(Data Query Service)
(DNS Firewall)
(IP & Domain Intelligence)
Dangling DNS and the dangers of subdomain hijacking
DNS attacks are becoming increasingly prevalent, with 90% of organizations experiencing them, as per the IDC Threat Intelligence Report 2023. Due to its critical function, DNS is a frequent target for cybercrimes, including DDOS attacks, DNS spoofing and DNS hijacking. However, a lesser-known but significant threat is the dangling DNS record - read on to learn more.
Expired and exploited: Reviving a 30-year-old legacy domain for hijacking
Due to the current shortage of IPv4 addresses, any legacy IP block, regardless of its size, including Autonomous System (AS) networks, is at risk of being hijacked and misused for identity theft or other malicious activities. Here are the findings of Spamhaus' investigation into Fiberlinkcc.com, a legacy domain used to provide connectivity to hijacked IP blocks.
Spamhaus DROP and eDROP to become a single list
From April 10th, 2024, Spamhaus eDROP (Extended Don’t Route Or Peer) data will be consolidated into the DROP lists, meaning eDROP will no longer be published separately. Read on for a closer look at why these changes are being implemented and what this means for those affected.
The return of the ASN-DROP
Further to requests from the community we've reinvigorated the ASN-DROP. With a new algorithm, ASN-DROP is now available in JSON format, listing Autonomous System Numbers (ASNs) associated with the worst of the worst behavior. These are ASNs that our researchers wouldn’t recommend engaging with and are highly likely to announce...
Emotet Email Aftermath
At the end of January 2021, Europol announced that a coordinated group of international authorities had taken control of the Emotet botnet infrastructure. Prior to this takedown, Emotet had spread itself using previously compromised email addresses to send tens of thousands of messages with malware-laden attachments using a technique called...
Suspicious network resurrections
***UPDATE** Dec 1st 2020: A big thank you to Telia Carrier, Hurricane Electric and GTT for taking swift and positive action in shutting down the related announcements.* We believe there is a serious issue relating to the equivalent of 56 “/20” networks, with a corresponding 230k IPv4 addresses. The total...
The Current State of Domain Hijacking, and a specific look at the ongoing issues at GoDaddy
**Domain hijacking is not a new problem, but it is one that gains strength if it is not countered effectively, and we have seen some disturbing trends in the last 6 months.** Cyber criminals are increasingly relying on legitimate and well established domains in order to carry out their maliciousness...
How to Halt the Hijackers
If you’ve read Network hijacking - the low down, you’ll be fully versed in the varied ways cybercriminals can hijack your network. In this article, we’ll be explaining how to protect against this happening to you, along with a high-level overview as to what you can do if your Internet...
Network hijacking - the low down
Network hijacking involves the announcing or re-routing of Internet protocol (IP) addresses without authorization from the owner of those addresses. When hijacking is done intentionally, it is usually for some type of nefarious or illegal purpose and the consequences can be far reaching for organizations whose networks are hijacked. There...
Doug Madory | Shutting down the BGP Hijack Factory - Bitcanal
A link to Doug Madory's "Shutting down the BGP Hijack Factory".
Fighting abuse at the edge
Anti-abuse at the network edge: From two tribes to one team. Take a look at org charts, international standards, conferences and forums…you will observe there are two tribes; one for the ‘network’ the other for ‘applications’. It’s a distinction that’s embedded in Information...
Network Hijacking on the Rise
As we discussed in a previous article, allocations of IP addresses (IPv4 addresses) are getting hard to come by, especially for spammers. Because the IP addresses they use quickly get a bad reputation as sources of spam, spammers constantly need fresh IPs that are not yet "burned". To get around...
Verizon Routing Millions of IP Addresses for Cybercrime Gangs
Over the past few years, spammers have sought out large ranges of IP addresses. By spreading out their sending patterns across a wide range of IP addresses, they can attempt to defeat spam filters and get spam and malware emails delivered where they are not wanted. However, IPv4 addresses are...
Ghost Click/DNSChanger: Could ISPs have stopped it?
After the November 9, 2011 successful law-enforcement dismantling of a huge cybercrime network in an operation dubbed 'Ghost Click', questions were raised as to what Internet Service Providers (ISPs) could have been doing to protect their users, and the internet, from this botnet. So, could an ISP...
