UPDATED 30th JULY 2018

No-one wants their devices hijacked for crypto mining so Deteque, a division of Spamhaus, has added a new layer of security with the introduction a ‘Cryptominer’ zone as part of its DNS Firewall Threat Feeds.

bit coin with pick axe and text saying Crypto miner protection added to DNS Firewall feed

Deteques new crypto miner zone added to DNS firewall feed

Deteque researchers are constantly tracking the networks of crypto miners who use adverts, often on legitimate websites, to run JavaScript and other code that can drain processing power via the browser for crypto mining without any actual malware being installed on a user’s machine.

With the new zone included in an organization’s DNS management, users will still get access to the websites they want to visit, but the adverts used for crypto mining are blocked as part of the DNS resolution process. This way malicious adverts are blocked before a connection is made a so there is no need for dedicated software or tools on an individual’s device.

The Cryptominer Zone is accessible as part of the Diverse category of our DNS Firewall response policy zone data feeds. Find out more.

DNS Firewall Threat Data from Deteque is currently used by ISPs, corporations and public institutions world-wide. Find out more.

Further reading on crypto jacking:

Protection against fraud and phishing is now boosted with Zero Reputation Domains (ZRD) threat intelligence from Deteque, a division of Spamhaus.

We have added a ZRD zone to Deteque’s DNS Firewall Threat Feeds, which can be used as a check in an organization’s DNS management to block malicious and low reputation domains. With the new ZRD data feed, network security managers can block access to newly-registered domains which are often associated with fraud or phishing attempts.

Cyber criminals immediately use newly registered domains for websites, hoping that users will fall victim before a domain has been analyzed for its reputation, as opposed to legitimate organizations who will rarely activate a domain and start using it as soon as it has been registered.

The ZRD zone automatically adds newly-registered and previously dormant domains to a blocklist for 24 hours. Once the domain is older than 24 hours it will be removed from this zone, or if the domain is deemed malicious by other tests it will be added into another zone.

DNS Firewall Threat Feeds from Deteque are currently used by ISPs, corporations and public institutions world-wide. Find out more and start your 30 day free trial today

Existing RPZ subscribers can reach out to their Spamhaus partner to enquire about adding ZRD to their subscription.

The threat from cyber criminals is relentless, so any protection strategy needs to ensure that a security team’s workload is manageable and focused. With the right threat intelligence strategy in place, there are ways to gain extra time and target the most serious threats.

Through national news, businesses of all sizes are repeatedly urged to protect themselves against cyber crime. Recent UK Government statistics (The Cyber Security Breaches Survey 2017) found that nearly half of all UK businesses suffered a cyber breach or attack in the past twelve months.

Is threat intelligence still required, now we have machine learning?

With malware increasingly sophisticated and harder to detect, I’m often asked about the viability of threat intelligence. Is it a thing of the past, particularly given the advances of artificial intelligence and machine learning? I believe it still has to be an essential part of your cyber security strategy, as the first line of defense.

Threat data for Response Policy Zones (RPZ)

Deteque developed threat data for Response Policy Zones (RPZ). This enables selective blocking of DNS resolution to malicious sites, mitigating your security risks in real time. Like threat gateways, secure DNS services are designed to track and block malicious domains, zones and associated IP addresses, allowing you to filter threats that our research team has observed and analyzed. Because we do this first line of threat identification for you, there’s less ‘noise’ on your network. Your team and resources can then be concentrated on using AI and other analytics. With RPZ in place, your other analysis tools will work more effectively and your user and network protection is improved.


At Deteque, a division of Spamhaus, we help organisations protect their network operations and intellectual property. Our prevention-first approach gives you protection from increasingly malicious and complex cyber threats. Our approach is based on the Spamhaus track record of deploying data feed technologies that work with your network, with up to 97% of threats filtered from your email (source: https://www.virusbulletin.com/testing/results/latest/vbspam-email-security).

We see the security challenges from the inside, working alongside our customers to identify and prevent cyber risks. Once you know what your ‘good’ infrastructure and reliable traffic looks like, you’ll find it easier to identify the constantly evolving ‘bad’ traffic. Whilst there’s sadly no such thing as 100% prevention, Deteque’s threat intelligence tools will help you target your valuable resources on analytics tools specific to your network.

The harsh reality of cyber crime 

It’s not meant to be scare mongering, but I’d just like to share a few sobering statistics with you:

  • The average breach is not spotted for 99 days, during which time the integrity of your data is seriously compromised (Gartner)
  • By 2020, businesses will need to cyber-defend 50 times more data than they do today, with cyber attacks forecast to cost businesses an estimated $6 trillion (Cybersecurity Ventures)
  • Cyber security budgets should now account for 25%-30% of total IT spend (IDC)

It’s important to note that threat intelligence technology is not the silver bullet, however it does complement machine learning. Using threat intelligence gives a boost to machine learning algorithms, filtering out a high volume of ‘dross’ in advance. You can then really concentrate your time and resources on a smaller, more sophisticated sub-set of malware.

By Matthew Stith, Product Manager