Some of Our Sources
- Slashdot
- BoingBoing
- Spoon Graphics
- Vandelay Design
- You The Designer
- Inspiredology
- Spyre Studios
- Web Resource Source
- Daily Now
- Hashedout
Help Webnuz
Referal links:
September 5, 2021 05:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/koRqECHcWFk/in-novel-attack-technique-salesforce-email-service-used-for-phishing-campaign
In Novel Attack Technique, Salesforce Email Service Used For Phishing Campaign
Slashdot reader storagedude writes: In a novel attack technique, Israeli security researchers discovered that cybercriminals were subscribing to Salesforce in order to use its email service to launch a phishing campaign and thus bypass corporate security defenses like whitelisting. The researchers, from email security service provider Perception Point, said bad actors are sending phishing emails via the Salesforce email service by impersonating the Israel Postal Service in a campaign that has targeted multiple Israeli organizations. In a blog post, security analysts Miri Slavoutsky and Shai Golderman wrote that this is the first time they had seen attackers abuse Salesforce services for malicious purposes. "Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you," Slavoutsky and Golderman wrote. "Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records." Shlomi Levin, Perception Point's co-founder and CTO, told eSecurity Planet that given how whitelisting a trusted source can result in security breaches, "it is essential to employ a zero-trust attitude combined with a strong filtering mechanism to any content that enters the organization no matter the source: email, collaboration tools or Instant Messaging." Stephen Banda, senior manager of security solutions at cybersecurity vendor Lookout, agreed with the researchers that it's a new approach by malicious actors. "The practice of legitimately signing up for an email service with the full intention of using it for malice is an innovative strategy," Banda said. "This breach should be a warning to all service providers to conduct extensive due diligence into who is requesting access to their services so that this type of scam can be avoided in the future." "There are ways to detect spoofing but in this case the emails look authentic and are also coming from where they say they are coming from," said Saumitra Das, CTO of cybersecurity firm Blue Hexagon. "This means that attackers have got through the first email firewall both from a threat intelligence signature perspective of blocking known bad sources and also in some sense the instinct of the user themselves to be suspicious of what something is. It is common for attacks to get through email security solutions, but then well-trained or savvy users are the next line of defense. This [use of a legitimate email service] increases the chances of those users also clicking on links or downloading attachments."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/koRqECHcWFk/in-novel-attack-technique-salesforce-email-service-used-for-phishing-campaign
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot