Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Inside A Massive Spam Operation, And Shutting It Down

     

    dashboard

    We’ve blogged before about spammers using publicly accessible databases to help them with large-scale spam campaigns. Here’s what one such recent campaign looks like from the insider.

    Security researcher Bob Diachenko discovered a publicly-accessible database containing 11.5 million compromised emails and plain-text passwords which were being used in a massive spam operation. Diachenko and Zach Whittaker at TechCrunch analyzed the server and figured out how the operation worked.

     The spammer used previously leaked email addresses and passwords to launch credential stuffing attacks against victims’ email accounts. Once an account was hacked, the spammer would log into the account and feed one of the victim’s recently sent emails into a server which generated a personalized spam email.

    It did this by taking the subject line of the sent email along with the recipient’s email address, making it look like the recipient was replying to the victim’s original email.

    This message is first sent through a proxy server made up of several cell phones, and it then goes through the victim’s email provider using the victim’s credentials. This entire process is automated and took place hundreds of times each second.

    The emails themselves contained links that directed the victim to a spoofed news website promoting a bitcoin scam or a phony weight loss pill. Users in the US were taken to a spoofed CNN page, while users in the UK would be sent to a fake BBC page.

    The spammer also left the database’s Kibana user interface exposed, allowing Diachenko and Whittaker to observe the results of the spam campaign in precise detail. Tracking links in each spam email allowed the attacker to determine which email domains were most vulnerable and had the least effective filters.

    The campaign ran for ten days between March 8 and March 18, and the attacker sent 5.1 million spam emails during this time. Nearly 163,000 of these emails of these emails were opened by the recipient. Whittaker notes that “it’s not the first time we’ve seen a spam operation in action, but it’s rare to see how successful it is.”

    He adds that, while this server has been neutralized, the spammer has most likely shifted operations to another server. The campaign highlights how criminals can combine several different attacks to maximize their success.

    Using credential stuffing and email spoofing to launch a widespread, yet personalized, spam campaign was apparently very effective. New-school security awareness training can teach your employees how to avoid falling for phishing emails even if they appear to be sent by someone they know.

    TechCrunch has the story: https://techcrunch.com/2019/04/02/inside-a-spam-operation/

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews