January 2014 started with a bang, with one in every 191 web requests resulting in a web malware encounter. The Cisco Computer Security Incident Response Team (CSIRT) observed this same trend, witnessing a 200% increase in web malware encounters experienced by Cisco employees for the month. Overall, January 1, 25, and 26 were the highest risk days for encountering web delivered malware. In the chart below, the lower the number, the higher the risk of encounters. Still, with a median encounter rate of 1:375 requests, every day of January 2014 represented significant risk for web browsing.
Information security is one of the largest business problems facing organisations. Log data generated from networks and computer systems can be aggregated, stored, and analysed to identify where misuse occurs. The enormous amount of data involved in these analyses is beyond the capability of traditional systems and requires a new, big data approach. Given the right tools, skills and people, security teams can take advantage of big data analysis to quickly identify malicious activity and remediate attacks. Together, the big data platforms, the administration tools, analysis tools, skilled analysts, and pressing problems form an evolving ecosystem driving innovation. It would be a mistake to believe that this ecosystem is not without its challenges.
Read More »
Two recent disclosures show that often the weaknesses in cryptography lie not in the algorithms themselves, but in the implementation of these algorithms in functional computer instructions. Mathematics is beautiful. Or at least mathematics triggers the same parts of our brain that respond to beauty in art and music . Cryptography is a particularly beautiful implementation of mathematics, a way of ensuring that information is encoded in such a way so that it can only be read by the genuine intended recipient. Cryptographically signed certificates ensure that you are certain of the identity of the person or organisation with which you are communicating, and cryptographic algorithms ensure that any information you transfer cannot be read by a third party. Although the science of cryptography is solid, in the real world nothing is so easy.
Read More »
The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at firstname.lastname@example.org for speaker engagements. The event already has an exciting preliminary program covering:
- Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious Actors
- Beyond Zone File Access: Discovering interesting Domain Names Using Passive DNS
- DNStap: High speed DNS logging without packet capture
- CVSS v3 – This One Goes to 11
- Securing the Internet Against DDoS Attacks
- Threat Actor Techniques
- Mitigating Attacks Targeting Administrator Credentials in the Enterprise
- Hardware: The root of trust in the cloud
- Targeted attack case study
- What does an enterprise monitor for targeted attacks? -- CSIRT Playbook II
- Security uses for hadoop & big data
- Using HBASE for Packet capture
And many more current issues facing the incident response community. Learn how organizations operationalize intelligence to mitigate and detect advanced threats.
The event’s line-up includes so far already notables from Cisco Security Intelligence Operations (SIO), Symantec, Vrije Universiteit Amsterdam and Farsight. Looking forward to A great TC!
Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence playbook to detect attack pre-cursors and attacks in progress. Read More »