Cyberattack

Cyberattack / Most Viewed

Romney Emails Hacked

US presidential candidate Mitt Romney will likely be reconsidering his email passwords after his online email account was reportedly hacked. A hacker claims to have accessed Romney's Hotmail and Dropbox accounts after guessing the answer to the Republican candidate's 'favourite pet' security question. It's suspected Romney used the same password for more than one account. more»

SEC Asks Companies to Disclose Cyberattacks

I came across an interesting article on Reuters today: "U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes..." This is a pretty big step for the SEC. Requiring companies to disclose when they have been hacked shifts the action on corporations from something voluntary to something that they have to do. The question is do we want to hear about everything? more»

Asia, Europe Top the Charts on Conficker Worm Infections

Amidst hype and anticipation of the Conficker worm which is expected to become active in millions of Windows system within the next few hours, IBM Internet Security Systems team reports they have been able to locate infected systems across the world by reverse-engineering the communications mechanisms. Holly Stewart, X-Force Product Manager at IBM Internet Security Systems, writes: "... the details are still unfolding, but we can tell you from a high level where most infections are as of today. Asia tops the charts so far. By this morning, it represented nearly 45% of all of the infections from our view. Europe was second at 31%. The rest of the geographies held a much smaller percentage overall." more»

US Homeland Security Still Without Cybercrisis Plan

When the U.S. Department of Homeland Security was created, it was supposed to find a way to respond to serious "cybercrises." "The department will gather and focus all our efforts to face the challenge of cyberterrorism," President Bush said when signing the legislation in November 2002. More than six years later, and after spending more than $400 million on cybersecurity, DHS still has not accomplished that stated goal. "We need to have a plan tailored for a cybercrisis," DHS Secretary Michael Chertoff said on Thursdaymore»

U.S. Now Leading Source of Attack Traffic, Followed by China and Russia

The U.S. became the top attack traffic source in the second quarter of 2010, accounting for 11% of observed attack traffic in total, reports Akamai in its State of the Internet Report released today. According to the report, China and Russia held the second and third place spots, accounting for just over 20% of observed attack traffic. Attack traffic from known mobile networks has been reported to be significantly more concentrated than overall observed attack traffic, with half of the observed mobile attacks coming from just three countries: Italy (25%), Brazil (18%) and Chile (7.5%). more»

ZeuS Botnet Takes a Hit But Already on the Rebound

Brian Krebs reporting in Krebs on Security: "Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world's most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound..." more»

ITU Putting Global Cyber Security on Top of Its Agenda

Lisa Schlein of the Voice of America reports: "A new system for tackling the growing number of Global Cyber Attacks has been unveiled at ITU Telecom World 2009, a mammoth exhibition, which showcases the latest advances in ICT or information and communications technology. The International Telecommunications Union, which is sponsoring the event, has put global cyber security at the heart of its agenda. 'As you well know, the next world war could happen in the cyber space and that would be a catastrophe,' said ITU secretary-general, Hamdoun Toure." more»

Google Launches 'Project Shield': Anti-DDoS Service to Protect Free Expression Online

Google today announced an initiative called "Project Shield", aimed at using its infrastructure to protect free expression online. "The service currently combines Google's DDoS mitigation technologies and Page Speed Service (PSS), which allow websites to serve their content through Google to be better protected from DDoS attacks." Google is currently seeking "trusted testers" and people with sites that serve media, elections and human rights-related content. more»

Network Security: How Attackers Gain Access from Inside

Most people - mistakenly - believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a "pivot-and-attack." more»

When You Hear "Security," Think "National Sovereignty"

These days you can hardly talk about Internet governance without hearing about security. DNSSEC is a hot issue, ICANN's new president is a cyber-security expert, and cyberattacks seem to be a daily occurrence.
This reflects a larger shift in US policy. Like the Bush administration before it, the Obama administration is making security a high priority for the US. Only now the emphasis is on security in cyberspace. The outlines of the new policy were published in the recent US Cyberspace Policy Review, which even recommends a cyber security office directly in the White House. more»

Cyberattacks on Estonia Further Explored

The distributed denial of service (DDoS) attack that brought down most of Estonia's internet infrastructure a few months ago, has been explored by Joshua Davis in a recent story at the Wired Magazine. "In the coming months, commentators around the world would look back at this moment and debate its significance. But for Aaviksoo, the meaning was clear. This was not the first botnet strike ever, nor was it the largest. But never before had an entire country been targeted on almost every digital front all at once, and never before had a government itself fought back..." more»

DNS Troubles at the U.S. National Security Agency

DNS server problems at the U.S. National Security Agency have knocked the secretive intelligence agency site offline for several hours. Reports suggest various possible reasons including an internal routing problem of some sort on their side or errors in firewall or ACL [access control list] policy. Other possibilities are speculated to be a technical glitch or a hacking incident. The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks -- the outage is an embarrassment for the agency. more»

Cyberattackers Targeting Iranian Infrastructure and Communications Companies

Internet based attacks have targeted Iranian infrastructure and communications companies, disrupting Internet access across the country, according to today's reports. Country's secretary of the High Council of Cyberspace, has been quoted telling the Iranian Labour News Agency: "Yesterday we had a heavy attack against the country's infrastructure and communications companies which has forced us to limit the Internet. ... Presently we have constant cyber attacks in the country." more»

Best Practices for Implementing IPv6 and Avoiding Traffic Exposures

There has been a lot of discussion lately about the potential for IPv6 to create security issues. While there are definitely some security risks of IPv6 deployment, a carefully considered implementation plan can help mitigate against security risks. As we approach World IPv6 Launch tomorrow, I thought it prudent to share the below described incident that iDefense recently observed. more»

Obama: From Now On Digital Infrastructure Treated As Strategic National Asset

In a speech today from the White House, President Obama declared that the United States' computers and digital networks are strategic national assets and that he will personally appoint a cybersecurity coordinator to oversee the effort to protect this critical infrastructure. more»