It is time you secure your email account. Cybersecurity experts have found that hackers might manipulate email rules in a compromised account to evade detection while they quietly siphon off information from a corporate network.
As they gain access to email boxes, the attackers can surveil victims’ activities and amass intelligence on individuals and organisations, potentially for use in subsequent exploits or operations.
The Threat Spotlight by cybersecurity company Barracuda has warned that attackers can make ‘security alerts’ vanish from the mail boxes.
Once an attacker successfully breaches a victim’s email account, they can create automated email rules to establish persistent access to the inbox. These rules can empower attackers to steal information or money. Attackers can configure rules to forward emails containing sensitive keywords like “payment” or “confidential” to external addresses, enabling them to purloin valuable information or funds while evading detection.
“The abuse of email inbox rules is a brilliantly effective attack tactic that provides stealth and is easy to implement once an attacker has compromised an account,” Prebh Dev Singh, Manager (Email Protection Product Management) at Barracuda, said.
“Even though email detection has advanced over the years, and the use of machine learning has made it easier to spot suspicious rule creation – our detection numbers show that attackers continue to implement this technique with success. Malicious rule creation poses a serious threat to the integrity of an organisation’s data and assets,” he said.
“Because it is a post-compromise technique, it’s a sign that the attackers are already in your network. Immediate action is required to get them out,” he said.
The abuse of email inbox rules offered attackers both stealth and ease of execution once they compromise an account, Parag Khurana, Country Manager, Barracuda Networks (India) Privated Limited, pointed out.
In the Indian context, where cybersecurity challenges are constantly evolving, it is imperative that organisations adopt advanced defence measures and robust email security strategies to safeguard against such cyber threats.
Concealing Inbound Emails
By relocating crucial inbound emails such as security alerts to obscure folders or erasing them, attackers can ensure victims remain oblivious to potential threats or command-and-control communications.
In the case of attacks on businesses, perpetrators may set rules to delete incoming emails from specific colleagues, enabling them to impersonate key figures like the chief financial officer and deceive colleagues into transferring funds to accounts controlled by the attackers.
These malicious rules can persist even if the victim changes their password, activates multi-factor authentication, or imposes stringent access policies. As long as the rule remains undetected, it poses a substantial threat.
How to prevent
Prevention remains the most effective protection against the exploitation of email inbox rules. Detecting and mitigating the repercussions of breached accounts necessitates comprehensive measures, including comprehensive visibility.
“Organisations need insights into every action occurring within employees’ inboxes, encompassing rule creation, modifications, logon history, email context, and more,” he said.