Cybersecurity

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

The Internet is Dead - Long Live the Internet

Back in the early 2000s, several notable Internet researchers were predicting the death of the Internet. Based on the narrative, the Internet infrastructure had not been designed for the scale that was being projected at the time, supposedly leading to fatal security and scalability issues. Yet somehow the Internet industry has always found a way to dodge the bullet at the very last minute. more»

Renewed Internet.nl Website: Modern Standards Need to be Used for a Free, Open and Secure Internet

Modern Internet Standards provide for more reliability and further growth of the Internet. But are you using them? You can test this on the Dutch website www.internet.nl (also available in English and Polish). Recently the website was renewed. Not only the style has been adapted, but also the way the tests are performed and the test results are shown. A lot of additional information has been added, so that even the tech savvy internet users can find an explanation underpinning the test results. more»

UDRP and the ACPA Differences, Advantages and Their Inconveniences

The ACPA and the UDRP provide two separate and distinct methods for resolving domain name disputes. Both alternatives have many critics and proponents, but the true value of each will ultimately be determined by how well each combats cyber-squatting. Separately, the UDRP and the ACPA will probably work well to defuse most of the cyber-squatting that is currently invading the Internet. If combined together the UDRP and the ACPA can be a cost saving and effective way to prevent cybersquatting... more»

No One is Immune: Qatar Crisis Started by a Targeted Poli-Cyber Attack

The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more»

APT: The Cancer Within

Unless you have a team employing the latest proactive threat-hunting techniques, the stealthy Advanced Persistent Threat (APT) hiding in your network can pass by completely unnoticed. There are as many definitions of APT as experts writing about the topic, so let's boil it down to the simple essentials: APTs are usually implanted and maintained by a team of malicious actors with the intention of living long term in your network while extracting valuable private information. more»

What Does Trump's Cuba Policy Memorandum Say About the Internet?

I recently reviewed Trump's Cuban policy speech and its implications for the Internet. The speech was accompanied by a national security memorandum on strengthening US-Cuba policy, which was sent to the Vice President, Cabinet Secretaries, and heads of various departments. The first thing that struck me about the memorandum was that it was a "national security" memorandum. Does Trump think Cuba poses a threat to our national security? more»

Phishing: the Worst of Times in the DNS

The Anti-Phishing Working Group has released its latest Global Phishing Survey, written by myself and Rod Rasmussen. This report comprehensively examines a large data set of more than 250,000 confirmed phishing attacks detected in 2015 and 2016. By analyzing this cybercrime activity, we have learned more about what phishers have been doing, and how they have done it. Unfortunately, there's more phishing than ever, and phishers are registering more domain names than ever. more»

June 8 Deadline for Survey on Recommendations for Future of the Internet

What do you think must be done to ensure the development of an open, trusted, accessible, and global Internet in the future? As part of the Internet Society's "Internet Futures" project, we'd like your input on recommendations for Internet leaders and policy makers. For more background, please read "Help Shape the Future of the Internet" by my colleague Constance Bommelaer, or browse through the Internet Futures pages. more»

Good Samaritans with Network Visibility

In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more»

Conventional Thinking Won't Work in New Era of ISIS & 'Unprecedented' Cyber & Non-Cyber Attacks

Conventional thinking or solutions will no longer work in the new era of ISIS and the 'Unprecedented' cyber and non-cyber attacks we live in today. Like it or not, everyone is impacted, and no one is immune. Whether you are an average citizen, a chairman or CEO of a multinational, or a government or academic institution leader, the questions to ponder are: Do you know what to do next? Do you know what the solution is? more»

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more»

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more»

It's Up to Each of Us: Why I WannaCry for Collaboration

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more»

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more»

8 Reasons Why Cybersecurity Strategy and Business Operations are Inseparable

In modern society, there is one fact that is unquestionable: The hyper-connectivity of the digital economy is inescapable. A financial institution without an online presence or omni-channel strategy will cease to be competitive. Universities (for-profit or non-profit) must develop and continuously evolve their online learning capabilities if they are to stay relevant. Online retailers are quickly outpacing and rendering their 'brick-and-mortar' counterparts irrelevant. more»

News Briefs

British Organizations Could Face Massive Fines for Cybersecurity Failures

British Security Researcher Credited for Stopping WannaCry Is Charged in a U.S. Cybercrime Case

U.S. Senators to Introduce IoT Security Bill

'Not the Best Time' for Proposed Russia-U.S. Cyber Unit, Says NSA Chief

U.S. Cyber Command to Split Off from NSA

Cloud Leak Exposes at least 14 Million Verizon Subscribers, Phone Numbers and Account PINs Included

U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey

U.S. Nuclear Power and Other Energy Companies Hacked by Russians According to Government Officials

U.S. Lawmakers Wary of Kaspersky Lab, the Russian Cybersecurity Firm

Governments Changing Censorship Tactics as More Websites Adopt HTTPS

Petya Ransomware Spreading Rapidly Worldwide, Effecting Banks, Telecom, Businesses, Power Companies

South Korean Banks Receive DDoS Threat from Hacker Group, Record Ransomware Payment Demanded

Cisco Introduces Intent-Based Network That Can Learn, Adapt and Mitigate Threats

Data on Nearly 200 Million Potential Voters in U.S. Found Fully Exposed

Chinese Scientists Have Built First Quantum Network With No Danger of Being Decrypted

FBI, DHS Release Technical Details on North Korea’s DDoS Botnet Infrastructure

Microsoft Releases Patches to Fix Close to a Hundred Flaws, Including for Unsupported Windows XP

Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware

Canadian Internet Registration Authority Launches Cloud-Based DNS Firewall Service

NTIA Issues RFC, Asks for Input on Dealing With Botnets and DDoS Attacks

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Verisign has qualified for the Online Trust Alliance's (OTA) 2017 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fifth consecutive year that Verisign has received this honor. ›››

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Verisign has released its latest DDoS Trends Report for the first quarter of this year representing a unique view into the attack trends unfolding online. ›››

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign has just released Q4 2016 DDoS Trends Report providing a unique view into the attack trends unfolding online through observations and insights derived from distributed denial of service (DDoS) attack mitigations, enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign iDefense Intelligence Services. ›››

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Verisign has released its Q3 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Defending Against Layer 7 DDoS Attacks

Layer 7 attacks are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify. Verisign's recent trends show that DDoS attacks are becoming more sophisticated and complex, including an increase in application layer attacks. ›››

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Verisign today released its Q2 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services, and research conducted by Verisign iDefense Security Intelligence Services. ›››

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign is pleased to announce that it has qualified for the Online Trust Alliance's (OTA) 2016 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. ›››

Industry Updates

Participants – Random Selection