Cyberattack

Blogs

Loudmouths Wanted for ICANN WHOIS Replacement Work

TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more»

The Internet as Weapon

One of the most striking and enduring dichotomies in the conceptualization of electronic communication networks is summed up in the phrase "the Internet as weapon." With each passing day, it seems that the strident divergence plays in the press -- the latest being Tim's lament about his "web" vision being somehow perverted. The irony is that the three challenges he identified would have been better met if he had instead pursued a career at the Little Theatre of Geneva and let SGML proceed to be implemented on OSI internets rather than refactoring it as HTML to run on DARPA internets. more»

Into the Gray Zone: Considering Active Defense

Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate. more»

Digital Geneva Convention: Multilateral Treaty, Multistakeholder Implementation

Microsoft's call for a Digital Geneva Convention, outlined in Smith's blog post, has attracted the attention of the digital policy community. Only two years ago, it would have been unthinkable for an Internet company to invite governments to adopt a digital convention. Microsoft has crossed this Rubicon in global digital politics by proposing a Digital Geneva Convention which should 'commit governments to avoiding cyber-attacks that target the private sector or critical infrastructure or the use of hacking to steal intellectual property'. more»

Where Do You Start to Mitigate the Latest Destruction-Motivated Cyber Threats?

With traditional cyber strategies failing businesses and governments daily, and the rise of a new breed of destruction-motivated Poli-Cyber terrorism threatening "Survivability", what are top decision makers to do next? There is a global paradigm change in the cyber and non-cyber threat landscape, and to address it the industry has to offer innovative solutions. more»

So Long, Farewell: The Worst DDoS Attacks of 2016

The year 2016 will go down in infamy for a number of reasons. It was the year an armed militia occupied an Oregon wildlife refuge, Britain voted to Brexit, an overarching event that will simply be referred to as The Election occurred, and Justin Bieber made reluctant beliebers out of all of us. 2016 was also the worst year on record for distributed denial of service (DDoS) attacks by a margin that can only be considered massive. more»

We Urgently Need a New Internet

Let's be honest about it. Nobody -- including those very clever people that were present at its birth -- had the slightest idea what impact the internet would have in only a few decades after its invention. The internet has now penetrated every single element of our society and of our economy, and if we look at how complex, varied and historically different our societies are, it is no wonder that we are running into serious problems with the current version of our internet. more»

Blocking a DDoS Upstream

In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more»

Notes from NANOG 69

NANOG 69 was held in Washington DC in early February. Here are my notes from the meeting. It would not be Washington without a keynote opening talk about the broader political landscape, and NANOG certainly ticked this box with a talk on international politics and cyberspace. I did learn a new term, "kinetic warfare," though I'm not sure if I will ever have an opportunity to use it again! more»

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more»

Characterizing the Friction and Incompatibility Between IoC and AI

Many organizations are struggling to overcome key conceptual differences between today's AI-powered threat detection systems and legacy signature detection systems. A key friction area -- in perception and delivery capability -- lies with the inertia of Indicator of Compromise (IoC) sharing; something that is increasingly incompatible with the machine learning approaches incorporated into the new breed of advanced detection products. more»

Dispersing a DDoS: Initial Thoughts on DDoS Protection

Distributed Denial of Service is a big deal -- huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, "tonight my network will not be impacted by a DDoS attack." more»

Cyber-Terrorism Rising, Existing Cyber-Security Strategies Failing, What Are Decision Makers to Do?

While conventional cyber attacks are evolving at breakneck speed, the world is witnessing the rise of a new generation of political, ideological, religious, terror and destruction motivated "Poli-Cyber™" threats. These are attacks perpetrated or inspired by extremists' groups such as ISIS/Daesh, rogue states, national intelligence services and their proxies. They are breaching organizations and governments daily, and no one is immune. more»

CircleID's Top 10 Posts of 2016

The new year is upon us and it's time for our annual look at CircleID's most popular posts of the past year and highlighting those that received the most attention. Congratulations to all the 2016 participants and best wishes to all in the new year. more»

Internet Governance Outlook 2017: Nationalistic Hierarchies vs. Multistakeholder Networks?

Two events, which made headlines in the digital world in 2016, will probably frame the Internet Governance Agenda for 2017. October 1, 2016, the US government confirmed the IANA Stewardship transition to the global multistakeholder community. November 2, 2016, the Chinese government announced the adoption of a new cybersecurity law which will enter into force on July 1, 2017. more»

News Briefs

Security Researchers Announce First SHA-1 Collision, Confirming Fears About Its Vulnerabilities

Deloitte: DDoS Attacks to Enter Terabit Era in 2017

Microsoft's Brad Smith Calls for a 'Digital Geneva Convention' to Protect Civilians

Trump to Sign Cybersecurity Executive Order on Tuesday

US Law-Enforcement Agencies Reported to be at Risk in Foreign-Owned Buildings

Data Breaches Reported During 2016 Exposed Over 4.2 Billion Records

New Study Highlights Growing Risk, Lack of Urgency with Mobile and IoT Application Security

Canadian Energy Firms at Bigger Risk of Cyberattack

Ukraine's Power Outage Due to Cyberattack, Says Country's National Power Company

Former New York City Mayor Rudy Guliani Appointed to "Chair" Cyber Task Force

Trump Names Former Bush Aide Thomas Bossert Chief Adviser on Cybersecurity, Counterterrorism Role

Yahoo Reveals Over One Billion More Accounts Have Been Hacked

Internet Society Urges for Increased Effort to Address Unprecedented Challenges Facing the Internet

Cyberattack Cuts Off Thousands of TalkTalk, Post Office Customers in UK

Germany's Leading ISP Deutsche Telekom Under Cyberattack, Close to 900K Customers Affected

BITAG Outlines Steps to Dramatically Improve the Security and Privacy of IoT Devices

Russian Security Firm Kaspersky Announces Its Own Secure OS, 14 Years in the Making

Akamai: DDoS Attacks Increased 71 Percent in Q3 2016 as Compared to Q3 2015

Major Russian Banks Under a Multi-Day Cyberattack

There are Reports of Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks, NGOs

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection