New tactics of spam now use increased sophistication to evade strong defenses in just a short time. Although most enterprises have invested lots of money into the enterprise class spam filtering tools, Cisco Talos has shown some disturbing trends on how bad actors are finding their way around the defenses.
As the detection and filtering capabilities of organizations continue to improve, spam is just as dangerous, more sinister, and more related with user trust as attackers become cleverer in their trickery and make use of legitimate web infrastructures to deliver spammers' undesired potentially harmful e-mails. Cisco Talos recent research sheds light on these alarming trends.Experiential Tricks of Modern Spammers
In other words, spammers learned how to exploit this creativity as an end-run around traditional filters. Since the bad guys use legitimate Web services and email systems for their nefarious activities, the tactics taken to prevent unwanted messages add complexity by the same very systems intended for good.
This shift creates new vulnerability for the individual but also opens up an opportunity for organizations to be hit with malware, ransomware, and phishing attacks.
Using Real Infrastructure
Manipulation of web forms to backend SMTP systems is perhaps one of the busiest schemes that spammers are engaged in. The spammers have learned that any form capable of generating a response via email can be easily exploited. Those include account registrations, signups for events, and contact forms, which typically become casualties of insufficient input validation and sanitization.
The list of resources exploited brings us to the assumption that attackers somehow had automated the search for vulnerabilities in web-infrastructure, but complex attacks, in particular those with services like Google Quizzes, Calendar, and Groups, would involve a highly human-controlled activity. Such a combination of resourcefulness in terms of automation as well as manual efforts characterizes current spammers.
In addition, a host of attackers focus on so-called credential stuffing attacks on SMTP servers that use the login details captured from data breaches. This allows spammers to send spam from real accounts, meaning that most RBLs have a hard time catching their messages.
The Severe Consequences of Emerging Spamming Methods
Such changing trends pose significant challenges. Spam filters, which have been the traditional solution, are also under question. Since most of these coming through the web forms appear legitimate, spam messages tend to intermingle with true communications, and it is hard for both the automatic systems and the human eye to distinguish between harmless and malicious communications.
Furthermore, the revival of spam as a malware and ransomware delivery method brings new risks into the play of both personal and organizational cybersecurity. Many users believe that the spam filter of their firm catches everything nasty that comes through, giving them a false sense of security to open links and attachments in suspect email. Such a misconception can have severe repercussions, where a single click on a deadly hyperlink can jeopardize an entire network.
Trust and Its Risks
The psychological component of trust makes the situation even worse. The users are left helpless in case someone emails them from an address that appears known and trusted.
Antisnaf Strategies
The Cisco Talos approach to such emerging threats is holistic. Educating users about potential risks will encourage users to be more cautious when receiving unsolicited emails, even if they come from seemingly trustworthy sources.
Strong password security is also one area wherein organizations and individuals should focus. Having a different complex password for each of their online account managed through a password manager would help eliminate the threat of credential stuffing attacks.
Similarly, the administrators and developers of websites should ensure proper validation and sanitization on web forms to avoid such attacks. This would give the developers the chance to protect their very legitimate infrastructures from spammer exploits.
Reemergence of spam as a usable attack vector reminds everyone that complacency is an unsafe enemy in the realm of cybersecurity. In the never-ending growing sophistication of challenges, our defenses must continue to grow even stronger as cybercriminals do.
No comments:
Post a Comment