Cyberattack

Blogs

How to Choose a Cyber Threat Intelligence Provider

Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization. more»

Lessons to Be Learned from the Armada Collective's DDoS Attacks on Greek Banks

'It could've been worse' is a fascinating expression. It implies that the incident in question obviously could have been worse than expected, however it also implies that it could have been better, ultimately leading to the conclusion that it was at least somewhat bad. So both fortunately and unfortunately for three Greek banks, the ransom DDoS attacks levied against them by hacker group the Armada Collective could have been worse. more»

Watching the Watchers Watching Your Network

It seems that this last holiday season didn't bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance. more»

Blocking Shodan

The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren't probing your network, then they're diligently recording and cataloguing everything they've found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other. more»

Thought Leaders Create New Trends & Solutions, Followers Just Follow - Which Are You?

Last week I asked on a post elsewhere, why we, at the MLi Group, chose to consider speakers, panelists, supporters and sponsors at our Global Summit Series (GSS) as "Thought Leaders" and "Trend Setters? Many wrote me directly offering their answers and then it dawned on me that my answer may (or may not) get appreciated by many at the ICANN community. So here is why we do. more»

Experienced a Breach? Here Are Four Tips for Incident Response

The threat level has never been higher for organizations charged with protecting valuable data. In fact, as recent headlines will attest, no company or agency is completely immune to targeted attacks by persistent, skilled adversaries. The unprecedented success of these attacks against large and well-equipped organizations around the world has led many security executives to question the efficacy of traditional layered defenses as their primary protection against targeted attacks. more»

Verisign's Perspective on Recent Root Server Attacks

On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more»

Officially Compromised Privacy

The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information's owner. In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information's owner, there should be serious concern about the degree of privacy that is meaningfully possible. more»

The Emotional Cost of Cybercrime

We know more and more about the financial cost of cybercrime, but there has been very little work on its emotional cost. David Modic and I decided to investigate. We wanted to empirically test whether there are emotional repercussions to becoming a victim of fraud (Yes, there are). We wanted to compare emotional and financial impact across different categories of fraud and establish a ranking list (And we did). more»

Watch Live Oct 1 - Dyn's Techtoberfest: Internet Trends, Security, Net Neutrality and More

On Thursday, Oct 1, 2015, from 9:30am-4:30pm US EDT (UTC-4), Dyn will be holding their "TechToberFest" event in Manchester, NH, and also streaming the video live for anyone interested. There are a great set of speakers and a solid agenda. As I wrote on the Internet Society blog, I'll be part of the security panel from 3-4pm US EDT... and we who are on the panel are excited to participate just for the conversation that we are going to have! It should be fun! more»

Can We Stop IP Spoofing? A New Whitepaper Explores the Issues

In March 2013, Spamhaus was hit by a significant DDoS attack that made its services unavailable. The attack traffic reportedly peaked at 300Gbps with hundreds of millions of packets hitting network equipment on their way. In Q1 2015, Arbor Networks reported a 334Gbps attack targeting a network operator Asia. In the same quarter they also saw 25 attacks larger than 100Gbps globally. What is really frightening about this is that such attacks were relatively easy to mount. more»

World Body Declares Cyber Security Top Issue

Sovereign nations around the globe have clearly defined borders, but as attendees were shown at a UN Conference several years ago, cybercrime is a borderless phenomenon. In 2011 Norton Security released statistics that showed that every 14 seconds an adult is a victim of cybercrime and the numbers are growing. As internet use grows, so does the amount and type of information streaming across the web. This information crosses transnational lines, public and private sectors. more»

Are Botnets Really the Spam Problem?

Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more»

Should You Whitelist Your Vulnerability Scanning Service Provider?

Unlike consultant-led penetration testing, periodic or continual vulnerability scanning programs have to operate harmoniously with a corporation's perimeter defenses. Firewalls, intrusion prevention systems, web proxies, dynamic malware analysis systems, and even content delivery networks, are deployed to protect against the continuous probes and exploit attempts of remote adversaries -- yet they need to ignore (or at least not escalate) similar probes and tests being launched by the managed security service providers an organization has employed to identify and alert upon any new vulnerabilities within the infrastructure or applications that are to be protected. more»

Global Paradigms We Relied Upon Were Destroyed Overnight - How Prepared Are You for New Realities?

Unprecedented new Political and Cyber Security Threats are happening at a scale that has never been witnessed before. These threats are large and malicious enough to take down nuclear programs, render oil refineries inoperable, and take billion-dollar websites offline (not to mention smaller ones). Recent events confirm that NO ONE IS IMMUNE. Despite the obvious warning signs, Internet business stakeholders the world over continue to act as if nothing has changed, and seem unaware that global paradigms have undergone a seismic shift almost overnight. more»

News Briefs

Obama Proposes $19 Billion for Cybersecurity in Final Budget Plan

Reported Cyberattack Against Israel Only Ransomware to Regulatory Body, Electric Grid Not In Danger

91.3% of Malware Use DNS as a Key Capability

Hacking Group Anonymous Claims Responsibility for Massive Cyberattack on Turkey

Internet Root Servers Hit with Unusual DNS Amplification Attack

UK Announces Additional £1.9 Billion in Cyber Security Funding

United States and Britain to Conduct Financial Cyber-Security Test

Experts Propose Plan for More Secure Wi-Fi Devices

Obama, Xi Reach 'Common Understanding' on Curbing Cyber Espionage

Apple App Store Hit With Major Cyberattack

U.S. and China Negotiating Cyeberwarfare Control Deal

Senior U.S. and Chinese Officials Conclude Four-Day Meeting on Cyber Security

Hacking Increasingly Becoming a Physical Concern

Efforts to Curb Cyber Espionage Will Further Fragment Internet Regulatory Environment

U.S. Preparing Sanctions Against Chinese Firms and Individuals over Cyberespionage

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

US Army Site Hacked as Obama Vows 'Aggressive' Response to Cyberattacks

Record Number of Malware Variants Detected in Q4 of 2014, Retail/Service Most Targeted

UK Power Grid Under Minute-by-Minute Cyberattack

South Korea Receives Nuclear Plan Cyberattack Threats, Takes Emergency Measures

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection