From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology. more
U.S. military service members around the country have reported receiving unsolicited smartwatches by mail, triggering warnings from the Department of the Army Criminal Investigation Division (CID). more
In a potentially damaging cybersecurity revelation, researchers from the cybersecurity company Eclypsium have identified a hidden mechanism in the firmware of motherboards manufactured by Taiwanese company Gigabyte. more
The U.S. government has declared criminal charges, economic sanctions, and a $10 million reward for information leading to the arrest of a Russian citizen, Mikhail Matveev. Accused of a series of ransomware attacks, Matveev's alleged operations, known as Babuk, have targeted entities such as the D.C. police, an airline, and other American industries. more
The United States Department of Justice has announced that it has neutralized a global network of computers compromised by malware called "Snake," which the U.S. government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). more
A group of companies, including Microsoft, have collaborated to launch a major action to disrupt the use of cracked, legacy copies of the security tool Cobalt Strike which cybercriminals have abused to deploy ransomware. more
The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement. more
ChatGPT, the newly released language model, has quickly gained popularity and is used for various tasks, from automation to music composition. While having useful features like fast and easy-to-use code examples, it also has the ability to create sophisticated malware without malicious code. more
Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network. They had seen the marketing hype by various security technology providers that their products included rollback capabilities they could utilize if/when one of their workstations or servers was infected by malware. Having gotten this question more than once, I thought it would be a good subject to share with a broader audience. more
Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes. more
During the last week, Google says it has been seeing 18 million malware and phishing emails related to COVID-19 daily. This, the company reported today, "is in addition to more than 240 million COVID-related daily spam messages." more
Despite a recent Ninth Circuit decision denying immunity to malware detection software for targeting competitor's software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program. Plaintiff provided software that works in real-time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers. more
As 2019 wrapped up, we took some time to reflect on some of the most impactful digital developments of the past decade and how they helped change our digital lives, including: the rise of mobile and tablet usage; the importance of mobile apps; the explosion of social media and online gaming; cloud computing; domain names, brand protection and the impact of GDP. Now that we've passed the New Year, it's time to look forward. more
"Three years after Mirai first appeared, and two years after WannaCry, it shows that we still haven't solved the problems leveraged in those outbreaks," said F-Secure Principal Researcher Jarno Niemela. more
A significant rise has been detected in the use of malware aimed at harvesting consumer data, known as password stealers. more