{"id":19075,"date":"2025-04-14T13:32:27","date_gmt":"2025-04-14T11:32:27","guid":{"rendered":"https:\/\/kordon.app\/?p=19075"},"modified":"2025-04-14T13:32:31","modified_gmt":"2025-04-14T11:32:31","slug":"how-an-attacker-used-spam-bombing-to-gain-remote-access","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/how-an-attacker-used-spam-bombing-to-gain-remote-access\/","title":{"rendered":"How an Attacker Used &#8216;Spam Bombing&#8217; to Gain Remote Access"},"content":{"rendered":"<p>In their recent blog post <a href=\"https:\/\/www.darktrace.com\/blog\/email-bombing-exposed-darktraces-email-defense-in-action\" target=\"_blank\" rel=\"noopener\" title=\"\">Darktrace<\/a> goes over a case study of how the adversaries used &#8216;<strong><em>Spam Bombing<\/em><\/strong>&#8216; to ultimately convince the target to give them access to their computer via Microsoft Quick Access remote management tool.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What happened<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The attackers used the targets email address to sign them up to 100+ legitimate services.<\/li>\n\n\n\n<li>Within minutes the target got bombarded with107 different e-mails in 3 different languages<\/li>\n\n\n\n<li>All these e-mails came from reputable sources &#8211; because ultimately they were valid &#8211; newsletter, service signup e-mails. Hence, they were not flagged as suspicious.<\/li>\n\n\n\n<li>To help with the flood of emails a &#8220;helpful IT person&#8221; reached out to the target and convinced them to give them remote access to their computer.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Protection against <\/strong><em><strong>&#8220;Spam Bombing<\/strong>&#8220;<\/em><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Make sure your monitoring tools are not only looking and analysing individual e-mails. Overall patterns are important to notice as well.<\/li>\n\n\n\n<li>Share this example within your organisations so they too can recognize the suspiciousness of such patters. <\/li>\n\n\n\n<li>And as always, be suspicious about helpful it people reaching out at the most convenient moment. When something like this happens, hang-up, ignore and reach out to them yourself using official channels.<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Overview of a case about &#8220;Spam Bombing&#8221; and how to avoid it yourself.<\/p>","protected":false},"author":1,"featured_media":19078,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-19075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=19075"}],"version-history":[{"count":12,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19075\/revisions"}],"predecessor-version":[{"id":19088,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19075\/revisions\/19088"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/19078"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=19075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=19075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=19075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}