Cybercrime

Cybercrime / Most Viewed

Understanding the Threat Landscape: Indicators of Compromise (IOCs)

I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more

The Darkening Web: Is there Light at the end of the Tunnel?

In his book "The Darkening Web: The War for Cyberspace" (Penguin Books, New York 2017), Alexander Klimburg, an Austrian-American academic, gives "Internet Dreamers" a "Wake Up Call". He tells us the background-story why people start to be "anxious about the future of the Internet", as the recent ISOC Global Internet Report "Paths to Our Digital Future" has recognized. Klimburg refers to Alphabets CEO Erich Schmidt, who once said that "the Internet is the first thing that humanity has built that humanity does not understand". more

Morgan Freeman Wins Transfer of morganfreeman.com from Cybersquatter

Perhaps Morgan Freeman never learned about the high profile domain name disputes involving celebrity names (e.g., Madonna, Bruce Springsteen and Julia Roberts), because he didn't register morganfreeman.com before it was snatched up by Mighty LLC in April 2003. After learning about Mighty LLC's (no stranger to domain name disputes) cybersquatting, Freeman filed a complaint before a WIPO arbitration panel under the Uniform Domain Name Dispute Resolution Policy... more

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more

Remarkable Internet History: Equifax Invented .COM in 1975

Once in a while, one comes across a new take on history that challenges everything you thought you knew. If you're the type who engages in bar bets with geeks, then this one is a certain gem. In 2001, Equifax submitted to the USPTO a sworn application to register a curious trademark, which eventually issued in 2004 with this data... Aside from the fact that Equifax has never actually held registration of the domain name efx.com, the truly outstanding fact here is that Equifax and/or its attorney has actually sworn to the United States Government that it was using "EFX.COM" as a mark for the provision of providing educational seminars via the internet since February 1975... Until now, I had imagined that Jon Postel added .com to the root in 1985. more

Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation

In a significant global operation, law enforcement agencies from 10 countries have severely disrupted the LockBit ransomware group, recognized as the most prolific and harmful cyber threat worldwide. more

Temporary Restraining Order Issued Against Domainer’s Use of “mylennar.com”

Companies sometimes find that opportunistic purchasers of domain names (often referred to as "domainers"), will purchase a domain name quite similar to that of the company, and establish a site at the URL loaded with revenue-generating sponsored ads. To accomplish these purposes, domainers seem to prefer the services of companies like HitFarm and Domain Sponsor. A web user types in the confusingly similar URL and is bombarded with pop-up ads and sponsored links to goods and services, often competitive to the company whose name or trademark is being appropriated in the URL... more

Why Isn’t Mobile Malware More Popular?

This is a followup to Wout de Natris' as usual excellent piece on the Enisa botnet report -- pointing out the current state of mobile malware and asking some questions I started off answering in a comment but it grew to a length where I thought it'd be better off in its own post. Going through previous iterations of Mikko's presentations on mobile malware is a fascinating exercise. more

Cybersquatting & Banking: How Financial Services Industry Can Protect Itself Online (Webinar)

Businesses in the financial services sector are among the most frequent targets of cybersquatters. In this free webinar, I will be joining Craig Schwartz of fTLD Registry Services to provide important information about how domain name fraud is affecting the financial services industries, including banking and insurance, and what businesses and consumers can do to protect themselves online. more

Close to Half of US East Coast Fuel Supply Shutdown Due to Ransomware Cyberattack

Colonial Pipeline, which accounts for close to half of the United States East Coast's fuel, has shut down its operations due to a cyberattack. The incident, believed to be the largest successful cyberattack on oil infrastructure in the U.S., was disclosed over the weekend. more

The Highest Threat TLDs - Part 2

In the first article of this two-part blog series, we looked at how frequently domains were used by bad actors for phishing activity across individual top-level domains (TLDs) or domain extensions, using data from CSC's Fraud Protection services, powered by our DomainSecSM platform. In this second article, we analyze multiple datasets to determine the highest-threat TLDs, based on the frequency with which the domains are used egregiously for a range of cybercrimes. more

2.6 Billion Records Were Stolen, Lost or Exposed Worldwide in 2017, an 88% Increase From 2016

Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. more

Why Are the EU Data Protection Authorities Taking Away Our Fundamental Right to be Safe?

What if we created a rule that gave everyone - good or bad - the right to hide their license plate, where they live, who they are, and just go incognito? What if we made it a right to walk into any building in the world, and simply say "No, thank you" when the security guards asked for one's identification? The criminals would celebrate, and we'd all be utterly alarmed. We would immediately be afraid for our personal safety. more

Paul Vixie on How the Openness of the Internet Is Poisoning Us

In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more

Domain Name Theft Part II: Did ICANN Leave Foxes Guarding the Chicken COOP?

When it comes to stealing domain names, I suspect that there are two reasons why so many web bandits appear to be immune from ICANN (the Internet Corporation for Assigned Names and Numbers uses the acronym ICANN): the first reason I discussed in my last column on domain name theft (where I described a substantive void in domain name "regulation" as a primary factor for the increasing incidence of domain name theft), the second reason, which is the focus of this column, is the procedural anomaly that currently infuses ICANN's uniform dispute resolution process (UDRP) by providing no administrative forum for domain name registrants who become victims of domain name theft carried out by ICANN's registrars. more