WannaCry: views from the DNS frontline

By Yuriy Yuzifovich, Head of Data Science & Security Research &
Yohai Einav, Principal Security Researcher


Onion

Posted on May 15, 2017

As the investigation of the WannaCry ransomware keeps evolving, more evidence is revealed and more theories are suggested. While analyzing the DNS and HTTP traffic of domains and clients involved in WannaCry we made several useful discoveries, which may shed some additional light on this cybercrime.

Read more

The (DDoS) Attack on French Media

By Yohai Einav, Principal Security Researcher


DDos attack French service provider

Posted on May 11, 2017

A recent DDoS attack against Cedexis, a French service provider, caused many prominent French newspapers, including Le Monde, Le Figaro, L’Equipe, Le Nouvel Observateur, all hosted on Cedexis network, to briefly shut down yesterday, May 10. Other web services built on Cedexis network has been affected as well.

Read more

The Comings and Goings (and Comings) of Locky

By Mikael Kullberg, Sr. Security Researcher


data science

Posted on May 09, 2017

Ransomware is grabbing a lot of headlines lately given the increasing frequency with which these attacks occur. One prominent form of this advanced cyberthreat is Locky, which we first wrote about almost one year ago. After our initial blog post we saw Locky mostly disappear – at least momentarily. It then came back about three weeks later, but given our broad view of DNS queries from communications service provider (CSP) networks around the globe, we were quickly able to detect the new activity.

Read more

Sophisticated Hacker Behind the ‘Google Docs’ Phishing Campaign

By Yuriy Yuzifovich, Head of Data Science & Security Research


data science

Posted on May 03, 2017

Today a new phishing attack began making the rounds in email boxes around the world, taking the form of an email with a link to a Google Doc that the sender has shared with the recipient. The email looks innocent enough, as shown in the image below – I myself received one shortly after the attack was launched – and many people will likely click the link out of curiosity to see what they received.

Read more

Introducing Nominum Data Science Insights

By Yuriy Yuzifovich, Head of Data Science & Security Research

blog-in-browser-messaging

Posted on May 3, 2017

Today we’re launching a new security and data science blog where we’ll discuss technical topics and share insights from our expert Security and Data Science team here at Nominum. As the leader of this team, I’m excited to have this blog be a way to share some of our findings with a more technical audience—people who love cybersecurity, data, DNS, and all the exciting new developments on the internet (and who doesn’t?).

Read more