chat
expand_more

Abnormal Customers are Protected from Phishing Attacks Exploiting Proofpoint

For the last 6 months, Abnormal has stopped the EchoSpoofing campaign.

Abnormal Attacks Sanjay Thumbnail v2

What is the attack?

  • Threat actors abuse Proofpoint email relays to send attacks.
  • Misconfiguration flaws of Proofpoint allows Phishing Emails to pass authentication (SPF, DKIM, DMARC).
  • Convincing brand impersonation attacks land in employee inboxes.

Why did it get through?

  • Proofpoint is hard to configure, leaving attackers to leverage mistakes to their benefit.
  • MTA and SEG architectures are outdated leading to additional points of entry.
  • Proofpoint relies on “Health Checks” to continually prevent these types of issues.

What is required to solve for this attack?

  • Using a modern API Architecture as provided by Abnormal Security avoids this entire class of problems.
  • This manner of integration avoids misconfiguration of relays and SEGs that can be abused by threat actors.