Cybercriminals are abusing Microsoft 365's Direct Send feature to bypass email security and send phishing emails that appear to come from internal users. The technique exploits a legitimate feature designed for printers and scanners, allowing attackers to evade authentication protocols like SPF, DKIM, and DMARC.
Security firm StrongestLayer documented successful attacks targeting HR, finance, and executive personnel. Multiple vendors report widespread campaigns affecting over 70 organizations since May, primarily in US financial services, manufacturing, and healthcare sectors.
Microsoft has acknowledged the issue and introduced detection options, but experts recommend disabling Direct Send and implementing strict DMARC policies.
Source: Dark Reading