|
Tweet Follow @spamhaus |
|
||
![]() Poor sending practices trigger a tidal wave of informational listings Spamhaus Botnet Threat Update: Q4-2021 SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up Spamhaus Botnet Threat Update: Q3-2021 Spammer Abuse of Free Google Services Spamhaus Botnet Threat Update: Q2-2021 Emotet Email Aftermath Wordpress compromises: What's beyond the URL? Older News Articles: ![]() ![]() |
As we gallop apace into 2021, our researchers often get asked what the current trends and themes are they're seeing. Compromised legitimate websitesLegitimate websites continue to be compromised in substantial numbers. We are still regularly seeing thousands and thousands of hacked WordPress sites. Once a cybercriminal has a website in their grubby hands, there are multiple ways (all bad) they will potentially use it. These can include; web shells, malware hosting, sending spam, hosting phishing websites, or redirector hosting. Often one website is used for several of these purposes! As in most cases, prevention is better than cure, so we urge website owners to ensure they cover the basics:
Residential proxiesThis ongoing issue shows no sign of abating any time soon. Certain applications (most if not all from unofficial marketplaces) are downloaded to predominantly Android-based devices, including phones, tablets, digital media players, and streaming dongles. As the saying goes, “There’s no such thing as a free lunch.” This is certainly true in this instance, as these applications which claim to be free are monetized via third party code. As you can imagine, this detail is buried deep within the application’s terms and conditions. The third party code allows miscreants to use the said device as a conduit for their nefarious actions. These proxies are hard to find and hard to remove for the average victim. They open up many, many different abuse vectors. Spam is just one of them, but these are also used in large numbers for account creation, account takeover, stolen browser identities, and click/ad fraud. Phish du jourThere is still a significant amount of phishing activity that leverages the news-of-the-day. After last year’s rush of covid related activity (see chart 1), we are now witnessing “vaccin" being used as the lure to interact (see chart 2). Given the current state of the pandemic, this is obviously a powerful social engineering trick. We predict the use of “vaccination/vaccine” will escalate over the coming months. You only have to look at Chart #2 to see the upward trend over the past few months. Chart 1: Domain registrations containing the word corona ![]() Chart 2: Domain registrations containing the word vaccin ![]() Phishing with a different rodMore sophisticated bad actors will choose domains that are marginally different. You can already see this in some more traditional phishing campaigns that target the financial sector; instead of using domain names that include the phished brand's name, they use more generic or technical sounding domains. These will often not get picked up by brand protection specialists. Additionally, it provides miscreants with the benefit of having a dedicated domain allowing the correct set-up of authentication, including SPF, DKIM, and DMARC, providing improved email deliverability. Ransomware is still a lucrative businessWhen discussing ransomware, people usually think about poorly written emails sent en-masse by botnets. However, miscreants are becoming increasingly savvy in their approach. While entry methods vary, we see far too many cases than necessary where compromise starts with an existing corporate account. For instance, the same password to the said account has been used across multiple website log-ins. One of these websites is compromised, and the log-in details are harvested before being made available on the dark web. In addition to the above, we also see (semi) targeted phishing campaigns where cybercriminals carefully investigate their victims for weeks or months. Mechanisms for this kind of abuse often impersonate well-known business applications such as DocuSign or some of the file transfer services like Dropbox. This story's moral is don’t reuse the same password across accounts and ensure log-in protocols are as secure as possible to prevent cybercriminals from impersonating the legitimate owner of the corporate account and always check the origination of documents. Keep safe and secureWe hope you enjoyed our quick tour of current trends - we’ll keep you updated as 2021 progresses. Stay safe! |
![]() ![]() ![]() ![]() ![]() ![]() |
![]() Permanent link to this news article: Some attack vectors Spamhaus is observing in early 2021 http://www.spamhaus.org/news/article/804/some-attack-vectors-spamhaus-is-observing-in-early-2021 ![]() |
![]() Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|