Khaberni - Researchers at Check Point Cyber Security revealed a massive phishing campaign where pirates exploited a legitimate feature on the Mimecast platform to send highly convincing fraudulent messages to thousands of victims around the world.
According to the report, researchers detected more than 40,000 phishing messages sent to approximately 6,000 organizations in just two weeks, after attackers pretended to be trustworthy brands such as SharePoint and DocuSign, using messages that perfectly matched the official notifications in terms of design, logos, and sender addresses.
Not stopping there, the pirates also created customized phishing pages to capture login data or to install malicious software.
They hid these links behind legitimate redirection and tracking services, notably the Mimecast link rewriting service, which is typically used to enhance security by passing links through a trusted domain.
Thanks to this method, the links appeared in the messages with the secure Mimecast domain, allowing the fraudulent messages to pass through email filters and directly reach inboxes, without triggering any security alarms.
The data shows that sectors such as consultancy, technology, and real estate were the most targeted, due to their daily involvement with digital transactions and contracts, and the attacks included sectors such as health, finance, manufacturing, and government bodies.
The largest number of victims recorded were in the United States (34,000), followed by Europe (4,500), and then Canada (750).
In commenting on the report, Mimecast confirmed that what occurred was not a security flaw, but a misuse of a legitimate feature.
The company stated: "The attacking party exploited legitimate redirection services to hide the malicious links, and did not exploit a vulnerability in the Mimecast system. This approach is common among attackers who use trusted domains to avoid detection."
The incident highlights the evolution of phishing methods, and the ability of attackers to circumvent protection systems using legitimate tools, thereby increasing the need to enhance security awareness within organizations.
