Re: [mailop] Threat Update.. Tales from the Trenches..
Oh, we didn't say they solved the issue.. here it is mainly 'Do you want to buy a list of users' spam.. But percentage wise, we are seeing a lot less than say a couple weeks ago.. Again, what you are seeing, or what we are seeing.. pretty easy to stop.. at the source. On 2022-10-05 14:20, Hans-Martin Mosner via mailop wrote: Am 05.10.22 um 19:13 schrieb Michael Peddemors via mailop: PS, don't know what o365 is doing, but a marked reduction in uncaught spam leaking from their networks.. Really? I'm seeing a constant stream of fake dating spam from apparently compromised O365 accounts, with no end in sight. Many of them use link shorteners (mostly tinyurl.com), content text has so little variation that good old regex rules get all of them, so it seems to be just a single spamming operation. Targets are german, so that may be a reason you're not seeing those. Looks like either password databases have been leaked somehow (although I consider that very unlikely) or the tenants get to implement their own password policies (which seem to be mostly "anything goes") so that newly created accounts get fixed or easily guessable passwords. I've yet to read another plausible explanation for this wide-spread compromising. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Threat Update.. Tales from the Trenches..
> >PS, don't know what o365 is doing, but a marked reduction in uncaught spam > >leaking from their networks.. > > > Really? I'm seeing a constant stream of fake dating spam from apparently > compromised O365 accounts, with no end in sight. I'm with Hans-Martin on this one. > Many of them use link shorteners (mostly tinyurl.com), content text > has so little variation that good old regex rules get all of them, > so it seems to be just a single spamming operation. Targets are > german, so that may be a reason you're not seeing those. Targets are also Swedish and Finnish. -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Threat Update.. Tales from the Trenches..
Am 05.10.22 um 19:13 schrieb Michael Peddemors via mailop: PS, don't know what o365 is doing, but a marked reduction in uncaught spam leaking from their networks.. Really? I'm seeing a constant stream of fake dating spam from apparently compromised O365 accounts, with no end in sight. Many of them use link shorteners (mostly tinyurl.com), content text has so little variation that good old regex rules get all of them, so it seems to be just a single spamming operation. Targets are german, so that may be a reason you're not seeing those. Looks like either password databases have been leaked somehow (although I consider that very unlikely) or the tenants get to implement their own password policies (which seem to be mostly "anything goes") so that newly created accounts get fixed or easily guessable passwords. I've yet to read another plausible explanation for this wide-spread compromising. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Threat Update.. Tales from the Trenches..
By the way, thanks for all the nice comments off list how valuable these brief updates are, and changes to what we are seeing in the wild.. This one is a little more brief, but if anyone needs more details on a specific type of attack we are seeing, hit me up offlist.. Tales from the Trenches.. It's been both interesting, as well as boring in the sense that we see a lot of the same old, same old this week. * Gmail originated obvious spammer levels still far too high. * Zoho Campaigns relaying through new cloud systems eg.. ip125.234.189.103.in-addr.arpa.unknwn.cloudhost.asia * Large OVH Outbreak across several network segments * Contabo Spammer/Phisher activity very high, wide spread * IXPO and Serverion actors still up to bad stuff and not just spam * Beginning of the week snowshow spammer surge again.. Same actors, across the same suspect hosting companies, they get blocked real fast, poisoning networks * Amazon, Google, Azure cloud threats continue to increase * Mailgun sending 'gesty' spam and threats, harvested addresses * Constant Contact sending phishing activity * Fortimail relaying Serverion spammers * StrikeIron spammer once again on Microsoft IP Space The worst part is that almost every one of the above problems can be solved quite quickly and easily. -- Michael -- PS, don't know what o365 is doing, but a marked reduction in uncaught spam leaking from their networks.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop