High-speed and high-volume: Hailstorm spam is one method cyber criminals are using to overwhelm target organizations’ defenses, but Spamhaus is leading the fight back with threat intelligence delivered at high-speed.
Dynamic Updates from Spamhaus protect by alerting you to hailstorm attacks within seconds of them starting, giving you the unique capability to block this type of spam.
Powerful intelligence delivered at high speed
Hailstorm attacks can be over in a matter of minutes and every second counts.
At the first indication of a hailstorm attack, automatic incremental updates are made available. Instead of downloading a full set of IP and Domain-based threat intelligence periodically, Dynamic Updates allow you to receive data as soon as it is available.
Hailstorm spam attack timeline
- Before 0 sec: No info
- 0 sec: Hailstorm attackstarts, traffic spikes to more than 800 emails sent every 10 seconds.
- 16 sec: Domain used identified,published to Zero ReputationDomain list. Dynamic Updates subscribers can start blocking malicious domain.
- 28 sec: Domain published to Spamhaus Zen and DomainBlocklist. Spam rate still running at over 800 emails every 10 seconds.
- 90 sec: Domain generally accessible for rsync subscribers based on a standard 60 second rsync period. Spam rate starts to drop off.
- 120 sec: Spam rate drops to negligible.
In three minutes, more than 15,000 spam messages sent –85% blocked by DynamicUpdates service at start of attack. Indicative real case example– individual attack profiles will vary.
The Dynamic Updates advantage
Included is Spamhaus’ Zero Reputation Domain (ZRD) service, designed to stop cyber criminals who use newly registered domains. This is a favoured method to send hailstorm spam; driving traffic to websites in the hope that users will fall victim before a domain has been analyzed for its reputation.
Legitimate organizations will rarely activate a domain and start using it immediately after registration so the ZRD automatically adds newly-registered and previously dormant domains to a block list for 24 hours.
Deploy Dynamics Updates in minutes following these easy steps:
- Generate your own authentication certificate (including self-signed)
- Submit certificate to Spamhaus via our user portal
- Connect! You will be informed via our portal
If you are not already a Spamhaus user, then sign up here and get access to our user portal.