Most malware is often delivered from otherwise legitimate sites. Sometimes this occurs via compromising existing websites, but more often than not, it is by using existing advertising networks as a means to ultimately deliver malware. Quite simply, the attacker buys impressions via existing channels and uses a variety of malvertising tricks to either directly compromise the web browser, or at the least trick the user to installing the malware. This specialized form of malware delivery requires a specialized collection methodology to detect such attacks.Read More
One of the chief problems in cybersecurity is the inherent reactivity of most forms of defense. An attack has to be observed, analyzed and reverse-engineered. THEN, protection can be developed. This means attackers are successful, and inside environments, for a period of time before the attack is noticed, before the indicators for that attack can be extracted, and before a policy can be disseminated to stop it.
There has been a wide variety of research in recent years around this problem. How to speed up the cycle to recognize attacks and to potentially get out in front of attackers to block them before the attacks start. Both my own PhD research and other researchers have noticed that one attribute that is overwhelmingly an indicator of maliciousness in DNS is “newness,” that is to say, the newer a domain is, the more likely that it is bad. More importantly, when a domain is new and otherwise benign, it is rarely in meaningful use except by the organization that’s setting up whatever will go there.Read More
Since April of this year, news of a rapidly evolving crypto mining malware, dubbed Roaming Mantis, has hit the cyber news headlines. Roaming Mantis debuted with a DNS hijacking attack vector, infecting android running machines. Once installed, the malware redirected infected devices to phishing sites by spoofing legitimate applications, while using the stolen credentials to run a crypto mining script on PCs.Read More
As we’re approaching the holiday season, so many are heavily relying on the internet for their shopping. With fewer than 50 online shopping days until Christmas, pressure to bargain hunt is skyrocketing, with retailers gearing up to make tempting offers on those dream items. However, it's not just the online retailers gearing up to take your money, the online criminals are, too.Read More