At ThreatSTOP, we believe in providing not only robust network protection but also in making our tools user-friendly and effective. That's why, starting from February 2024, our dedicated Security, Intelligence and Research team has initiated an extensive overhaul of our target configurations, bundles, and policies. This initiative is part of our commitment to ensure that every customer—regardless of technical expertise—can easily manage and deploy the protection they need against cyber threats.
Enhanced Target Consolidation for Superior Protection
Our latest project focuses on streamlining how protection targets are constructed, delivered, and presented. By consolidating multiple targets into single, more potent ones, we have significantly enhanced the efficacy of our threat intelligence feeds. This not only simplifies the user experience but also improves the accuracy and responsiveness of our defenses against evolving threats.
For instance, we have updated several key targets:
- Gameover Zeus: Transition from 'GameOverZeus - Domains' (DGOZACT) to the enhanced 'GameOverZeus - Domains' (GAM360EX).
- Mirai: Replace 'Mirai DGAs 360 - Domains' (MIRAI360) with the updated 'Mirai - Domains' (MIR360EX).
- Necurs, Ramnit, Simda, and Virut: Each of these targets has been refined and consolidated to offer better protection with fewer redundancies.
This table highlights the recommended active targets and those set to be deprecated:
Malware Variant | Recommended Active Target | Deprecated Target |
---|---|---|
Gameover Zeus | GameOverZeus - Domains (GAM360EX) | GameOverZeus - Domains (DGOZACT) |
Mirai | Mirai - Domains (MIR360EX) | Mirai DGAs 360 - Domains (MIRAI360) |
Necurs | Necurs - Domains (NEC360EX) | Necurs Bambenek - Domains (NCURSBAM) |
Ramnit | Ramnit - Domains (RAM360EX) | Ramnit Bambenek - Domains (RAMITBAM) |
Simda | Simda - Domains (SIM360EX) | Simda Bambenek - Domains (SIMDABAM) |
Virut | Virut - Domains (VIR360EX) | Virut Bambenek - Domains (VIRUTBAM) |
Moreover, some of our threat intelligence trusted partners have taken similar steps to consolidate their feeds, complementing our efforts.
Notably, The Spamhaus Project has recently consolidated their eDrop and Drop TI feeds into a unified Drop blocklist. For ThreatSTOP customers, this translates to your 'Spamhaus DROP - IPs (SPHDRBLK)' now integrating both intelligence feeds. Consequently, the previous 'Spamhaus EDROP - IPs (SPHEDBLK)' feed will be phased out in favor of this comprehensive upgrade.
Similarly, Blocklist.de has streamlined their threat intelligence feeds by consolidating the IRC Bots feed into the Bots feed. For our ThreatSTOP customers, this means that the 'Comment Spamming IRC Bots Blocklist.de - IPs (IRCBLOCK)' target has now been integrated into the 'Comment Spamming Bots Blocklist.de - IPs (COMBLOCK)' target, enhancing the overall protection. As a result, the 'IRCBLOCK' feed will be deprecated in favor of this improved, consolidated feed.
Continuous Improvement and Customer Empowerment
The enhancements to our protection targets are just the beginning. ThreatSTOP is committed to a continuous process of evaluation and improvement. Our world-class Security, Intelligence, and Research team is breaking lots of new ground in ensuring that our protections are always at the forefront of cybersecurity. More updates about our current work will be provided in the future.
We're excited about these changes and confident that they will make managing cybersecurity simpler and more effective for our customers. As we continue to refine our systems and introduce innovations, stay tuned for more updates that will help you Connect with Customers, Disconnect from Risks.
Join the ThreatSTOP Family
For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a Demo today!