Security News > 2020 > November > BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers
A threat actor specializing in business email compromise attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations.
An analysis of the attack revealed that the hackers had sent out phishing emails by leveraging a flaw related to how Rackspace SMTP servers hosted at emailsrvr.com authorize users.
According to 7 Elements, the vulnerability allows an attacker who can authenticate to one Rackspace customer's account to send out emails on behalf of any other customer that uses Rackspace's hosted email services.
"The second is in how DNS entries configured by legitimate customers of Rackspace specifically authorised the affected Rackspace SMTP servers for the purpose of sending emails on behalf of that domain. So, any email coming from that IP on behalf of that domain is de facto authorised."
"Our investigation showed that this vulnerability was being actively exploited by at least one malicious actor to spoof emails, there's obviously some serious questions to be answered by Rackspace if it was aware of this vulnerability and its exploitation resulted in reputational or financial loss for a business," said John Moss, senior security consultant at 7 Elements.