![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 372 101" xmlns="http://www.w3.org/2000/svg"><path d="M 50.542 0 C 78.455 0 101.083 22.61 101.083 50.5 C 101.083 78.39 78.455 101 50.542 101 C 48.515 101 46.517 100.879 44.552 100.648 C 36.91 85.583 32.603 68.544 32.603 50.499 C 32.603 32.455 36.909 15.416 44.551 0.352 C 46.516 0.12 48.515 0 50.542 0 Z M 15.546 14.064 C 24.108 23.784 29.301 36.536 29.301 50.501 C 29.301 64.465 24.108 77.217 15.547 86.936 C 5.965 77.745 0 64.819 0 50.5 C 0 36.181 5.965 23.254 15.546 14.064 Z M 357.842 47.812 C 357.842 42.857 356.039 38.892 350.087 38.892 C 345.308 38.892 340.98 42.226 340.98 49.254 L 340.98 74.663 L 326.822 74.663 L 326.822 27.81 L 340.619 27.81 L 340.619 34.117 C 343.865 29.882 348.734 26.729 355.317 26.729 C 365.327 26.729 372 33.036 372 46.1 L 372 74.663 L 357.842 74.663 Z M 308.559 74.663 L 308.559 69.707 C 304.591 74.212 299.812 75.744 293.77 75.744 C 283.761 75.744 276.547 70.698 276.547 61.327 C 276.547 52.948 282.048 49.074 295.394 46.821 L 308.199 44.659 L 308.199 42.766 C 308.199 39.523 306.665 37.09 300.985 37.09 C 296.115 37.09 293.139 39.433 293.049 43.127 L 278.982 43.127 C 279.162 32.135 288.54 26.729 300.804 26.729 C 315.052 26.729 321.996 32.225 321.996 41.055 L 321.996 74.663 Z M 297.828 66.013 C 303.239 66.013 308.199 63.4 308.199 56.823 L 308.199 53.308 L 298.279 55.291 C 293.41 56.192 290.975 57.363 290.975 60.787 C 290.975 64.031 293.32 66.013 297.828 66.013 Z M 250.679 75.744 C 235.258 75.744 226.602 65.202 226.602 51.236 C 226.602 37.27 235.258 26.729 250.679 26.729 C 266.189 26.729 274.846 36.64 274.846 52.768 L 274.846 55.471 L 240.308 55.471 C 241.39 61.598 244.998 65.202 250.679 65.202 C 255.729 65.202 258.704 63.49 260.507 60.246 L 274.034 60.246 C 270.968 69.527 262.762 75.744 250.679 75.744 Z M 240.398 46.37 L 261.049 46.37 C 259.786 40.604 256.179 37.27 250.679 37.27 C 245.268 37.27 241.661 40.604 240.398 46.37 Z M 202.218 75.744 C 186.978 75.744 178.321 65.202 178.321 51.236 C 178.321 37.27 186.978 26.729 202.218 26.729 C 216.105 26.729 223.77 34.297 225.212 45.199 L 211.145 45.199 C 210.243 40.694 206.997 38.081 202.218 38.081 C 195.545 38.081 192.569 43.217 192.569 51.236 C 192.569 59.255 195.545 64.391 202.218 64.391 C 207.267 64.391 210.333 61.417 211.145 56.372 L 225.212 56.372 C 223.77 67.725 216.195 75.744 202.218 75.744 Z M 151.568 75.744 C 135.787 75.744 127.13 65.202 127.13 51.236 C 127.13 37.27 135.787 26.729 151.568 26.729 C 167.439 26.729 176.096 37.271 176.096 51.236 C 176.096 65.202 167.439 75.744 151.568 75.744 Z M 151.568 64.391 C 158.872 64.391 161.848 59.255 161.848 51.236 C 161.848 43.217 158.872 38.081 151.568 38.081 C 144.354 38.081 141.378 43.217 141.378 51.236 C 141.378 59.255 144.354 64.391 151.568 64.391 Z" fill="rgb(0, 34, 49)" height="101px" id="nbwo4Zi91" width="372.00001062700176px"/></svg>)
Blog
Alon Mazor
|
|
Reading Time:
5
min
A few weeks ago, a message landed in a customer’s inbox that, by all traditional metrics, was impeccable. The sender was a household Fortune 50 brand. SPF passed. DKIM was signed by the legitimate provider. Reputation scores were green across every threat feed we cross-checked. Naturally, the user's existing email security stack waved it through without a single flag.
It was a phish.
The trust signals weren't forged, they were objectively true. The malicious content was being carried by (and in some cases, authored by) infrastructure that no enterprise can block without shutting down global business operations.
That message isn't an anomaly; we see variations of it every day. What is unusual is the industry’s imprecise language regarding the attack class behind it. "Trusted Infrastructure" actually describes two structurally distinct attack models that happen to share the same trust boundary and name. Because they are fundamentally different, they require different defensive postures, yet most security stacks are only built to stop one of them.
The half the industry has been chasing for years
The familiar version of trusted infrastructure abuse is centered on delivery. A real Google Drive share. A real OneDrive link. A real DocuSign envelope. In these cases, the email body is surgically clean, the sender is the legitimate platform, and the malicious content lives exactly one click away—inside the shared file, on the page the link resolves to, or behind a formal signature request.
This pattern is not new. The security industry has been working to solve it for the better part of a decade. Modern stacks are designed to unpack the share, follow the link, and detonate the file. However this problem is not solved. Attackers routinely defeat it with authentication walls, geofencing, time-bombed links that go inert before automation can reach them, and bot-detection layers that serve a clean page to anything that looks like a sandbox. Traditional stacks still get bypassed here, regularly.
While the discipline of following a trail to a payload is well-established, these attacks still consistently bypass traditional solutions. We can call this the "reachable" half. It isn't easy to stop, but at least the signal lives in a space where the security industry knows how to hunt.
If that is the half everyone has been working on, the question worth asking is: What does the other half look like, and why has it not gotten the same attention?
The half nobody is built for: trusted infrastructure exploitation
In delivery abuse, the platform carries someone else's payload. In exploitation abuse, the platform generates the payload itself.
The attacker registers a free account on a real SaaS service - Amazon, a calendaring product, an invoicing tool. They find a user-controlled field that gets rendered into transactional email: the profile name, the listing title, the invoice memo, the event description. They write the lure into that field. Then they trigger the platform's own workflow.
The platform takes the attacker's string and runs it through its templating engine. The result is a transactional email - a security alert, a booking confirmation, a meeting invite - rendered from a real template, signed with the provider's DKIM key, and sent from the provider's own SES or equivalent. Every authentication check returns green. Every reputation lookup returns green. The malicious bytes are authored, rendered, signed, and delivered by a real provider.
A campaign we investigated last month illustrates the pattern. The attacker registered an Amazon account and entered in the "First Name" field, a string ending in a callback number. They added a ProtonMail group as the contact email and a Microsoft 365 tenant as a downstream forwarder. They triggered a routine Amazon security event. Amazon rendered the attacker's string into the greeting slot of its own template and emitted a fully authenticated alert from account-update@amazon.com.
Proton forwarded the message once; M365 redistributed it to the real victim list with SRS rewriting the envelope so SPF passed at every recipient gateway. Amazon was the generator. Proton was the off-ramp. Microsoft was the fanout. The attacker wrote eleven digits and owned the rest of the message structurally for free.
There is nothing to detonate here. No malicious attachment to sandbox. No shared document to retrieve. The lure exists directly inside the authenticated body of the email, and the only infrastructure the attacker controls is an account on a service most enterprises cannot realistically block.
Delivery and exploitation do not share the same defense model
Delivery defense lives outside the email. The attack reveals itself when you follow the link, detonate the file, score the page the share resolves to. The malicious content is eventually reachable, and the discipline is to reach it.
Exploitation defense has no outside. Most times, there is nothing to follow. The attack reveals itself inside the rendered body - in the gap between what a real Amazon security alert is supposed to communicate and what this particular alert is actually asking the user to do. The signal lives in the structure of the message itself, not in any artifact it points to.
Reputation, authentication, and URL scanning all answer questions about the envelope: who sent it, was it signed, and where does it point. Exploitation puts the lure where none of those questions reach. A stack that bolts a sandbox onto a reputation engine has addressed half a category and called it done.
What changes when you see the category clearly
The analytical move for exploitation is to stop grading the sender and start reading the message against the platform's template baseline.
What does a real Amazon security alert normally communicate? What does a real Airbnb reservation confirmation typically look like? Where does the rendered intent of this message diverge from those expectations?
That signal can then be stitched across messages, so an industrialized campaign surfaces as one operation rather than dozens of unrelated ghosts.
This is a different muscle from delivery defense. Stacks built for one are not, by accident, built for the other.
What’s next?
Trusted infrastructure exploitation is likely to accelerate as more SaaS platforms expose customizable templating surfaces to end users. Every single field that gets rendered into a legitimate transactional email—from a "Reason for request" box to a custom "Project Name" is a candidate for a malicious payload.
We are already seeing this pattern rotate across various providers in our pipeline. When one platform tightens its controls, the attackers simply shift their automation to the next reputable service with a free tier and a notification engine.