DDoS Archives

DDoS

Cisco: Internet of Things Tips Scales In Favor Of Bad Guys?

April 27, 2014 Paul Roberts

A week from this Wednesday, the Security Ledger is hosting The Security of Things Forum: a day-long event in Cambridge, Massachusetts, that will explore the challenges of securing a global network of hundreds of billions of Internet connected devices. [Register here for The Security of Things Forum – Security and Internet of Things: May 7, Cambridge, MA] One of the big issues that we’ll be tackling is how the Internet of Things (or IoT) changes the security paradigm for enterprises and other large, IT-dependent organizations. Needless to say: the corporate network environment of 2020 won’t bear much resemblance to the network of 2000. But what kinds of tools and technologies will be needed to secure that environment and identify threats to the data stored on it? What security tools and strategies will go the way of the typewriter? What areas will require more investment? So far, the focus of discussions about IoT […]

History Suggests Heartbleed Will Continue To Beat

April 16, 2014 Paul Roberts

The SANS Internet Storm Center dialed down the panic on Monday, resetting the Infocon to “Green” and citing the increased awareness of the critical OpenSSL vulnerability known as Heartbleed as the reason. Still, the drumbeat of news about a serious vulnerability in the OpenSSL encryption software continued this week. Among the large-font headlines: tens of millions of Android mobile devices running version 4.1 of that mobile operating system (or “Jelly Bean”) use a vulnerable version of the OpenSSL software. Also: more infrastructure and web application players announced patches to address the Heartbleed vulnerability. They include virtualization software vendor VMWare, as well as cloud-based file sharing service Box. If history is any guide: at some point in the next week or two, the drumbeat will soften and, eventually, go silent or nearly so. But that hardly means the Heartbleed problem has gone away. In fact, if Heartbleed follows the same […]

Perverse Security Incentives Abound In Mobile App Space

March 24, 2014 Paul Roberts

Security problems abound in the mobile device space – and many of them have been well documented here and elsewhere. While mobile operating systems like Android and iOS are generally more secure than their desktop predecessors, mobile applications have become a major source of woe for mobile device owners and platform vendors. To date, many of the mobile malware outbreaks have come by way of loosely monitored mobile application stores (mostly in Eastern Europe and Russia). More recently, malicious mobile ad networks have also become a way to pull powerful mobile devices into botnets and other malicious online schemes. But my guests on the latest Security Ledger podcast point out that mobile application threats are poised to affect much more than just mobile phone owners. Jon Oberheide, the CTO of DUO Security and Zach Lanier, a researcher at DUO, note that mobile OS platforms like Android are making the leap […]

Cisco Survey: 100% of Fortune 500 Hosting Malware?

January 16, 2014 Paul Roberts

If you’re working in IT at a Fortune 500 firm, Cisco Systems has some unwelcome news: you have a malware problem. According to the 2013 Annual Security Report from the networking giant, 100 percent of 30 Fortune 500 firms it surveyed sent traffic to Web sites that host malware. Ninety-six percent of those networks communicated with hijacked servers operated by cyber criminals or other malicious actors and 92 percent transmitted traffic to Web pages without content, which typically host malicious activity. “It was surprising that it was 100 percent, but we know that it’s not if you’re going to be compromised, but when,” said Levi Gundert, a technical lead in Cisco’s Threat Research, Analysis and Communications (TRAC) group in an interview with The Security Ledger. Among the high points (or low points) in Cisco’s Report: Cisco observed the highest number of vulnerabilities and threats on its Intellishield alert service in the 13 years […]

Mobile Devices Taking Part In Enterprise DDoS Attacks?

January 14, 2014 Paul Roberts

Mobile phones have long been on the radar for enterprises concerned about data loss and the spread of malicious code. But a report from the firm Prolexic suggests that they may also be taking part in massive denial of service (DoS) attacks against enterprise networks. The firm Prolexic said that data it collected in the final quarter of 2013 suggests that mobile devices are playing a growing role in distributed DoS (or DDoS) attacks against the firm’s enterprise customers. “Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use,” said Stuart Scholly, president of Prolexic, in a statement. [Read more Security Ledger coverage of Denial of Services Attacks.] Infecting unwitting victims with a malicious program is a common method used by botnet operators whose platforms are behind many large-scaled DDoS attacks. But Scholly said that mobile devices and mobile DDoS […]