(Data Query Service)
(DNS Firewall)
(IP & Domain Intelligence)
Traffic Distribution System (TDS) abuse - What’s hiding behind the veil?
Those who follow the DNS abuse landscape closely may have noticed a rise in activity and abuse reports related to TDS. The use of this infrastructure for malicious purposes is becoming increasingly common. In this blog, we look at how TDS are being exploited to facilitate abuse, why they present challenges for takedowns, and what we can do as a community to address the problem.
Stronger through sharing: PhishFort and Spamhaus working together
PhishFort - an anti-phishing specialist - has collaborated with Spamhaus to share verified threat data from their phishing detection systems. In this guest blog, Lucas Sierra, CEO of PhishFort, explains how making their data available to trusted organizations like Spamhaus, is helping make the internet safer everyone.
Abuse takes its “toll” on .top: But who is paying the price?
Despite ICANN issuing a formal notice to .top citing a breach of contract for failing to address DNS abuse, the situation has not improved. Over the last six months, abuse of .top hasn’t just persisted, it’s gotten 50% worse! So, why is this happening, and what can be done to stop it?
Too big to care? - Our disappointment with Cloudflare’s anti-abuse posture
Cloudflare, best known for its content delivery network (CDN), is marketed as a “Connectivity Cloud”. Part of its offering is protecting a vast number of websites from DDoS attacks [1]. However, its attitude to abuse management and prevention proves a point of contention and we urge Cloudflare to review its anti-abuse policies.
Living-Off-Trusted-Sites (LOTS) or should we say services?
"Living Off-Trusted Sites (LOTS)" is not a new cybercrime tactic, but it continues to pose a significant threat. Join us as we explore the evolution of LOTS, its impact on online trust and safety, and the crucial role the community plays in disrupting the activities of those who engage in these deceptive tactics.
Dangling DNS and the dangers of subdomain hijacking
DNS attacks are becoming increasingly prevalent, with 90% of organizations experiencing them, as per the IDC Threat Intelligence Report 2023. Due to its critical function, DNS is a frequent target for cybercrimes, including DDOS attacks, DNS spoofing and DNS hijacking. However, a lesser-known but significant threat is the dangling DNS record - read on to learn more.
A surge of malvertising across Google Ads is distributing dangerous malware
Recently, researchers have witnessed a massive spike affecting famous brands, with multiple malware being utilized. This is not “the norm.” Here’s what researchers are observing and a theory on this tsunami of abuse.
The holiday hack – a reminder of why you shouldn’t always trust emails
Here’s a cautionary tale to anyone and everyone who uses email. The learning is simple: Always be vigilant, especially if its content asks you to provide personal information or click on links and download files.
Some attack vectors Spamhaus is observing in early 2021
As we gallop apace into 2021, our researchers often get asked what the current trends and themes are they're seeing. ## Compromised legitimate websites Legitimate websites continue to be compromised in substantial numbers. We are still regularly seeing thousands and thousands of hacked WordPress sites. Once a cybercriminal has a...
Ongoing abuse problems at Nic.at and DENIC
Some of you may remember Spamhaus' dispute with Nic.at (the registry of .at ccTLD - "country code Top Level Domain") back in 2007. At that time, we saw a massive amount of the "Rock Phish" gang's phishing domain names being registered within .at for the exclusive purpose of hosting phishing...
Spam through compromised passwords: can it be stopped?
Any account on a legitimate mail server is a valuable resource to a spammer or cybercriminal because it gives access to a server that is unlikely to be blocked from sending email. A spammer can use an account on a legitimate mail server to spam, and reach many more people...
Santander gets it mostly right
If one admonishes for poor practice, one should encourage better practice. On Friday we wrote about an email sent by the UK tax office the formatting of which was ill advised (see UK Tax Office Sends an Invitation to Phishers). The following Monday, Santander UK sends an email which gets...
UK Tax Office Sends an Invitation to Phishers
Phishing. Broadly speaking, sending out emails which misdirect people to supply confidential information to miscreants. One such ruse in the UK has been to send out tax rebate emails purporting to come from the UK tax office, HMRC. So on Friday, in a stroke of genius, HMRC sent out the...
Spamhaus forged (again) in malware phish attack
Spamhaus.org has been a frequent target of forged e-mails over the years and once again we're seeing a rise in those sorts of spam messages. This time email messages pretending to come from Spamhaus are a social engineering attempt ("phish") to lure victims into installing malware on their computers. Don't...
