Threat Intelligence |
Sponsored by |
|
Last week the European Network and Information Security Agency (ENISA), which assists the European Commission and its member states with network and information security issues, published its third Anti-Spam Measures Survey. The survey provides insight into how network operators in Europe are responding to the continued onslaught of email spam. more
How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more
Equifax has announced a comprehensive resolution for its 2017 cybersecurity incident that includes a fund of up to $425 consumer fund. more
If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more
Building on my last article about Network Assessments, let's take a closer look at vulnerability assessments. (Because entire books have been written on conducting vulnerability assessments, this article is only a high level overview.) What is a vulnerability assessment? more
DNSSEC is increasingly adopted by organizations to protect DNS data and prevent DNS attacks like DNS spoofing and DNS cache poisoning. At the same time, more DNS deployments are using proprietary DNS features like geo-routing or load balancing, which require special configuration to support using DNSSEC. When these requirements intersect with multiple DNS providers, the system breaks down. more
Recently, the DNS has come under an extensive attack. The so-called "DNSpionage" campaigns have brought to light the myriad methods used to infiltrate networks. These attacks employed phishing, system hopping via key exfiltration, and software zero day exploits, illustrating that many secure networks may not be fully protected. more
Joseph Menn has an article on CNN.com wherein the crux of the story is that US experts are closing in on the hackers that broke into Google last month. It is believed by some that the Chinese government sponsored these hackers. China, naturally, denied involvement. My own take is that tools today are sophisticated enough such that you don't necessarily need state sponsorship in order to launch a cyber attack. more
The security of the global Default Free Zone (DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again - it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these traces the impact of Chinese "state actor" effects on BGP routing in recent years. more
The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised... Unless the customer feels a little bit of pain they will not change their ways. more
Throughout the second half of 2012 many security folks have been asking "how much is a zero-day vulnerability worth?" and it's often been hard to believe the numbers that have been (and continue to be) thrown around. For the sake of clarity though, I do believe that it's the wrong question... the correct question should be "how much do people pay for working exploits against zero-day vulnerabilities?" more
Bruce Schneier in an op-ed piece published in the Guardian on Thursday writes: "Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract..." more
Like the scene of a movie in which a biblical character holds back the mighty sea and is about to release the tide against his foes, BYOD has become a force of nature poised to flood those charged with keeping corporate systems secure. Despite years of practice hardening systems and enforcing policies that restrict what can and can't be done within the corporate network, businesses are under increasing (if not insurmountable) pressure to allow a diversifying number of personal devices to connect to their networks and be used for business operations. more
The majority of network breaches begin and end with the installation of malware upon a vulnerable device. For the rest, once that initial malware beachhead has been achieved, the story is only just beginning. The breach disclosures that make the news are often confusing as they're frequently compiled from third-hand reports, opinions and technical assumptions. More often than not, they include a discussion about the malware - how advanced it was, etc. - and whether any 0-day vulnerabilities were likely used by the mysterious attacker. more
The attack began Tuesday afternoon, and continued for two days straight, according to a source close to Russia’s Central Bank quoted by RIA Novosti. Sberbank confirmed the DDoS attack on its online services. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
