September 29, 2016 By Larry Loeb < 1 min read

Spamhaus and SpamCop serve as blocklist generators for mail servers all over the internet. They both deal with the unwanted spam that affects users, much of which is fairly innocuous.

But since cybercriminals do generate spam as part of their attachment-spreading campaigns, keeping spam under control means avoiding spam network hijacking.

Spam Network Hijacking Spikes

Spamhaus recently warned that it observed a spike in network hijacking in support of spam campaigns. Specifically, the company is most concerned about the Border Gateway Protocol (BGP) hijacking it detected, Softpedia reported.

This type of hijack causes an internet service provider (ISP) to falsely announce to all other service providers that an IP range has been found on its network. The ISP can then receive the traffic destined for that range of IP. Perhaps more importantly to the spammer, it can send traffic that uses the IP address space of the hijacked network.

Spamhaus has seen this activity grow over the last three years, but the impetus for the growth may not be readily apparent. One reason for the rise in hijacking is the shrinking pool of IPv4 addresses available to spammers. If a blocking service bans a spamming address, the spammer has limited choices with which to replace it.

It seems that BGP hijackers like to take over legacy IP ranges. The true legacy owners may not care about their IPv4 space anymore, making them an easy target.

Spam Wars in Full Swing

Softpedia further noted that the American Registry for Internet Numbers (ARIN) had similarly sounded the alarm in June about an increase in IPv4 range hijacks. The group said that criminals were registering fake companies or re-registering old domain names without the authority to take over the older IPv4 ranges.

As the spam wars reignite, alternative methods of spam determination may prove useful when a blocklist alone isn’t enough.

More from

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today