Cyberattack

Blogs

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense!

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked. more»

Security Against Election Hacking - Part 1: Software Independence

There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can't be hacked. Election administrators use computers in (at least) three ways... more»

I Didn't Put My Name on the Census

On many occasions I have written about the dangers of electronic communications in relation to data retention laws, government e-spying and other activities undermining our democracy and our liberty. To date governments still have to come up with evidence that all of this spying on their citizens has prevented any terrorist attacks. Terrorism has been given as the key reason for the government's spying. more»

Ethical Hacking: Turning The Tables to Boost Cyber Security

Hacking remains a huge problem for businesses. As noted by MarketWatch, more than 175 data breaches have already happened this year, and in 2015 approximately 105 million adults in the United States had their personal information stolen. For companies, the stakes are huge: Compromised systems not only damage the bottom line but can severely impact public opinion. more»

Cybersquatting & Banking: How Financial Services Industry Can Protect Itself Online (Free Webinar)

Businesses in the financial services sector are among the most frequent targets of cybersquatters. In this free webinar, I will be joining Craig Schwartz of fTLD Registry Services to provide important information about how domain name fraud is affecting the financial services industries, including banking and insurance, and what businesses and consumers can do to protect themselves online. more»

The Importance of IPRC in Asia Pacific

I believe and strongly support Internet Principle and Right Coalition (IPRC) Charter is an important edition of document supplementing the principles and rights of individual internet users in any developing and least developed country. Especially in Asia Pacific region where the need and use of such document is immense, as there is a gap in recognition and awareness of rights of internet users. more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms?

In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more»

Can Hybrid DDoS Mitigation Stop Large Application Layer Attacks?

We recently received an email from a customer asking about hybrid DDoS mitigation and its ability to stop large application layer attacks. Here's the truth: Hybrid DDoS mitigation works and can stop large application layer attacks. Hybrid DDoS mitigation typically involves a purpose-built DDoS mitigation appliance or software on dedicated hardware that sits immediately in front of or behind an enterprise's edge router. more»

ICANN Fails Consumers (Again)

In its bid to be free of U.S. government oversight ICANN is leaning on the global multistakeholder community as proof positive that its policy-making comes from the ground up. ICANN's recent response to three U.S. senators invokes the input of "end users from all over the world" as a way of explaining how the organization is driven. Regardless of the invocation of the end user (and it must be instinct) ICANN cannot seem to help reaching back and slapping that end user across the face. more»

Better "Always-On" DDoS Mitigation

Distributed Denial of Services (DDoS) attacks have been the frustration of information technology professionals for many years. When asked, most tell you they wish their internet service providers (ISPs) would simply provide them "clean pipes" all the time and take care of DDoS attacks upstream before they ever get to them. Unfortunately, the resources (equipment and personnel) necessary to clean Internet connections all the time are very expensive and come with several downsides. more»

Can We Really Blame DNSSEC for Larger-Volume DDoS attacks?

In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more»

The Cyberthreats and Trends Enterprises Should Watch in 2016

Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more»

DNS MythBusters - Straightening Out Common Misconceptions

Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more»

How to Choose a Cyber Threat Intelligence Provider

Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization. more»

News Briefs

Singapore Plans to Cut Off Internet Access for Government Agencies

Russian Central Bank Announces Mandatory Cyber-Security Regulations for Domestic Banks

Massive Cyberattack Aimed at Flooding .Gov Email Inboxes With Subscription Requests

Code Released by 'Shadow Brokers' Raises Alarming Concerns on Whether NSA Was Hacked

Mysterious Hacker Claims to Have Hacked a Group Linked to the NSA

Swimming Australia Website Comes Under DDoS Attack in Wake of Allegations Against Chinese Swimmer

Australia's First Online Census Halted Due to Multiple DDoS Attacks

FBI Withheld Warning Democratic National Committee of Suspected Russian Role in Hack

U.S. Issues Cyber Incident Coordination Policy

Pro-Trump Russians Accused for Democratic National Committee Email Hack, FBI Investigating

US Congress Website Recovers from a Crippling 3-Day DNS Attack

Average DDoS Attacks Now Large Enough to Take Most Organizations Completely Offline

Pokemon Go Server Outage, Hacking Group Claims Credit

Reprot Suggests China Hacked High-Level Officials at Federal Deposit Insurance Corporation

Sophisticated Maleware Found Aimed to Target Energy Companies

EU Launches First European Public-Private Partnership on Cybersecurity, Plans $2B Investment

Documentary Balmes Israel for Stuxnet Malware Failure

Google's Project Zero Team Discovers Critical Vulnerabilities in Symantec and Norton

US Ramping Up to Defeat Terrorism Online

NASCAR Team Pays Ransomware Fee to Recover Its Critical Files

Most Viewed

Most Commented

Industry Updates

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Introducing the Verisign DNS Firewall

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Participants – Random Selection