Hackread reports that threat actors have been exploiting Microsoft 365's Direct Send feature, which is originally meant to expedite fax and scan deliveries to email addresses, to facilitate a phishing campaign that involves malicious internal-looking emails.
Initial compromise of a Windows Server 2022 instance has been leveraged by attackers to deliver emails through unsecured third-party email security appliances or SMTP relays, findings from Proofpoint revealed. Valid DigiCert SSL certificates have been used to covertly send the emails, which have spoofed "From" addresses purporting to belong to a co-worker while using references to wire reauthorizations, voicemails, and task reminders as lures. "The abuse of Microsoft 365's Direct Send feature is not just a technical flaw. It's a strategic risk to an organization's trust and reputation," said Proofpoint researchers, who urged organizations to bolster their email security configurations, conduct email system audits, and deactivate Direct Send functionality if unneeded.
Initial compromise of a Windows Server 2022 instance has been leveraged by attackers to deliver emails through unsecured third-party email security appliances or SMTP relays, findings from Proofpoint revealed. Valid DigiCert SSL certificates have been used to covertly send the emails, which have spoofed "From" addresses purporting to belong to a co-worker while using references to wire reauthorizations, voicemails, and task reminders as lures. "The abuse of Microsoft 365's Direct Send feature is not just a technical flaw. It's a strategic risk to an organization's trust and reputation," said Proofpoint researchers, who urged organizations to bolster their email security configurations, conduct email system audits, and deactivate Direct Send functionality if unneeded.
