Recently in Web Security Category

I first met Dan Geer 10 years ago, after he debated Microsoft's Scott Charney on the "Microsoft Monoculture" at a USENIX event in Boston. I was just starting to write about security and the man intimidated me. His intellect and speaking style were light years beyond anything I had comprehended before. As a news reporter, you talk to a lot of police officers, firefighters and politicians who speak in plain, familiar terms. Dan Geer was something else entirely.

An old friend will deliver the first keynote of BSides Boston Friday: Jack Daniel, technical product manager at Tenable Network Security. His talk is called "Doomed to Repeat: InfoSec's Failure to Learn from the Past."

Bsides Boston 2014 -- scheduled for Friday and Saturday at the Microsoft New England Research & Development (NERD) Center -- promises to be another enlightening event. Akamai is a gold sponsor, and I'll be there both days. If you're thinking of going, here's the full agenda to consider:

Internet Explorer users take note: Microsoft issued an emergency security update yesterday to address a serious, widely-publicized vulnerability. Dustin C. Childs of Microsoft's Security Response Center announced the fix in a blog post yesterday.

Akamai released its Fourth Quarter 2013 State of the Internet Report last week. Security highlights include the following:

• DDoS traffic increased 23 percent quarter-over-quarter, up by 75 percent from fourth quarter 2012.
• Enterprise and commerce continued to be the industries targeted most frequently.
• China remained the top producer of attack traffic, growing to 43 percent of observed attack traffic.
• The United States also saw significant growth in observed attack traffic, while Indonesia's contribution continued to decline after spiking earlier in the year.
• Port 445 remained the most targeted port, growing once again and reaching 30 percent of observed attacks. The volume of attacks targeting Port 80 remained steady at 14 percent.

Akamai recently released the Prolexic Q1 2014 Global DDoS Attack Report. What follows are some of the key points, including a 114-percent increase in the average peak bandwidth of attacks.

• Download the full report HERE

Good news: I got another look at how well Akamai's security procedures work. 

The Akamai Prolexic Security Engineering & Response Team (PLXsert) has discovered a new tool attackers could use to target Microsoft Windows. The PLXsert advisory describes it this way:

The Storm kit is capable of infecting Windows XP (and higher) machines for malicious uses, including execution of DDoS attacks. Once a PC is infected, the Storm Network Stress Tester crimeware kit establishes remote administration (RAT) capabilities on the infected machine, enabling file uploads and downloads and the launching of executables, including four DDoS attack vectors.

A single PC infected by the new Storm crimeware kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. As a result, orchestrated botnet attacks pose a significant DDoS threat. In addition, the RAT capability enables a variety of malicious activity, including the infection of other devices.

The RAT capabilities provide criminals with an all-purpose crimeware platform that can be used for a variety of malicious activity, including the infection of other devices, the advisory says.

"Remote administration lets malicious actors take over a PC from a distance, even from another continent," said Stuart Scholly, senior vice president and general manager of Security at Akamai Technologies. "In the last year, we've seen a growing volume of cyber-attacks coming from Asia. The Storm kit seems to have been custom-designed to infect and control vulnerable Windows XP machines in China."

One PC infected by the kit can generate up to 12 Mbps of DDoS attack traffic with a single attack. The kit comes pre-programmed to launch four types of DDoS attacks at once, increasing the potential attack volume.

A free download of the full advisory is available here.

Akamai PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through digital forensics and post‐attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers and the security community.

By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.

This year, we decided to do something a little different to accompany the year-end State of the Internet Report. In addition to the analysis we do on the numbers for the world as a whole, we're breaking out a particular region to look at in more detail. Although it is not the target of the largest number of attacks, we chose Europe because, like the rest of the world, it is seeing a growing number of attacks.