Threat Intelligence

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Domain Research and Monitoring: Keeping an Eye on the Web for You

Threat Intelligence / Recently Commented

Domain Slammers Go Phishing

ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people -- and creates a whole lot of confusion for registrants. But that was a problem we could deal with. Fast-forward to October, 2008... more

Co-Operation to Make the Domain Business More Secure

In order to provide more security for the Domain Name System (DNS), a group of large domain-name registries and registrars has got together with IT security providers and government agencies to launch a new workgroup: the "Registry Internet Safety Group" (RISG). The announcement was made by the Public Internet Registry, which operates the .org domain, and its backend provider Afilias. more

Energy Industry Number One Target by Cyber Criminals, According to New Study

Web security company, ScanSafe reports that, in the past quarter, companies in the Energy industry faced the greatest risk of Web-based malware exposure, at a 196% heightened risk compared to other verticals. The Pharmaceutical and Chemicals industry faced the second highest risk of exposure at 192% followed by the Construction & Engineering industry at 150%. The Media and Publishing industry were also among those at highest risk, with a 129% heightened risk compared to other verticals. more

IT Security Guide: “Financial Impact of Cyber Risk” Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack. In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses -- which can come from internal networks, the Internet or other private or public systems -- to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues. more

$300 Million Annual Loss Due to Non-Cooperation in Fight Against Phishing

During a presentation today at the eCrime Researchers Summit in Atlanta, Georgia, security researchers revealed that average lifetime of malicious websites are often longer than they should be due to lack of communication and cooperation between security vendors. According to results, website lifetimes are extended by about 5 days when "take-down" companies -- often hired by Banks -- are unaware of the site. "On other occasions, the company learns about the site some time after it is first detected by someone else; and this extends the lifetimes by an average of 2 days," says Richard Clayton. more

Cyber Security Forecast for 2009: Data and Mobility Key Part of Emerging Threats

Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks. more

U.S. Department of Commerce Seeking Public Comments for Deployment of DNSSEC

During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues... more

Peering into Fast Flux Botnet Activity

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs... One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. more

Time for Self Reflection

In case you don't read any of what I have to say below, read this: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe. Atrivo (also known as Intercage), is a network known to host criminal activity for many years, is no more. Not being sarcastic for once, this is the time for some self reflection. more

Stay Safe Online: Fifth Annual National Cyber Security Awareness Month

This month marks the fifth annual National Cyber Security Awareness Month. The U.S. Department of Homeland Security's (DHS) National Cyber Security Division (NCSD) will be actively engaging public and private sector partners through events and initiatives to increase overall awareness and minimize vulnerabilities. This year, according to DHS, 28 state governors signed a proclamation in recognition of National Cyber Security Awareness Month and 51 endorsements were provided by companies, non-profits, universities and government agencies. The U.S. House of Representatives passed a resolution declaring October as National Cyber Security Awareness Month. To learn more, visit DHS and StaySafeOnline.orgmore

Caring About Cybersecurity or Preparing the Ground for an I-Patriot Act?

Few months ago in a talk given at the Institution of Engineering and Technology organised here in London by the Society for Computers and Law, Professor Lessig recounted a conversation he had with former US Counter Terrorism Czar Richard Clarke, where Larry asked the question that many had in mind... how the US Government managed to conceptualize, design and draft a piece of legislation as vast and complex as the USA PATRIOT Act in such a short period of time (a month and 15 days after 9/11), and the answer was what many people had imagined... more

APWG Releases 2008 First Quarter Phishing Activity Trends Report

The Anti-Phishing Working Group (APWG) has released its 2008 first quarter Phishing Activity Trends Report revealing that the Crimeware-Spreading URLs rose rapidly doubling previous high. More specifically, the report say that numbers of crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in Q1, 2008 to 6,500 sites, nearly double the previous high of November, 2007 -- and an increase of 337 percent from the number detected end of Q1, 2007. On the positive side, the number of phishing reports and new phishing websites decreased at the end of Q1 2008 period. more

Attack Traffic: 10 Countries Source of Almost 75% of Internet Attacks

A recent quarterly report titled "State of the Internet" has been released by Akamai providing Internet statistics on the origin of Internet attack traffic, network outages and broadband connectivity levels around the world. According to the report, during the first quarter of 2008, attack traffic originated from 125 unique countries around the world. China and the United States were the two largest traffic sources, accounting for some 30% of traffic in total. The top 10 countries were the source of approximately three quarters (75%) of the attacks measured. Other observations include... more

U.S. Slammed as Major Host for Cybercrime

While Russia and Ukraine are generally regarded as today's main cybercrime hubs, "a lot of their infrastructure is housed in the west, in the United States to be precise," writes Vincent Hanna of Spamhaus Project. "Without exception, all of the major security organizations on the Internet we know of agree that the 'Home' of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals -- mostly Russian and East European but with several US online crime gangs as well -- whose activities always lead back to servers run by Atrivo/Intercage..." more

Public Sharing and a New Strategy in Fighting Cyber Crime

A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more