HostPapa abuse treasure trove discovered in GoDaddy email threat hunt

Sublime's Attack Spotlight series highlights various real-world email threats, including credential phishing, callback phishing, and financial scams, that target Microsoft 365 and Google Workspace users. The series showcases examples such as a Geek Squad impersonation scam and a credential phishing attack using a malicious SVG file with embedded JavaScript. Sublime's threat hunting efforts have detected diverse attack strategies, including Living off Trusted Services (LOTS) abuses leveraging GoDaddy and HostPapa infrastructures. These attacks employ sophisticated evasion tactics like employing obfuscated HTML and exploiting calendar invite features to bypass security measures. Sublime's AI-powered detection engine, equipped with features like OCR analysis and AI-driven threat identification, effectively counters these threats by recognizing indicators such as authentication failures, self-sender patterns, and suspicious encoding techniques. The series emphasizes the importance of adaptive security platforms that leverage AI and machine learning to identify and mitigate evolving email threats across various service providers.