Avatar

Martin Lee

EMEA Lead, Strategic Planning & Communications

Cisco Talos

A licenced Chartered Engineer and EMEA lead within Talos, the threat intelligence and threat response group of Cisco. Author of "Cyber Threat Intelligence", a comprehensive text book on the subject. Please visit my author profile.

Articles

March 20, 2014

SECURITY

Coordinated Website Compromise Campaigns Continue to Plague Internet

3 min read

This post is co-authored with Levi Gundert and Andrew Tsonchev. Update 2014-03-21: For clarity, the old kernel is a common indicator on the compromised hosts. We are still investigating the vulnerability, and do not yet know what the initial vector is, only that the compromised hosts are similarly ‘old’. Update 2014-03-22: This post’s focus relates […]

March 4, 2014

SECURITY

Big Data Ecosystem Challenges

4 min read

Information security is one of the largest business problems facing organisations. Log data generated from networks and computer systems can be aggregated, stored, and analysed to identify where misuse occurs. The enormous amount of data involved in these analyses is beyond the capability of traditional systems and requires a new, big data approach. Given the […]

February 25, 2014

SECURITY

Trust but Verify and Verify and Verify Again

4 min read

Two recent disclosures show that often the weaknesses in cryptography lie not in the algorithms themselves, but in the implementation of these algorithms in functional computer instructions. Mathematics is beautiful. Or at least mathematics triggers the same parts of our brain that respond to beauty in art and music [1]. Cryptography is a particularly beautiful […]

January 8, 2014

SECURITY

Are Third Parties Your Greatest Weakness?

2 min read

There are many advantages in outsourcing functions to specialist providers that can supply services at lower cost and with more functionality than could be supplied in-house. However, companies should be aware that when buying services, you may also be buying risk. Organisations that have successfully implemented strategies to reduce the probability of experiencing a breach, […]

December 2, 2013

SECURITY

“Feliz Natal” – Bank Theft by Proxy.

1 min read

Proxy auto-config or PAC files are commonly used by IT departments to update browser settings so that internet traffic passes through the corporate web gateway. The ability to redirect web traffic to malicious proxy servers is particularly attractive for malicious actors since it gives them a method of intercepting and modifying traffic to and from […]

November 20, 2013

SECURITY

Christmas Packets: Web Browsing and the Festive Period

4 min read

The web browsing behaviour of users changes as the end of the year approaches. The holiday season can provide a large distraction from work duties that may need to be managed. Equally, even during periods when the office is closed, there will be some individuals who cannot resist accessing work systems. Managing these changes in […]

November 19, 2013

SECURITY

Don’t Click Tired

2 min read

As the day draws to a close, and especially during the early morning, users become far more likely to click on links that lead to malware. Those responsible for network security need to ensure that users’ awareness of information security continues after work hours, so that users “don’t click tired.”

August 23, 2013

SECURITY

Crumbling to the Cookiebomb

2 min read

Recently we have seen a spate of government websites hosting malicious Cookiebomb JavaScript. We have observed URLs with the top level domains such as ‘.gov.uk’, ‘.gov.tr’, ‘.gov.pl’ and the website of a middle eastern embassy in the US become compromised and expose visitors to malware infection. For malicious actors, highly reputable websites are a valuable […]

August 15, 2013

SECURITY

The Highs and Lows of the Pump and Dump Scam

3 min read

The Internet remains an environment where it is important to keep your wits. The recent indictment of nine individuals on stock fraud charges reminds us that the pump and dump scam continues to be perpetrated [1][2]. Stock spam emails were particularly prevalent during the mid-2000’s, with these messages reportedly comprising 15% of all spam in […]

August 8, 2013

SECURITY

DNS Compromise Distributing Malware

3 min read

DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over […]

July 29, 2013

SECURITY

Security Implications of Cheaper Storage

3 min read

An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess […]

July 22, 2013

SECURITY

July, a Busy Month for Breaches

4 min read

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords […]

June 27, 2013

SECURITY

Expiring Albert: Recycling User IDs and the Impact on Privacy

4 min read

Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts that occupy desirable user IDs but which are never used by their users. Presumably the user IDs have been registered by someone, used on a couple of occasions, and then forgotten about. Expiring and recycling […]