A surge in cyberattack campaigns targeting businesses across various industries worldwide has led to both secure email gateways and end users falling victim to a wave of cunning phishing tactics.
Going by the legitimate email newsletter program named SuperMailer, an extensive campaign focused on harvesting credentials is unleashing a large-scale barrage of phishing emails, skilfully evading secure email gateway (SEG) defences.
As reported on May 23rd by Cofense, the scale of the campaign that’s utilising SuperMailer has reached such proportions that emails generated by this program now constitute a significant 5% of all credential phishing attempts observed within May.
The threat shows exponential growth, with the overall monthly activity volume having more than doubled in three of the past four months.
The threat actors behind the activity are casting a large net, hoping to catch victims in a varied sea of industries. These are including construction, consumer goods, financial services, energy, government, and healthcare industries.
Supersized phishing with SuperMailer
What adds to the intrigue is that SuperMailer, a lesser-known newsletter tool of German origin, lacks the widespread recognition and user base enjoyed by popular email platforms like ExpertSender or SendGrid. However, it remains the driving force behind a substantial volume of malicious emails, as highlighted by Hass in an interview with Dark Reading.
"SuperMailer, available as desktop software, can be obtained for free or a nominal fee from various websites that may have no affiliation with its developer," he explains. "A free version of SuperMailer was introduced on CNET in 2019 and has garnered around 1,700 downloads since then. Although this number appears relatively low compared to popular software downloads, we lack information on the number of legitimate organisational users."
"While we have seen the misuse of large, cloud-based services in the past for sending phishing emails or creating unique URL redirects to phishing pages, those services often detect and counter such activity over time," he explains. "We are uncertain about the extent to which the SuperMailer developer can combat this abuse."
These factors contribute to SuperMailer's appeal for cybercriminals. Furthermore, it offers an alluring disguise to bypass secure email gateways (SEGs) and deceive end users, thanks to its unique features.
Safeguarding Against the SuperMailer Menace: Effective Defence Strategies
Preventing email phishing attacks is crucial for businesses to safeguard sensitive information and maintain a secure digital environment. One effective strategy to combat this threat is conducting regular phishing assessments.
These assessments involve simulating phishing attacks to gauge the susceptibility of employees to such scams. By sending simulated phishing emails and analysing the responses, organisations can identify vulnerabilities and educate employees about phishing risks. Such assessments are essential because they foster a culture of awareness and enhance employees' ability to recognise and report phishing attempts.
Additionally, these exercises enable businesses to evaluate the effectiveness of their security measures, identify areas for improvement, and implement targeted training programs. Investing in phishing assessments can significantly reduce the risk of successful attacks, protect valuable data, and fortify the overall cybersecurity posture of an organisation.
Conclusion
The SuperMailer threat presents a significant challenge to organisations' email security defences. It is crucial to recognise that relying solely on your monitoring and detection systems to identify phishing emails is not a fail-safe solution.
To effectively combat evolving phishing threats like SuperMailer, organisations need to adopt a multi-layered approach to cybersecurity. This includes not only technical measures but also investing in employee training and awareness programs. Human intuition plays a vital role in recognising suspicious emails, such as non-target-specific reply chains appended to messages.
To strengthen your organisation's defences against phishing attacks and enhance overall cyber security, it is advisable to seek professional assistance.
Cybersecurity companies like Cybaverse offer specialised services such as phishing assessments. By partnering with experts in the field, you can gain valuable insights into your organisation's vulnerabilities, identify potential weaknesses, and implement targeted measures to mitigate the risks associated with phishing attacks.
You can find out more about our phishing assessment services here.
