Secure By Design: Antidote for Dynamic Cyberthreats

There was an interesting twist to the recent distributed denial-of-service (DDoS) attack against domain name provider Dyn that plunged huge areas of North America and Europe into internet darkness. The perpetrators didn’t directly attack the servers of their ultimate target. Instead, they compromised 100,000 small, interconnected devices with weak default passwords, building an enormous botnet…

Explained: Domain-Generating Algorithms

Cybercriminals use domain-generating algorithms to prevent their servers from being blacklisted or taken down. A domain-generating algorithm (DGA) is a program or subroutine that provides malware with new domains on demand or on the fly. Kraken was the first malware family to use a DGA (in 2008) that we could find. Later that year, Conficker made…

BrandPost: A booming business: The rise of cybergangs

Cybergangs are modeling themselves on successful businesses, with often staggering results. Based on the world’s growing interconnectivity, experts estimate that the cost of cybercrime will exceed $6 trillion annually by 2021, due in part to the growth in cybergang activity. In a 2016 report, Europol attributed the continued growth of “crime-as-a-service” activities to the strengthened…

The year ransomware became one of the top threats to enterprises

On Feb. 5, employees at Hollywood Presbyterian Medical Center in Los Angeles, California, started having network access problems that prevented electronic communications. Over the next few days, they learned that the hospital was the victim of a ransomware attack that encrypted files on multiple computers. After several days during which staff had to resort to pen…

Google researchers help developers test cryptographic implementations

Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations. The company’s Project Wycheproof, which was released on GitHub, contains more than 80 test cases for widely used cryptographic algorithms, including RSA, AES-GCM, AES-EAX, Diffie-Hellman, Elliptic Curve Diffie-Hellman (ECDH), and the digital signature algorithm…

Ukraine Power Outage Possibly Caused by Cyberattack

In a statement published on its website on Sunday, Ukrenergo said the outage occurred on Saturday, near midnight, at the North (Petrivtsi) substation, causing blackouts in the capital city of Kiev and the Kiev region. Ukrenergo Acting Director Vsevolod Kovalchuk said workers switched to manual mode and started restoring power after 30 minutes. Power was…

Privacy groups complain to FTC over Google’s ‘deceptive’ policy change

Privacy groups have complained to the Federal Trade Commission that Google is encroaching on user privacy through a policy change in June that allows it to combine personally-identifiable information with browsing data collected by its DoubleClick digital advertising service. The complaint by Consumer Watchdog and Privacy Rights Clearing House alleged that Google has created “super-profiles”…