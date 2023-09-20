Attackers exploit inbox rules to avoid detection

No Comments
Microsoft launches Clutter to help clear the crap from your Office 365 inbox

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

"The abuse of email inbox rules is a brilliantly effective attack tactic that provides stealth and is easy to implement once an attacker has compromised an account," says Prebh Dev Singh, manager, email protection product management at Barracuda. "Even though email detection has advanced over the years, and the use of machine learning has made it easier to spot suspicious rule creation -- our detection numbers show that attackers continue to implement this technique with success. Malicious rule creation poses a serious threat to the integrity of an organisation's data and assets. Because it is a post-compromise technique, it's a sign that that attackers are already in your network. Immediate action is required to get them out."

For business email compromise (BEC) attacks, setting set a rule that deletes all inbound emails from a certain colleague, such as the chief finance officer (CFO). This allows the attackers to pretend to be the CFO, sending colleagues fake emails to convince them to transfer company funds to a bank account controlled by the attackers.

The worryingly clever part of this is that If the malicious rule isn't spotted, it stays operational even if the victim's password is changed, they turn on multi-factor authentication, impose other strict conditional access policies, or their computer is completely rebuilt. As long as the rule stays in place, it remains effective.

You can read more on the research findings on the Barracuda blog.

Photo credit: TijanaM / Shutterstock

No Comments
Got News? Contact Us

Recent Headlines

Meta unveils a new Facebook logo, reactions and more

Amazon shows off new Fire TV devices

Amazon eero Max 7: What you need to know about the WiFi 7 mesh system

Amazon unveils next-gen Echo devices

GNOME 45 'Rīga' Linux desktop environment is released

Add 8TB of storage to your PlayStation 5 with the Sabrent Rocket 4 Plus SSD

Get a Linux-style tiling window manager on Windows

Most Commented Stories

Nitrux 3.0.0 raises the Linux bar while outshining Microsoft Windows 11

84 Comments

MiracleOS is everything we want Windows 12 to be (and more)

81 Comments

Microsoft Windows 11 users should switch to Ubuntu-based Linux Lite 6.6 now

34 Comments

Microsoft is dropping WordPad from Windows 10 and Windows 11

19 Comments

Google launches new service to eliminate virtual desktops

18 Comments

Microsoft is making some dramatic changes to drivers in Windows 11 and beyond

12 Comments

Microsoft begins retiring its popular troubleshooters in Windows 11

9 Comments

Microsoft Edge gains a secret option for screen grabbing videos

7 Comments

© 1998-2023 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.