Massive Spoofing Exploit Targets Proofpoint
1. An unknown threat actor exploited Proofpoint's email routing misconfiguration to spoof emails from companies like Best Buy, IBM, and Nike.
2. Named EchoSpoofing, the campaign began in January 2024 and peaked at 14 million emails per day.
3. Emails were authenticated with SPF and DKIM, bypassing major security measures.
4. The flaw allowed attackers to use Proofpoint's infrastructure to send phishing emails that appeared legitimate.
5. Rogue Microsoft 365 tenants and cracked email software were used to execute the attack.
#cybersecurity #emailsecurity #phishing #proofpoint #echospoofing #spf #kim #emailspoofing #threatactor #emailspoofingattack #cyberthreats #SecurityBreach #TechNews #InfoSec #dataprotection #emailfraud
1. An unknown threat actor exploited Proofpoint's email routing misconfiguration to spoof emails from companies like Best Buy, IBM, and Nike.
2. Named EchoSpoofing, the campaign began in January 2024 and peaked at 14 million emails per day.
3. Emails were authenticated with SPF and DKIM, bypassing major security measures.
4. The flaw allowed attackers to use Proofpoint's infrastructure to send phishing emails that appeared legitimate.
5. Rogue Microsoft 365 tenants and cracked email software were used to execute the attack.
#cybersecurity #emailsecurity #phishing #proofpoint #echospoofing #spf #kim #emailspoofing #threatactor #emailspoofingattack #cyberthreats #SecurityBreach #TechNews #InfoSec #dataprotection #emailfraud