Email Vulnerability: Large Organisations Targeted | Neuways – Technologist
Cyber criminals continue to find new ways to exploit vulnerabilities in commonly used software. Recently, a flaw in Roundcube Webmail (CVE-2024-37383) was leveraged in a phishing campaign, potentially compromising user credentials. Though the email vulnerability has been patched, the attack serves as a reminder of the importance of timely updates and proactive cyber security measures.
How the phishing campaign was identified
Researchers identified this phishing campaign, targeting vulnerable versions of the open-source Roundcube webmail client. The flaw, found in versions before 1.5.7 and 1.6.x before 1.6.7, could be exploited to conduct cross-site scripting (XSS) attacks. Attackers used these weaknesses to inject malicious JavaScript via SVG animate attributes, compromising users’ browsers when they opened specially crafted emails.
How did the attack compromise victims
In one instance, discovered in September 2024, a phishing email was sent to a governmental organisation within the CIS region. The message lacked content but contained an attached document designed to bypass email filters and exploit the Roundcube vulnerability. The hidden JavaScript within the email’s code allowed attackers to create a fake login form within the Roundcube interface, tricking users into submitting their credentials. The stolen information was then sent to a malicious server.
Who is behind the phishing attacks?
Although this campaign cannot be definitively linked to any known hacking group, similar methods have been previously observed, including in attacks by the Winter Vivern group. Government agencies often utilise Roundcube, which makes it an attractive target for threat actors, increasing the potential damage from such compromises.
What You Can Do about this type of email vulnerability?
As a cyber security provider, we help organisations stay ahead of these evolving threats. Here are essential steps to mitigate risks:
- Patch Management: Ensure all webmail clients, including Roundcube, are updated to the latest versions.
- Proactive Monitoring: Monitor for signs of phishing attempts and unusual account activity.
- Employee Awareness: Train employees to recognise phishing emails, especially those with unexpected attachments.
- Multi-Factor Authentication: Implement robust, phishing-resistant MFA methods, such as Yubikey, to protect user accounts from credential theft.
With these measures in place, your organisation can remain resilient against the increasing sophistication of phishing campaigns exploiting software vulnerabilities.