Spam is back in a big way – levels that have not been seen since 201o in fact. That’s according to a blog post today form Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet, stated the blog’s author Jaeson Schultz.
+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+
“Many of the host IPs sending Necurs' spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two to three weeks. This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again. At Talos, we see this pattern over, and over again for many Necurs-affiliated IPs,” he wrote.
Talos noted that Necurs recently switched from sending largely “Russian dating and stock pump-n-dump spam, to sending malicious attachment-based spam. This was the first time we'd seen Necurs send attachments. The malicious attachments were propagating either Dridex, a well-known strain of banking malware, or Locky, a prolific ransomware variant.”
Proofpoint also noted an uptick in spam related to the upcoming presidential election:
“As we approach November in an especially sensational Presidential race, Proofpoint researchers have seen a variety of election-themed emails - everything from straightforward text-based spam with embedded links to credential phishing. In terms of our themes, our spam samples skew heavily towards lures featuring Donald Trump. The Republican nominee appears in nearly 169 times as many messages as those featuring his Democratic opponent, Hillary Clinton,” Proofpoint stated.
“Unfortunately there is no silver bullet to defending against a spam campaign. Organizations are encouraged to build a layered set of defenses to maximize the chances of detecting and blocking such an attack. Of course, whenever ransomware is involved, offline backups can be critical to an organization's survival. Restoration plans need to be regularly reviewed and tested to ensure no mistakes have been made and that items have not been overlooked,” Talos wrote.
Check out these other hot stories: