This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Hackers have used a credential phishing attack to steal data from Office 365, Google Workspace, and Microsoft Exchange by spoofing an encrypted mail notification from Zix. According to Armorblox security researchers, the assault impacted around 75,000 users, with small groups of cross-departmental staff being targeted in each customer environment.
Social engineering, brand impersonation, replicating existing workflows, drive-by downloads, and accessing valid domains were among the methods employed by the hackers to obtain data. “Secure Zix message” emails were sent to victims. In the body of the email, there was a header that repeated the email subject and claimed the victim had received a secure communication from Zix, a security technology company that provides email encryption and data loss prevention services.
The victim is invited to view the secure message by clicking on the “Message” button in the email. While the phoney email is not a facsimile, it is similar enough on the surface to fool the unwary victims. According to researchers, clicking the “Message” link in the email causes an HTML file entitled “securemessage” to be installed on the victim’s PC. The file could not be opened in a virtual machine (VM) because the download redirect did not show within the VM.
Using valid (albeit unrelated) domains to send emails, according to Armorblox researcher Abhishek Iyer, is “more about tricking security measures (i.e. evading authentication checks) than it is about tricking recipients, especially if the domains are not forged to appear like the real thing.”
A Verizon c
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Spoofed Zix Encrypted Email is Used in Credential Spear-Phishing