Infoblox, is committing its top threat intelligence to GitHub to share its most relevant research with the broader security community as the invasion of Ukraine has placed organizations around the world on elevated alert for cyber attacks. Already, Infoblox’s threat researchers have reported on three separate campaigns that weaponized the crisis in Ukraine to deliver malware infections (Agent Tesla and Remcos) and financially fleece well-intentioned people.
These fast moving cyber campaigns prompted the company to share its threat intelligence in the form of machine readable files that make it easy for defenders to integrate threat data into their systems. Today, Infoblox’s GitHub repository contains over 800 indicators, including malicious and suspicious domains, as well as legitimate domains that might be blocked by other vendors through automated analytics. Detailed information is available to Infoblox customers in the Threat Indicator Data Exchange database.
Infoblox will continue to contribute high priority threat intelligence indicators related to major world events to the GitHub community and publish higher level attack campaign analysis on the Infoblox community site. These efforts will provide more resources to security defenders when they face elevated risks as often during crises.
On the product side, customers of BloxOne Threat Defense can boost their protection by leveraging the latest threat indicators for Ukraine that the team has already added into the product feeds. BloxOne Threat Defense automates the application of these indicators to simplify protection against these threats. BloxOne Threat Defense can also enable customers to block traffic from specific eastern European countries, including Russia, instead of the entire region as well as monitor sanctions lists to enable compliance with associated trade laws and regulations.
“We are committed to doing what we can to protect organizations from cyber attacks,” said Craig Sanderson, VP of Product Management, Infoblox. “The escalating risks require that we collectively help critical infrastructure, supply chain vendors, and other potential targets defend themselves. This is also why we are bringing product enhancements, like more granular threat feeds, and free access to BloxOne Threat Defense to bolster customers’ cyber arsenals.”