(Data Query Service)
(DNS Firewall)
(IP & Domain Intelligence)
Expired and exploited: Reviving a 30-year-old legacy domain for hijacking
Due to the current shortage of IPv4 addresses, any legacy IP block, regardless of its size, including Autonomous System (AS) networks, is at risk of being hijacked and misused for identity theft or other malicious activities. Here are the findings of Spamhaus' investigation into Fiberlinkcc.com, a legacy domain used to provide connectivity to hijacked IP blocks.
Spamhaus DROP and eDROP to become a single list
From April 10th, 2024, Spamhaus eDROP (Extended Don’t Route Or Peer) data will be consolidated into the DROP lists, meaning eDROP will no longer be published separately. Read on for a closer look at why these changes are being implemented and what this means for those affected.
Part 2 – Effective strategies against inbound malicious email: using your own data
Having looked at best practices for utilizing blocklists in the first part of this series, let’s explore the value of maximizing your own data to protect your network from malicious inbound emails. After all, your email infrastructure contains data that may only occur on your specific network.
The conundrum that is the modern use of NAT at a carrier grade level
Modern NAT, including Carrier Grade NAT (CGNAT), complicates tracking by hiding multiple devices behind one IP, akin to a circus full of clowns. This anonymity facilitates spamming and malware distribution. ISPs can mitigate this by clarifying CGNAT usage and filtering outbound port 25, reducing support costs and spam.
The return of the ASN-DROP
Further to requests from the community we've reinvigorated the ASN-DROP. With a new algorithm, ASN-DROP is now available in JSON format, listing Autonomous System Numbers (ASNs) associated with the worst of the worst behavior. These are ASNs that our researchers wouldn’t recommend engaging with and are highly likely to announce...
Emotet Email Aftermath
At the end of January 2021, Europol announced that a coordinated group of international authorities had taken control of the Emotet botnet infrastructure. Prior to this takedown, Emotet had spread itself using previously compromised email addresses to send tens of thousands of messages with malware-laden attachments using a technique called...
Emotet infrastructure disrupted after coordinated action
On Tuesday, Jan 27, 2021, Europol announced that a coordinated group of international authorities has taken control of the Emotet infrastructure. We congratulate the authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada, and Ukraine, who collaborated to disrupt...
Some attack vectors Spamhaus is observing in early 2021
As we gallop apace into 2021, our researchers often get asked what the current trends and themes are they're seeing. ## Compromised legitimate websites Legitimate websites continue to be compromised in substantial numbers. We are still regularly seeing thousands and thousands of hacked WordPress sites. Once a cybercriminal has a...
Tracking Qbot
Qbot (aka Quakbot or Qakbot), is a piece of malware originally designed to enable bad actors to conduct financial fraud. This was done by intercepting traffic to the online banking systems of various banking institutions. Lately, it has been updated with worm-like features to help it...
It was the best of times, it was the worst of times
Calamity always magnifies the light and darkness in people. We see countless stories about people finding ways to help others in myriad and often creative ways: * Armies of crafters who are sitting at home sewing face masks; * Big companies re-tooling their factories to make hand sanitizer and PPE...
Amazon Web Services - thwarting spam with a decade-old best practice
When things move to the "cloud", sadly, good things don’t always follow. Miscreants of various sorts have long recognized that they too can benefit from the same advantages as regular users: scalability, abstraction and pay-per-use. It was thus no surprise that spamming operations set-up shop on the biggest of all...
Bulletproof hosting – there’s a new kid in town
Our researchers have uncovered a new breed of "bulletproof" hosting. Worryingly, the set-up for cybercriminals is more cost-effective, less risky, and provides greater agility compared with that of 'conventional' bulletproof hosting, making it easier for them to host all kinds of badness. Here's what you need to know...
Emotet adds a further layer of camouflage
Most professionals within enterprise security have come across *‘Emotet'*. As its history illustrates, the criminals behind Emotet malware are cunning and quick to maximize its ‘potential.' From a basic banking Trojan to a threat distribution service, it is constantly being re-invented. This ‘constant malware improvement’ isn’t showing any sign of...
How to Halt the Hijackers
If you’ve read Network hijacking - the low down, you’ll be fully versed in the varied ways cybercriminals can hijack your network. In this article, we’ll be explaining how to protect against this happening to you, along with a high-level overview as to what you can do if your Internet...
Network hijacking - the low down
Network hijacking involves the announcing or re-routing of Internet protocol (IP) addresses without authorization from the owner of those addresses. When hijacking is done intentionally, it is usually for some type of nefarious or illegal purpose and the consequences can be far reaching for organizations whose networks are hijacked. There...
