<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:John Bambenek

Recent Posts

ThreatSTOP Premium Feed Spotlight Series: Level Up Your Protection with ThreatSTOP NOD, Powered By Farsight

One of the chief problems in cybersecurity is the inherent reactivity of most forms of defense. An attack has to be observed, analyzed and reverse-engineered. THEN, protection can be developed. This means attackers are successful, and inside environments, for a period of time before the attack is noticed, before the indicators for that attack can be extracted, and before a policy can be disseminated to stop it.

There has been a wide variety of research in recent years around this problem. How to speed up the cycle to recognize attacks and to potentially get out in front of attackers to block them before the attacks start. Both my own PhD research and other researchers have noticed that one attribute that is overwhelmingly an indicator of maliciousness in DNS is “newness,” that is to say, the newer a domain is, the more likely that it is bad. More importantly, when a domain is new and otherwise benign, it is rarely in meaningful use except by the organization that’s setting up whatever will go there.

Read More

Share this:

Hostile Domestic Surveillance & Security Automation: A Case Study

Photo Cred: Forbes

 

Last week, I had the pleasure of speaking at Virus Bulletin on the recent news of iPhone (first reported on by Google Project Zero) and Android (first reported on by Volexity) mobile malware being used to target Tibetans (as reported by Citizen Lab) and Uighur Muslims inside and outside the People’s Republic of China. Lots of great research is linked above and you should definitely read it.

Whenever events like these occur, researchers from many organizations are researching pieces of it. If you are interested in Chinese APT attacks against these groups, certainly take a look.

One of the most interesting things to me when looking into these attacks is the sophistication and persistence of the adversary. As vulnerabilities got patched, they reused what pieces they could from their attacks and discovered new vulnerabilities to maintain their ability to action on the surveillance objectives. Some of the tools used indicate relationships to other Chinese APT groups, and certainly these types of attacks could be used against truly foreign adversaries as well.

Read More

Share this:

US Heightens Online Attacks on Russian Power Grid: How DNS Can Protect Critical US Infrastructure

In retaliation for ongoing attacks against US interests and to be a deterrent against future cyberattacks, the United States has been penetrating Russian power and industrial systems according to recent reporting in the New York Times. There have been multiple articles about attacks on critical infrastructure and attempts to penetrate systems in this space. In the US, no breach has been reported to lead to a wide spread outage, but there has been an increasing level of concern.

Read More

Share this:

Quest Diagnostics Breach Exposes Millions: Highlights Importance of Automating Threat Intelligence & Security Layers

Quest Diagnostics, a large medical diagnostic and laboratory services provider, has been breached, potentially impacting tens of millions of patient records. In accordance with HIPAA, fines can range from $100 to $50,000, per record lost, if there was non-compliance. This means, at a minimum, Quest could be fined $1.2 billion dollars if they are found to have violated HIPAA. Increasingly, other regulatory regimes are imposing fines for lost records, as well. While we don’t yet know in detail how this happened, there are some important points to consider.

 

Read More

Share this:

How ThreatSTOP's Security Research Team Uses Data to Create Targets & Block Suspicious Traffic

One of the challenges in threat intelligence is taking the massive amount of data we have about the threat landscape and distilling it into its most relevant components. A huge part of the reason for growth in data science (and in cyber security specifically) is habitually struggling with too much information. (With some exceptions) With this roadblock, it’s a challenge to focus in on the data that’s truly relevant.

Read More

Share this:

Georgia Tech Data Breach: How to Keep Information Secure in Open University Environments

Georgia Tech recently notified almost 1.3 million people about a potential breach of sensitive data, and in some cases, including a social security number. Over a four month period, there was a vulnerable server that allowed people to enumerate records on a back-end database, allowing the exfiltration of sensitive information. While universities are seen as more open environments, they do have sensitive information they have to protect.

Read More

Share this:

How to Mitigate Microsoft Windows Zero-Days Exploiting Enterprises & Giving Attackers Control

 

On top of the RDP vulnerability out there, additional Microsoft Windows zero-days are out there, which can exploit enterprises and give attackers full system control. The RDP vulnerability had the potential to be used in a WannaCry like worm. 

Read More

Share this:

Recent Bank IP Address Spoofing Exposes Problem with How Some Threat Feeds Are Generated

Last week, Cyberscoop reported that someone was launching a scan of the entire internet using packets spoofed with a source address of major American banks. That event is interesting in its own right, and follows an occasional pattern by which attackers occasionally try to manipulate the automation our industry uses to protect against attackers.

Read More

Share this:

(Stay Alert) Inside E-Mail Compromise: What Small & Medium Businesses Need to Know

Recently, we were contacted regarding two different incidents of Business Email Compromise (BEC), where there was an attempt to redirect wire transfers from individuals to another bank account. One was successful and the victim lost six figures, one was interdicted because of an attentive individual who picked up the phone to ask, “Uh, are you sure this is right?” This kind of fraud is increasing and are more specifically targeted towards smaller firms and individuals trying to redirect high-dollar transactions.

Read More

Share this:

2020 Census Target of Security Threats & 3 Critical Factors to Know

As people start thinking about completing the upcoming United States census online, security concerns have emerged. While there are unique threats to the Census because of the impact it has on budgeting and government, these concerns tell us a great deal about the security concerns of doing business online.

Read More

Share this:

Home Page

ARCHIVES

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter