How hackers use spam to maximize the impact of a cyber attack?

‘Spam’ is unsolicited email sent in massive quantities simultaneously to numerous users, generally trying to advertise or publicize certain products or services.

Seqrite Jun 14th 2018

All users of the Internet are familiar with the word ‘spam.’ ‘Spam’ is unsolicited email sent in massive quantities simultaneously to numerous users, generally trying to advertise or publicize certain products or services. This junk mail is also often used as a bridgehead for other types of cyber crime, such as phishing or email scams.

Why spamming is the preferred mode of cyber attack?

Though many novel methods of cyber attack have emerged in recent times, spamming still remains popular among hackers and cyber-criminals. There are many reasons for this.

Not only is spam widely pervasive, it can give the hackers access to a large number of potential victims at the same time. Moreover the boom in devices and content like smart phones and tablets have brought about unprecedented and widespread connectivity. There are many net users who are relatively ignorant about the dangers of spams and security mechanisms.

However the most important reason still remains the fact that spam campaigns are comparatively cheap. Hackers and cyber criminals also often use botnets to send spam mails to targeted victims. Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, servers, infrastructures, IP ranges, and domain names, and it is difficult to hold senders accountable for their mass mailings. Moreover, it is relatively easy to send spam mails to targeted groups in a specific region or a country. The most recent example of this was the use of stolen personal data by Cambridge Analytica to target specific groups in certain countries in an attempt to influence their voting pattern.

How hackers collect email addresses for spamming?

Though spam mails are usually sent to individual email ids, sending such spam messages to smartphones also is not uncommon. However, the Internet continues to remain the preferred mode for hackers. Thus the very first step that a hacker must take for spamming is collecting email ids. Without completing this fundamental task, no cyber criminal can send spam mails to innumerable people. Another thing for such hackers to ensure is that they remain untraceable. The collection of such emails ids is done through various ways.

One of the most important ways is through hacking company databases especially when large amounts of databases are required. The Equifax and Yahoo fiascos are still creating ripples. This can also happen when companies deliberately or accidentally compromise their mail lists. Cyber criminals might also focus on hacking servers which host such mailing lists. Another common mode is through crawling websites and forums. If an ad is showcased on a webpage or any other unprotected social media site, hackers can easily harvest it. Phishing on social media channels or man-in-the-middle attack are other important ways of using spam.

However, the most dangerous is ransomware. Here certain ransomware strains can be instructed to connect to the accounts one is logged into. This virus can then collect all the contacts and then leak them to a cyber-criminal controlled server. Some famous examples of these are the WannaCry strain and the Bad Rabbit.

How a spam mail can trigger a cyber-attack?

The common attack pattern of spams intending to spread malware is the following: The unsuspecting victim opens the spam mail. The mail then may direct him/her to click on a link in the email which connects to a malware-infected site. In the second scenario the user downloads the malicious attachment which includes a payload which scans the system for vulnerabilities and then connects to the server controlled by the attacker for commands. The infection then unfolds according to its objectives.

Seqrite offers wide range of solutions to tackle the spam threat. The Endpoint Security solution offers Spam Protection which scans endpoint inboxes for spam, phishing attacks and unsolicited mails. The Unified Threat Management solution for the network also offers Gateway Mail Protection which scans incoming/outgoing emails or attachments at the gateway level to block spam and phishing emails before they attack the network.