Cybercrime

Blogs

Good Samaritans with Network Visibility

In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more»

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more»

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more»

It's Up to Each of Us: Why I WannaCry for Collaboration

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more»

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more»

8 Reasons Why Cybersecurity Strategy and Business Operations are Inseparable

In modern society, there is one fact that is unquestionable: The hyper-connectivity of the digital economy is inescapable. A financial institution without an online presence or omni-channel strategy will cease to be competitive. Universities (for-profit or non-profit) must develop and continuously evolve their online learning capabilities if they are to stay relevant. Online retailers are quickly outpacing and rendering their 'brick-and-mortar' counterparts irrelevant. more»

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more»

IoT Devices Will Never Be Secure - Enter the Programmable Networks

Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more»

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more»

Loudmouths Wanted for ICANN WHOIS Replacement Work

TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more»

EFF's Emerging Alignment With Offshore Internet Pharmacies

The last few years have been challenging ones for members of the Canadian International Pharmacy Association. First, in 2010, they lost their ability to advertise in the US search space after the US Department of Justice noted that many seemingly "Canadian" pharmacy websites "sell drugs obtained from countries other than Canada" when shipping medicines into the US, and major search advertising programs tightened their policies, effectively excluding CIPA's members from advertising in the US. more»

New Ad Fraud Schemes Utilize Alpha-Numeric Domains

The breach of the Democratic National Committee e-mail system and a massive digital advertising fraud believed to be run by alleged actors in Russia share a common thread beyond their ability to capture the news cycle. Although each event targeted a different weakness in brand/online security platforms, the common denominator is the use of fraudulent domain names. more»

Alliance for Safe Online Pharmacies Honors Leading Companies at ICANN

Last week the Alliance for Safe Online Pharmacies (ASOP Global; www.BuySafeRx.pharmacy) presented its inaugural Internet Pharmacy Safety E-Commerce Leadership Award to two organizations during the Generic Names Supporting Organization (GNSO) Joint Meeting of the Registries and Registrars Stakeholder Groups at ICANN58 in Copenhagen, Denmark, it was announced on Tuesday. more»

ICANN Complaint System Easily Gamed

ICANN's WDPRS system has been defeated. The system is intended to remove or correct fraudulently registered domains, but it does not work anymore. Yesterday I submitted a memo to the leadership of the ICANN At-Large Advisory Committee (ALAC) and the greater At-Large community. The memo concerns the details of a 214-day saga of complaints about a single domain used for trafficking opioids. more»

So Long, Farewell: The Worst DDoS Attacks of 2016

The year 2016 will go down in infamy for a number of reasons. It was the year an armed militia occupied an Oregon wildlife refuge, Britain voted to Brexit, an overarching event that will simply be referred to as The Election occurred, and Justin Bieber made reluctant beliebers out of all of us. 2016 was also the worst year on record for distributed denial of service (DDoS) attacks by a margin that can only be considered massive. more»

News Briefs

North Korea's Spy Agency Behind WannaCry

Canadian Internet Registration Authority Launches Cloud-Based DNS Firewall Service

Bell Canada Discloses Loss of 1.9 Million Email Addresses to Hacker, Says No Relation to WannaCry

WannaCry Ransomware Cyberattack Spreading to Countries Across the World, 45K Attacks Reported So Far

French Presidential Candidate Confirms Massive Hack, Emails Dumped Online Two Days Before Election

A Report on Cyber Espionage Activities of Pawn Storm Over the Past Two Years

Russia Hacker Sentenced to 27 Years in Prison by U.S. Federal District Court

UK Government Reports Nearly Half of Businesses Identified Cyber Security Breaches in the Past Year

New In-depth Analysis Finds Thousands of Domains Used in Technical Support Scams

IRS Reports Hackers Accessed Data of Up to 100,000 People via Financial Aid Site for Students

ISPs May Be Required to Remove Content, Shutdown Websites Under New EU-Wide Rules

Dark Web Reported to Have Shrunk by 85% Since Freedom Hosting II Downfall

New Cybersecurity Regulations in New York Go Into Effect

Hacked ICANN Data Still Selling on Black Market Years After Breach

Interpol's Michael Moran Receives 2017 M3AAWG Litynski Award

Microsoft's Brad Smith Calls for a 'Digital Geneva Convention' to Protect Civilians

Data Breaches Reported During 2016 Exposed Over 4.2 Billion Records

New Study Highlights Growing Risk, Lack of Urgency with Mobile and IoT Application Security

Former New York City Mayor Rudy Guliani Appointed to "Chair" Cyber Task Force

Ransomware Crime Bill Goes into Effect in the State of California

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Industry Updates

Participants – Random Selection