Cyberattack

Cyberattack / Featured Blogs

The Economics of Magic

Arthur C. Clarke said any sufficiently advanced technology is indistinguishable from magic. Milton Friedman said there's no such thing as a free lunch. The validity of the former statement does not invalidate the later. From this we can see that even magic has a price. Hence, its application is subject to cost-benefit analysis. There are many developing technologies that may eventually qualify as magic.

The Internet of Stupid Things

In those circles where Internet prognostications abound and policy makers flock to hear grand visions of the future, we often hear about the boundless future represented by "The Internet of Things". This phrase encompasses some decades of the computing industry's transition from computers as esoteric piece of engineering affordable only by nations, to mainframes, desktops, laptops, handhelds, and now wrist computers. Where next?

Internet Security Marketing: Buyer Beware

As security breaches increasingly make headlines, thousands of Internet security companies are chasing tens of billions of dollars in potential revenue. While we, the authors, are employees of Internet security companies and are happy for the opportunity to sell more products and services, we are alarmed at the kind of subversive untruths that vendor "spin doctors" are using to draw well-intentioned customers to their doors. Constructive criticism is sometimes necessarily harsh, and some might find the following just that, harsh. But we think it's important that organizations take a "buyers beware" approach to securing their business.

Is Upping the Minimum Wage Good for the Information Security Industry?

The movement for upping the minimum wage in the US is gathering momentum. Protests and placard waving are on the increase, and the quest for $15 per hour is well underway. There are plenty of arguments as to why such a hike in minimum wage is necessary, and what the consequences could be to those businesses dependent upon the cheapest hourly labor. But, for the information security industry, upping the minimum wage will likely yield only good news.

Starting a New Conversation on Cybersecurity

The cybersecurity debate can be highly confusing at times. There is perhaps an analogy to be made between "Cybersecurity" and "The Economy". We all want to fix the economy but making progress is not an easy task. As soon as you are beyond that statement you notice that there is a lot of nuance. Issues like trust, influence, actors, and affectivity all come to play when you want to fix the Economy. The cybersecurity discourse has similar features.

DNS-Based DDoS: Diverse Options for Attackers

Denial of service attacks have been around since the Internet was commercialized and some of the largest attacks ever launched relied on DNS, making headlines. But every day a barrage of smaller DNS-based attacks take down targets and severely stress the DNS ecosystem. Although DNS servers are not usually the target of attacks they are often disrupted so attention from operation teams is required. There is no indication the problem is going away and attackers continue to innovate.

Deadline of April 10 to Apply For CARIS Workshop on Coordinating Response to Internet Attacks

You have just a couple of days to either complete a survey or submit a paper to join the "Coordinating Attack Response at Internet Scale (CARIS)" Workshop happening on June 19, 2015, in Berlin, Germany... If you are interested in helping improve the overall security and resilience of the Internet through increased communication between the groups responding to the large-scale attacks happening on the Internet every day, I would strongly encourage you to apply!

Why the 1# Vulnerability for Cyber Attacks Will Be Apathy

Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more.

Coordinating Attack Response at Internet Scale

How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won't survive for long as the network of networks grows ever larger. But it's not just the technology, it's also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create.

Hiding in the Firmware?

The most interesting feature of the newly-described "Equation Group" attacks has been the ability to hide malware in disk drive firmware. The threat is ghastly: you can wipe the disk and reinstall the operating system, but the modified firmware in the disk controller can reinstall nasties. A common response has been to suggest that firmware shouldn't be modifiable, unless a physical switch is activated.