New Study Reveals Massive Email Security Risks Due to Misconfigured Security Records Across 1 Million Domains
MELBOURNE, Australia, June 14, 2023 /PRNewswire/ -- Today, Stratus Security announced the findings of a ground-breaking study examining the security measures of over 1 million internet domains. The research, which analyzed the implementation of critical email security measures, identified a concerning trend: a significant percentage of domains are vulnerable to phishing attacks due to misconfigured security records.
Stratus Security's research focused on the configuration of Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC) records - crucial defenses in protecting a domain and its users from phishing attacks. Correct configuration of these measures prevents unauthorized parties from sending emails using a domain's identity.
However, the study uncovered widespread misconfigurations leaving domains open to exploitation. Alarmingly, this included highly sensitive government and education domains, commercial entities, and even some surprising outliers like North Korea's sole domain in the study, the Ministry of Foreign Affairs (mfa.gov.kp).
Stratus Security's researchers found that misconfigurations could potentially allow malicious actors to send emails appearing to come directly from these domains. The most alarming cases were domains tagged with '+all' in their SPF records, essentially inviting anyone to send emails as that domain, with no indications of phishing. One such domain was the Greek public employment service (dypa.gov.gr) - making it possible for virtually anyone to send an email posing as an official communication from this institution.
Stratus Security CTO, Colin Watson, explains: "Phishing attacks rely on trust. When an email appears to come from a reputable source, users and businesses are much more likely to engage with its content. That's why these misconfigurations present such a risk. It's essentially rolling out a red carpet for threat actors to exploit."
The full findings, including additional case studies, are detailed in a comprehensive blog post available on the Stratus Security website: https://www.stratussecurity.com/post/email-security-top-1-million-domains
Stratus Security urges organizations to review and correct their SPF and DMARC records, perform regular audits, foster cybersecurity awareness among their teams, and seek expert assistance if needed. They stand committed to supporting businesses in this endeavor, with the belief in building a safer digital landscape—one domain at a time.
For more information about this study, or to schedule an interview with Stratus, please email [email protected] or call 1300 379 289.
About Stratus Security
Stratus Security is a leading cybersecurity consultancy specializing in next-generation offensive security services, including penetration testing, vulnerability assessments, and red team exercises. With a team of seasoned professionals and a relentless focus on innovation, Stratus Security enables businesses to proactively safeguard their digital assets and excel in the digital age. For more information, please visit https://www.stratussecurity.com or follow Stratus Security on LinkedIn and Twitter.
For media inquiries, please contact:
Colin Watson
Chief Technology Officer
Stratus Security
Phone: 1300 379 289
Email: [email protected]
SOURCE Stratus Security
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article