An old friend will deliver the first keynote of BSides Boston Friday: Jack Daniel, technical product manager at Tenable Network Security. His talk is called "Doomed to Repeat: InfoSec's Failure to Learn from the Past."
Get In Touch
Recently by Bill Brenner
Internet Explorer users take note: Microsoft issued an emergency security update yesterday to address a serious, widely-publicized vulnerability. Dustin C. Childs of Microsoft's Security Response Center announced the fix in a blog post yesterday.
Akamai released its Fourth Quarter 2013 State of the Internet Report last week. Security highlights include the following:
- DDoS traffic increased 23 percent quarter-over-quarter, up by 75 percent from fourth quarter 2012.
- Enterprise and commerce continued to be the industries targeted most frequently.
- China remained the top producer of attack traffic, growing to 43 percent of observed attack traffic.
- The United States also saw significant growth in observed attack traffic, while Indonesia's contribution continued to decline after spiking earlier in the year.
- Port 445 remained the most targeted port, growing once again and reaching 30 percent of observed attacks. The volume of attacks targeting Port 80 remained steady at 14 percent.
Akamai recently released the Prolexic Q1 2014 Global DDoS Attack Report. What follows are some of the key points, including a 114-percent increase in the average peak bandwidth of attacks.
The Akamai Prolexic Security Engineering & Response Team (PLXsert) has discovered a new tool attackers could use to target Microsoft Windows. The PLXsert advisory describes it this way:
The Storm kit is capable of infecting Windows XP (and higher) machines for malicious uses, including execution of DDoS attacks. Once a PC is infected, the Storm Network Stress Tester crimeware kit establishes remote administration (RAT) capabilities on the infected machine, enabling file uploads and downloads and the launching of executables, including four DDoS attack vectors.
A single PC infected by the new Storm crimeware kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. As a result, orchestrated botnet attacks pose a significant DDoS threat. In addition, the RAT capability enables a variety of malicious activity, including the infection of other devices.
The RAT capabilities provide criminals with an all-purpose crimeware platform that can be used for a variety of malicious activity, including the infection of other devices, the advisory says.
"Remote administration lets malicious actors take over a PC from a distance, even from another continent," said Stuart Scholly, senior vice president and general manager of Security at Akamai Technologies. "In the last year, we've seen a growing volume of cyber-attacks coming from Asia. The Storm kit seems to have been custom-designed to infect and control vulnerable Windows XP machines in China."
One PC infected by the kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. The kit comes pre-programmed to launch four types of DDoS attacks at once, increasing the potential attack volume.
A free download of the full advisory is available here.
Akamai PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through digital forensics and post‐attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers and the security community.
By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
- A program manager for InfoSec;
- A senior manager for Enterprise Security;
- A security architect for Adversarial Resilience; and
- A principal application software engineer for the Security Products Group.