Threat Intelligence |
Sponsored by |
|
Think your organization is exempt from in-house network abuse? Think again. A CFCA Global Fraud Survey of communication service providers found that dealer fraud was one of the top five methods of fraud, costing $US 3.35 billion annually. In this scenario, customer service representatives (CSRs) or administrators with access to account information may upgrade friends or family to a premium service package or even provide free access to services. more
Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more
Encryption is a way to keep private information private in the digital world. But there are government actors, particularly here in the US, that want access to our private data. The NSA has been snooping our data for years. Backdoors have been snuck into router encryption code to make it easier to break. Today at M3AAWG we had a keynote from Kim Zetter, talking about Stuxnet and how it spread well outside the control of the people who created it. more
Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more
Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization. more
'It could've been worse' is a fascinating expression. It implies that the incident in question obviously could have been worse than expected, however it also implies that it could have been better, ultimately leading to the conclusion that it was at least somewhat bad. So both fortunately and unfortunately for three Greek banks, the ransom DDoS attacks levied against them by hacker group the Armada Collective could have been worse. more
We live in an online age, one where malware infections have become commonplace. Some might say this is the price of doing business online. News headlines report damaging attacks on well-known brands with depressing regularity. Consumer confidence suffers as customers look to organizations to sort out the issue, secure their transactions and fix the problem. more
It seems that this last holiday season didn't bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance. more
The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren't probing your network, then they're diligently recording and cataloguing everything they've found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other. more
Over the past several months, CITP-affiliated Ph.D. student Sarthak Grover and fellow Roya Ensafi been investigating various security and privacy vulnerabilities of Internet of Things (IoT) devices in the home network, to get a better sense of the current state of smart devices that many consumers have begun to install in their homes. To explore this question, we purchased a collection of popular IoT devices, connected them to a laboratory network at CITP, and monitored the traffic that these devices exchanged with the public Internet. more