Hackers Abusing Third-Party Email Infrastructure to Send Spam Mails

Hackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications.

By leveraging vulnerabilities in various online platforms, cybercriminals can masquerade as legitimate users and send unsolicited emails that can bypass traditional spam filters.

Exploiting Online Registration and Forms

One of the primary methods employed by these hackers involves exploiting weak input validation in online registration forms.

Many websites allow users to sign up for accounts or register for events, sending confirmation emails upon successful registration.

Cybercriminals have found ways to overload these forms with malicious content, embedding spam links within the emails sent back to users.

The problem begins with inadequate validation and sanitization of user inputs. Spammers fill the name field with excessive text and URLs in account registration forms.

This results in confirmation emails containing unwanted links being sent to unsuspecting users.

Similarly, event registration forms are manipulated, allowing spammers to disseminate their content widely.

Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration

Contact forms are another target for these cyber criminals. Some websites automatically send a copy of the form response to the user.

By exploiting these forms, spammers can include their malicious content in what appears to be a legitimate email from a trusted source.

Abusing Google’s Suite of Applications

Google’s suite of applications, including Google Quizzes, Calendar, Drawings, Sheets, Forms, and Groups, has not been immune to these attacks.

Spammers have discovered vulnerabilities within these platforms that allow them to send unsolicited emails posing as legitimate Google communications.

Sending spam through Google applications requires a significant pre-attack setup.

For example, attackers must create a Google Quiz and configure it correctly before filling it out as if they were the victim.

They then log back into the quiz to grade it, triggering an email that appears legitimate but contains spam content.

Credential Stuffing: A Growing Threat

Credential stuffing is another technique cybercriminals use to exploit third-party email infrastructures.

It involves using stolen credentials from data breaches to access victims’ email accounts and send spam from their SMTP servers.

Once attackers obtain credentials, they attempt to access various services using those details.

If successful, they can log into the victim’s outbound SMTP server and send emails that appear to originate from a trusted domain.

This method allows spammers to bypass many real-time blackhole lists (RBLs) that typically block suspicious domains.

Tools Used in Credential Stuffing

Several open-source tools facilitate credential-stuffing attacks. MadCat and MailRip are two such tools frequently observed by cybersecurity experts.

These tools automate testing stolen credentials against multiple servers, making it easier for attackers to find vulnerable accounts.

Defending against these sophisticated spam campaigns is challenging for cybersecurity professionals.

The emails sent through compromised third-party infrastructures often blend seamlessly with legitimate traffic, making detection difficult.

Strategies for Mitigation

Despite these challenges, there are strategies that organizations can employ to mitigate these threats:

1. Enhanced Input Validation: Websites should implement robust input validation and sanitization processes to prevent spammers from exploiting registration and contact forms.
2. Monitoring and Alerts: Implementing monitoring systems that can detect unusual patterns in email traffic can help identify potential spam campaigns early.
3. Credential Management: Encouraging users to use unique passwords for different services and enabling multi-factor authentication can reduce the risk of credential-stuffing attacks.
4. Collaboration with Anti-Spam Organizations: Sharing information about new attack vectors with anti-spam organizations can help improve industry-wide defenses against these threats.

According to the Talos Intelligence report, hackers’ abuse of third-party email infrastructures represents a significant challenge in the ongoing battle against spam.

By improving input validation, enhancing credential security, and collaborating across industries, we can better protect against these sophisticated spam campaigns.

Analyse AnySuspicious Links Using ANY.RUN's New Safe Browsing Tool: Try It for Free