. home.aspx



Attackers Spoofing Known Tech, Security Brands

April 12, 2019 / Kacy Zurkus

Researchers at GreatHorn have identified what they are calling a widespread attack in which attackers spoofed both the Microsoft brand in the display name and the Barracuda Networks brand in the return path and received headers, with the goal of stealing credentials. The team identified an attack notable in that the return path spoofs a noreply.barracudanetworks.com return path. “The attackers crafted the received headers so that it appears to have gone through multiple “Barracuda” hops prior to sending the email via a server designed to look like a Barracuda server. Microsoft has then automatically appended legitimate received header details to the spoofed headers, making it appear that much more legitimate,” researchers wrote. According to today’s blog post, attackers leveraged a known security flaw in Microsoft’s handling of authentication frameworks. Rather than dictating how it wants domain-based message authentication, reporting, and conformanc...