Abnormal Customers are Protected from Phishing Attacks Exploiting Proofpoint
For the last 6 months, Abnormal has stopped the EchoSpoofing campaign.
What is the attack?
- Threat actors abuse Proofpoint email relays to send attacks.
- Misconfiguration flaws of Proofpoint allows Phishing Emails to pass authentication (SPF, DKIM, DMARC).
- Convincing brand impersonation attacks land in employee inboxes.
Why did it get through?
- Proofpoint is hard to configure, leaving attackers to leverage mistakes to their benefit.
- MTA and SEG architectures are outdated leading to additional points of entry.
- Proofpoint relies on “Health Checks” to continually prevent these types of issues.
What is required to solve for this attack?
- Using a modern API Architecture as provided by Abnormal Security avoids this entire class of problems.
- This manner of integration avoids misconfiguration of relays and SEGs that can be abused by threat actors.