Using MailChimp makes malware campaigns a little bit more successful

Thanks to anti-spam infrastructure that we have collectively built over the years nowadays are very hard to send thousands or millions of emails. Sending one email is easy, sending millions is not, because of this companies tend to move their mail delivery operations to email service providers or ESPs. ESPs can handle unsubscribe requests, bounces, and deal with the listing of the mail servers on DNS blacklists.

ESPs don’t tolerate spammers, so they are not along their usual customers. But for every rule there is an exception, our cybersecurity team found that cybercriminals have gained access to Mailchimp’s systems. For now, it is unclear how they managed to do this; possibilities range from a vulnerable third-party plug-in that integrates into MailChimp to a malware that is present in MailChimp itself, or by using stolen customer credentials.
This cybersecurity breach is another excellent example of how bad things can go if a system is poorly protected or unprotected at all by a top cybersecurity solution like an antivirus. This is why every system must be protected by a antivirus for Windows or an antivirus for Mac depending on which OS system is using.

Because email security products scan attachments, but they are avoiding inspecting links beyond the URL cybercriminals used in their last campaign emails claiming to link either to an invoice or fax. This kind of technique is helping cybercriminals to make emails harder to block.
But white all these techniques that cybercriminals are using an end-user still has to download and run the attachment for the payload to be delivered. Meaning that even if successfully downloaded, the malware still would have had to bypass an endpoint cybersecurity solution like a antivirus. This is why, depending on which OS their devices are using, it is necessary the presence of a windows antivirus or an antivirus for mac in each end-point system to be safe and secured.

MailChimp breach is a perfect example that every company can be breach this is why we recommend trimestrial cybersecurity checks that are done by a professional cybersecurity company. Tests like: penetration test or ethical hacking test on company’s network are a must because they can reveal its vulnerabilities and weaknesses. Another good cybersecurity measure is using cyber-secured web hosting services.