even though email detection has progressed over the years and the use of machine learning has made it easier to spot the creation of suspicious rules, our detection numbers show that attackers continue to implement this technique successfully. Creating malicious rules poses a serious threat to the integrity of an organization’s data and assets. As it is a post-compromise technique, it indicates that attackers are already present in your network “Immediate action is needed to get them out.”

For Business Email Compromise (BEC) attacks, setting up a rule that deletes all incoming emails from a certain colleague, such as the chief financial officer (CFO), allows attackers to pretend not to be aware of the situation. This allows attackers to pose as the CFO and send their colleagues fake emails to convince them to transfer company funds to a bank account controlled by the attackers.

What is worrying is that if the malicious rule is not spotted, it remains operational even if the victim’s password is changed, if it activates multi-factor authentication, if it imposes other strict policies conditional access or if their computer is completely rebuilt. As long as the rule remains in place, it remains effective.

Source : Barracuda Report

And you ?

What is your opinion on the subject?

Do you find this Barracuda study credible and relevant?

See as well

Cybersecurity: more than 3 billion Gmail and Hotmail passwords leaked online and also login credentials for sites like Netflix, LinkedIn, and many others

2.5% of emails received contain a cyberattack, and a quarter of emails received are spam, in 2022, WeTransfer, Sharepoint and Dropbox are the most spoofed brands, according to Mailinblack

Catastrophic hack of email service provider destroys nearly two decades of email data

1695373029
#Attackers #exploit #inbox #rules #avoid #detection #Barracuda #study #finds

Leave a Replay