โจ Reputation is everything for any reliable email service provider (ESP). One top-tier example is Amazon Web Services (AWS) SES, managing millions of IPs and domains to provide exceptional service and deliverability.
Discover how SES works with Spamhaus to protect its network and reputation when at risk here:
#AmazonSES #Spamhaus #EmailDeliverability #NetworkProtection #Reputation
Mailboxes in German-speaking countries are being targeted by an ongoing phishing spam campaign that began July 13, around midnight UTC. ๐ฃ ๐ฉ๐ช ๐ฆ๐น ๐จ๐ญ
Approx 3,500 botnet IPs have been linked to this campaign, which uses malicious, invoice-themed Scalable Vector Graphics (.svg) attachments - currently a favorite among threat actors for disseminating malware and phishing content. As expected from a relatively mature spam campaign, the SVGs are "hashbusted" to evade hash-based detection, raise operational sandboxing costs, and hamper investigations. ๐ง
An earlier iteration of this spam campaign delivered malware, by luring prospective victims to a URL that ultimately infected their Windows systems with Strela Stealer. ๐ฅ A traffic distribution system (TDS) was used to filter out security researchers and other visitors not targeted by the miscreants.
Since the start of the current campaign, spamming IPs have been added to our CSS and XBL blocklists, ensuring robust coverage by Spamhaus ZEN, which is available for free to help protect your mailboxes:
๐ https://www.spamhaus.org/blocklists/zen-blocklist/
SVG-based abuse is likely to remain relevant for the foreseeable future. Where possible, configure your mail infrastructure to reject emails with SVG attachments, allowing them only on a strict need-to-work basis (e.g., for graphics or design teams).
Besides using ZEN and DBL at your e-mail perimeter, ensure any outgoing network traffic is checked against DBL and DROP to protect your users from accessing phishing sites and similar threats.
๐ https://www.spamhaus.org/blocklists/network-protection/
โNEXT WEEK | If you use Hetzner infrastructure to query our DNSBLs and donโt change your email config, you may face issues with your email stream.
Read this blog to learn the simples steps you need to take to stay protected for free โคต๏ธ
https://www.spamhaus.org/resource-hub/email-security/query-the-legacy-dnsbls-via-hetzner/
#EasyConfig #Hetzner #FreeProtection
๐ฅ Pikabot and IcedID exited the Top 20 this reporting period (thanks to โOperation Endgameโ), making way for two Android backdoor malware in at #7 and #19โฆ
โฆfind out which ones here ๐
https://info.spamhaus.com/botnet-threat-updates
#Malware #BotnetCC #ThreatIntel
Malicious domains with TLD .cn hold the #1 rank dominating our listed data at 92,885 domains ๐คฏ - this outnumbers the combined total of the other Top5 ccTLDs!
Learn more in the latest Domain Reputation Update here ๐
https://www.spamhaus.org/resource-hub/domain-reputation/domain-reputation-update-oct-2023-mar-2024/
#ccTLD #DomainReputation #ThreatIntel
๐ Spot the impersonator...
When your company uses services like Cloudflare and anonymous WHOIS, how can someone differentiate between your carefully nurtured site and a "rip-off"?
The answer? It's damn near impossible!
So what is your guess, is the real site no. 1 or no. 2?
FINALLY, truth in advertising #SpotThePhish ๐
Spamhaus researchers are observing an uptick in phishing ๐ฃ using the InterPlanetary File System (IPFS).
Below is a recent example ๐
https://urlscan.io/result/0b765eda-0095-4d1c-ba4a-e4a5ea52a6f3/
This system typically used to host simple files, can be accessed with specialized clients or via gateways.
What's most concerning is that...
โ there are HTTP gateways you can use with your browser that look like normal URLs.
โ there is no active side on the "server", so you get plain HTML with JavaScript.
โ there is no server side scripting (like PHP) on IPFS to receive data.
....making it easier for adversaries to post data from the phishing site to another site on the normal web.
And, this issue is not limited to phishing but also happens for other kinds of abuse, such as malware and spam. Therefore:
โก Gateway providers need to use and maintain a block list and share blocked IDs with each other.
โก Hosters that host the data receiving scripts can't see the phishing site, and need to be aware that this problem exists.
#IPFS #Phishing #Malware
โREMINDER | Abuse desks, Trust & Safety Teams and Senders!
Later this month Spamhaus Blocklist (SBL) listings will be moving from www.spamhaus.org to the Spamhaus IP and Domain Reputation Checker:
check.spamhaus.org
Make you know how listing notifications will change and where to view SBL listings - learn more here ๐
https://www.spamhaus.org/news/article/825/spamhaus-blocklist-sbl-listings-are-moving
#Blocklists #SBL #EmailNotifications
๐ฆ๐ค Qakbot makes a return....a not-so-welcome Christmas present!
Spamhaus researchers are observing low-volume Qakbot campaigns targeting specific business sectors. But, we do have some positive news....
Many of the observed botnet controllers are now offline, and the remaining ones are already known as rogue ISPs, and listed on the Spamhaus Extended DROP List ๐ https://www.spamhaus.org/drop/
๐ Watch this space; if anything changes, we'll keep you updated!
#Qakbot #ThreatIntel #TheDuckHuntIsBackOn
