Stop Phishing Yourself: How Auto-Forwarding and Exchange Contacts Can Stab You in the Back
Summary
This article discusses how common Microsoft Exchange features, such as auto-forwarding rules and contact lists, can be exploited by attackers even after a phishing email has bypassed initial defenses. It highlights how these functionalities can inadvertently assist attackers in pivoting within an organization or gathering further intelligence.
IFF Assessment
FOE
The article details how legitimate system features can be weaponized by attackers, posing a significant risk to defenders.
Defender Context
Defenders should be aware that seemingly benign configuration options within email systems can create attack vectors. It emphasizes the need for robust monitoring of email forwarding rules and contact synchronization to detect malicious activity early.