Lake City became the second Florida city to pay a substantial ransomware demand to hackers in less than a week. more
A recent report published by the cybersecurity firm Armor says ransomware infections have hit over 500 US schools in 2019 to date. Armor warns the rate of attack seems to be picking up with 15 new ransomware victims in the last two weeks, all of them educational institutions. more
Here we go again; another instance of really sophisticated spyware has been reported, a system that is "so complex and sophisticated that it's probably an advanced cyber-weapon unleashed by a wealthy country to wage a protracted espionage campaign on Iran". I won't get into the debate about whether or not it's really more impressive than Stuxnet, whether or not it's groundbreaking, or whether or not Israel launched it; let it suffice to say that there are dissenting views. I'm more interested in the implications. more
Results from the 2019 Marsh-Microsoft Global Cyber Risk Perception survey indicates several encouraging signs of improvement in the way organizations view and manage cyber risk. more
"I've anticipated this day for ages -- the day when the first commercially available mass market hardware device based on our own secure operating system landed on my desk," writes Eugene Kaspersky, Chairman and CEO of Kaspersky Lab, in a blog post introducing company's layer 3 switch powered by Kaspersky OS. more
XENOTIME, the notorious group behind what is regarded as the most dangerous malware targetting industrial control systems has expanded its targeting beyond oil and gas to the electric utility sector. more
A recent report from Pike Research, "Smart Grid Cyber Security" has found if smart grids can realize their full potential, consumers, utilities, nations, and even the earth itself will benefit. As with nearly any new technology, the industry focus has been on getting smart grids up and running, often with little consideration for cyber security issues. more
Verisign has been involved with an initiative known as Mutually Agreed Norms for Routing Security, or MANRS, since its inception. MANRS, which is coordinated by the Internet Society, focuses on strengthening the security and resiliency of IP networks throughout the world by identifying and providing best practices for mitigating common routing security threats. MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. more
A few weeks ago, the New York Times published an article saying that the Stuxnet worm, which infected a large number of Iran's nuclear power plants, was a joint effort between the United States and Israel. The program began under former president George W. Bush and continued under President Obama. Last month, the Washington Post ran an article saying that the US and Israel collaborated in a joint effort to develop Flame and that work included Stuxnet. more
Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet", reported that the incidence of DDOS attacks is on the rise. And by this he means that these attacks are on the rise both in the number of attacks and the intensity of each attack. A similar observation was made in the Versign DDOS Trends report for the second quarter of 2015, reporting that DDOS attacks are becoming more sophisticated and persistent in the second quarter of 2016. more
There's lots of security advice in the press: keep your systems patched, use a password manager, don't click on links in email, etc. But there's one thing these adages omit: an attacker who is targeting you, rather than whoever falls for the phishing email, won't be stopped by one defensive measure. Rather, they'll go after the weakest part of your defenses. You have to protect everything -- including things you hadn't realized were relevant. more
The number of DDoS attacks during the first three months of 2019 increased by 84%, compared with the previous quarter. more
On May 7, hackers breached parts of the computer systems that run Baltimore's government, taking down essential systems such as voice mail, email, a parking fines database, payment systems used for water bills, property taxes, real estate transactions and vehicle citations. more
As a follow up to Susan Brenner's Networks and Nationalization and my comment there, I will go further in this post and talk about the "cyberwar" and "offense" aspects of her article. I think I made this point elsewhere as well... but before getting into a war, it'd be a brilliant idea to actually know that you can win. Cyberwarfare is the sort of game where you don't really need to be a huge government with the largest standing army in the world and sophisticated weaponry in order to win... more
ISOTF Critical Internet Infrastructure WG is now open to public participation. The group holds top experts on internet technology, critical infrastructure, and internet governance, from around the globe. Together, we discuss definitions, problems, challenges and solutions in securing and assuring the reliability of the global internet infrastructure, which is critical infrastructure for a growing number of nations, corporations and indeed, individuals -- world wide. more
A World-Renowned Source for Internet Developments. Serving Since 2002.