Man monitoring servers

Threat intelligence continuously updated

Spamhaus Technology’s security datafeeds provide live data to help organisations to mitigate the emerging risks posed by botnets, phishing emails, newly-registered malicious domains and malware dropper sites.

Phishing is one of the most serious email threats to corporate security to emerge in recent years. Opening malicious attachments and clicking on links can initiate downloads of ransomware, spyware and Remote Access Trojans (RATs).1

RAT infections can enable criminals to gain complete control over infected computers as well as allowing them to access other areas of the network. In 2015, the theft of the personal data of 21.5 million Americans from the Office of Personnel Management (OPM) was attributed to a Sakula RAT infection.

The ransomware threat continues to grow, with more attacks identified in the first two months of 2016 than in the first six months of 2015.

In early 2016, four US hospitals were subjected to ransomware attacks that encrypted files and prevented medical staff from accessing hospital computer systems. In March 2016, the FBI sought the assistance of US security firms in combatting the spread of MSIL/SAMAS ransomware, which attempts to encrypt entire networks and seeks and deletes backup files.2

To combat emerging and rapidly evolving threats, Spamhaus security researchers are constantly analysing spam traffic, domains, IP addresses and malware to identify malicious host sites; locations of C&C servers; network relationships between malicious DNS and cybercriminal operations and network connections between C&C servers and botnet nodes.

Malware samples are run in sandboxes to study exploit methodology and Spamhaus researchers analyze the inter-relationship of data to discover where threats might be linked.

Spamhaus constantly gathers temporal data on newly-registered domains and new email senders, looking for anomalous or adverse behaviour that indicates criminal activity.3

Spamhaus Technology’s continuously updated datastream provides system administrators, network managers and security practitioners with context on the origins and severity of the latest cybercriminal campaigns and the ability to block harmful email and IP traffic at the network edge, before it can do any harm.

1 Source: Verizon Data Breach Investigations Report 2015, page 53. http://www.verizonenterprise.com/uk/DBIR/2015/

2 Source: BBC, “Warning over ‘nasty’ ransomware strain,” 29th March 2016 http://www.bbc.co.uk/news/technology-35916425

3 Source: Trend Micro, “Spear phishing email: most favored APT attack bait,” 2012 http://www.trendmicro.co.uk/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf

Border Gateway Protocol Feeds BGPf

Response Policy Zones RPZ

Threat Intelligence data

Passive DNS

Botnet Domain List

Botnet Controller List

Right now, ransomware is a rapidly growing threat, with more attacks identified in the first two months of 2016 than in the first six months of 2015.

Protect yourself against threats

Discover why we’re the most trusted Mailfilter and Security solution with a 30 day free trial

Our customers

Many of the world’s largest internet service providers rely on Spamhaus threat intelligence to block harmful email traffic and protect their customers.

AOL Logo
Microsoft Logo
AT&T Logo
Comcast Logo
COX Logo
1∧1 Logo
Century Link Logo
 Mail RU Logo
Time Warner Cable Logo
Sonic Net Logo

With over 12 years experience, we are trusted experts

Get in touch


Latest News

Join us at SANS, Las Vegas

Spamhaus Technology and vendor SecurityZones will be showing how to beat botnets at SANS, Las Vegas Sept 12/13th.

Read more

New industry report reveals top threats to healthcare

Criminals focused on getting a financial return have identified a particularly attractive target - the healthcare industry.

Read more

Connect with Spamhaus Technology

Keep up to date with the latest news at Spamhaus Technology.