What you need to know about the DMARC exploit being used by North Korean hackers
The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have recently warned about a new kind of email scam that uses a weak spot in email security to fool people.
The group of hackers, known as APT43, is connected to North Korea and has been targeting people and organizations for years, pretending to be trusted sources to get sensitive information. They do this by exploiting a security flaw called DMARC (Domain-based Message Authentication Reporting and Conformance). Currently the group is sending emails pretending to be from credible journalists, academics, and other field experts.
What is DMARC?
DMARC is a security feature for emails that works like a bouncer at a club—it decides who gets in and who doesn't. If your DMARC settings are too loose or not set up correctly, hackers can send fake emails that look like they come from a trusted source even if they aren’t.
What Does an Attack Look Like?
APT43 often sends "spearphishing" emails, which are highly targeted messages that seem to come from someone you know or trust. Their emails might look legit, but they are designed to trick you into doing something risky.
Here’s what you should watch out for:
- Unexpected Emails: If you get an email from someone you don’t know or from a familiar contact but with strange or unexpected content, be careful.
- Urgent Requests: Scammers like to create a sense of urgency. If an email says you must act quickly or something bad will happen, take a moment to think before doing anything.
- Weird Links: Hover over links in emails to see where they really go. If the web address looks strange or doesn’t match what you expect, don’t click it.
- Poor Grammar and Typos: Legitimate businesses usually proofread their emails. If the email has lots of mistakes, it might be a scam.
How to Protect Against These Attacks
- Use Strong DMARC Settings
Make sure your DMARC settings are strict. This helps keep fake emails from reaching you and your team. Talk to your IT person or email provider to ensure your DMARC is set to either “quarantine” or “reject” suspicious emails.
- Add Extra Email Security
Other email security features, like SPF and DKIM, work with DMARC to catch fake emails. Ensure these are set up properly to add another layer of protection.
- Educate Your Employees
Have regular meetings or training sessions to talk about email safety. Help your employees understand the risks of phishing emails and teach them to recognize suspicious messages.
- Get Email Security Tools
Consider using email security software that helps filter out spam and detect phishing emails. These tools can catch many suspicious emails before they reach your inbox.
- Monitor Your Emails
Keep an eye on your email traffic. Look for unusual activities like emails coming from strange places or unexpected messages. If something seems off, investigate it.
- Use Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is like adding an extra lock to your email account. Even if a hacker gets your password, they can’t get in without a second form of verification. This can be a text message code or a fingerprint scan.
Take the steps towards verification that your DMARC settings are not putting your company at risk for hacker exploits. Let us show you how we help hundreds of financial companies mitigate third-party vendor risks and ensure security.
Take the first step towards reviewing your security with a FREE Complete Technology Assessment and Compliance Review: Click here to Schedule.
Walter Contreras
Walter Contreras has over 25 years of experience in information technology, including cybersecurity, with a focus on the Insurance Industry. As both a computer scientist and a graduate of the Columbia University Business School’s Executive MBA program, Walter understands how the world’s digital transformation is impacting small and medium businesses. His mission is to deploy information technology to protect and empower entrepreneurs.
