Email security has made significant strides in 2022, but so did the threat actors trying to skirt these advancements. Here are the top email security news headlines of 2022.
With businesses and organizations depending upon email communication worldwide, threat actors are always lurking in the shadows, trying to take on email security for malicious purposes. And in 2022, threat actors and cybercriminals did not take even a single day off from causing all kinds of harm to organizations and putting up new challenges for businesses and world governments.
Top 5 Email Security News 2022
Here are the top 5 email security news of 2022 that caused a stir in cybersecurity and forced organizations and service providers to strengthen email security protocols. Let us have a look.
LinkedIn Smart Link Abuse in Phishing Campaign
Threat actors abused LinkedIn’s Smart Link feature to redirect innocent users to phishing pages to steal their finances. The threat actors were able to bypass email security products by abusing Smart Links, a feature reserved for LinkedIn Enterprise users that allows them to send multiple documents with a single link. Smart Link also provides analytics and generates reports on user interactions.
Cofense’s threat analysts discovered the attack campaign where the threat actors targeted Slovakian users using bogus postal service lures, asking victims to cover parcel costs for pending deliveries.
The “Confirm” button in the phishing emails contained a LinkedIn Smart Link that had been maliciously changed by appending alphanumeric characters at the end to redirect users to phishing pages. More importantly, it helped threat actors override security checks.
The button redirected users to a fake payment page with a form that stole the victim’s credit card information, such as card number, account holder’s name, expiration, and CVV.
After entering the information and clicking on “Submit,” the victims were alerted that their payment was successful and redirected to an SMS code confirmation page to mask the process and make it appear trustworthy, so they would not realize that their financial information had just been stolen.
US Department of Defense Losing $23.5 Million
The US DoJ (United States Department of Justice) convicted Sercan Oyuntur, a California resident who was charged with multiple counts of phishing operations that cost the US DoD (United States Department of Defense) $23.5 million.
Oyuntur and his conspirators used the domain “dia-mil.com,” a close impersonation of the genuine counterpart, “dla.mil.” This domain was used to send many phishing emails targeted to SAM users (System for Award Management).
SAM is a vendor database where organizations who wish to conduct business with the US government can register themselves. By sending out phishing emails using cloned links of the “login.gov” portal, the threat actor could steal login credentials to take over these organizational accounts and redirect funds.
The most popular one was a Southeast Asia account with 11 contracts that Oyuntur was able to take over. These 11 contracts were for fuel provisions to the US military, with one being a contract worth $23,453,350 for 10,080,000 gallons of fuel for the US DoD.
Oyuntur altered the banking information and replaced it with his account, stealing away nearly $23.5 million from the US DoD.
Cisco’s Email Security Bugs
Cisco discovered the CVE-2022-20798, an email security bug in its systems that allowed threat actors to bypass authentications and log into Cisco’s email gateway appliance interface.
This flaw was discovered in the external authentication functionality of Cisco ESA (Email Security Appliance), its Secure Email, and Web Manager. The email security flaw allowed threat actors to enter specific inputs into login pages of affected devices or allow them to gain unauthorized access to the web interface of the affected devices.
Email security is an essential aspect of today’s world, and losing control of critical appliances to threat actors was undoubtedly a novel threat.
This is not the only Cisco email security vulnerability of the year. In February 2022, hackers were able to crash Cisco Secure Email gateways and unpatched appliances via malicious email messages with the CV2-2022-20653 vulnerability.
Google SMTP Relay Service Abuse
In May 2022, phishing threat actors abused Google’s SMTP (Simple Mail Transfer Protocol) relay service to deliver malicious emails by bypassing email security products. With over 30,000 emails abusing Google’s SMTP being discovered in just the first 14 days of April 2022, the news was a blow to one of the top tech giants globally.
Google’s SMTP relay service is used by individuals utilizing Gmail and Google Workspace to route outgoing emails, which helps them dump an external mail managing server and use this for marketing to avoid getting blacklisted.
However, the threat actors were able to find out that the SMTP service could be used for email spoofing if an organization had not configured a DMARC (Domain-based Message Authentication, Reporting & Conformance) policy, i.e., if they skipped the email authentication protocol.
The threat actors employed the “SMTP-relay.gmail.com” SMTP server since it is placed in allow lists by service providers and spam filters as it is one of the most trusted servers. Following this, the threat actors could impersonate any entity as long as the business or entity had set the DMARC policy to “none”.
Credential Phishing Bypassing Microsoft Email Security
Over 22,000 students were victims of a credential phishing campaign impersonating the popular social media application Instagram in November 2022. The victims were targeted, and the email was carefully crafted and included personal information on the victim’s Instagram to create a false sense of trust.
The threat actors behind the email impersonated Instagram’s email communications and urged the recipients to take action to prevent future harm.
The emails contained phishing links that redirected them to phishing pages impersonating the social media giant and prompted them to take action for an “Unusual Login Attempt Detected” message and presented a “This Wasn’t Me” button, just like the genuine application does.
Once users clicked the button, they were redirected to a second phishing page where they were asked to enforce their account’s security. It featured a login page that exfiltrated the login credentials of the victims. The email security news caused quite a stir since it could bypass the email security of one of the most influential organizations in the world, Microsoft.
Armorblox uncovered the phishing campaign and shared how the threat actors employed social engineering and brand impersonation, replaced existing workflows, and used malicious URLs (Uniform Resource Locators).
Armorblox stated, “The email attack used language as the main attack vector and bypassed native Microsoft email security controls. It passed both SPF and DMARC email authentication checks.”
With over 22,000 students affected and malicious URLs not identified by Microsoft’s security layers was a headline on email security.
Final Words
Email Security remains the top concern for organizations moving into the new year since the most common cybercrime are phishing attacks which open organizations up to more severe cyber threats such as ransomware and data theft too.
To protect against email security threats moving into 2023, it is essential to use email security measures such as spam filters, antivirus software, and Multi-factor authentication, as well as to be cautious when opening emails and clicking on links or downloading attachments. It would be best to regularly update your email security protocols and practices to stay ahead of the latest threats.