Cyber Attack: IMAP-Based Attacks
Background
Before we go into details how IMAP is used for attack, we need to first understand what is IMAP protocol.
IMAP stands for Internet Access Message Protocol, which is an email protocol that deals with retrieving messages from the email server.
Since it only deals with message retrieval, it cannot be used to send email. For that, we will use SMTP.
Details of the attack
The migration to O365 services has caused attacker to target insecure legacy protocols like IMAP to by-pass multi-factor authentication (MFA).
According to researchers with Proofpoint, a staggering 60 percent of Microsoft Office 365 and G Suite tenants have been targeted with IMAP-based password-spraying attacks and 25 percent of those targeted experienced a full-on breach as a result.
Mitigation
- Block IMAP protocol for your corporate environment.
References
