AS long time readers of this list know, I like to once in a while share
what we are seeing happening in the world, from our Spam Auditor reports
and other data sets..
Have to start off by saying, we have seen a marked drop in spam leakage
from GMAIL over the last couple of weeks, and while it may have
something to do with custom rejection tools for the most common types of
leakage/permitted spam/marketing, I would LIKE to think they have made
some improvements, and commend them.
And while of course some of the same actors names keep coming up, a
marked increase of bad sign-ups at some hosting providers recently,
shows new player activity in this space.
Hostwinds, Digital Ocean, Krypt and OVH et all continue to show daily
new activity from spammers, but some of the IoT big spam bots appear to
have reduced, probably because of some very public take downs of some C2
networks.
But the hackers are always changing tactics... The huge increase of
hacking attacks from Azure, Amazon E2C, and GoogleCloud is an example of
that, and one can only wonder if it is the slow take down cycles that is
making that so attractive to hackers.
And of course OVH, from which still large swathes of IP(s) are engaged
in brute force attacks, with little or no action.
When it comes to IoT attacks, there is still a large problem coming from
Asia and Eastern Europe and South America, primarily from router hacks
and older Windows installation base, and many ISP's in those areas are
still not blocking Port 25 on Egress.
But it does seem that some actors prefer to use one geographic area over
another.. Eg, someone really likes the Kazikstan, Uzbekistan regions..
another likes Vietnam, and another likes Central/South America, probably
due to vendor penetration in an area, and which devices the hacker group
targetted.
And we are anoctodally seeing an escalation of threat actors from the
India/Pakistan regions, whether the sheer number of IoT devices making
it attractive, or by regional actors increasingly getting IP space and
leap frogging through/on North American hosting companies..
And of course, you have to wonder when large swathes of network space
are all engaged in the same activities.. how accidental or coincidental
is it? Trends like this will only result in much more restrictive
internet 'siloing' or outright 'blackhole' if the trend doesn't reverse..
149.56.44.224 x5 224.ip-149-56-44.net
149.56.44.225 x4 225.ip-149-56-44.net
149.56.44.229 x11 229.ip-149-56-44.net
149.56.44.230 x11 230.ip-149-56-44.net
149.56.44.244 x24 244.ip-149-56-44.net
149.56.44.250 x21 250.ip-149-56-44.net
149.56.45.11 x2 11.ip-149-56-45.net
149.56.45.112 x19 112.ip-149-56-45.net
149.56.45.113 x29 113.ip-149-56-45.net
149.56.45.12 x3 12.ip-149-56-45.net
149.56.45.121 x38 121.ip-149-56-45.net
149.56.45.122 x4 122.ip-149-56-45.net
149.56.45.129 x35 129.ip-149-56-45.net
149.56.45.130 x30 130.ip-149-56-45.net
149.56.45.15 x10 15.ip-149-56-45.net
149.56.45.154 x11 154.ip-149-56-45.net
149.56.45.156 x11 156.ip-149-56-45.net
149.56.45.157 x28 157.ip-149-56-45.net
149.56.45.16 x29 16.ip-149-56-45.net
149.56.45.167 x26 167.ip-149-56-45.net
149.56.45.182 x42 182.ip-149-56-45.net
149.56.45.187 x32 187.ip-149-56-45.net
149.56.45.195 x30 195.ip-149-56-45.net
149.56.45.199 x30 199.ip-149-56-45.net
149.56.45.28 x4 28.ip-149-56-45.net
149.56.45.29 x15 29.ip-149-56-45.net
149.56.45.31 x11 31.ip-149-56-45.net
149.56.45.37 x6 37.ip-149-56-45.net
149.56.45.4 x20 4.ip-149-56-45.net
149.56.45.48 x4 48.ip-149-56-45.net
149.56.45.52 x35 52.ip-149-56-45.net
149.56.45.54 x28 54.ip-149-56-45.net
149.56.45.57 x29 57.ip-149-56-45.net
149.56.45.69 x32 69.ip-149-56-45.net
149.56.45.89 x28 89.ip-149-56-45.net
149.56.45.92 x30 92.ip-149-56-45.net
149.56.45.93 x11 93.ip-149-56-45.net
Our team has even been forced to create special rule sets for ANY
activity from some networks, when 99% of the activity detected is part
of the threat landscapes. But in the long run, this MAY harm legitimate
users of those networks. And truly a waste of valuable IPv4 space.
I always thought the Internet netizens would do a better job of self
policing, but I am afraid that little has changed in 20 years.. With a
commercial motive to do so, network operators still treat outbound
threats very low on the priority lists.
Any ways, this is my weekend thoughts and reports, from looking through
reports and records this week..
Have a safe and happy weekend..
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
