Threat Intelligence |
Sponsored by |
|
The Canadian Internet Registration Authority (CIRA) for the .ca country code Top-Level Domain yesterday announced the launch of a test-bed initiative for DNSSEC. CIRA’s Chief Information Officer, Norm Ritchie who made the official announcement at the SecTor security conference in Toronto, says it began the process of implementing DNSSEC in early 2009 and the implementation date is set for 2010. So far, over 15 Top-Level Domains have already deployed DNSSEC including dot-gov and dot-org. more
I received a spam message the other day that went to my Junk Mail Folder. I decided to take a look at it and dissect it piece by piece. It really is amazing to see how spam crosses so many international borders and exploits so many different machines. Spammers have their own globally redundant infrastructure and it highlights the difficulties people have in combating the problem of it. more
Anti-Phishing Working Group (APWG) released its latest Phishing Activity Trends Report today warning that the number of unique phishing websites detected in June rose to 49,084, the highest since April, 2007's record of 55,643, and the second-highest recorded since APWG began reporting this measurement. "The number of hijacked brands ascended to an all-time high of 310 in March and remained, in historical context, at an elevated level to the close of the half in June," says the report. more
Earlier this year, ICANN began to seriously consider the various effects of adding DNS protocol features and new entries into the Root Zone. With the NTIA announcement that the Root Zone would be signed this year, a root scaling study team was formed to assess the scalability of the processes used to create and publish the Root Zone. Properly considered, this study should have lasted longer than the 120 days -- but the results suggest that scaling up the root zone is not without risk -- and these risks should be considered before "green-lighting" any significant changes to the root zone or its processes. I, for one, would be interested in any comments, observations, etc. (The caveats: This was, by most measures, a rush job. My spin: This is or should be a risk assessment tool.) Full report available here [PDF]. more
Contrary to previous security reports suggesting compromised machines remain infected for 6 weeks, experts at Trend Micro say these estimates are far from accurate. In its recent blog post the company said: "During the analysis of approximately 100 million compromised IP addresses, we identified that half of all IP addresses were infected for at least 300 days. That percentage rises to eighty percent if the minimum time is reduced to a month." Additionally the study also indicates that while three quarter of the IP addresses were linked to consumer users, the remaining quarter belonged to enterprise users. more
Security experts at RSA Research Lab have reported the discovery of a new type of phishing attack targeted against online banking customers that combines a typical phishing website with a live change session initiated by fraudsters. The technique dubbed "Chat-in-the-Middle" not only attempts to trick customers into entering their usernames and passwords into a phishing site but obtains further sensitive information (such as answers to secret questions used by banks to authenticate customers). According to the report, this attack is currently targeting a single U.S.-based financial institution, however operators of all online banking websites are cautioned. more
According to a new security report released today by SANS Institute, TippingPoint and Qualys, the number of vulnerabilities found in applications in the last few years is far greater than the number of vulnerabilities discovered in operating systems. "On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words the highest priority risk is getting less attention than the lower priority risk." more
I have to tell you -- I'm not really happy about the fact that the majority of serious cyber crime on the Internet happens without any legal prosecution. I spend an enormous amount of time -- far beyond my "day job" and exceeding what some might consider my professional capacity -- tracking cyber crime. I also work closely with law enforcement (both in the U.S. and abroad) to assist in the intelligence gathering process, putting the pieces of the puzzles together, connecting the dots, and so forth. And most of the major criminal organizations are still operating (pretty much) in the open, with fear of retribution or criminal prosecution, for a number of reasons. more
From MessageLabs' latest report: "Real Host, an ISP based in Riga, Latvia was alleged to be linked to command-and-control servers for infected botnet computers, as well as being linked to malicious websites, phishing websites and 'rogue' anti-virus products. Real Host was disconnected by its upstream providers on 1 August 2009. The impact was immediately felt, where spam volumes dropped briefly by as much as 38% in the subsequent 48-hour period. Much of this spam was linked to the Cutwail botnet, currently one of the largest botnets and responsible for approximately 15-20% of all spam. Its activity levels fell by as much as 90% when Real Host was taken offline, but quickly recovered in a matter of days." more
An apparently legitimate ISP in Tartu, Estonian is reported to have been serving as the operational headquarters of a large cybercrime network since 2005 according to TrendWatch, the security research arm of TrendMicro. "An Estonian company is actively administering a huge number of servers in numerous datacenters, which together form a network to commit cybercrime. It appears that the company from Tartu, Estonia controls everything from trying to lure Internet users to installing DNS changer Trojans by promising them special video content, and finally to exploiting victims' machines for fraud with the help of ads and fake virus infection warnings..." more
Phishing is when bad guys try to impersonate a trusted organization, so they can steal your credentials. Typically they'll send you a fake e-mail that appears to be from a bank, with a link to a fake website that also looks like the bank. Malware offers another more insidious way to steal your credentials, by running unwanted code on your computer... I like VeriSign's characterization of this kind of malware as an insecure endpoint, the PC which is the endpoint of the conversation with the bank isn't actually under the control of the person who's using it. more
As we all know by now, last week, on Thursday, August 7, Twitter was hit with a denial-of-service attack that took it down for several hours. Other social networking sites like Facebook, LiveJournal, Youtube and Blogger were also hit. They managed to repel the attack although Facebook was not quite as successful as the other larger players. The theory floating about at the moment is that this was a politically oriented play designed to target one guy: a blogger. We are nearing the 1-year anniversary of a the Russian/Georgian 2008 war. There is a pro-Georgian blogger by the username of "Cyxymu" who had accounts on all of these services. more
A recent survey of US companies conducted by Proofpoint has found companies increasingly concerned over data leaks via emplyee misuse of email, blogs, social networks, multimedia channels and text messages. From the report: "[A]s more US companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound email (38 percent, up from 29 percent in 2008). The pain of data leakage has become so acute in 2009 that more US companies report they employ staff whose primary or exclusive job is to monitor the content of outbound email (33 percent, up from 15 percent in 2008)." more
Internet Systems Consortium (ISC) has announced that it is working with Afilias and Neustar, Inc. in the effort to support ISC's DNSSEC Look-aside Validation (DLV) registry by providing secondary DNS service for the DLV zone. DLV is a mechanism that provides many of the benefits of DNSSEC (short for DNS Security Extensions), enabling domain holders to secure their domain information today in advance of broader DNSSEC deployment and adoption. "Adding Afilias and Neustar as secondary DNS providers for the DLV zone demonstrates our collective understanding that DLV is a vitally important production service bigger than any single provider in the same way that there are 13 root server operators, not just one." more
US House officials have confirmed hackers breaching several websites belonging to House of Representatives members in the past week. Portions of the websites were replaced by digital graffiti which began earlier this month, according to zone-h. Brian Krebs of the Washington Post reports: "Rep. Spencer Bachus has sent a letter to the House's chief administrative officer, requesting more information about the attacks. Bachus cites information provided to him by Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham. Warner suggested that the break-ins at the House sites were caused not by password guessing [as reported initially], but by 'SQL injection,' an attack that exploits security weaknesses in Web server configurations." more
A World-Renowned Source for Internet Developments. Serving Since 2002.
