Cybersecurity in 120 Secs: Spam Mayhem

Screen Shot 2017-09-01 at 07.19.25.png

This week stolen credentials were evident in a Pastebin post that potentially could be used in an IoT attack; 23 million emails were launched in the newest Locky campaign in a 24 hour period;  Onliner spambot is locked and ready to launch and ready to infect millions. (Learn more about enSilo endpoint security.)

Highlighting the cybersecurity news from the past week in a 120 second read. Starting now.

Stolen Credentials

More than 1,700 login credentials were discovered that could be used for an IoT attack.

Why is this significant?

  • A Pastebin address posted a list of telnet-accessible devices containing login credentials for 8,233 unique IP addresses, 2,174 of which were still running open telnet servers.
  • This release signifies weak IoT security. Of the 8,233 hosts, only 144 were unique and the majority of devices are default passwords and user names are “Admin.”
  • Two takeaways: 1. It is crucial to change user names from the factory issued default, on anything “Smart”, (routers, televisions, refrigerators, printers, etc.) and be sure to create a unique password with 12 or more characters. 2. Disable remote access and enable with restrictions only when needed.

Read the full story in ArsTechnica.

Locky Campaign

23 million emails have been launched in a new Locky ransomware campaign.

Why is this significant?

  • These campaigns are launched to hit as many email inboxes as possible preying on the smaller percent of users that will trigger the ransomware.
  • Researchers claim that this Locky campaign is "one of the largest malware campaigns seen in the latter half of 2017."
  • Locky has been hitting more headlines in recent weeks after it was dormant for some time. The success of this campaign depends only on a small percentage of the 23 million users hit, to click that will pay the ransomware demand of 0.5 bitcoin/$2300.

Read the full story in ZD Net.

Potential Spam Campaign

711 million email accounts prepared to issue a spam campaign via Onliner spambot.

Why is this significant?

  • This spam campaign includes lacing emails with data-stealing malware Ursnif and sending spam mail through legitimate email servers.
  • Credentials that are leveraged are generated from already infected machines with Ursnif , phishing campaigns, data-stealing attacks and a list from other public leaks such as in 2016’s LinkedIn breach. This is being dubbed by a breach notification site – Have I Been Pwned – as the "largest" batch of data to enter the breach notification site in its history.”
  • In order to bypass the email filters, the attacker is using a list of SMTP credentials which authenticates the spam mail to be sent out as legitimate email, which is a sneaky way to bypass "spam alerts" increasing the amount of vulnerable users that will click the malicious email.

Read the full story in ZDNet.

Endpoint protection is what we do.

Sign Up for a Demo Today

Related Blog Posts