The anatomy of bulletproof hosting has changed significantly, and if you're working in threat intelligence or network abuse, it's worth understanding how.

In this post we cover the decline of monolithic bulletproof hosts, the shift toward separation of liabilities, and the growing abuse of trusted, legitimate services to conceal criminal infrastructure.

Read the post here:

👉 https://www.spamhaus.org/resource-hub/bulletproof-hosting/the-anatomy-of-bulletproof-hosting-past-present-future-/

#Cybersecurity #BulletproofHosting #ThreatIntelligence #InfoSec #InternetAbuse

❗Here's the most recent additions to Spamhaus DROP (Do Not Route or Peer) list - including hijacked IPs, suspected snowshoe spam and cybercrime hosting:

103.112.184.0/22 -> SBL677738
103.118.241.0/24 -> SBL677739
109.206.244.0/22 -> SBL686370
110.48.136.0/22 -> SBL687116
110.48.148.0/22 -> SBL687117
203.189.234.0/23 -> SBL693100
27.122.32.0/20 -> SBL682162
113.213.128.0/18 -> SBL682168
204.153.160.0/23 -> SBL697970
216.93.48.0/21 -> SBL697971

🏔️ Meet Spamhaus at #FIRSTCON26 in Denver 🤠

We're looking forward to connecting with folks across incident response and threat intelligence - especially opportunities to collaborate on research, data sharing, and feedback on the data that can help CERTs and responders.

If you’re around and up for a meetup, conversation, or collaboration, feel free to DM us...see you there!

#ThreatIntelligence #CyberSecurity #IncidentResponse

RE: https://infosec.exchange/@securityskeptic/116640850480436248

💡Interisle Consulting Group's latest "Phishing Trends" highlights significant phishing abuse involving 🪴.GARDEN domains. These stats align closely with what we’re observing at Spamhaus, with .GARDEN currently #4 among the Top 10 gTLDs associated with malware activity.

🌐 Spamhaus Reputation Statistics: https://www.spamhaus.org/reputation-statistics/gtlds/malware/

#ThreatIntel #Phishing #MorePondThanGarden

❗ We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[. ]com' for spam distribution.

The header and message body appear completely legitimate - the abuse is happening through injection into the Subject:

✉️ Here's an example:
"Your PayPal order for 0.0092 BTC ($699.99) is complete. Not you? Call +1 (803) 237-5050 account email verification code."

At this point, it appears the attacker may have simply set the malicious text as either the account name or the organization name.

This also appears to line up with what @zackwhittaker TechCrunch Security Editor identified last week:
https://mastodon.social/@zackwhittaker/116562360000833298

....although the activity we’re seeing appears to stretch back several months.

Takeaway: automated notification systems should not allow this level of customization.

Microsoft has been informed of this abusive activity.

#ThreatIntel #Spam #InfoSec #CyberSecurity

Still relying on passwords? You're not alone....but they are one of the most common targets for cybercriminals and one of the weakest links in online security...

This is your signal to switch to a more secure way to sign in: passkeys 🔐

Following World Password Day last week, we’ve published a new glossary entry explaining what exactly passkeys are, how they work, and how they better protect you online.

Learn more here ➡️ https://www.spamhaus.org/glossary/#passkeys

#CyberSecurity #Passkeys #Authentication