Threat Intelligence

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Recently Commented

$300 Million Annual Loss Due to Non-Cooperation in Fight Against Phishing

During a presentation today at the eCrime Researchers Summit in Atlanta, Georgia, security researchers revealed that average lifetime of malicious websites are often longer than they should be due to lack of communication and cooperation between security vendors. According to results, website lifetimes are extended by about 5 days when "take-down" companies -- often hired by Banks -- are unaware of the site. "On other occasions, the company learns about the site some time after it is first detected by someone else; and this extends the lifetimes by an average of 2 days," says Richard Clayton. more

Cyber Security Forecast for 2009: Data and Mobility Key Part of Emerging Threats

Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks. more

U.S. Department of Commerce Seeking Public Comments for Deployment of DNSSEC

During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues... more

Peering into Fast Flux Botnet Activity

Together with Thorsten Holz, I recently published a paper on fast flux botnet behaviors, "As the Net Churns: Fast-Flux Botnet Observations," based on data we gathered in our ATLAS platform. Fast flux service networks utilize botnets to distribute the web servers to the infected PCs... One of the most well known fast flux botnets has been the Storm Worm botnet, which uses the zombies to spam, send out new enticements to infect users, and to host the malicious website which delivers the malcode. more

Time for Self Reflection

In case you don't read any of what I have to say below, read this: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe. Atrivo (also known as Intercage), is a network known to host criminal activity for many years, is no more. Not being sarcastic for once, this is the time for some self reflection. more

Stay Safe Online: Fifth Annual National Cyber Security Awareness Month

This month marks the fifth annual National Cyber Security Awareness Month. The U.S. Department of Homeland Security's (DHS) National Cyber Security Division (NCSD) will be actively engaging public and private sector partners through events and initiatives to increase overall awareness and minimize vulnerabilities. This year, according to DHS, 28 state governors signed a proclamation in recognition of National Cyber Security Awareness Month and 51 endorsements were provided by companies, non-profits, universities and government agencies. The U.S. House of Representatives passed a resolution declaring October as National Cyber Security Awareness Month. To learn more, visit DHS and StaySafeOnline.orgmore

Caring About Cybersecurity or Preparing the Ground for an I-Patriot Act?

Few months ago in a talk given at the Institution of Engineering and Technology organised here in London by the Society for Computers and Law, Professor Lessig recounted a conversation he had with former US Counter Terrorism Czar Richard Clarke, where Larry asked the question that many had in mind... how the US Government managed to conceptualize, design and draft a piece of legislation as vast and complex as the USA PATRIOT Act in such a short period of time (a month and 15 days after 9/11), and the answer was what many people had imagined... more

APWG Releases 2008 First Quarter Phishing Activity Trends Report

The Anti-Phishing Working Group (APWG) has released its 2008 first quarter Phishing Activity Trends Report revealing that the Crimeware-Spreading URLs rose rapidly doubling previous high. More specifically, the report say that numbers of crimeware-spreading URLs infecting PCs with password-stealing code rose 93 percent in Q1, 2008 to 6,500 sites, nearly double the previous high of November, 2007 -- and an increase of 337 percent from the number detected end of Q1, 2007. On the positive side, the number of phishing reports and new phishing websites decreased at the end of Q1 2008 period. more

Attack Traffic: 10 Countries Source of Almost 75% of Internet Attacks

A recent quarterly report titled "State of the Internet" has been released by Akamai providing Internet statistics on the origin of Internet attack traffic, network outages and broadband connectivity levels around the world. According to the report, during the first quarter of 2008, attack traffic originated from 125 unique countries around the world. China and the United States were the two largest traffic sources, accounting for some 30% of traffic in total. The top 10 countries were the source of approximately three quarters (75%) of the attacks measured. Other observations include... more

U.S. Slammed as Major Host for Cybercrime

While Russia and Ukraine are generally regarded as today's main cybercrime hubs, "a lot of their infrastructure is housed in the west, in the United States to be precise," writes Vincent Hanna of Spamhaus Project. "Without exception, all of the major security organizations on the Internet we know of agree that the 'Home' of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals -- mostly Russian and East European but with several US online crime gangs as well -- whose activities always lead back to servers run by Atrivo/Intercage..." more

Public Sharing and a New Strategy in Fighting Cyber Crime

A couple of years ago I started a mailing list where folks not necessarily involved with the vetted, trusted, closed and snobbish circles of cyber crime fighting (some founded by me) could share information and be informed of threats. In this post I explore some of the history behind information sharing online, and explain the concept behind the botnets mailing list... we may not be able to always share our resources, but it is time to change the tide of the cyber crime war, and strategize. One of the strategies we need to use, or at least try, is public information sharing of "lesser evils" already in the public domain. more

A Secure Recursive Caching DNS Server

Over the last couple of weeks I have spent some time working on a project to develop a DNS cache for Windows that is intended to be reasonably secure against spoof attacks, in particular in situations where NAT firewalls may prevent port randomization. The program is evolving, but currently uses a couple of ideas to attempt to defeat spoof attacks... The source code is intended to be entirely un-encumbered, that is free in all respects. I would welcome any suggestions or comments on the aims of the project, the source code, the functionality of the program or other ideas. more

Trust, but Verify

We are at an inflection point in our lifetimes. The Internet is broken, seriously broken... Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. more

Updates on the Georgian Cyber Attacks

This is an update of my previous post on the subject. To be honest here, no one truly knows what's going on in Georgia's Internet except for what can be glimpsed from outside, and what has been written by the Georgians on their blog (outside their country). They are probably a bit busy avoiding kinetic bombing... more

Internet Attacks Against Georgian Websites

In the last days, news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there... Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword. Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine... more