Cyberattack / Featured Blogs

DNS-Based DDoS: Diverse Options for Attackers

Denial of service attacks have been around since the Internet was commercialized and some of the largest attacks ever launched relied on DNS, making headlines. But every day a barrage of smaller DNS-based attacks take down targets and severely stress the DNS ecosystem. Although DNS servers are not usually the target of attacks they are often disrupted so attention from operation teams is required. There is no indication the problem is going away and attackers continue to innovate. more»

Deadline of April 10 to Apply For CARIS Workshop on Coordinating Response to Internet Attacks

You have just a couple of days to either complete a survey or submit a paper to join the "Coordinating Attack Response at Internet Scale (CARIS)" Workshop happening on June 19, 2015, in Berlin, Germany... If you are interested in helping improve the overall security and resilience of the Internet through increased communication between the groups responding to the large-scale attacks happening on the Internet every day, I would strongly encourage you to apply! more»

Why the 1# Vulnerability for Cyber Attacks Will Be Apathy

Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more»

Coordinating Attack Response at Internet Scale

How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won't survive for long as the network of networks grows ever larger. But it's not just the technology, it's also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create. more»

Hiding in the Firmware?

The most interesting feature of the newly-described "Equation Group" attacks has been the ability to hide malware in disk drive firmware. The threat is ghastly: you can wipe the disk and reinstall the operating system, but the modified firmware in the disk controller can reinstall nasties. A common response has been to suggest that firmware shouldn't be modifiable, unless a physical switch is activated. more»

IPv6 Security Myth #6: IPv6 is Too New to be Attacked

Here we are, half-way through this list of the top 10 IPv6 security myths! Welcome to myth #6. Since IPv6 is just now being deployed at any real scale on true production networks, some may think that the attackers have yet to catch up. As we learned in Myth #2, IPv6 was actually designed starting 15-20 years ago. While it didn't see widespread commercial adoption until the last several years, there has been plenty of time to develop at least a couple suites of test/attack tools. more»

A Cynic's View of 2015 Security Predictions - Part 4

Lastly, and certainly not the least, part four of my security predictions takes a deeper dive into mobile threats and what companies and consumer can do to protect themselves. If there is one particular threat category that has been repeatedly singled out for the next great wave of threats, it has to be the mobile platform -- in particular, smartphones... The general consensus of prediction was that we're (once again) on the cusp of a pandemic threat. more»

A Cynic's View of 2015 Security Predictions - Part 3

A number of security predictions have been doing the rounds over the last few weeks, so I decided to put pen to paper and write a list of my own. However, I have a quite a few predictions so I have listed them over several blog posts. After all, I didn't want to bombard you with too much information in one go! Part three examines the threats associated with data breaches. more»

A Cynic's View of 2015 Security Predictions - Part 2

Every year those in the security industry are bombarded with various cyber security predictions. There's the good, the bad and the ugly. Some predictions are fairly ground breaking, while others are just recycled from previous years -- that's allowed of course if the threats still stand. In part one of my predictions I looked at the malware threats, so let's take a look at big data and the cloud for part two. more»

A Cynic's View of 2015 Security Predictions - Part 1

Cyber security was a hot topic in 2014. It seemed not a week went by without details of a high profile data breach hitting the headlines. To recap, the Sony breach was one of the most notable, as was the Home Depot hack, while details of widespread security vulnerabilities such as Heartbleed, Shellshock and Poodle were also revealed. But what will 2015 bring? Will it be more of the same, or have cyber criminals got some new tricks up their sleeves? more»