Dyn DNS DDoS likely the work of script kiddies, says
FlashPoint
Business risk intelligence firm FlashPoint has put out a
preliminary analysis of last week’s massive denial of service attack against Dyn DNS,
and its conclusion is it was likely the
work of amateur hackers — rather than, as some had posited,
state-sponsored actors perhaps funded by the Russian government.
… Its reasoning is
based on a few factors, including a detail it unearthed during its
investigation of the attack: namely that the infrastructure used in the attack
also targeted a well-known video game company.
“While there does not appear to have been any disruption
of service, the targeting of a video game company is less indicative of
hacktivists, state-actors, or social justice communities, and aligns more with
the hackers that frequent online hacking forums,” writes FlashPoint’s Allison
Nixon, John Costello and Zach Wikholm in their analysis.
The attack on Dyn DNS was powered in part by a botnet of
hacked DVRs and and webcams known as Mirai. The source code for the malware that
controls this botnet was put on Github earlier this month. And FlashPoint also notes that the hacker
who released Mirai is known to frequent a hacking forum called
hackforums[.]net.
Can we use this to estimate what a large DDoS attack might
cost?
Government-Ordered Internet Shutoffs Cost $2.4 Billion Last
Year
Governments pay a significant price when they disrupt
access and connectivity to the Internet because such shutdowns undermine
economic growth, jeopardize lives, and erode confidence, Brookings Institution
said in a study.
… India suffered
the biggest impact valued over $968 million and North Korea was the lowest at
$313,666, according to the report. There
had been 14 shutdowns of national apps such as Twitter or Facebook, which was
the most costly type of disruption at $1.04 billion. There were 36 instances of nation-wide
internet access cutoff, making that the most frequent type of disruptions.
Interesting. This
has apparently been resolved, but consider what your organization’s reaction to
a seemingly random contact claiming your database is insecure might be. Read the full article.
RBS writes:
We need your help to contact an
organization that has thus far been unresponsive to numerous notifications that
we have sent about a discovered data breach! Read on to understand the issue and see how
you can help!
We know that we have become a bit
of a broken record when it comes to data breaches, and more specifically when it comes
to unsecured databases recently. It’s no
secret there are tens of thousands of open, unsecured
databases of all types and sizes just sitting out there on the Internet,
waiting to have their data plucked off, plundered or otherwise compromised by
anyone with the time and inclination to do so.
It was no surprise when our
researchers recently came across an open MongoDB installation containing data
on more than 8 million users. What was
surprising – and disappointing – is what has happened after the discovery.
Read more on RBS.
(Related)
What to Do When You Suspect a Data Breach: FTC Issues Video
and Guide for Businesses
by Sabrina
I. Pacifici on Oct 25, 2016
“If your business has experienced a data breach, you are
probably wondering what to do next. The
Federal Trade Commission’s new Data
Breach Response: A Guide for Business, an accompanying video and business blog can help you figure
out what steps to take and whom to contact. Among the key
steps are securing physical areas, cleaning up your website, and providing
breach notification. The guide also
includes a model data breach notification letter. For related advice on implementing a plan to
protect customer information and prevent breaches, check out the FTC’s Protecting
Personal Information: A Guide for Business and Start with Security: A
Guide for Business. The
guide and the video are both in the public domain, so business people can share
them with employees and customers, and through their websites and newsletters.”
Sage advice.
… If the end game
is preventing something bad from happening, companies typically waste time and
money on futile attempts to build an impenetrable wall of systems. Even if it were possible to build a wall
that’s 100% secure, it wouldn’t begin to protect the rapidly growing amount of
sensitive data that flows outside the firewall through devices and systems
beyond the company’s direct control.
It’s far more important to focus on two things:
identifying and protecting the company’s strategically important cyber assets
and figuring out in advance how to mitigate damage when attacks occur.
Resources for Ethical Hacking.
Data Leaked by Pagers Useful for Critical Infrastructure
Attacks
Pagers are still used in
industrial environments and many organizations don’t realize that the messages
sent with these devices can be highly useful to malicious actors looking to
launch a targeted attack.
After analyzing the use of
pagers in the healthcare industry, researchers at Trend Micro have
focused their attention on the risk they pose to industrial environments,
particularly in critical infrastructure sectors.
Industrial control systems (ICS) can rely on pagers to
transmit information that is crucial for the operation of a facility, including
events and deviations in the production process. Pagers are particularly popular as backup
communication systems and in areas where cellular coverage is weak.
The problem
is that the messages sent to these devices are typically unencrypted,
allowing anyone with the technical knowhow and some inexpensive equipment to
intercept the information.
If we can buy it, we don’t need a subpoena, right?
Nicky Woolf reports:
Telecommunications giant AT&T
is selling access to customer data to local law enforcement in secret, new
documents released on Monday reveal.
The program, called Hemisphere,
was previously known only as a “partnership”
between the company and the US Drug Enforcement Agency (DEA) for the purposes
of counter-narcotics operations.
Read more on The
Guardian.
IBM may have a winner here.
IBM expands Watson's reach with data platform, iOS
integration, bots, education efforts
The barrage of announcements comes as IBM hosts a Watson
conference in Las Vegas. IBM CEO Ginny
Rometty will use a keynote speech to outline the Watson portfolio, ecosystem
and customer base.
Discuss, debate, does no one educate?
The Political Environment on Social Media
by Sabrina
I. Pacifici on Oct 25, 2016
Pew – “In a political environment defined by widespread polarization and partisan animosity,
even simple conversations can go awry when the subject turns to politics. In their in-person interactions, Americans can
(and often do) attempt to steer clear of
those with whom they strongly disagree. But
online social media environments present new challenges. In these spaces, users can encounter
statements they might consider highly contentious or extremely offensive – even
when they make no effort to actively seek out this material. Similarly, political arguments can encroach
into users’ lives when comment streams on otherwise unrelated topics devolve
into flame wars or partisan bickering. Navigating
these interactions can be particularly fraught in light of the complex mix of
close friends, family members, distant acquaintances, professional connections
and public figures that make up many users’ online networks. A new Pew Research Center survey of
U.S. adults finds that political debate and discussion is indeed a regular fact
of digital life for many social media users, and some politically active users
enjoy the heated discussions and opportunities for engagement that this mix of
social media and politics facilitates. But
a larger share expresses annoyance and aggravation at the tone and content of
the political interactions they witness on these platforms…”
The war in streaming TV?
AT&T's new streaming TV service will give you 100+
channels for $35 a month
… The service will
debut in November.
DirecTV Now will be a package of live TV delivered over
the internet wherever you are — no cable box or satellite dish necessary.
… DirecTV Now's
$35 price point undercuts the early industry norms for live-streaming TV. The market leader Sling TV charges $20 for
"25+" channels, and its highest package has about 50 channels for
$40. Sony's PlayStation Vue charges
$54.99 for about 100 channels, and its lowest package gives you "60+"
channels for $39.99 a month. Other
competitors including Hulu and YouTube are reportedly readying their own
packages for streaming live TV but have yet to name a price.
… "It's pay
TV as an app," AT&T's senior vice president of strategy and business
development, Tony Goncalves, told
Business Insider in a recent interview.
No comments:
Post a Comment