Resurgence of Spam: Cisco Talos Sound Alarm on New Tactics

Share
To combat these evolving threats, Cisco Talos recommend a multi-faceted approach
Although a number of solutions exist for enterprise spam filtering, Cisco Talos has revealed how bad actors are finding a way around it

Despite companies being dedicated to enterprise wide detection and filtering methods, spam has re-emerged as a significant threat, with attackers employing increasingly sophisticated methods to bypass filters and exploit user trust. 

Recent research by Cisco Talos has shed light on these concerning developments, revealing how threat actors are abusing third-party infrastructure to deliver unsolicited and potentially dangerous emails.

The crux of the issue lies in the creative ways spammers have found to circumvent traditional spam filters. By leveraging legitimate web infrastructure and its associated email systems, attackers are making it increasingly difficult for defenders to block malicious messages. This shift in tactics has far-reaching implications for both individuals and organisations, as it reopens avenues for the delivery of malware, ransomware, and phishing attempts.

Exploiting legitimate infrastructure

One of the primary methods identified involves the exploitation of web forms connected to backend SMTP infrastructure. 

Spammers have realised that any web form that triggers an email back to the user can be abused. This includes account registration forms, event signups, and contact forms—all of which are being manipulated due to poor input validation and sanitisation.

The breadth of sources being exploited suggests that attackers have automated the process of identifying vulnerable web infrastructure. However, the complexity of executing individual attacks, particularly those involving Google services like Quizzes, Calendar, and Groups, indicates a significant level of human involvement. 

This combination of automation and manual effort demonstrates the resourcefulness and determination of modern spammers.

In addition to web form abuse, threat actors are also engaging in credential stuffing attacks on SMTP servers. By using login information obtained from data breaches, attackers attempt to access email accounts for the purpose of sending spam. 

This method is particularly insidious as it allows cybercriminals to send messages from legitimate domains that are unlikely to be blocked by real-time blackhole lists (RBLs).

Evolving spam tactic implications

The implications of these new spam tactics are profound. For one, the traditional reliance on spam filters as a primary defence mechanism is being challenged. 

As most of the emails sent by these contact forms are legitimate, the malicious email blends in with the otherwise legitimate traffic. This blending of malicious content with legitimate communications makes it increasingly difficult for both automated systems and human users to distinguish between safe and dangerous messages.

Youtube Placeholder

Moreover, the resurgence of spam as an effective delivery method for malware and ransomware poses a renewed threat to organisational and personal cybersecurity. 

Many individuals, operating under the assumption that their company's spam blocker is filtering bad emails, may become more careless in opening links and attachments. This false sense of security can lead to devastating consequences, as a single click on a malicious link or attachment can compromise an entire network.

The situation is further complicated by the psychological aspect of trust. When users receive emails that appear to come from legitimate sources—be it a familiar website or a colleague's compromised account—they are more likely to let their guard down. 

Strategies for spam

To combat these evolving threats, Cisco Talos recommend a multi-faceted approach. Educating users about the risks and teaching them to be wary of unexpected emails, even from seemingly legitimate sources, is crucial.

Additionally, organisations and individuals alike must prioritise robust password security. The use of unique, complex passwords for each online account, managed through a dedicated password manager, can significantly reduce the risk of credential stuffing attacks. 

Furthermore, website administrators and developers must take responsibility for implementing proper input validation and sanitisation on web forms. By closing these vulnerabilities, they can help prevent their legitimate infrastructure from being co-opted by spammers.

The resurgence of spam as a viable attack vector serves as a stark reminder that in the realm of cybersecurity, complacency is the enemy of safety. As attackers continue to innovate, so too must defences evolve to meet the challenge.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Cloudflare and the Push for E2E Encryption of Messaging Apps

Cloudflare has partnered with Whatsapp to deliver E2EE and Key Transparency for millions of users

Why Biden Was Proved Right on Push to Secure Water Utilities

The outgoing President has seen the threats posed by cyber attacks on specific utilise like water and has thus been pushing for tighter regulations

AI-Native Edge: Juniper Networks Vision of Networking

Juniper Network is aiming to offer visibility across network and security operations with its new Secure AI-Native Edge solution

DNV & CyberOwl Join to Give Shipping Huge Cyber Offering

Operational Security

Why is Active Directory a Concern for CISOs?

Cyber Security

Palo Alto Networks, Deloitte and The Push to Platformization

Cyber Security