Threat actors have discovered new ways to sneak unwanted emails past spam filters in John Cena-like fashion.
According to a September Cisco Talos blog post, spammers are initiating attacks against the web pages and mail servers of legitimate organizations in order to send junk mail from seemingly credible sources, thus bypassing spam filters.
The blog post was penned by Jaeson Schultz, a technical leader for Cisco Talos’ security intelligence and research group, who identified two tactics spammers are using to execute their attacks.
Tactic one and tactic two. The first tactic involves overloading the text fields on web forms that trigger an email to be sent back to a user with unsolicited messages and links. Possible web forms that could be abused for this scheme include online account registration, event signup, and contact form pages.
Extra crafty spammers are also using the tactic on popular Google softwares such as Google Quizzes. To do so, Schultz said the attacker would first need to create a quiz and fill it out using a victim’s credentials. They would then be able to spread their unsolicited message through the email that is sent back to the victim after grading the fake quiz.
The second strategy observed by Schultz uses credential stuffing, a type of cyberattack where threat actors use breached credentials to gain access to someone’s accounts, to log in to a victim’s outbound simple mail transfer protocol server to send unsolicited emails.
“This provides the cybercriminal with a legitimate mail server and domain which are not likely blocked by various spam real-time blackhole lists (RBLs),” Schultz wrote.
Education is key. In his September blog post, Schultz noted that there was “very little” that could be done to defend against spam messages that are sent from legitimate sources. However, he recommended that individuals use password managers, as well as unique passwords for every website to protect themselves and that they remain educated on how to spot suspicious emails.
DomainTools CISO Daniel Schwalbe told IT Brew that along with education, security teams should also strive to create a positive environment where employees feel comfortable reporting interactions with spam and other threats.
“Shaming people does not work,” Schwalbe said. “It will make them mad. It will make them feel bad, and they’ll just hide it better next time.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.