Phishing is one of the most serious email threats to corporate security to emerge in recent years. Opening malicious attachments and clicking on links can initiate downloads of ransomware, spyware and Remote Access Trojans (RATs).1
RAT infections can enable criminals to gain complete control over infected computers as well as allowing them to access other areas of the network. In 2015, the theft of the personal data of 21.5 million Americans from the Office of Personnel Management (OPM) was attributed to a Sakula RAT infection.
The ransomware threat continues to grow, with more attacks identified in the first two months of 2016 than in the first six months of 2015.
In early 2016, four US hospitals were subjected to ransomware attacks that encrypted files and prevented medical staff from accessing hospital computer systems. In March 2016, the FBI sought the assistance of US security firms in combatting the spread of MSIL/SAMAS ransomware, which attempts to encrypt entire networks and seeks and deletes backup files.2
To combat emerging and rapidly evolving threats, Spamhaus security researchers are constantly analysing spam traffic, domains, IP addresses and malware to identify malicious host sites; locations of C&C servers; network relationships between malicious DNS and cybercriminal operations and network connections between C&C servers and botnet nodes.
Malware samples are run in sandboxes to study exploit methodology and Spamhaus researchers analyze the inter-relationship of data to discover where threats might be linked.
Spamhaus constantly gathers temporal data on newly-registered domains and new email senders, looking for anomalous or adverse behaviour that indicates criminal activity.3
Spamhaus Technology’s continuously updated datastream provides system administrators, network managers and security practitioners with context on the origins and severity of the latest cybercriminal campaigns and the ability to block harmful email and IP traffic at the network edge, before it can do any harm.
1 Source: Verizon Data Breach Investigations Report 2015, page 53. http://www.verizonenterprise.com/uk/DBIR/2015/
2 Source: BBC, “Warning over ‘nasty’ ransomware strain,” 29th March 2016 http://www.bbc.co.uk/news/technology-35916425
3 Source: Trend Micro, “Spear phishing email: most favored APT attack bait,” 2012 http://www.trendmicro.co.uk/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf
Border Gateway Protocol Feeds BGPf
Response Policy Zones RPZ
Threat Intelligence data
Botnet Domain List
Botnet Controller List