Stay Updated with Threatcop Intelligence

Good Afternoon!

Welcome to this week's edition of our Threatcop Weekly. We have several important updates and insights for you.

EchoSpoofing Campaign Exploits Proofpoint Flaw

• Hackers used a misconfiguration in Proofpoint's email routing to send spoofed phishing emails.
• Spoofed emails impersonated well-known companies like Best Buy, IBM, and Nike.
• Emails bypassed security protections by echoing from official Proofpoint relays with authenticated SPF and DKIM signatures.
• The EchoSpoofing campaign sent up to 14 million emails daily at its peak.
• Proofpoint implemented measures to restrict which Microsoft 365 tenants can relay emails to prevent abuse.

Learn more: Boost Domain Reputation and Email Deliverability

Email Validation Loophole Leads to Domain Hijacking

• The bug showed up when domains were migrated from Google Domains to Squarespace.?
• Squarespace did not verify email addresses when setting up accounts.
• Affected domains included cryptocurrency platforms like? Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains.
• Hackers modified DNS records to redirect site visitors to malicious pages.
• Squarespace no longer lets users create accounts with just an email address. Instead, they are told to turn on two-factor authentication and review their account settings.

Learn more: What are Primary DNS and Secondary DNS?

Government Emails Compromised in Phishing Attacks

• AI-driven phishing attacks have nearly doubled in the U.S. compared to 2023, targeting election-related themes.
• Threat actors are selling voter data stolen over the past decade on the dark web, used for identity theft and voter fraud.
• 75% of the 24 identified threat groups are from China, Russia, and Iran.
• AI is used to automate and reply in real-time to phishing campaigns, increasing their effectiveness.
• U.S. military and government email accounts are being breached and sold on the dark web.

Learn more: Guide on Protection From Phishing Attacks For 2024 & Beyond

CISA Issues Urgent Advisory for Sisense Breach

• Hackers accessed Sisense’s Gitlab repository and Amazon S3 buckets, stealing terabytes of customer data.
• The stolen data included access tokens, email passwords, and SSL certificates.
• CISA advised CISOs to reset credentials and secrets shared with Sisense.
• Customers are urged to change passwords, rotate tokens, and update security configurations.
• Sisense is investigating with experts and recommending specific security measures to customers.

What You Might Have Missed...

Extortion of over 33 million records with a phishing attack or ransomware is expected to occur by the end of 2024.

43% of the organizations found cutting corners in their mobile security that contributed to MitM attacks.

Implementing DMARC is not only tricky but also has various downsides if “only” DMARC is configured.

Thank you for reading Threatcop Weekly!

For more information on these stories and to stay updated on the latest in cybersecurity, connect with our PSM advocates at:

Email: [email protected]

Website: www.threatcop.com