✨ Reputation is everything for any reliable email service provider (ESP). One top-tier example is Amazon Web Services (AWS) SES, managing millions of IPs and domains to provide exceptional service and deliverability. Discover how SES works with Spamhaus to protect its network and reputation when at risk here: 👉

Blog | How Amazon SES works with Spamhaus to protect its network and reputation | Resources

#AmazonSES #Spamhaus #EmailDeliverability #NetworkProtection #Reputation

Mailboxes in German-speaking countries are being targeted by an ongoing phishing spam campaign that began July 13, around midnight UTC. 🎣 🇩🇪 🇦🇹 🇨🇭 Approx 3,500 botnet IPs have been linked to this campaign, which uses malicious, invoice-themed Scalable Vector Graphics (.svg) attachments - currently a favorite among threat actors for disseminating malware and phishing content. As expected from a relatively mature spam campaign, the SVGs are "hashbusted" to evade hash-based detection, raise operational sandboxing costs, and hamper investigations. 🧐 An earlier iteration of this spam campaign delivered malware, by luring prospective victims to a URL that ultimately infected their Windows systems with Strela Stealer. 💥 A traffic distribution system (TDS) was used to filter out security researchers and other visitors not targeted by the miscreants. Since the start of the current campaign, spamming IPs have been added to our CSS and XBL blocklists, ensuring robust coverage by Spamhaus ZEN, which is available for free to help protect your mailboxes: 👉

ZEN Blocklist | Combined IP DNSBLs for effective email filtering

SVG-based abuse is likely to remain relevant for the foreseeable future. Where possible, configure your mail infrastructure to reject emails with SVG attachments, allowing them only on a strict need-to-work basis (e.g., for graphics or design teams). Besides using ZEN and DBL at your e-mail perimeter, ensure any outgoing network traffic is checked against DBL and DROP to protect your users from accessing phishing sites and similar threats. 👉

Feeds for network protection - via firewalls & BGP routers

❗NEXT WEEK | If you use Hetzner infrastructure to query our DNSBLs and don’t change your email config, you may face issues with your email stream. Read this blog to learn the simples steps you need to take to stay protected for free ⤵️

Email Security | Query our DNSBLs via Hetzner's infrastructure? Move to free Data Query Service | Resources

#EasyConfig #Hetzner #FreeProtection

🔥 Pikabot and IcedID exited the Top 20 this reporting period (thanks to “Operation Endgame”), making way for two Android backdoor malware in at #7 and #19… …find out which ones here 👇  

Botnet Threat Updates

#Malware #BotnetCC #ThreatIntel

Malicious domains with TLD .cn hold the #1 rank dominating our listed data at 92,885 domains 🤯 - this outnumbers the combined total of the other Top5 ccTLDs! Learn more in the latest Domain Reputation Update here 👇

Domain Reputation | Domain Report Oct 2023 - Mar 2024 | TLDs & Registrars

#ccTLD #DomainReputation #ThreatIntel

👀 Spot the impersonator... When your company uses services like Cloudflare and anonymous WHOIS, how can someone differentiate between your carefully nurtured site and a "rip-off"? The answer? It's damn near impossible! So what is your guess, is the real site no. 1 or no. 2?

FINALLY, truth in advertising #SpotThePhish 🐟

Spamhaus researchers are observing an uptick in phishing 🎣 using the InterPlanetary File System (IPFS). Below is a recent example 👇

cloudflare-ipfs.com - urlscan.io

urlscan.io - Website scanner for suspicious and malicious URLs

This system typically used to host simple files, can be accessed with specialized clients or via gateways. What's most concerning is that... ❗ there are HTTP gateways you can use with your browser that look like normal URLs. ❗ there is no active side on the "server", so you get plain HTML with JavaScript. ❗ there is no server side scripting (like PHP) on IPFS to receive data. ....making it easier for adversaries to post data from the phishing site to another site on the normal web. And, this issue is not limited to phishing but also happens for other kinds of abuse, such as malware and spam. Therefore: ➡ Gateway providers need to use and maintain a block list and share blocked IDs with each other. ➡ Hosters that host the data receiving scripts can't see the phishing site, and need to be aware that this problem exists. #IPFS #Phishing #Malware

❗REMINDER | Abuse desks, Trust & Safety Teams and Senders! Later this month Spamhaus Blocklist (SBL) listings will be moving from www.spamhaus.org to the Spamhaus IP and Domain Reputation Checker: check.spamhaus.org Make you know how listing notifications will change and where to view SBL listings - learn more here 👇 https://www.spamhaus.org/news/article/825/spamhaus-blocklist-sbl-listings-are-moving #Blocklists #SBL #EmailNotifications

🦆🤖 Qakbot makes a return....a not-so-welcome Christmas present! Spamhaus researchers are observing low-volume Qakbot campaigns targeting specific business sectors. But, we do have some positive news.... Many of the observed botnet controllers are now offline, and the remaining ones are already known as rogue ISPs, and listed on the Spamhaus Extended DROP List 👉

Don't Route Or Peer Lists (DROP) | Use with firewalls & BGP

👀 Watch this space; if anything changes, we'll keep you updated! #Qakbot #ThreatIntel #TheDuckHuntIsBackOn