Tag Archives: Cybersecurity

17,000 Coronavirus-Related Domains Registered In First 2 Weeks Of April; 23% Malicious Or Suspicious: Check Point

There have been 68,000 coronavirus-related domains registered since the beginning of the Coronavirus outbreak in January 2020 with an escalation in the number of coronavirus-related domains being registered since mid-February according to Check Point Research. In the past two weeks (since 2 April), there have been almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact) with 2% found to be malicious and another 21% suspicious.

And with the pandemic now reaching almost every corner of the globe, many governments have announced economic stimulus packages, and as Check Point Research note on their recent glob post, “where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus.”

To take advantage of these stimulus packages, Check Point Research found 4,305 domains relating to new stimulus/relief packages have been registered since January with a total of 2081 new domains registered (38 malicious; 583 suspicious) in March and 473 (18 malicious, 73 suspicious) in the first week of April.

Check Point Research also observed a major increase in the week starting 16 March “during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks.”

“These scam websites use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

Check Point Research has also observed a rise in “scam websites that use the news of the coronavirus (Covid-19) financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.”

For more information, or to see the Check Point Research blog post in full, go to: https://blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/

A Call to Action on Advancing Cyberstability: Global Commission Launches Final Report

[news release] The Global Commission on the Stability of Cyberspace (GCSC) issued today [12 Nov] its final report Advancing Cyberstability, as part of a panel held at the 2019 Paris Peace Forum. Stef Blok, Minister of Foreign Affairs of the Netherlands, Jean-Yves Le Drian, Minister of Europe and Foreign Affairs of France, and David Koh, Chief Executive, Cyber Security Agency of Singapore, launched the report and placed the findings in the context of ongoing global efforts to enhance international security in cyberspace. Commission Co-Chairs, Michael Chertoff and Latha Reddy, along with former Chair Marina Kaljurand, presented recommendations and commented on the strategic approach and work of the GCSC.

This report represents the culmination of the Commission’s work over the last three years, offering a cyberstability framework, principles, norms of behavior, and recommendations for the international community and wider ecosystem.

“Earlier this year, 28 EU-member states backed a framework for sanctions targeting malicious cyber activities. Today, the GCSC consolidates a set of norms and principles for behavior of state and non-state actors. This is an important contribution to a digital space in which order and peace must prevail,” commented Stef Blok, Minister of Foreign Affairs of the Netherlands, a co-founder of the GCSC. “Since stability in cyberspace is directly linked with stability in the ‘real world,’ such a cyberstability framework is more crucial than ever. The next step in this multilateral process is to collect evidence and hold those who break the rules responsible. Together we must increase accountability and combine all pieces of the puzzle, between governments, tech and security firms, and civil society.”

The work of the Commission originated out of a desire to address rising social and political instability as a result of malicious actions in cyberspace. The situation has further deteriorated as evidenced by the rise in the number and sophistication of cyber attacks by state and non-state actors, which increasingly puts the considerable benefits of cyberspace at risk. In this increasingly volatile environment, there is an apparent lack of mutual understanding and awareness among communities working on issues related to international cybersecurity. With this report, the GCSC seeks to contribute to international efforts to address these challenges.

“Cyberstability and governance are inextricably and naturally linked,” added Michael Chertoff, GCSC Co-Chair. “As the digital age evolves so rapidly, governments and societies lack the desired level of exchange, let alone the decision-making processes needed to ensure the stability of cyberspace. The GCSC’s effort complements the work of other organizations, and will serve to influence how critical actors can engage with one another and collaborate towards a stable cyberspace.”

Emphasizing a concerted, multistakeholder approach, the framework reflects technological, product and operational measures, as well as a focus on behavioral change required among all stakeholders.

“The publication of this final report is not the end, but rather the beginning of a new profound effort toward implementing the suggested principles, norms, and recommendations,” stated Latha Reddy, GCSC Co-Chair. “The onus is on all stakeholders—governments, industry, civil society—to collaborate, adopt and implement accepted practices to help strengthen cyberstability. The stakes are higher than ever, which dictates a response in kind.”

Following the release, the GCSC members will continue to advocate and engage with their respective communities. Input and feedback from these groups were reflective of interactions with both state and non-state experts and will form the basis of advocating for the report going forward.

For an overview, see the Fact Sheet and for a copy of the report, visit Advancing Cyberstability.

About the Commission

Launched at the 2017 Munich Security Conference, the mission of the Global Commission on the Stability of Cyberspace is to develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace. The Commission helps to promote mutual awareness and understanding among the various cyberspace communities working on issues related to international cybersecurity. For more information, please visit www.cyberstability.org.

This news release was sourced from: https://cyberstability.org/news/a-call-to-action-on-advancing-cyberstability-global-commission-launches-final-report/

Webinar: How DomainTools and Splunk>Phantom Work in Harmony so you can SOAR

Cybersecurity as an industry is seeing an ever-widening skills gap. As roles go unfilled, practitioners find themselves increasingly unable to meet the needs of their organizations in terms of security posture and maturity. Security Orchestration, Automation, and Response has the ability to help organizations with security processes, automation of specific actions, and intelligently inform teams, with the end goal of efficiency.

With the new features that DomainTools has built into Splunk Phantom, organizations are able to leverage this integration for purpose-built work with the Iris Investigate API. The rich Iris dataset is available not only for ad-hoc research on specific incidents in Splunk Phantom, but also for automated actions in Splunk Phantom playbooks.

In this webinar, learn:

  • How organizations are leveraging DomainTools for Splunk Phantom for Incident Response, IoC Hunting, Network Access Control, and Intelligence Sharing
  • How to get the Single Pane of Glass in Splunk Phantom with DomainTools’ Domain and DNS-based adversary intelligence
  • Where to leverage Domain Risk Score to automate workflows

Join Mark Kendrick, Director of Product Integrations at DomainTools, for this 30 minute webinar on 16 May.

To register, go to: domaintools.com/resources/webinars/how-domaintools-and-splunkphantom-work-in-harmony-so-you-can-soar

DomainTools Webinar: 2019: No Oscars for the Bad Threat Actors

2018 isn’t over and we have already seen a massive increase in the number and types of cybersecurity threats from ransomware to phishing. So what will 2019 bring and what can be done to prevent the next wave of cyber attacks?

Join subject matter experts from DomainTools in a lively discussion of what’s next for information security. CTO Bruce Roberts, Director of Product Management, Tim Helming, Senior Security Advisor, Corin Imai, and Senior Data Scientist, Sean McNee will conduct a round-table discussion on their information security predictions. Highlights include:

  • Let’s Get Critical (The political process is the new critical infrastructure under attack)
  • Breaches and Woes (Change in public perception of breaches)
  • The Automation Invasion (Automation will continue to create more issues than solutions if organizations)
  • Mind the (Skills) Gap

December 11, 2018 at 10 AM PT/1 PM ET

To register for this free DomainTools webinar, go to:

Cybersecurity and Fake News to Dominate List of Concerns at Internet Governance Forum

Facing growing concerns that the Internet is being used as a vehicle to sow division and discord around the world, more than 3,000 representatives from governments, the private sector, technology, and civil society will gather in Paris 12-14 November, 2018 at the  annual Internet Governance Forum, to look at a range of actions that can be taken to ensure an “Internet of Trust.”

The Forum, convened by the UN Secretary-General, seeks to highlight open and inclusive discussions around global internet issues including: addressing the digital divide; how is artificial intelligence and frontier technologies affecting humankind; cyber security; gender equality; what is the impact on sustainable development; and how does a digital future ensure our human rights.

The Government of France will be hosting the three-day meeting at UNESCO headquarters. French President Emmanuel Macron emphasized the importance of welcoming the IGF in Paris to share ideas and advance discussions on Internet governance issues. UN Secretary-General António Guterres is scheduled to give remarks on the opening day. Other notable speakers is UN DESA’s Under Secretary-General Liu Zhenmin.

The Forum promotes dialogue and encourages an exchange of ideas to better govern the internet so that it is a safe and trustworthy environment for all. For that reason, the Forum is open to all. If you are not able to attend, they encourage online participation by registering on their website. Webcasts and live transcripts of the sessions will also be available. The discussions and the exchange of ideas and best practices often form the foundation for national  rules, regulations and laws concerning the Internet.

Highlights from IGF 2017 were sessions on the role of artificial intelligence and disinformation, big data, the Internet of Things and virtual reality; topics that carry over in 2018, and sets the foundation to discussions on the future of internet and technology.

CIRA Canadian Cybersecurity Survey identifies disconnect between awareness and actions

The Canadian Internet Registration Authority (CIRA) has released its 2018 CIRA Cybersecurity Security Survey which provides an overview of the Canadian cybersecurity landscape.

For the survey, CIRA, the .ca country code top level domain (ccTLD) registry, surveyed 500 individuals with responsibility over IT security decisions at small and medium-sized businesses across Canada to learn more about how they are coping with the increase in cyber threats. The sample included both business owners and employees who manage information technology.

“A key element of building a better online Canada is ensuring Canadians have safe, secure internet access,” said Byron Holland, president & CEO, CIRA. “Through our experience in managing the .CA domain for Canadians, we hope to help lend our expertise in safeguarding Canada’s internet so that Canadian businesses can thrive online.”

In partnership with CIRA’s technology partner, Akamai Technologies, the full report has been released to coincide with Small Business Week in Canada.

“Training and awareness are critical to ensuring your business is cyber-secure,” Jacques Latour, chief security officer, CIRA. “No matter how great your IT team is, anyone with a network-connected device can be the weak point that brings your business down.”

The report’s key findings are:

  • 40 per cent of respondents experienced a cyberattack in the last 12 months. One in ten experienced 20 or more attacks.
  • Among larger businesses with 250-499 employees, the number who experienced an attack increases to 66 per cent
  • 67 per cent of respondents outsource at least part of the cybersecurity footprint to external vendors.
  • While 59 per cent of respondents said they stored personal information from customers, 38 per cent said they were unfamiliar with PIPEDA.
  • One-third of respondents indicated that the most significant impact of a cyberattack is the time and resources required to respond to the incident.
  • 88 per cent of respondents were concerned with the prospect of future cyberattacks, which resulted in 28 per cent suggesting they would add cybersecurity staff in the next year
  • Although 78 per cent were confident in their level of cyber threat preparedness, 37 per cent didn’t have anti-malware protection installed and a shocking 71 per cent did not have a formal patching policy – exposing these organizations to massive security holes
  • Only 54 per cent of small businesses provide cybersecurity training for their employees even though the most common form of malware seen by our respondents, phishing attacks (42 per cent), directly exploit employees as a point of weakness

Read the full report: https://cira.ca/2018-cybersecurity-survey-report

Webinar: 5 Ways to Get an “A” in Cybersecurity – DomainTools Cybersecurity Report Card

The cybersecurity landscape is evolving at a rapid pace. As a result, security teams are working hard to stay on top of the learning curve and maintain a mature security posture. With this state of flux in mind, we conducted a global survey with more than 500 security professionals to better understand the current state of maturity of security teams.

October 3, 2018 at 10 AM PT/1 PM ET

Join DomainTools Sr. Product Marketing Manager, Corin Imai, to discuss key takeaways from the DomainTools second annual Cybersecurity Report Card Survey. More than 500 security professionals from companies ranging in size, industry and geography were surveyed about their security posture and asked to grade the overall health of their programs. Their responses, particularly when compared to the results of the 2017 Report Card, shed light on how cybersecurity practices are evolving, and what the most successful organizations are doing to ensure they stay ahead of the ever-growing and changing threat landscape.

In this webinar, you will learn:

  • Key trends over the past two years in Cybersecurity
  • How the use of automation technology plays a significant role among highly-rated programs
  • Where there is room for improvement: Even with top marks, there is always opportunity for growth
  • Actionable best practices you can implement in your organization

To register for this DomainTools webinar, see:

Connecting the Digital Dots: From a Single Domain to a Deceitful Operation: Farsight Webinar

Farsight-Orange-Vector-LogoFarsight Security and iThreat Cyber Group demonstrate how iThreat’s CyberTOOLBELT platform and Farsight Security’s passive DNS data unravelled a deceitful drug rehabilitation operation starting with a single domain only and expanding it to the key individuals behind the operation and the laws they were breaking.

CyberTOOLBELT builds upon Farsight’s passive DNS by enhancing it with blocklist, and whois information, creating a platform that serves as a starting point in any domain or IP investigation by quickly providing a contextual overview of the data point of interest.

Key Points Covered include:

  • An overview of the Passive DNS
  • How cybercriminals use both legitimate and malicious subdomains to gain entry
  • The steps security teams can take to uncover a single subdomain abuse and broaden that search to an entire landscape.

The webinar will be held on 28 September from 10:00 to 11:00 US Pacific Time.

The presenters are:

  • Daniel Schwalbe
    Director Of Engineering & Deputy CISO at Farsight Security
  • Chad Los Schumacher
    Team Lead Investigator, CyberTOOLBELT
  • Michael Lewis
    Chief Technology Officer, CyberTOOLBELT

To register, go to:

Privacy Concerns in the Domain Name System by Samantha Bradshaw & Laura DeNardis

Social Science Research Network logoAbstract: Some of the most contentious policy debates of our time involve questions surrounding the privacy of user data and the extent to which personally identifiable information is encrypted on mobile devices, in transit, or in the cloud. However, one aspect of personal privacy often missing from the public discourse is the question of confidentiality in the Internet’s Domain Name System (DNS).

The DNS is a distributed but hierarchically organized system that translates alphanumeric domain names into IP addresses. One facet of Internet governance scholarship on the DNS has focused on examining public policy concerns related to freedom of speech, intellectual property, cybersecurity, and jurisdictional oversight. However, the design of the DNS also inherently raises a number of privacy concerns, one being the technological condition that DNS queries are almost always unencrypted. Although these queries do not contain “content” such as email text, images, or search terms, they do reveal the sites a user visits. As such, query data can disclose sensitive information-seeking practices related to addiction services, gender identity, disease treatment, pornography, abortion clinics, mental illness, employment, or online dating services. Given that almost every activity online begins with a DNS query, concerns about the prospects for unauthorized access to query information and practices for how queries are processed, retained, aggregated, or shared should be examined further.

Situated conceptually in the field of Science and Technology Studies (STS) and topically within the extensive body of research on global Internet governance, this research project asks: to what extent do DNS queries raise privacy considerations; what is at stake for Internet privacy, security, business models and stability; and how can various Internet governance stakeholders address these privacy concerns? To help establish the dominant frames for conceptualizing privacy in the public sphere, the research project examines dominant media sources for a five-year period between 2010-2015 and compares this coverage data to other online privacy concerns such as search engine privacy and user device encryption. To assess the extent of privacy concerns implicated by DNS queries and understand the stakes of various privacy mitigating options, the research project draws from interviews with DNS engineers and privacy advocates; the archival mailing lists of the DNS Privacy Working Group; proceedings of meetings of the Internet Engineering Task Force; and relevant Internet Request for Comments (RFCs).

This paper makes two contributions to information and communication technology policy and scholarship: first, it will contribute to the corpus of Internet governance scholarship around the Domain Name System by expanding the spectrum of policy issues it implicates to include concerns about individual privacy; and second, it will provide an evidentiary basis to expand policymaking considerations around privacy to include DNS queries rather than primarily content and personally identifiable information.


ICANN and OAS to Work Together to Increase Regional Cyber-Security Joint effort is a critical aspect of recently signed Memorandum of Understanding

ICANN logo[news release] ICANN and the General Secretariat of the Organization of American States (OAS), a public international organization, through the Executive Secretariat of the Inter-American Committee Against Terrorism of the Secretariat for Multidimensional Security (CICTE), have agreed to work cooperatively on bolstering regional cyber-security.

Both organizations expressed mutual recognition for the significant work each of them does within their remit, including the implementation of the OAS “Adoption of Comprehensive Inter-American Strategy to Combat Threats to Cyber-Security: A multi-dimensional approach to creating a culture of cyber security,” and the significant work done by ICANN in enhancing the operational stability, reliability, resiliency, security and global interoperability of the Domain Name System (DNS). Further, the two organizations underscored the recent signing of a Memorandum of Understanding (MoU) to join efforts in several areas of common interest related to cyber security issues.

Fadi Chehadé, ICANN President and CEO, highlighted the significance of this MoU signed with OAS, which seeks to increase cooperation and collaboration between both organizations in cyber security issues.

“A secure and stable coordination of the Internet’s Identifier Systems is a priority for ICANN and we certainly understand the need to continue to strengthen cooperation among all cyber security stakeholders,” Said Chehadé. “I see this MoU as a step in the right direction.”

When referring to the MoU, both parties expressed their belief that cooperation and collaboration between them would further common objectives related to cyber-security issues, promote regional collaboration, strengthen active participation in ICANN’s policy-making processes and strengthen the support for the multistakeholder model of the Internet.

This ICANN announcement was sourced from: