Cyberattack

Cyberattack / Most Viewed

DDoS Mitigation: A Blend of Art and Science

As DDoS attacks become larger, more frequent and complex, being able to stop them is a must. While doing this is part science, a matter of deploying technology, there is also an art to repelling sophisticated attacks. Arbor Networks, Citrix and others make great gear, but there's no magic box that will solve all your problems for you. Human expertise will always be a crucial ingredient. more»

The Economics of Magic

Arthur C. Clarke said any sufficiently advanced technology is indistinguishable from magic. Milton Friedman said there's no such thing as a free lunch. The validity of the former statement does not invalidate the later. From this we can see that even magic has a price. Hence, its application is subject to cost-benefit analysis. There are many developing technologies that may eventually qualify as magic. more»

Obama to Introduce Cybersecurity Proposal

Declan McCullagh reports in CNet News: "The White House today sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities. This proposal seems designed to prod the legislative branch to enact some variety of cybersecurity legislation..." more»

New Ways Cybercriminals are Thwarting Security

M86 Security today released it's bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: "This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for 'covering their tracks' are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today." more»

Yahoo's 1 Billion Accounts Hacked is a Chilling Warning: Start Doing Things Differently or Die

Today, this is how easily "TRUST" by your users/customers can be shattered, your revenues devastated, your share value plunged into the abyss, and your business destroyed. Furthermore, conventional thinking belongs only in university libraries, not in board rooms. It is time to seriously consider other innovative Out-Of-The-Box Solutions and doing things differently, or start writing your business obituary. more»

Can Big Companies Stop Being Hacked?

The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more»

Report to US Congress: China "Hijacked" 15% of Global Internet Traffic for 18 Minutes

Heidi Blake reporting in the Telegraph: "China 'hijacked' 15 per cent of the world's internet traffic for 18 minutes earlier this year, including highly sensitive email exchanges between senior US government and military figures, a report to the US Congress said. The incident has raised fears that China may have harvested highly-sensitive information from re-routed emails." more»

Password Leaks

The technical press is full of reports about the leak of a hashed password file from LinkedIn. Worse yet, we hear, the hashes weren't salted. The situation is probably both better and worse than it would appear; in any event, it's more complicated. more»

Google Blames DNS for Website Defacements in Uganda, Morocco and Kenya This Week

Domain Name System (DNS) insecurity caused the defacing of Google Web sites in Uganda and Morocco, according to a Google spokesperson. Earlier this week, both Google Uganda and Google Morocco were redirecting traffic to different sites... more»

14 ISPs in Netherlands Serving 98% of Consumers Form Anti-Botnet Treaty

Last month 14 ISPs in Netherlands serving 98 percent of the consumer market initiated a joint effort to fight against malware-infected computers and botnets. The effort includes: Exchange of information within the coalition; Quarantine of infected computers; and notification of end-users by their ISP. Gadi Evron over at Dark Reading reports: "In recent years, bot-infected computers have been a growing problem for end-user ISPs as more and more resources are being wasted, and not paid for. And the growing global threat of DDoS attacks and other security concerns have shown ISPs that in order to get help in case of DDoS attack, they need to be a more friendly and reputable service themselves." more»

Can We Really Blame DNSSEC for Larger-Volume DDoS attacks?

In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more»

US, India Sign Cybersecurity Agreement

The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity, according to U.S. Department of Homeland Security. "The MOU was signed in New Delhi by Jane Holl Lute, Deputy Secretary for the U.S. Department of Homeland Security (DHS) and R. Chandrashekhar, Secretary, India Department of Information Technology." more»

Multi-Layer Security Architecture - Importance of DNS Firewalls

In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more»

Hosters: Is Your Platform Being Used to Launch DDoS Attacks?

As anyone who's been in the DDoS attack trenches knows, large multi-gigabit attacks have become more prevalent over the last few years. For many organizations, it's become economically unfeasible to provision enough bandwidth to combat this threat. How are attackers themselves sourcing so much bandwidth? more»

Former DHS Chief Teaming Up With Insurance Giant Lloyd's of London to Sell Cyber Insurance

Cyberattacks like the ones that hit JPMorgan Chase, Home Depot and Target only seem to be getting worse, and former Homeland Security Secretary Tom Ridge has one way for companies to protect themselves. more»

Industry Updates