Millions of phishing emails impersonating IBM, Nike, Coca-Cola, and other major organizations have been deployed through the abuse of a Proofpoint email routing vulnerability as part of the EchoSpoofing attack campaign that began in January, reports The Hacker News.
Intrusions involved the delivery of SMTP server-based messages on a virtual private server, with the "super-permissive misconfiguration flaw" enabling the still unknown attacker to send up to 14 million daily emails earlier last month, according to a Guardio Labs analysis.
"These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceive recipients and steal funds and credit card details," said Guardio Labs researcher Nati Tal.
Proofpoint — which has since moved to mitigate the issue that it says has not resulted in any customer data compromise — noted the bug to stem from an email routing flaw that enabled outbound message relay from Microsoft 365 tenants without specifying permitted tenants.
