>>AI and ChatGPT created malware campaigns has not really seen the light
of day
Regarding that, what I'm about to say is very anecdotal - and might be
rare - but I'm seeing a distinct uptick in cold sales call spams sent to
me - that obviously includes AI-generated targeted content. It's obvious
that they used A.I. to compile public information specifically about
invaluement, and then integrated that info into the conversation,
attempting to sound like casual "small talk" conversation done by a
human, inside these cold sales call spams, referring to specific things
about both invaluement and my role there. And I can definitely see how
tis might be harming Bayesian scoring? But in these cold-sale-call spams
I'm seeing, the AI-generated wording is goofy/stupid in some spots, and
that gives it away. And this is actually backfiring and causing my
Bayesian scoring to go up - without collateral damage - and probably the
same will happen for other very smartly trained Bayesian systems, too?
So my system is actually benefiting from this, for now. But it's scare
what they might be doing with this in the future as this technology and
implementation matures.
Rob McEwen, invaluement
------ Original Message ------
From "Michael Peddemors via mailop" <mailop@mailop.org>
To mailop@mailop.org
Date 5/30/2024 1:24:07 PM
Subject [mailop] [STATE OF THE UNION] Tales from the Trenches..
Both life and Business have been very active, so it's been a bit since I posted
one of these.. It's about time again..
* SendGrid continues to allow the same common threats from escaping
* Increase in threat actors from Thailand/Vietnam region, but probably proxies
for Chinese actors
* Digital Ocean IP space of course very bad, and most people already block/flag
that IP space for spammers, but threat actors increasingly using the space for
email compromise attacks. Suggest that you block all authentication from that
IP space by default, for both IMAP and SMTP, unless the IP is operated from a
known good actor, similar to the GCloud, Amazon, Azure problems.
* ColoCrossing still a major pain, hopefully the new acquisition will improve
the situation.
* NameCheap continues to allow the same abuse of their webmails for the same
actors, with no improvement. (It's NOT that hard)
* Botnet spam attacks continue their decline, however email compromise attacks,
and other attacks are on the rise, fortunately with old fingerprints that make
them easy to stop.
* OVH is just opening the door to spammers..
* RackNerd IP space is to the point it's almost auto-block now.
Something is going on with Comcast IP space, a large increase in email
compromise attacks, quite widespread, wonder if this is a case of CPE equipment
compromise?
Netease/ntesmail has a lot more abuse coming from it the last couple of weeks.
Zimbra email compromises always surprise, given the amount of governments still
using it. They do know there is RBL's that list known abusive BEC Attackers?
LogicWeb still is giving IP space to too many obvious bad actors. (Doesn't
anyone do a DNS walk on their IP space any more?)
Gmail and o365 leakage still showing these operators don't care about outbound,
the phishing templates are old, and obvious.. Enough with the '1st page on
Google' spam please? And the Nigerian Prince scams?
MailChimp and MailGun are quickly catching up to SendGrid, as far as letting
obvious known phishing templates from leaving their systems.
We thought 'backscatter' was a thing of the past, but seeing increases from all
kinds of sources. People, please do your spam filtering earlier in the
process.. (Just saw some this week from ionos.com exchange servers?)
Portugese Invoice phishing seems to be on the decline, but this may be more due
to the networks responsible for hosting these actors are being blocked more
regularly.
But in general, fake invoice and RFQ emails are still the go-to for bad actors,
mostly through compromised email accounts. And would you believe that DHL
phishing is still a thing?
At least GoogleGroups spammers are on the decline as well.
One surprise, is the fear about AI and ChatGPT created malware campaigns has
not really seen the light of day. It's still about how to get it delivered,
rather than the content. And as someone once pointed out, spammers often still
use obvious bad language and obvious fake content, they are looking to catch
the less intelligent or tech savvy targets.
Anyways, it's still a real scary place out there. Thanks to those out there
that are also in the fight to make the world a better place, just wish that
network operators were more responsible for what leaves their networks..
And of course, let's all remember to block/drop those really bad networks at
the perimeter.. whether you use SpamHaus, SpamRats DROP lists ARE your friend,
and help make the internet a better place
Now, time to get the new toy out this weekend, and try to put the bad things
out of the mind.. have a safe and pain free weekend all.
-- Michael --
Todays' ASN to watch from the spam auditors?
Orelsoft AS200918
45.145.220.0/22
185.126.196.0/22
185.186.36.0/24
185.186.37.0/24
185.186.38.0/24
185.186.39.0/24
185.30.160.0/23
185.32.182.0/23
185.91.116.0/22
-- "Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
