Category Archives: Cybersecurity

Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Positive Technologies experts have analysed illegal marketplaces on the dark web and found a flood of interest in accessing corporate networks. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. “Access for sale” on the darkweb is a generic term, referring to software, exploits, credentials, or anything else that allows illicitly controlling one or more remote computers.

Continue reading Positive Technologies: darkweb market is packed with offers to purchase access to corporate networks

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

ThreatPost logo

Denial-of-service (DoS) attacks have spiked over the past year, while cyber-espionage campaigns have spiraled downwards. That’s according to Verizon’s 2020 Data Breach Investigations Report (DBIR) released Tuesday, which analyzed 32,002 security incidents and 3,950 data breaches across 16 industry verticals.

Continue reading Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

China’s Military Is Tied to Debilitating New Cyberattack Tool

On the morning of Jan. 3, an email was sent from the Indonesian Embassy in Australia to a member of the premier of Western Australia’s staff who worked on health and ecological issues. Attached was a Word document that aroused no immediate suspicions, since the intended recipient knew the supposed sender.

Continue reading China’s Military Is Tied to Debilitating New Cyberattack Tool

Spanish Police Find 46,000 Domains Used For COVID-19-Related Criminal Activities

Since the start of the COVID-19 pandemic, the Spanish National Police have monitored 415,973 domain names related to COVID-19 with the aim of finding possible indications of illegal activity. During this process, agents have found 120,353 domain names suspected of being used for illegal activities, or with the potential to do so in a very short time.

The National Police (Policía Nacional) then undertook a more thorough analysis both of the domains themselves, as well as the web pages and servers to which each of them pointed. This resulted in finding 45,773 domains that were being used for criminal activities. The news release from the National Police doesn’t indicate whether they are only focussed on domain names under Spain’s ccTLD or a wider search.

The Central Cybercrime Unit of the National Police (Unidad Central de Ciberdelincuencia de la Policía Nacional) has requested, obtained and verified the blocking of all of the domains and, at the moment, continues its monitoring work in case the block of any of these websites is lifted, even though this possibility is considered unlikely.

On the remaining 74,580 domains with indications they may be activated in the future to commit cybercrime-related activities, the monitoring process is continuing to in case they are activated, and if so proceed to their blocking if it’s warranted.

The National Police note that the initial number of 415,973 monitored domains will continue to increase with the monitoring work of the National Police continuing.

The Central Computer Security Brigade of the Central Cybercrime Unit of the National Police (La Brigada Central de Seguridad Informática de la Unidad Central de Ciberdelincuencia de la Policía Nacional) has among its functions entrusted with active cyber-patrol of the dark and open web. During the current pandemic, this activity has intensified and a concrete approach to content relating to the health crisis situation caused by COVID-19 has been intensified.

A Call to Action on Advancing Cyberstability: Global Commission Launches Final Report

[news release] The Global Commission on the Stability of Cyberspace (GCSC) issued today [12 Nov] its final report Advancing Cyberstability, as part of a panel held at the 2019 Paris Peace Forum. Stef Blok, Minister of Foreign Affairs of the Netherlands, Jean-Yves Le Drian, Minister of Europe and Foreign Affairs of France, and David Koh, Chief Executive, Cyber Security Agency of Singapore, launched the report and placed the findings in the context of ongoing global efforts to enhance international security in cyberspace. Commission Co-Chairs, Michael Chertoff and Latha Reddy, along with former Chair Marina Kaljurand, presented recommendations and commented on the strategic approach and work of the GCSC.

This report represents the culmination of the Commission’s work over the last three years, offering a cyberstability framework, principles, norms of behavior, and recommendations for the international community and wider ecosystem.

“Earlier this year, 28 EU-member states backed a framework for sanctions targeting malicious cyber activities. Today, the GCSC consolidates a set of norms and principles for behavior of state and non-state actors. This is an important contribution to a digital space in which order and peace must prevail,” commented Stef Blok, Minister of Foreign Affairs of the Netherlands, a co-founder of the GCSC. “Since stability in cyberspace is directly linked with stability in the ‘real world,’ such a cyberstability framework is more crucial than ever. The next step in this multilateral process is to collect evidence and hold those who break the rules responsible. Together we must increase accountability and combine all pieces of the puzzle, between governments, tech and security firms, and civil society.”

The work of the Commission originated out of a desire to address rising social and political instability as a result of malicious actions in cyberspace. The situation has further deteriorated as evidenced by the rise in the number and sophistication of cyber attacks by state and non-state actors, which increasingly puts the considerable benefits of cyberspace at risk. In this increasingly volatile environment, there is an apparent lack of mutual understanding and awareness among communities working on issues related to international cybersecurity. With this report, the GCSC seeks to contribute to international efforts to address these challenges.

“Cyberstability and governance are inextricably and naturally linked,” added Michael Chertoff, GCSC Co-Chair. “As the digital age evolves so rapidly, governments and societies lack the desired level of exchange, let alone the decision-making processes needed to ensure the stability of cyberspace. The GCSC’s effort complements the work of other organizations, and will serve to influence how critical actors can engage with one another and collaborate towards a stable cyberspace.”

Emphasizing a concerted, multistakeholder approach, the framework reflects technological, product and operational measures, as well as a focus on behavioral change required among all stakeholders.

“The publication of this final report is not the end, but rather the beginning of a new profound effort toward implementing the suggested principles, norms, and recommendations,” stated Latha Reddy, GCSC Co-Chair. “The onus is on all stakeholders—governments, industry, civil society—to collaborate, adopt and implement accepted practices to help strengthen cyberstability. The stakes are higher than ever, which dictates a response in kind.”

Following the release, the GCSC members will continue to advocate and engage with their respective communities. Input and feedback from these groups were reflective of interactions with both state and non-state experts and will form the basis of advocating for the report going forward.

For an overview, see the Fact Sheet and for a copy of the report, visit Advancing Cyberstability.

About the Commission

Launched at the 2017 Munich Security Conference, the mission of the Global Commission on the Stability of Cyberspace is to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace. The Commission helps to promote mutual awareness and understanding among the various cyberspace communities working on issues related to international cybersecurity. For more information, please visit www.cyberstability.org.

This news release was sourced from: https://cyberstability.org/news/a-call-to-action-on-advancing-cyberstability-global-commission-launches-final-report/

…from somewhere over the Rainbow

Jordan Carter and Brent Carey from .nz have organised a Rainbow Drinks event at this week’s ICANN public meeting in Montreal, Canada. Here they explain why – and what the term means.

A few people have wanted to understand what lies behind the event scheduled alongside ICANN 66, an inaugural “Rainbow Drinks.” Here’s the background.

In New Zealand, the term “Rainbow” is often used as a catch all, inclusive of the diverse LGBTIQA+ communities. Rather than a complicated acronym, in our communities Rainbow has become something of a short hand. It summons up pride, diversity, openness and inclusion.

We have felt for a while that Rainbow networking may be of interest to some in the ICANN community, and so we’ve organised a get together on the evening of Tuesday 5 November to see what people think.

As two openly gay leaders in the New Zealand Internet community, we want to be visible, and in doing so, encourage new norms of acceptance. We want to celebrate being gay in the C suite!

We also know how much more connected people will feel navigating the ICANN communities if they know just one other gay person is with them among the ICANN community.

The event will provide a chance for people who support diverse participation in the ICANN system, or those who identify with or simply support Rainbow communities, to get together and spend some time networking.

The practical implications are, we think, positive for the ICANN environment in a few ways.

First, it’s a simple reality that people from Rainbow communities are participating in ICANN. Making that a bit more obvious will help people find some support if they need it from people who share this part of their identity. That’s to the good of us all.

Second, taking a community that cross-cuts ICANN’s deeply siloed structure can only be good. Jordan was a participant in the IANA stewardship transition and ICANN accountability processes. Brent is participating in the ccNSO’s PDP on retirements. Many of us who participate in cross-community work have found that a key gain for the wider ICANN system was that people worked with, or at least got to know, others from outside their own silo. Bringing people together across ICANN lines can help build an ICANN that works better.

Third, by celebrating this aspect of ICANN’s diversity, it helps to show that the ICANN system is inclusive of a wide range of points of view. LGBTQI+ communities bring unique perspectives that can inform those developing products, services, and tech policy, including in the domain name system.

We’ll see how next Tuesday goes. It’s a low key affair but worthy of some attention.

Montréal seems like the perfect launch city. It’s a place with one of the largest gay villages in a country that was one of the first to legalise marriage equality. North America also happens to be celebrating the 50th anniversary of the Stonewall uprising this year that marked the beginning of the modern gay rights movement.  

We claim no mandate or mana in starting this thing. It just felt like something we’d like to be doing, and so here it is – the start of something.

Part of the conversation at the event, we expect, will be whether there is an appetite to make this a regular occasion at ICANN. We look forward to meeting supporters or those who identify with the Rainbow community on 5 November, and seeing where this goes next.

Jordan Carter is Chief Executive of InternetNZ, the .nz ccTLD manager. Brent Carey is the Domain Name Commissioner, responsible for the market self-regulatory functions in .nz. 

DENIC publishes 2015 Annual Report on ENUM

DENIC logoOn 31 March 2016, DENIC has published the 2015 Annual Report on ENUM.

The report was submitted to the Bundesnetzagentur. In the report we cover ENUM basics, statistics relevant to the reporting period, and future prospects.

With the conclusion of the 10th year of service, we highlight international trends and standardisation activities.

The report is available in German only:
2015 Annual Report on ENUM for download

This DENIC announcement was sourced from:
https://www.denic.de/en/whats-new/news/article/denic-veroeffentlicht-enum-jahresbericht-2015/