Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics
Despite companies being dedicated to enterprise wide detection and filtering methods, spam has re-emerged as a significant threat, with attackers employing increasingly sophisticated methods to bypass filters and exploit user trust.
Recent research by Cisco Talos has shed light on these concerning developments, revealing how threat actors are abusing third-party infrastructure to deliver unsolicited and potentially dangerous emails.
The crux of the issue lies in the creative ways spammers have found to circumvent traditional spam filters. By leveraging legitimate web infrastructure and its associated email systems, attackers are making it increasingly difficult for defenders to block malicious messages. This shift in tactics has far-reaching implications for both individuals and organisations, as it reopens avenues for the delivery of malware, ransomware, and phishing attempts.
Exploiting legitimate infrastructure
One of the primary methods identified involves the exploitation of web forms connected to backend SMTP infrastructure.
Spammers have realised that any web form that triggers an email back to the user can be abused. This includes account registration forms, event signups, and contact forms—all of which are being manipulated due to poor input validation and sanitisation.
The breadth of sources being exploited suggests that attackers have automated the process of identifying vulnerable web infrastructure. However, the complexity of executing individual attacks, particularly those involving Google services like Quizzes, Calendar, and Groups, indicates a significant level of human involvement.
This combination of automation and manual effort demonstrates the resourcefulness and determination of modern spammers.
In addition to web form abuse, threat actors are also engaging in credential stuffing attacks on SMTP servers. By using login information obtained from data breaches, attackers attempt to access email accounts for the purpose of sending spam.
This method is particularly insidious as it allows cybercriminals to send messages from legitimate domains that are unlikely to be blocked by real-time blackhole lists (RBLs).
Evolving spam tactic implications
The implications of these new spam tactics are profound. For one, the traditional reliance on spam filters as a primary defence mechanism is being challenged.
As most of the emails sent by these contact forms are legitimate, the malicious email blends in with the otherwise legitimate traffic. This blending of malicious content with legitimate communications makes it increasingly difficult for both automated systems and human users to distinguish between safe and dangerous messages.
Moreover, the resurgence of spam as an effective delivery method for malware and ransomware poses a renewed threat to organisational and personal cybersecurity.
Many individuals, operating under the assumption that their company's spam blocker is filtering bad emails, may become more careless in opening links and attachments. This false sense of security can lead to devastating consequences, as a single click on a malicious link or attachment can compromise an entire network.
The situation is further complicated by the psychological aspect of trust. When users receive emails that appear to come from legitimate sources—be it a familiar website or a colleague's compromised account—they are more likely to let their guard down.
Strategies for spam
To combat these evolving threats, Cisco Talos recommend a multi-faceted approach. Educating users about the risks and teaching them to be wary of unexpected emails, even from seemingly legitimate sources, is crucial.
Additionally, organisations and individuals alike must prioritise robust password security. The use of unique, complex passwords for each online account, managed through a dedicated password manager, can significantly reduce the risk of credential stuffing attacks.
Furthermore, website administrators and developers must take responsibility for implementing proper input validation and sanitisation on web forms. By closing these vulnerabilities, they can help prevent their legitimate infrastructure from being co-opted by spammers.
The resurgence of spam as a viable attack vector serves as a stark reminder that in the realm of cybersecurity, complacency is the enemy of safety. As attackers continue to innovate, so too must defences evolve to meet the challenge.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand