Tag Archives: Cybersecurity

ICANN and OAS to Work Together to Increase Regional Cyber-Security Joint effort is a critical aspect of recently signed Memorandum of Understanding

ICANN logo[news release] ICANN and the General Secretariat of the Organization of American States (OAS), a public international organization, through the Executive Secretariat of the Inter-American Committee Against Terrorism of the Secretariat for Multidimensional Security (CICTE), have agreed to work cooperatively on bolstering regional cyber-security.

Both organizations expressed mutual recognition for the significant work each of them does within their remit, including the implementation of the OAS “Adoption of Comprehensive Inter-American Strategy to Combat Threats to Cyber-Security: A multi-dimensional approach to creating a culture of cyber security,” and the significant work done by ICANN in enhancing the operational stability, reliability, resiliency, security and global interoperability of the Domain Name System (DNS). Further, the two organizations underscored the recent signing of a Memorandum of Understanding (MoU) to join efforts in several areas of common interest related to cyber security issues.

Fadi Chehadé, ICANN President and CEO, highlighted the significance of this MoU signed with OAS, which seeks to increase cooperation and collaboration between both organizations in cyber security issues.

“A secure and stable coordination of the Internet’s Identifier Systems is a priority for ICANN and we certainly understand the need to continue to strengthen cooperation among all cyber security stakeholders,” Said Chehadé. “I see this MoU as a step in the right direction.”

When referring to the MoU, both parties expressed their belief that cooperation and collaboration between them would further common objectives related to cyber-security issues, promote regional collaboration, strengthen active participation in ICANN’s policy-making processes and strengthen the support for the multistakeholder model of the Internet.

This ICANN announcement was sourced from:
https://www.icann.org/news/announcement-2015-10-30-en

Dark Reading And DomainTools To Host Cybersecurity Webinar On ‘Using Threat Intelligence To Improve Enterprise Cyber Defense’

DomainTools logo[news release] DomainTools, the leader in domain name and DNS research, today announced an upcoming webinar, ‘Using Threat Intelligence to Improve Enterprise Cyber Defense’ that will provide insight on how security teams can use DNS-based threat intelligence to assess cyber security risk and defend their businesses.

Co-hosted by Dark Reading and DomainTools, the panel will be lead by Michael Osterman, principle and analyst at Osterman Research, Jon Rant, contributing editor at InformationWeek, and DomainTools’ Tim Helming, director of product management, on Wednesday, Sept. 16 at 10:00am PDT.

During this webinar, the cybersecurity experts will share the results of a new survey revealing how organizations purchase and use threat intelligence, as well as offer advice on how domain and DNS-based threat information can help organizations assess risk, assess potential indicators of compromise, and even anticipate and block future attacks.

Webinar: Using Threat Intelligence to Improve Enterprise Cyber Defense

Who:

  • Michael Osterman, principle at Osterman Research
  • Jon Rant, contributing editor at InformationWeek
  • Tim Helming, director of Product Management for DomainTools

Where: https://webinar.darkreading.com/943

When: Wednesday, Sept. 16 at 10:00am PDT

Details:

  • Best practices on the right and wrong ways to make use of threat intelligence data;
  • Results of a major survey showing how enterprises are implementing threat intelligence services and technology, including the pitfalls and payoffs of using threat intelligence;
  • How domain and DNS-based threat data can help organizations see threats coming by detecting, investigating, and acting upon threat indicators.

For more information about the webinar and to reserve your space, please visit: https://webinar.darkreading.com/943

About DomainTools�
DomainTools is the leader in domain name and DNS-based cyber threat intelligence. With over 15 years of ‘cyber fingerprint’ data across the global Internet, DomainTools helps companies assess security threats, profile attackers, investigate online fraud and crimes, and map cyber activity in order to stop attacks. Fortune 1000 companies, global government agencies, and many security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on criminal activity at http://www.domaintools.com or follow us on Twitter:@domaintools.

Now is the time to protect your domain names by George Pongas, AusRegistry

AusRegistry logoA company’s domain name is intrinsically tied to its brand and service delivery – making it an extremely important digital asset. Several high-profile brands have previously lost control of their valuable online properties and faced significant brand damage as a result.

Tech giant Lenovo recently fell victim to a domain hijacking attack, during which visitors to its website (www.lenovo.com) were redirected to another website featuring webcam images of a young man at his computer to the soundtrack of a Disney song.

The hack comes just days after Google’s Vietnam webpage was similarly hijacked, redirecting visitors to a page reportedly pointing to those responsible for the hack.

While they are the most recent examples, Google and Lenovo are not the first brands to be targeted by domain hijackers in high-profile cases. The last few years have seen the likes of YouTube, Yahoo!, Microsoft, Dell, Kaspersky and even the New York Times embroiled in domain name security breaches.

While the exact cause of the Lenovo hacking is yet to be confirmed, reports have widely linked the Attack Vector to the Registrar serving both the Lenovo and Google Vietnam domains.

The fact of the matter is, you don’t have to be a big brand to be vulnerable to this kind of attack – and it can have significant impacts on your brand and your bottom line.

A matter of time?

Commentators say hackers are using more creative methods such as phishing in their attacks on companies that fail to increase security measures.

For example, Marco Chiappetta wrote for Forbes for example that we can “expect things to get worse” and that taking steps to protect your online assets is vital.

“The only way to solve these problems is to educate the population and to ensure everything possible is being done to protect sensitive data…. Don’t skimp on man-power or technology when it comes to security,” he wrote.

Protecting your .au domain

To increase domain name security and protect website assets, AusRegistry launched a security measure called .auLOCKDOWN, which adds an additional layer of authorisation and domain name protection at the Registry level.

With .auLOCKDOWN, .au domain name registrants are able to lock their domain name records and prevent unauthorised changes. Only verified, authorised individuals are permitted to alter domain records.

.auLOCKDOWN adds significant security and peace of mind for owners of .au domain names, with the important added advantage of preventing mistakes from occurring when domain name records are updated incorrectly – leading to self-inflicted errors such as happened to LinkedIn in 2013.

A more detailed description of how .auLOCKDOWN works is available on our .au LOCKDOWN FAQs page.

Secure your domain – Free 3 month trial

.auLOCKDOWN is a valuable measure for any .au website – you don’t have to be a big brand like Google or Lenovo to benefit. If a couple of hours offline would impact your business, you should be considering additional protection.

One perceived barrier many organisations face in adopting new security measures is the financial investment involved. For those considering signing up for .auLOCKDOWN however, now is the time to act.

.au domain name registrants that sign up for .auLOCKDOWN between 1 March and 31 May 2015 are eligible to receive a free three-month trial at participating Registrars. You will need to enquire with your Registrar to find out whether they support the free trial.

Finally, each domain hijacking case suggests that if you wait before taking a security-mindful position regarding your domain name assets, the impact from unauthorised or accidental changes to will be much worse and the costs much higher than being proactive and protecting your digital assets now.

This post by George Pongas from AusRegistry was sourced with permission from:
www.ausregistry.com.au/news/now-is-the-time-to-protect-your-domain-names

INTERPOL Wants to Join GAC And Cooperate With ICANN

ICANN logoFollowing a visit to INTERPOL’s General Secretariat headquarters by some of ICANN’s bosses, INTERPOL has expressed a desire for closer collaboration with ICANN and to be an observer on their Governmental Advisory Committee.

During the visit, ICANN President and CEO Rod Beckstrom and INTERPOL Secretary General Ronald K. Noble discussed closer collaboration on internet security was discussed with cyber-security, financial and high tech crime being top of the agenda as well as governance and enhancing common means for preventing and addressing internet crime.

Cybersecurity is an issue of growing importance with everything from the domain name system to vital infrastructure such as energy supplies threatened from cybercrime.

In the US, the White House has developed a cybersecurity guidelines with the goal of protecting much of the nation’s infrastructure.

Attending with Beckstrom was ICANN’s Vice President and Chief Security Officer, Jeff Moss, Vice President of Government Affairs Jamie Hedlund, and Alice Jansen of their Organisational Reviews unit.

“We seek the active engagement of law enforcement in our multi-stakeholder community where all parties are welcome. We recognise Interpol as an important international leader in this field,” said Mr. Beckstrom. “We are very pleased by its expression of interest in joining the ICANN Governmental Advisory Committee as an observer.”

With ICANN the global coordinator of domain names and Internet protocol addresses, and INTERPOL the world’s largest international police organisation, Secretary General Noble said: “Both organisations are international, both are politically neutral, and both are focused on the good of the world. Both also care about improving the security of the Internet for the future.”

“The Internet has no borders, and neither do the criminals who exploit it. As the Internet’s role in society continues to increase in scope and importance, it is vital for INTERPOL to help create bridges between the international law enforcement community it represents and ICANN in order to advance Internet security practices for the benefit to all,” added Secretary General Noble.

As part of efforts to enhance their cooperation, both organisations agreed during the visit that an INTERPOL delegation would attend ICANN’s international conference in Singapore next month, 20-24 June, when INTERPOL’s membership of the ICANN’s GAC as an international observer will be explored.

.XXX Closer, Chinese IDNs Approved Amid Cybersecurity Concerns and gTLD Delays at Brussels ICANN Meeting

In a week where domain name security, the possibility of blocking certain domain name character strings due to their use in cybercrime and no set date for the taking of applications for new Generic Top Level Domains, there was some good news at the 38th ICANN meeting held in Brussels this week that concluded Friday. ICANN’s board voted to enter negotiations with a view to approving the controversial .XXX Top Level Domain while Chinese internationalised domain names approved for China, Taiwan and Hong Kong in the usual board meeting that concludes each meeting.The .XXX resolution has been previously been rejected by the ICANN board, but after an independent review that was critical of ICANN’s processes, the ICANN board has been reconsidering its stance. And on Friday the board passed a resolution that called for the expedited reconsideration for ICM Registry to run .XXX as a sponsored Top Level Domain. The vote was unanimous with the exception of two abstentions.However it appears the decision did not make the board happy, with Kieren McCarthy noting the board approved .XXX “almost unanimously (two abstentions) but rather grumpily, however, with several members saying they were ‘uncomfortable’ with the decision and appearing the blame the ‘process’ for forcing them to make a decision. The approving resolutions also stuck in several approval steps, which more members grumpily pointed to.”The resolution also called for the ICANN board to check ICM Registry is suitably qualified to operate such a registry and for “ICANN staff to proceed into draft contract negotiations with ICM, taking into account the GAC advice received to date”. The Board has approved a detailed set of next steps for the application, including expedited due diligence, negotiations on a draft registry agreement, and consultation with ICANN’s Governmental Advisory Committee.”The board reached a carefully considered decision, paying close attention to the findings of the Independent Review Panel, and to the extensive public comment on our proposed action,” said ICANN Chairman Peter Dengate Thrush.”Today’s decision is a validation of ICANN’s transparency and accountability,” said Rod Beckstrom, President and Chief Executive Officer.The .XXX TLD is viewed as a potential community site for the adult entertainment industry. The application has been controversial for several reasons with governments, adult and Christian groups all voicing criticism.Chairman Stuart Lawley said of the decision: “It’s been a long time coming, but I’m excited about the fact that .xxx will soon become a reality. This is great news.”ICM Registry said in a statement that their expectations are “that this step will proceed smoothly and will not impede the roll-out of .XXX and we expect to go live with .XXX domains at the start of 2011, if not sooner. We have 110,000 pre-reservations and expect that number to increase now that ICANN has formally approved our application.”The approval of Chinese internationalised domain names (IDNs) for China, Taiwan and Hong Kong was a welcome addition to those already approved and is likely to see more Chinese-language internet users online, and easier access for those already online.”This approval is a significant change for Chinese language users worldwide,” said Rod Beckstrom, President and Chief Executive Officer of ICANN. “One fifth of the world speaks Chinese and that means we just increased the potential online accessibility for roughly a billion people.”The new IDN country code top-level domains (ccTLDs) and the associated organizations approved by the Board are:

  • CNNIC (China Internet Network Information Center)
  • HKIRC (Hong Kong Internet Registration Corporation Limited)
  • TWNIC (Taiwan Network Information Center).

Meanwhile the new generic Top Level Domain process continues to move forward at a glacial rate, continually thwarted by trademark holder groups who seem never to be happy. While ICANN have not given dates as to when they expect to take applications for new gTLDs such as .BERLIN and .CANON, it is expected there will be a board retreat around September to finalise the application process.And there were also controversial and disappointing concerns expressed by the Governmental Advisory Committee about censoring domain names that could or are used in cybercrime.The next ICANN meeting will take place in Cartagena, Colombia, 5-10 December 2010.For Kieren McCarthy’s excellent coverage of the ICANN meeting, see:
kierenmccarthy.com.