“Over the previous two years, webmail servers resembling Roundcube and Zimbra have been a significant goal for a number of espionage teams resembling Sednit, GreenCube, and Winter Vivern,” mentioned ESET’s Faou. “As a result of many organizations don’t hold their webmail servers updated, and since the vulnerabilities could be triggered remotely by sending an e mail message, it is vitally handy for attackers to focus on such servers for e mail theft.”
A very powerful factor for CISOs is to maintain the webmail functions updated, he mentioned. “Whereas we do point out in our analysis the usage of zero-day vulnerabilities, in a lot of the incidents we analyzed, solely recognized vulnerabilities, which had been patched for months, have been used. One other hardening avenue, however most likely too excessive for many organizations, is to forbid HTML content material in emails, and simply show uncooked textual content. Nonetheless, this could stop the use some functionalities resembling textual content formatting (daring, italic, and so on.) or the inclusion of hyperlinks.”
Webmail could be described as an internet site that shows untrusted HTML content material in a browser, he mentioned. Whereas most webmail methods sanitize the content material to take away dangerous HTML parts, which may execute JavaScript code, ESET’s analysis exhibits that the sanitizers are usually not with out flaws and that attackers are capable of bypass them. Consequently, he mentioned, by sending a specifically crafted e mail, attackers are capable of execute arbitrary JavaScript code within the context of their goal’s browser. Whereas this doesn’t result in the compromise of the pc, he identified, executing JavaScript code within the context of the browser permits to steal data from the mailbox, for instance, emails or the record of contacts.
