The future of DNS security: From extremes to a new equilibrium

In anticipation of his keynote at HITB Security Conference 2020 in Amsterdam, we talked to internet pioneer Dr. Paul Vixie, Farsight Security Chairman and CEO. Dr. Vixie was inducted into the internet Hall of Fame in 2014 for work related to DNS and an… Continue reading The future of DNS security: From extremes to a new equilibrium

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers. Continue reading A Deep Dive on the Recent Widespread DNS Hijacking Attacks

SIE Europe: Data sharing initiative to combat cybercrime launches

SIE Europe emerged from stealth mode to launch an initiative to enable European organisations to contribute and share Internet data. This consortium advances the detection and mitigation of phishing, malware and other targeted cyberattacks against thei… Continue reading SIE Europe: Data sharing initiative to combat cybercrime launches

Preventing IDN homograph attacks from harming your brand/reputation

Phishing is, by and large, the most often used attacker tactic to trick victims into sharing useful information such as login credentials. More often than not, that means directing them to spoofed login web pages posing as the real deal. Before the adv… Continue reading Preventing IDN homograph attacks from harming your brand/reputation

How criminals abuse IDNs to conduct malicious activities

New research from Farsight Security examines the prevalence and distribution of IDN lookalike domain names, also called homographs, over a 12-month period with a focus on 466 top global brands across 11 vertical sectors ranging from banking to retail t… Continue reading How criminals abuse IDNs to conduct malicious activities

99 percent of domains are not protected by DMARC

Essentially every global domain is vulnerable to phishing and domain name spoofing. A new report incorporates data from Agari, revealing that 90 percent of its customers have been targeted by domain name fraud. Insight from the Farsight Security indica… Continue reading 99 percent of domains are not protected by DMARC

Got Robocalled? Don’t Get Mad; Get Busy.

Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who chose to hang on the line and see where one of these robocalls led him, I decided to dig deeper. This is the story of that investigation. Hopefully, it will inspire readers to do their own digging and help bury this annoying and intrusive practice. Continue reading Got Robocalled? Don’t Get Mad; Get Busy.

Inside a Porn-Pimping Spam Botnet

For several months I’ve been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I’ve unearthed so far to see if this dovetails with any other research out there.

In late October 2016, an anonymous source shared with KrebsOnSecurity.com a list of nearly 100 URLs that — when loaded into a Firefox browser — each displayed what appeared to be a crude but otherwise effective “counter” designed to report in real time how many “bots” were reporting in for duty.

Here’s a set of archived screenshots of those counters illustrating how these various botnet controllers keep a running tab of how many “activebots” — hacked servers set up to relay spam — are sitting idly by and waiting for instructions. Continue reading Inside a Porn-Pimping Spam Botnet

Tor’s ex-director: ‘The criminal use of Tor has become overwhelming’

Nearly two years to the day since Andrew Lewman quit his job as executive director of Tor, the anonymity software meant to shield users from government intervention, he found himself rushing between meetings with European law enforcement. Boosted by endorsements from internet activists like Julian Assange and Edward Snowden, Lewman had been at the helm of Tor as it became synonymous with internet user privacy. Now, as the newly minted vice president of dark web intel firm OWL Cybersecurity, his meetings with governments have gone from educating officials on how people use Tor to helping law enforcement investigate criminal activity occurring on Tor. As Lewman spoke to CyberScoop last month in between two of those meetings, it became clear that his perspective on the software has shifted. “What’s changed most about Tor is the drug markets have taken over,” Lewman said. “We had all these hopeful things in the beginning but ever since Silk Road has proven you […]

The post Tor’s ex-director: ‘The criminal use of Tor has become overwhelming’ appeared first on Cyberscoop.

Continue reading Tor’s ex-director: ‘The criminal use of Tor has become overwhelming’

Tracing Spam: Diet Pills from Beltway Bandits

Reading junk spam messages isn’t exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here’s the simple story of how a recent spam email advertising celebrity “diet pills” was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities. Continue reading Tracing Spam: Diet Pills from Beltway Bandits