Despite the numerous sophisticated attack methods, spam still ranks as a high threat vector for organizations. According to the latest numbers, as many as 95% of attacks targeting enterprise networks are generated by successful spear-phishing. Some 30% of phishing emails are opened by users, with 12% of these targeted users clicking on the malicious link or attachment. The statistics claim 1 in every 8 employees shares information on a phishing site, with a single spear-phishing attack resulting in an average loss of $1.6 million.
Many spammers lack the time, expertise, and resources to acquire an infrastructure that can pump out large amounts of spam. Instead, they rent out infrastructures that have been hacked by others and use them to send spam for as long as they can.
This research report offers a glimpse into the reasons why detecting and blocking inbound spam in your corporate network may be a challenge. Malicious actors often rent out servers with a good reputation to appear legitimate. As a result, the email coming from these servers might not be detected by company networks as infected with malware or with links to phishing sites.
Flare Systems researchers investigated how easily accessible PHPMailers are on Olux.io and how they can be abused to send out spam campaigns. Based on an analysis of Canada, U.S., and France, the team also looked into the size and scope of the Olux.io marketplace, and vendor and hosting service profiles, as well as the profile of hacked PHPMailer installations.
At the time of writing, our team has found that malicious actors can easily rent PHPMailers from Olux.io because there are thousands available for rent at a low cost. In case of malfunction, they can easily be replaced for cheap. This leads us to believe that there could be no benefit in purchasing a PHPMailer located in a specific country. As far as Olux.io traffic sources are concerned, our data reveal Nigeria, Morocco and the UK are the top sources driving traffic to this website.
Moving forward, organizations can protect themselves by looking into the methods deployed by their email filtering providers and keep in mind that geolocation analysis for spam might not protect them from incoming spam.