UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013. This post is NOT related to the ongoing activity occuring July 16, 2013. Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more information available here.
Multiple organizations with domain names registered under Network Solutions suffered problems with their domain names today, as their DNS nameservers were replaced with nameservers at ztomy.com. The nameservers at ztomy.com were configured to reply to DNS requests for the affected domains with IP addresses in the range 126.96.36.199/24. Cisco observed a large number of requests directed at these confluence-network IP addresses. Nearly 5000 domains may have been affected based on passive DNS data for those IPs.
Traffic hits to 188.8.131.52/24
Read More »
Tags: dns, TRAC
Are you thinking about the evolving threat landscape? You should be. Each day, new vulnerabilities are found and new exploits are crafted. Attackers are becoming increasingly sophisticated, while industry trends such as cloud computing and mobility are rapidly expanding the attack surfaces. Your mobile device could act like a Trojan horse, passing right through your network perimeter. Or your compromised server could spread an infection to your most sensitive assets.
This is the first in a series of blog posts that focuses on how Cisco stays ahead of the latest security threats. Of course, to stay on top of something as fast changing and widespread as security threats, you need to understand them in great detail.
And that’s what the Cisco 2013 Annual Security Report (ASR) and Cisco Security Intelligence Operations (SIO) offer. Read More »
Tags: 2013 annual security report, analytics, cisco annual security report, Cisco Security Intelligence Operations, evolving threat landscape, infographic, intelligence graph
Back in the old days, when security was much more of an afterthought, it was obvious that miscreants were familiar with the principle of least effort. Information security was still in its Wild West days. Managed disclosure and patching did not really exist. Most companies were just coming to realize they would need to put some effort into securing their assets. I was tasked with most of the security deployments and forensic investigation at a startup hosting company. We had a lot of bandwidth (at the time) and a lot of poorly managed servers. You could watch our gateway and know when a new vulnerability was discovered in the underground. You could see miscreants scanning for a specific service in a specific network. Miscreants had done their homework, and knew where the vulnerable hosts resided. This targeting was efficient. Sure enough, hosts would start being compromised and a few days later some sort of official disclosure would happen detailing the vulnerability the miscreants had been scanning for. Read More »
Tags: botnet, brute force, Cisco Security, cisco sio, WordPress
On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 released an analysis of malware dubbed ‘KeyBoy,’ also exploiting unknown vulnerabilities in Microsoft Office, similarly patched by MS12-060, but allegedly targeting interests in Vietnam and India. The indicators of compromise (IoCs) listed by Rapid7 match some of the indicators of compromise listed previously by malwaretracker.com.
Read More »
Tags: sec, security research, targeted attacks, TRAC
Life is generally a lot easier when you have all the facts. Especially if those facts are actually accurate. Nowhere does this ring more true than in the life of an IT professional.
Often times a day in an IT shop is a lot like that grade school game of telephone where information gets passed down the line but gets distorted (or is just plain wrong) because no single player has the complete context. This scenario gets played out everyday in the IT infrastructure where siloed operations, monitoring and policy platforms only work from the information they possess. But that information is generally just a snapshot viewed through the bias of that system’s siloed purview. As a result, mistakes get made, security is substandard or perhaps even dysfunctional, and everything from configuration to event management and investigation takes far longer than it should. Net-net – time is wasted, costs increase, and many things still don’t work that well. Read More »
Tags: byod, Cisco ISE, Cisco Security, Identity Services Engine, MDM, platform exchange grid, pxGrid