Threat Intelligence |
Sponsored by |
|
Today at the RIPE 67 event in Athens, Greece, IETF Chair Jari Arkko gave a presentation on "Pervasive Monitoring and the Internet" where he spoke about the ongoing surveillance issues and: What do we know? What are the implications? What can we do? Similar to his earlier article on the topic, Jari looked at the overall issues and spoke about how Internet technology should better support security and privacy. more
McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009. more
Lastly, and certainly not the least, part four of my security predictions takes a deeper dive into mobile threats and what companies and consumer can do to protect themselves. If there is one particular threat category that has been repeatedly singled out for the next great wave of threats, it has to be the mobile platform -- in particular, smartphones... The general consensus of prediction was that we're (once again) on the cusp of a pandemic threat. more
Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more
Back when I started working in this industry in 2001, ICANN was small, the industry was tight, and things moved slowly as interest groups negotiated a balance amongst the impacts of change. Change often meant added overhead and, at the very least, a one-time cost effort to implement on the commercial side. Registries and registrars preferred to be hands-off when it came to how their domains were being used. But e-crime became big business during the 2000s. more
The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren't probing your network, then they're diligently recording and cataloguing everything they've found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other. more
Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more
The Messaging Anti-Abuse Working Group (MAAWG), of which Return Path (my employer) is a very active participant, met recently in Heidelberg, Germany. Among other exciting projects, they finished two new best practices documents which have been lauded in the press as a big step towards stopping botnet spam... more
The novel coronavirus outbreak (COVID-19) has prompted many organizations in Mainland China and Hong Kong to execute their business continuity plan (BCP). During the last epidemic in 2003, the SARS outbreak lasted for nine months – and with an infection rate that is increasing rapidly, this new coronavirus has the potential to cause prolonged periods of commercial disruption, and heavy reliance on BCPs. more
Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more
When a business gets hacked and its corporate information is dumped on the Internet for all and sundry to see (albeit illegally), the effects of that breach are obviously devastating for all concerned. In many ways it's like the day after a fierce storm has driven a super-cargo container ship aground and beachcombers from far and wide have descended upon the ruptured carcass of metal to cart away anything they think has value or can be sold by the side of road. more
Hacking remains a huge problem for businesses. As noted by MarketWatch, more than 175 data breaches have already happened this year, and in 2015 approximately 105 million adults in the United States had their personal information stolen. For companies, the stakes are huge: Compromised systems not only damage the bottom line but can severely impact public opinion. more
The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more
An article in Forbes the other day reports on US Secretary of Homeland Security Janet Napolitano's comments that 'cybercrime represents the "greatest threat and actual activity that we have seen aimed at the west and at the United States" in addition to "or other than Al Qaeda and Al Qaeda-related groups."' ..."Napolitano cited a study commissioned by Symantec that put the total worldwide cost of cybercrime at $388 billion -- higher than the global market for heroin, cocaine and marijuana combined." more
It makes me cringe when I hear operators or security practitioners say, "I don't care who the attacker is, I just want them to stop." I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations -- regardless of their cyber threat operation's maturity level. Attribution is important, and we as Cyber Threat Intelligence (CTI) professionals, need to do a better job explaining across all lines of business and security operations... more
A World-Renowned Source for Internet Developments. Serving Since 2002.
