Into the Inbox: Novel Email Spoofing Attack Patterns

This presentation is designed to introduce several newly discovered novel attack patterns capable of spoofing emails from more than 20 million domains. These domains are either managed by or interact with some of the world’s largest email service providers or domain registrars. Remarkably, these spoofed emails can circumvent SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) security protocols, directly reaching the recipient’s inbox. In other words, by leveraging the attack patterns discovered via our research, the attacker could have the ability to deliver phishing emails to any victims’ inboxes from millions of domains, including a large number of high-reputation domains owned by Fortune 500 companies and government agencies.

Through an in-depth analysis of these threats, this talk aims to shed light on the current challenges facing email security. Moreover, it seeks to outline proactive strategies and robust defense mechanisms to safeguard against such vulnerabilities, thereby enhancing the security posture of email communication.

By:
Hao Wang | Offensive Security Senior Manager, PayPal
Caleb Sargent | Offensive Security Engineer, PayPal
Harrison Pomeroy | Lead Threat Detection Engineer, PayPal Inc.
Renana Friedlich | Senior Director, Global Cyber Operations, PayPal

Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#into-the-inbox-novel-email-spoofing-attack-patterns-39962Black HatRead More