this post was submitted on 21 Sep 2023
1 points (100.0% liked)

Technology

38624 readers
74 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 3 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
1
[Corp Blog] How attackers use inbox rules to evade detection after email account compromise (blog.barracuda.com)
submitted 2 years ago by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 

Summary

Attackers can use automated email rules to evade detection after compromising an email account. They can use these rules to steal information, hide emails, and impersonate others.

Some of the ways attackers use email rules include:

  • Forwarding emails containing sensitive keywords to an external address

  • Hiding specific inbound emails by moving them to rarely used folders, marking them as read, or deleting them

  • Creating email forwarding rules to monitor the activities of a victim and collect intelligence on the victim or the victim’s organization to use as part of further exploits or operations

  • Setting up rules that delete all inbound emails from a certain colleague, such as the Chief Finance Officer (CFO), so they can impersonate the CFO and send fake emails to convince colleagues to transfer company funds

Defenses that don't work on their own include:

  • Changing the victim's password

  • Turning on multifactor authentication

  • Imposing other strict conditional access policies

  • Rebuilding the victim's computer

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here