Cybersecurity |
Sponsored by |
|
According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks, including ransomware and business email compromise, begin with phishing. Although losses due to ransomware now exceed billions annually, most ransomware protection and response measures don't protect against the most common phishing attacks. Established research shows that phishing attacks most commonly occur from a maliciously registered, confusingly similar domain name, a compromised or hijacked legitimate domain name, or via email header spoofing. more
Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network. They had seen the marketing hype by various security technology providers that their products included rollback capabilities they could utilize if/when one of their workstations or servers was infected by malware. Having gotten this question more than once, I thought it would be a good subject to share with a broader audience. more
With cybercrime on the rise, companies in 2021 have experienced increased ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks, and online brand and trademark abuse. While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk. The risk of not addressing your domain security can be catastrophic. more
Technologists and law enforcement have been arguing about cryptography policy for about 30 years now. People talk past each other, with each side concluding the other side are unreasonable jerks because of some fundamental incompatible assumptions between two conceptual worlds in collision. In the physical world, bank branches have marble columns and granite counters and mahogany woodwork to show the world that they are rich and stable. more
A substantial amount of DNS community discussion on the topic of DNS Abuse is focused on defining what is or is not DNS Abuse. The definition adopted by ICANN contracted parties, as well as the DNS Abuse Institute, is straightforward: DNS Abuse is malware, botnets, pharming, phishing, and spam where it's a vehicle for the preceding harms. There is, of course, some fuzziness on the margins, where technical harms are also using content. more
In this final article in the series of studies looking at Euro 2020-related infringements, we revisit domain name infringements and consider activity across other online channels, with a focus on social media and mobile apps. Following the original study, which looked at domains registered before May 2020 with names containing "euro2020" or "euro2021," we analyzed daily activity levels in the period immediately preceding and during the competition. more
Much has been said about the criticality of the small coterie of large-scale content distribution platforms and their critical role in today's Internet. These days when one of the small set of core content platforms experiences a service outage, then it's mainstream news, as we saw in June of this year with outages reported in both Fastly and Akamai. In the case of Akamai, the June outage impacted three of Australia's largest banks, their national postal service, the country's reserve bank, and one airline... more
Following our previous article on the Euro 2020 football tournament that looked retrospectively at domain name registrations relating to the competition, this article considers activity on eCommerce marketplaces. For this study, our Discovery Engine technology was used to conduct a regular series of scans across key international online marketplaces. We monitored for listings (offers of sale) relating to Euro 2020 clothing and merchandise. more
There's a bit of a debate going on about whether the Kaseya attack exploited a 0-day vulnerability. While that's an interesting question when discussing, say, patch management strategies, I think it's less important to understand attackers' thinking than understand their target selection. In a nutshell, the attackers have outmaneuvered defenders for almost 30 years when it comes to target selection. more
As we finished this article, the world was hit by another global outage by content delivery network (CDN) provider, Akamai, on June 17, 2021. The cause seems to be related to the lack of capacity to a certain "routing table" of their distributed denial of service (DDoS) mitigation. Although the technical analysis is not yet available, the central premise of this article also applies to this incident, and it serves as a timely testimony. more