Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Threat Intelligence / News Briefs

Defense Science Board Urges Obama to Take Immediate Cybersecurity Measures

According to a report by the Defense Science Board, the President-elect Barack Obama will inherit a cybersecurity infrastructure that is ill-prepared for advanced cyberattacks which will be of particular challenge for the new leaders... Reporting today on eWeek, Roy Mark writes: "The Bush administration has been widely criticized by security experts as de-emphasizing cyber-security and hamstringing the authority of officials in charge of government-wide cyber-security" said Roy Mark in a report eWeek."

Sinowal Trojan May Be One of the Worst Crimeware Ever Created

A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen login credentials of close to 300,000 online bank accounts and almost as many credit cards during that time, according to reports released today by RSA FraudAction Research Lab. The spyware is called Sinowal Trojan, also known as Torpig and Mebroot. RSA reports that their findings are based on data collected on this Trojan over the course of almost three years -- including information regarding its design and its infrastructure. Findings indicate that this may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters, say RSA experts.

Energy Industry Number One Target by Cyber Criminals, According to New Study

Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals.

IT Security Guide: “Financial Impact of Cyber Risk” Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack. In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses -- which can come from internal networks, the Internet or other private or public systems -- to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues.

$300 Million Annual Loss Due to Non-Cooperation in Fight Against Phishing

During a presentation today at the eCrime Researchers Summit in Atlanta, Georgia, security researchers revealed that average lifetime of malicious websites are often longer than they should be due to lack of communication and cooperation between security vendors. According to results, website lifetimes are extended by about 5 days when "take-down" companies -- often hired by Banks -- are unaware of the site. "On other occasions, the company learns about the site some time after it is first detected by someone else; and this extends the lifetimes by an average of 2 days," says Richard Clayton.

Cyber Security Forecast for 2009: Data and Mobility Key Part of Emerging Threats

Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks.

U.S. Department of Commerce Seeking Public Comments for Deployment of DNSSEC

During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues...

Stay Safe Online: Fifth Annual National Cyber Security Awareness Month

This month marks the fifth annual National Cyber Security Awareness Month. The U.S. Department of Homeland Security's (DHS) National Cyber Security Division (NCSD) will be actively engaging public and private sector partners through events and initiatives to increase overall awareness and minimize vulnerabilities. This year, according to DHS, 28 state governors signed a proclamation in recognition of National Cyber Security Awareness Month and 51 endorsements were provided by companies, non-profits, universities and government agencies. The U.S. House of Representatives passed a resolution declaring October as National Cyber Security Awareness Month. To learn more, visit DHS and StaySafeOnline.org.

Study Assesses Potential Impact of DNSSEC on Broadband Consumers, Results Not Good

Recent collaborative test by Core Competence and Nominet have concluded that 75% of common residential and small SOHO routers and firewall devices used with broadband services do not operate with full DNSSEC compatibility "out of the box". The report presents and analyzes technical findings, their potential impact on DNSSEC use by broadband consumers, and implications for router/firewall manufacturers. Included in its recommendations, the report suggests that as vendors apply DNSSEC and other DNS security fixes to devices, consumers should be encouraged to upgrade to the latest firmware.

APWG Releases 2008 First Quarter Phishing Activity Trends Report

The Anti-Phishing Working Group (APWG) has released its 2008 first quarter Phishing Activity Trends Report revealing that the Crimeware-Spreading URLs rose rapidly doubling previous high. More specifically, the report say that numbers of crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in Q1, 2008 to 6,500 sites, nearly double the previous high of November, 2007 -- and an increase of 337 percent from the number detected end of Q1, 2007. On the positive side, the number of phishing reports and new phishing websites decreased at the end of Q1 2008 period.

Attack Traffic: 10 Countries Source of Almost 75% of Internet Attacks

A recent quarterly report titled "State of the Internet" has been released by Akamai providing Internet statistics on the origin of Internet attack traffic, network outages and broadband connectivity levels around the world. According to the report, during the first quarter of 2008, attack traffic originated from 125 unique countries around the world. China and the United States were the two largest traffic sources, accounting for some 30% of traffic in total. The top 10 countries were the source of approximately three quarters (75%) of the attacks measured. Other observations include...

U.S. Slammed as Major Host for Cybercrime

While Russia and Ukraine are generally regarded as today's main cybercrime hubs, "a lot of their infrastructure is housed in the west, in the United States to be precise," writes Vincent Hanna of Spamhaus Project. "Without exception, all of the major security organizations on the Internet we know of agree that the 'Home' of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals -- mostly Russian and East European but with several US online crime gangs as well -- whose activities always lead back to servers run by Atrivo/Intercage..."

Day 30: Kaminsky DNS Bug Disclosure

In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially "destroy the Web".

Consumer Reports: U.S. Consumers Lost Nearly $8.5 Billion to Viruses, Spyware, and Phishing

U.S. consumers lost almost $8.5 billion over the last two years to viruses, spyware, and phishing schemes according to latest projections from the Consumer Reports State of the Net survey. Additionally, report estimates that American consumers have replaced about 2.1 million computers over the past two years because of online threats. Survey has also reveals some hopeful signs such as declining chances of becoming a cybervictim -- consumers have 1 in 6 chance of becoming a cybervictim, down from 1 in 4 in 2007.

Study Finds 75% of Malicious Websites from Legitimate, Trusted Sources

New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.