Cyberattack

Blogs

No One is Immune: Qatar Crisis Started by a Targeted Poli-Cyber Attack

The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more»

APT: The Cancer Within

Unless you have a team employing the latest proactive threat-hunting techniques, the stealthy Advanced Persistent Threat (APT) hiding in your network can pass by completely unnoticed. There are as many definitions of APT as experts writing about the topic, so let's boil it down to the simple essentials: APTs are usually implanted and maintained by a team of malicious actors with the intention of living long term in your network while extracting valuable private information. more»

Good Samaritans with Network Visibility

In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more»

Conventional Thinking Won't Work in New Era of ISIS & 'Unprecedented' Cyber & Non-Cyber Attacks

Conventional thinking or solutions will no longer work in the new era of ISIS and the 'Unprecedented' cyber and non-cyber attacks we live in today. Like it or not, everyone is impacted, and no one is immune. Whether you are an average citizen, a chairman or CEO of a multinational, or a government or academic institution leader, the questions to ponder are: Do you know what to do next? Do you know what the solution is? more»

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more»

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more»

It's Up to Each of Us: Why I WannaCry for Collaboration

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more»

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more»

In Response to Offensive Destruction of Attack Assets

It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more»

IoT Devices Will Never Be Secure - Enter the Programmable Networks

Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more»

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more»

While Cyberspace Is Entering an Era of Warring States, There Remains a Chance to Make a Difference

For the non-state actors who are making efforts to approach cybersecurity issue in a different and creative way, the state actors, however, have given clear signs that they have exhausted their patience and insisted on doing things alone by bringing traditional old tricks back into cyberspace. This is exemplified in the bilateral meeting of two cyber sovereigntists - the Chinese and U.S. presidents on April 6-7, and in the multilateral G7 Declaration on Responsible States Behavior in Cyberspace on April 11. more»

Loudmouths Wanted for ICANN WHOIS Replacement Work

TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more»

The Internet as Weapon

One of the most striking and enduring dichotomies in the conceptualization of electronic communication networks is summed up in the phrase "the Internet as weapon." With each passing day, it seems that the strident divergence plays in the press -- the latest being Tim's lament about his "web" vision being somehow perverted. The irony is that the three challenges he identified would have been better met if he had instead pursued a career at the Little Theatre of Geneva and let SGML proceed to be implemented on OSI internets rather than refactoring it as HTML to run on DARPA internets. more»

Into the Gray Zone: Considering Active Defense

Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate. more»

News Briefs

British Organizations Could Face Massive Fines for Cybersecurity Failures

Kansas System Hacked, Social Security Numbers of Millions Accessed Spanning 10 States

Extreme Cyberattack Could Cost as Much as Superstorm Sandy, Says Insurer Lloyd's of London

U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey

U.S. Nuclear Power and Other Energy Companies Hacked by Russians According to Government Officials

Petya Ransomware Spreading Rapidly Worldwide, Effecting Banks, Telecom, Businesses, Power Companies

South Korean Banks Receive DDoS Threat from Hacker Group, Record Ransomware Payment Demanded

Cyberattack on UK Parliament Halts Email Access

Honda Halts Domestic Car Production Plant Due to WannaCry Virus in Computer Network

North Korea's Spy Agency Behind WannaCry

FBI, DHS Release Technical Details on North Korea’s DDoS Botnet Infrastructure

Russian Interference More Vigorous than Assumed, Over 39 States Targeted During Election

Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware

Canadian Internet Registration Authority Launches Cloud-Based DNS Firewall Service

Al Jazeera Under Systematic Cyberattack

NTIA Issues RFC, Asks for Input on Dealing With Botnets and DDoS Attacks

Major Regulatory Changes Needed as Safety and Security Merge, Warns European Commission Report

At Least One U.S. Voting Software Supplier Cyberattacked by Russians, According to Leaked Document

Emergency Patch Issued for Samba, WannaCry-type Bug Exploitable with One Line of Code

Bell Canada Discloses Loss of 1.9 Million Email Addresses to Hacker, Says No Relation to WannaCry

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection