Over a 6 month period they have used a passive email attack to obtain 120.000 legitimate e-mails containing a total of 20 gigabytes of data from Fortune 500 companies. The data includes trade secret, invoices, usernames and passwords.
They describe an potential active email attack with an Man-In-The-MailBox (MITMB) method
Source: GodaiGroup |
The mitigation strategy suggested for these potential threats include purchasing and registering doppelganger domains, block doppelganger domains in your DNS records and communicate this attack vector to your internal users, customers and business partners.
The man in the mailbox attack is successful as the attacker is able to place himself as a middle man in a mail transaction. What I really miss from this report is the focus on Information Security key concepts such as confidentiality, integrity, availability, authenticity and non-repudiation. The mitigation strategy should incorporate the use of technical protection mechanisms such as cryptography either on a user-to-user or server-to-server level. As we have seen lately from the DigiNotar-hack, PKI/SSL is not a perfect solution, but including the CIA triad in our strategy would complicate the attack.
Are there other mitigation strategies, did I forget anything?