Microsoft Warns of Phishing Attacks Via Trusted Mail Gateways

Microsoft says that an estimated 400,000 Outlook Web Access and Office 365 credentials have been stolen (typically via phishing attacks) since December. Since this has been so successful the attackers are now expanding their attacks to collect the credentials of email marketing services that businesses use.

The purpose of collecting all of these credentials is to be able to get spam into inboxes. This spam can contain malware or business email compromise style attacks, ransomware and other bad things.

If, for example, a hacker compromises a company’s marketing department’s credentials for the bulk email service Constant Contact, it can use those credentials, to upload spam lists and send out spam emails. Or just use the companies existing customer and marketing lists. These emails will appear to come from the company and will include all of the anti spam controls like SPF and DKIM because that account is supposed to send email from that company.

In the end, the company that was compromised will take the heat for the attack, possibly get sued and might even get booted by their email service for sending out malware which can cause the marketing email service’s domain to get blacklisted.

This means that companies need to take extra care to protect these third party service accounts, many of which are not managed or controlled by IT, so that they are hardened from compromise. This includes really strong passwords (like 15 characters or more) and multifactor authentication, among other controls. Credit: Bleeping Computer