Microsoft 365 Direct Send has been exploited in a phishing campaign to send spoofed emails that appear to come from within the victim’s organization, bypassing traditional security controls. Threat actors use this method to deliver malicious messages without compromising accounts, employing PowerShell and exploiting misconfigurations. #Microsoft365 #DirectSend #Phishing #PowerShell #SPF #DMARC #Dkim
Keypoints
- The abuse of Microsoft 365 Direct Send allows sending spoofed internal-looking emails without authentication.
- Threat actors exploit the lack of strict verification in the smart host setup to bypass security measures.
- Phishing messages often mimic legitimate notifications, including QR codes leading to malicious sites.
- Organizations are advised to enable Reject Direct Send, enforce DMARC policies, and educate employees.
- Detection involves analyzing email headers, SPF, DKIM, DMARC failures, and smart host configurations.
Read More: https://www.securityweek.com/microsoft-365-direct-send-abused-for-phishing/