Mailsploit Lets Attackers Send Spoofed Emails on Over 33 Email Clients

German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user’s computer.

http://brn.firetrench.com

While the remote code execution part of Mailsploit is worrisome, the real issue is the email spoofing attack that circumvents all modern anti-spoofing protection mechanisms such as DMARC (DKIM/SPF) or various spam filters.

This allows miscreants to send emails with spoofed identities that both users and email servers have a hard time detecting as fakes. This, in turn, makes phishing attacks and malware-laden emails much harder to spot.

Responding to this news is Eyal Benishti, CEO and Founder of IRONSCALES: 

“This is a perfect example of how Phishing campaigns are becoming increasingly sophisticated and targeted. As is the case here, fraudsters are frequently adopting spoofing and impersonation techniques in a quick, easy, and incredibly successful way to lure their potential victims into a false sense of security. As a result, it is becoming virtually impossible for end users to identify these phishing emails as they land in inboxes across the workforce.

“We must employ machine learning algorithms to continuously study every employee’s inbox to detect anomalies and communication habits based on a sophisticated user behavioural analysis.”

“Here are four steps IRONSCALES recommends organisations follow to detect and deflect phishing messages:

  1. Check for ‘spoofing’ through sender policy framework (SPF) records, display name, email address and domain similarity.
  2. Augment the representation of senders inside the email client by learning true sender indicators and score sender reputation through visual cues and meta data associated with every email.
  3. Integrate automatic smart real-time email scanning into multi anti-virus, and sandbox solutions so forensics can be performed on any suspicious emails either detected, or reported.
  4. Allow quick reporting via an augmented email experience, thus helping the user make better decisions.”