Brian Krebs investigates the Bitcanal “Hijack Factory” story which hit the news this week. Through continually hijacking Border Gateway Protocol (BGP) routes, Bitcanal leased swathes of IP addresses to spammers. Since 2014 Bitcanal has appeared in 103 SBL listings researched by Spamhaus. Read Brian’s article here .
The piece focuses on Bitcanal, who has been listed on various block lists of Spamhaus’s for over 3 years. Doug Madory, Director of Internet Analysis at Oracle Dyn, shines the spotlight on Bitcanal, and focuses on the lessons Internet Exchange Points (IXPs) need to learn from this episode.
Enterprise business and technology service providers in the Japanese and Asia Pacific region now have global cyber threat intelligence on their doorstep. Thanks to a new partnership between Tokyo-based PIPELINE Security and Deteque, DNS threat protection, including DNS firewall data feeds, has never been easier to access.
PIPELINE Security brings local delivery and support to the Japanese market. Their understanding of cyber security, combined with local knowledge is illustrated in their drive for precision and excellence.
Deteque provides network security intelligence, including DNS firewall data feeds, leveraging expertly researched threat intelligence from The Spamhaus Project. The Project is a trusted third party currently protecting three billion user mailboxes and blocking the vast majority of spam and malware sent on the Internet.
Spamhaus and PIPELINE are positioned to help Internet Service Providers (ISPs), Email Service Providers (ESPs) and enterprises defend themselves from spam, malware, botnets and other online threats.
Simon Forster, CEO of Spamhaus Technology commented: “The move is designed to strengthen the Asia Pacific region against cyber attacks and broaden Deteque’s presence in Asian markets. With Pipeline Security we have an excellent partner to bring to new customers the threat intelligence that has been protecting our users for the past 20 years.”
Allan Watanabe, Managing Director of PIPELINE Security commented: “Cyber attacks are rapidly evolving and businesses are struggling to stay ahead of the cyber criminals. It is critical for businesses to utilize a threat intelligence strategy to transition from a reactive security to proactive security model. We are looking forward to providing Deteque’s real time threat intelligence to help secure our customers in Asia Pacific and Japan.
Internet Service Providers (ISPs) and their customers may be missing out on access to Spamhaus’s commercial grade block list feeds for email….and not realise. Here’s how ISPs can ensure their email stays protected with Spamhaus’s domain name server block lists (DNSBLs).
If you are using Google’s Public DNS, or similar public recursive server, and Spamahus’s free domain name server block lists (DNSBLs) your emails may not be protected. Discover how to ensure you keep free access to Spamhaus’s email threat intelligence whilst using public DNS.
No-one wants their devices hijacked for crypto mining so Deteque, a division of Spamhaus, has added a new layer of security with the introduction a ‘Cryptominer’ zone as part of its Response Policy Zones (RPZ) threat intelligence.
With the new Zone included in an organization’s DNS management, users will still get access to the websites they want to visit, but the adverts used for crypto mining are blocked as part of the DNS resolution process. This way malicious adverts are blocked before a connection is made a so there is no need for dedicated software or tools on an individual’s device.
The Cryptominer Zone is accessible as part of the Diverse category of Response Policy Zones. Find out more.
RPZ threat intelligence from Deteque is currently used by ISPs, corporations and public institutions world-wide. Find out more.
Read more about crypto jacking at https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/
Protection against fraud and phishing is now boosted with Zero Reputation Domains (ZRD) threat intelligence from Deteque, a division of Spamhaus.
ZRD is part of Deteque’s Response Policy Zones threat intelligence, used as a check in an organization’s DNS management to block malicious and low reputation domains. With the new ZRD data feed, network security managers can block access to newly-registered domains which are often associated with fraud or phishing attempts.
Cyber criminals use newly registered domains for websites hoping that users will fall victim before a domain has been analyzed for its reputation, also legitimate organizations will rarely activate a domain and start using it immediately after registration.
The ZRD automatically adds newly-registered and previously dormant domains to a blocklist for 24 hours. Once the domain is older than 24 hours it will be removed from this Zone, or if the domain is deemed malicious by other tests it will be added into another Zone.
Existing RPZ subscribers can reach out to their Spamhaus partner to enquire about adding ZRD to their subscription.
The threat from cyber criminals is relentless, so any protection strategy needs to ensure that a security team’s workload is manageable and focused. With the right threat intelligence strategy in place, there are ways to gain extra time and target the most serious threats.
Through national news, businesses of all sizes are repeatedly urged to protect themselves against cyber crime. Recent UK Government statistics (The Cyber Security Breaches Survey 2017) found that nearly half of all UK businesses suffered a cyber breach or attack in the past twelve months.
Is threat intelligence still required, now we have machine learning?
With malware increasingly sophisticated and harder to detect, I’m often asked about the viability of threat intelligence. Is it a thing of the past, particularly given the advances of artificial intelligence and machine learning? I believe it still has to be an essential part of your cyber security strategy, as the first line of defense.
Threat data for Response Policy Zones (RPZ)
Deteque developed threat data for Response Policy Zones (RPZ). This enables selective blocking of DNS resolution to malicious sites, mitigating your security risks in real time. Like threat gateways, secure DNS services are designed to track and block malicious domains, zones and associated IP addresses, allowing you to filter threats that our research team has observed and analyzed. Because we do this first line of threat identification for you, there’s less ‘noise’ on your network. Your team and resources can then be concentrated on using AI and other analytics. With RPZ in place, your other analysis tools will work more effectively and your user and network protection is improved.
At Deteque, a division of Spamhaus, we help organisations protect their network operations and intellectual property. Our prevention-first approach gives you protection from increasingly malicious and complex cyber threats. Our approach is based on the Spamhaus track record of deploying data feed technologies that work with your network, with up to 97% of threats filtered from your email (source: https://www.virusbulletin.com/testing/results/latest/vbspam-email-security).
We see the security challenges from the inside, working alongside our customers to identify and prevent cyber risks. Once you know what your ‘good’ infrastructure and reliable traffic looks like, you’ll find it easier to identify the constantly evolving ‘bad’ traffic. Whilst there’s sadly no such thing as 100% prevention, Deteque’s threat intelligence tools will help you target your valuable resources on analytics tools specific to your network.
The harsh reality of cyber crime
It’s not meant to be scare mongering, but I’d just like to share a few sobering statistics with you:
- The average breach is not spotted for 99 days, during which time the integrity of your data is seriously compromised (Gartner)
- By 2020, businesses will need to cyber-defend 50 times more data than they do today, with cyber attacks forecast to cost businesses an estimated $6 trillion (Cybersecurity Ventures)
- Cyber security budgets should now account for 25%-30% of total IT spend (IDC)
It’s important to note that threat intelligence technology is not the silver bullet, however it does complement machine learning. Using threat intelligence gives a boost to machine learning algorithms, filtering out a high volume of ‘dross’ in advance. You can then really concentrate your time and resources on a smaller, more sophisticated sub-set of malware.
By Matthew Stith, Product Manager