chat
expand_more

Threat Actors Leverage Compromised Vendor for Spear-Phishing Attack

Attacks like this from the supply chain ecosystem thwart SEG solutions like Proofpoint.

Abnormal Attacks Sanjay Thumbnail v2

What is the attack?

  • Threat actors compromise vendor accounts within a company's vast supply chain ecosystem to launch spear-phishing campaigns.
  • These attacks exploit the trust inherent in established business relationships, using legitimate, compromised email accounts to send malicious content.

Why did it get through?

  • These attacks originate from legitimate, trusted vendor accounts with valid SPF/DKIM/DMARC records.
  • Because of this, traditional threat intelligence solutions like Proofpoint fail to stop these previously unseen attacks.
  • The vast number of vendors (often 30,000+) creates a vast attack surface to monitor.

What is required to solve for this attack?

  • Abnormal’s Behavioral AI flags never-before-seen senders and URLs as anomalies that enable the detection of novel attacks.
  • This pairs well for defense in depth with the Cloud Email Platform (M365’s) Threat Intelligence layer.