There’s an old saying that rings true most of the time and way too often namely “the plumber’s house has the worst plumbing in the street, or relating it back to technology “an online service provider still running on physical non virtualized servers”. The key message here is that for those that should know better and lead by example and apply their own recommendations back into their own systems they fall short of the objective.
Email spoofing aka spear phishing, whaling, CEO email fraud, BEC (business email compromise) and probably afew others used interchangeably, has caught out many organizations, specifically large multinationals that have functional teams distributed across many centres around the globe.
News report that broke this past week of a Lithuanian national being charged with connection to a $100M USD email spoofing attack against two USA global tech giants, that have not been named, proved surprising for me. Talk on the street is that one of the tech giants makes smartphones and we’re not talking about android !!
Running a quick check on the DMARC record for that domain using dmarcian’s DMARC Inspector (https://dmarcian-ap.com/dmarc-inspector/) proved insightful and disappointing.
Following this news story, an important key lesson for the rest of us.
Going back about 12 months, we covered a similar story - Executives / CxO level targeted in CEO Email Abuse scams.
DMARC at p=none doesn’t provide security
The DMARC standard provides for 3 policy settings:
In fact, a policy of p=none provides many with a false sense of security and it’s up to the service provider to recommend to the domain owner a DMARC Compliance program to assist them to move from passthrough mode, to quarantine and even to reject. We can’t say for certain if the USA global tech giant, who fell victim to the email spoofing attack, is or is not conducting a DMARC compliance program. The obvious question to them is “why are you still on the DMARC policy of p=none, passthrough ?”
Email borne security breaches are one of the most common techniques used by cyber criminals to breach an organization’s perimeter security. It is surprisingly effective, not due to any advanced software coding skills, but by lax or even non-existent email security controls.
So what do you do ? Initiate a DMARC Compliance program !
Wow, now I feel safer all ready !!
By Con Lokos