I have to admit that this was new even to me. Email has always been an important attack vector, but hackers have discovered a bug in the implementation of the SMTP on multiple platforms.
The bug allows the hackers to pass SPF, DKIM and DMARC checks while still delivering a malicious payload.
On top of that, the bug allows hackers to impersonate any high profile brand that they want to.
The vulnerability works like this. The attacker creates a legitimate email that will passes all of the tests. In the email there is an end of message signal but, due to a bug, the attacker can put another message in the same message stream that the protocol doesn’t check. It just delivers it to the inbox. That email could be malicious and deliver a malicious payload.
Microsoft has fixed the bug (it was reported to them in July), but other vendors, like Cisco, have not patched it. For Microsoft users, if you have an on-premise Exchange server, you need to make sure that you have applied the patch.
Make sure your users are trained and your email is protected against SMTP smuggling.
If you need to the best cybersecurity and anti-phishing training in the industry, contact us.
Credit: KnowBe4