Rackspace’s Responseīack in August, John Moss of 7 Elements contacted Rackspace to alert them of the problem. Security experts can examine an email header to see if someone used the flaw to send it. Therefore, if threat actors log into someone’s account and send mail directly from there, the SPF detection will believe that is it legitimate, regardless of the content.ħ Elements explains it as, “The flaw was the result of how the SMTP servers for Rackspace - authorized users, combined with customers specifically authorizing these SMTP servers to send email on their behalf via DNS entries,” as denoted by SPF records, “especially if their SPF record was set to pass emails from - as (). The exploit works by tricking SPF (sender policy framework), which verifies a genuine sender using DNS records and the IP address. local government entities, military services, and politicians, as well as high-profile individuals.”Ī list of some of the abused domains (provided by 7 Elements) are:Īs reported in the article, 7 Elements used the flaw to duplicate the hacker’s process and spoof emails from a legitimate account. Rackspace is a global cloud provider, and according to DataBreachToday, its customers include “multiple U.S. Unfortunately, for the customer, it could cause real damage to their reputation and endanger their vendors, customers, and clients. Because they are using the person’s actual email account, nothing would flag the suspicious phishing emails as fraudulent or spam. Once a hacker gains access, they can send emails through the customer’s account as though they were them. To use a Rackspace customer email account, the user must have authenticated access, meaning they have to log in to an account with the proper credentials. How Does the SMTP Multipass Exploit Work? SMTP also limits the number of emails that a server can handle within one hour. SMTP cannot transfer fonts, graphics, attachments, etc. Messages may even be broken up into data packets and then reassembled upon arriving at the other end. Using SMTP, your email doesn’t move in one single event it may take a few steps to get it to its intended destination. SMTP is part of the TCP/IP protocol used to store and forward email using an MTA (Mail Transfer Agent). SMTP stands for simple mail transfer protocol and is one of many transfer vehicles that carries email across networked systems. Speculation is running high about how long this flaw has been in place and how much damage hackers have caused using it. However, when questioned about the issue, Rackspace declined to comment further. Rackspace responded by informing customers that it intends to fix the problem sometime this month.
They immediately reported the (BEC scheme - CEO fraud) in July to Rackspace. 7 Elements discovered this flaw after one of its clients was attacked. The Technical DetailsĪccording to 7 Elements, an Edinburgh, Scotland, IT security company hackers have been using an “SMTP Multipass” cyber attack and all of Rackspace’s customers with hosted email are at risk of being abused. Cybercriminals have been exploiting an SMTP Multipass Flaw in their hosted email service to send out phishing emails using legitimate domains belonging to Rackspace customers. DataBreachToday reported this morning that Texas-based Rackspace, a large, respected cloud hosting provider, had been the victim of hacker exploits for an unknown period of time.
0 kommentar(er)
