By now you’ve most likely heard about the WannaCry (a.k.a. WannaCrypt) ransomware that began wreaking havoc in parts of the world this past Friday (May 12, 2017). Given Nominum’s broad, deep view into DNS data from our service provider customers around the world, we were able to gather insights into how WannaCry made its way onto subscriber networks around the globe (see the WannaCry: views from the DNS frontline in our Data Science blog for more thoughts). Reports show that the latest ransomware attack has infected more than 230,000 computers in over 150 countries.1 For now we are seeing the outbreak slow down, but some expect this is just the first of more similar attacks to come.2
Excerpted from Nominum Spring 2017 Security Report
In late April, we released the Nominum Spring 2017 Security Report, the latest report on our security research team’s DNS and HTTP analysis which provides a comprehensive view of the current cyberthreat landscape. In the report we take a look at “new core domains” and how they help us identify “zero-day attacks” so we can take steps mitigate them.
Inside the Mind of a Cybercriminal
The rise of open source malware, IoT-based threats and criminal services-for-hire is fomenting a new era in cybercrime. While global cybercrime is expanding and cybercriminals are stuffing their bank accounts, individuals and businesses (especially SMBs) are directly impacted. Many worry about the safety and security of their online experiences and what communication service providers (CSPs) are doing to protect them.
Digital transformation is about more than how technology advances can improve efficiencies in the collection, processing and distribution of information. Today’s empowered subscribers are demanding more control over their digital experiences, which requires communications service providers (CSPs) to offer innovative services that are simple to use, secure, and that enhance the digital lifestyle. A key part of this transformation is cybersecurity, given the amount of time consumers spend online and the number of online transactions they complete every day. The need for strong protections – both for users and for the networks they use – is particularly acute in the telecom sector.
I recently sat down with Steve Saunders of Light Reading to talk about the role DNS plays in understanding and fighting emerging cyberthreats. In the interview, we went through the highlights of Nominum’s recent Data Science report, in which our Data Science team studied more than 15 trillion queries over a three-month period and reported on the world of cybersecurity through the lens of DNS, uncovering trends in phishing attacks, DDoS, the Mirai botnet, Locky ransomware, IoT-based threats and more.
With cyberthreats increasing in size and scope, businesses are scrambling to find new ways to protect their financial and human capital assets. Many enterprise solutions offer endpoint protection and network security, but the SMB sector doesn’t have the budget to deploy enterprise security solutions and typically lacks the in-house expertise to keep their networks and users adequately protected. In particular, as employees bring mobile devices onto corporate networks, and with new attack variants being introduced almost daily, small and mid-sized businesses have no way of keeping up. This is where communications service providers (CSPs) can step in to provide a broad layer of protection, visibility, and control from within their own networks.
One of the biggest cyberthreats making the rounds on the internet is the Mirai botnet. Mirai targets connected Internet of Things (IoT) devices, using each infected device to launch DDoS attacks and cause website outages around the globe by flooding them with queries. Examples of recent Mirai-generated web outages are the Dyn attack which took down or significantly slowed sites like Airbnb, Twitter, the New York Times, CNN, Fox News, Netflix and many other popular domains in late October of this year, as well as the attack that temporarily took down security expert Brian Krebs’ KrebsOnSecurity website in September.
Nominum’s inaugural security report published by its Data Science team, Data Revelations: Fall 2016, includes an analysis of some of the largest threats that are impacting organizations and individuals, including ransomware, DDoS, mobile malware, IoT-based attacks and more. Since DNS is the launch point for over 90% of cyberattacks, it offers a great vantage point from which to examine, understand, thwart and proactively prevent threats1. With industry-leading research experience, and by applying machine learning, artificial intelligence, natural language processing, neural networks and more, Nominum Data Science is able to locate, analyze, prevent and predict some of the most sophisticated and dangerous cyberthreats ever to hit the internet.
Nominum Data Science just released a new Data Science and Security report that investigates the largest threats affecting organizations and individuals, including ransomware, DDoS, mobile device malware, IoT-based attacks and more. Below is an excerpt.
On Friday, October 21, 2016, there was a major distributed denial of service (DDoS) attack that took down major U.S. company websites, including Twitter, Paypal, The New York Times, Box, Netflix and more. The attack targeted managed DNS provider Dyn Inc., which hosts the authoritative DNS for these popular domains. The attack originated from a large number of compromised IoT devices, including internet-connected cameras, routers and digital video recorders.