Both life and Business have been very active, so it's been a bit since I
posted one of these.. It's about time again..
* SendGrid continues to allow the same common threats from escaping
* Increase in threat actors from Thailand/Vietnam region, but probably
proxies for Chinese actors
* Digital Ocean IP space of course very bad, and most people already
block/flag that IP space for spammers, but threat actors increasingly
using the space for email compromise attacks. Suggest that you block
all authentication from that IP space by default, for both IMAP and
SMTP, unless the IP is operated from a known good actor, similar to the
GCloud, Amazon, Azure problems.
* ColoCrossing still a major pain, hopefully the new acquisition will
improve the situation.
* NameCheap continues to allow the same abuse of their webmails for the
same actors, with no improvement. (It's NOT that hard)
* Botnet spam attacks continue their decline, however email compromise
attacks, and other attacks are on the rise, fortunately with old
fingerprints that make them easy to stop.
* OVH is just opening the door to spammers..
* RackNerd IP space is to the point it's almost auto-block now.
Something is going on with Comcast IP space, a large increase in email
compromise attacks, quite widespread, wonder if this is a case of CPE
equipment compromise?
Netease/ntesmail has a lot more abuse coming from it the last couple of
weeks.
Zimbra email compromises always surprise, given the amount of
governments still using it. They do know there is RBL's that list known
abusive BEC Attackers?
LogicWeb still is giving IP space to too many obvious bad actors.
(Doesn't anyone do a DNS walk on their IP space any more?)
Gmail and o365 leakage still showing these operators don't care about
outbound, the phishing templates are old, and obvious.. Enough with the
'1st page on Google' spam please? And the Nigerian Prince scams?
MailChimp and MailGun are quickly catching up to SendGrid, as far as
letting obvious known phishing templates from leaving their systems.
We thought 'backscatter' was a thing of the past, but seeing increases
from all kinds of sources. People, please do your spam filtering
earlier in the process.. (Just saw some this week from ionos.com
exchange servers?)
Portugese Invoice phishing seems to be on the decline, but this may be
more due to the networks responsible for hosting these actors are being
blocked more regularly.
But in general, fake invoice and RFQ emails are still the go-to for bad
actors, mostly through compromised email accounts. And would you
believe that DHL phishing is still a thing?
At least GoogleGroups spammers are on the decline as well.
One surprise, is the fear about AI and ChatGPT created malware campaigns
has not really seen the light of day. It's still about how to get it
delivered, rather than the content. And as someone once pointed out,
spammers often still use obvious bad language and obvious fake content,
they are looking to catch the less intelligent or tech savvy targets.
Anyways, it's still a real scary place out there. Thanks to those out
there that are also in the fight to make the world a better place, just
wish that network operators were more responsible for what leaves their
networks..
And of course, let's all remember to block/drop those really bad
networks at the perimeter.. whether you use SpamHaus, SpamRats DROP
lists ARE your friend, and help make the internet a better place
Now, time to get the new toy out this weekend, and try to put the bad
things out of the mind.. have a safe and pain free weekend all.
-- Michael --
Todays' ASN to watch from the spam auditors?
Orelsoft AS200918
45.145.220.0/22
185.126.196.0/22
185.186.36.0/24
185.186.37.0/24
185.186.38.0/24
185.186.39.0/24
185.30.160.0/23
185.32.182.0/23
185.91.116.0/22
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
