One of the most effective ways for organizations to defend against spam and phishing emails is to prevent them from reaching employee inboxes in the first place. It’s no wonder, then, that cybersecurity experts are sounding the alarm bells about a new hacking tool that successfully bypasses even the most stubborn filters.
According to cybersecurity experts at Vade Security, the tool is called Email Appender and is sold, by subscription, on the dark web. Researchers say the Email Appender is to blame for a recent “wave of spam” that hit businesses around the world.
Vade Security claims that companies in Italy, France, Denmark and the United States have already witnessed the full power of Email Appender, a company allegedly receiving 300,000 spam messages in a single day. He was even forced to shut down affected accounts and reset credentials, which is described as a “costly effort.”
The strength of Email Appender is that it allows cybercriminals to validate compromised account credentials, configure a proxy to avoid computer detection, and compose malicious emails. After that, dropping spam into a compromised user inbox is just a matter of a few clicks.
The tool also comes with its own user interface, allowing criminals to personalize emails, change the sender’s display name, and create a reply-to address. Vade also believes that the credentials of the compromised email account were most likely purchased on the dark web and validated with Email Appender to log into the user’s account via IMAP.
“The emergence of the Email Appender as a subscription is a harbinger of what is to come in the cybercrime space as a service. Illegal services now available on the Dark Web allow low-tech criminals to successfully carry out ransomware attacks. If Email Appender and other similar tools continue to prove their worth, they could go viral in the cybercrime community, ”said Adrien Gendre, Director of Products and Services at Vade Secure.
“If and when this threat turns into phishing, business email compromise, or malware, a platform like Microsoft 365 is ready to attack. Most email security solutions for Microsoft 365 are not integrated with the platform through the API but are outside of the Microsoft tenant. This means that not only do they not scan internal Microsoft 365 emails for insider threats, but they also cannot act on malicious emails once they have been successfully delivered. “