German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user’s computer.
While the remote code execution part of Mailsploit is worrisome, the real issue is the email spoofing attack that circumvents all modern anti-spoofing protection mechanisms such as DMARC (DKIM/SPF) or various spam filters.
This allows miscreants to send emails with spoofed identities that both users and email servers have a hard time detecting as fakes. This, in turn, makes phishing attacks and malware-laden emails much harder to spot. IT security experts commented below.
Eyal Benishti, CEO and Founder at IRONSCALES:
“We must employ machine learning algorithms to continuously study every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioural analysis.”
“Here are four steps IRONSCALES recommends organisations follow to detect and deflect phishing messages:
- Check for ‘spoofing’ through sender policy framework (SPF) records, display name, email address and domain similarity.
- Augment the representation of senders inside the email client by learning true sender indicators and score sender reputation through visual cues and meta data associated with every email.
- Integrate automatic smart real-time email scanning into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected, or reported.
- Allow quick reporting via an augmented email experience, thus helping the user make better decisions.”
Bob Noel, Director of Strategic Relationships and Marketing at Plixer:
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.