
Can we still trust email?
You'd better be extra vigilant as you read through your business emails these days. Cyber attackers are growing more tenacious in their use of corporate email systems to plant malware on networks. Here are a couple of proof points. Symantec recently posted an article on its Security Response blog about attackers behind malicious spam...
'Twas the Night Before Payday
Enjoy a little bit of Holiday Fun! Watch the Video 'Twas the night before payday, when all through the net Most attackers were stirring, increasing the threat. Tomorrow’s targets were chosen, sighted in their crosshairs, In hopes the victims, soon would be theirs. Evading the law, and even the...
The DDoS myth about the firewall and the IPS
It is about time we put an end to the myths that often come up when choosing a network security solution to protect against distributed denial of service (DDoS) attacks. We'll take a look at a couple of common myths, namely: Myth #1: An IPS can protect against Distributed Denial of Service (DDoS) attacks Myth #2: A...
DDoS Attack left “Sweden not Working”
The recent DDoS attacks impacting Swedish cable, Internet and mobile service provider, TeliaSonera is another grim reminder of the impact a DDoS attack can have not only on the business itself, but the 5 million subscribers that were left without service, and left "Sweden not working", as TeliaSonera’s CEO Johan Dennelind has...
The Netherlands' Trusted Networks Initiative is an alternative means to stop DDoS attacks
While visiting the Hague Security Delta in The Netherlands last week, I learned about an interesting initiative that's being tested to provide trusted computing among select organizations. Known as the Trusted Networks Initiative, it is being touted as an alternative "last resort" means to fend off DDoS attacks. The idea is to close...
“It’s not you, it’s the Internet” – Time to break up with DDoS
Lizard Squad said it best in the recent Sony PlayStation DDoS attacks, rocking the online gaming industry, and leaving players denied from logging into the gaming community. Fact: DDoS attack tools are easy to come by, and cheap to execute, and the motivations for targeting victims are endless. Myth: “I’m not susceptible to...
What Does a DDoS Attack Really Cost? It Depends...
In a recently released report companies estimated the average cost of a successful DDoS attack – one that actually disrupts a target's business – is $40,000 per hour. $40,000 per hour. It's a nice composite number that is easy to present to management when you need to justify a budget for preparing for the potential of a...
Change is inevitable – Time to re-write the playbook
Hopefully most of you in the industry have noticed that the approach to DDoS protection has changed dramatically over the last few years. What was once considered a good defensive posture is now proving to be sub-par protection against today’s sophisticated and adaptive DDoS attacks. The days of firewalls, IPS’s and other...
Why Vendor Risk Management is Critical to Your Business
You've heard the trite expression "A chain is only as strong as its weakest link." Well, it's true, and when it comes to enterprise security, the weakest link might be outside your own organization. Every since it came to light that the Target data breach originated through compromised credentials belonging to a third party...
Insights from the FBI on Fighting Cyber Crime
If your company experienced an IT security breach, would you contact law enforcement? According to an unofficial poll by the FBI and Trend Micro, about 60% of people said yes. I'd venture to guess that a portion of that 60% would only report the incident because some law or industry regulation requires them to do so.

Why would anyone launch a DDoS attack against us?
During my travels across the globe I meet lots of people, and it always amazes me when individuals continue to believe that they are not susceptible to a DDoS attack. I frequently hear, “Why would anyone attack us, why should we plan for an impending DDoS attack?” Believe it or not statistics show that over 40% of online...Increased use of Intelligent, Adaptive DDoS Attack Techniques
Many equate DDoS with only one type of attack vector – volumetric. It is not surprising, as these high bandwidth consuming attacks seem to frequent the headlines most often. Volumetric DDoS attacks are easier to identify, and defend against with on-premises or cloud anti-DDoS solutions, or a combination of both. Recently, Corero Network...
One More Type of Cyber Attack to Worry About: Redialing for Dollars—Your Dollars
Attention company cyber sleuths: here's one more type of cyber attack that criminals are using to steal billions of dollars a year, mostly from small businesses. Keep your eyes open for this one and read the phone bill closely. An article in The New York Times details how hackers are using phone networks to direct businesses'...
SSDP Amplified Attacks, a Sitting Duck against Sophisticated DDoS Analytics
The craftiness of cyber attackers never ceases to amaze me and now a new kid on the block has emerged – the SSDP Reflective/Amplified DDoS attack. Many people may wonder what SSDP is. SSDP otherwise known as the Simple Service Discovery Protocol is a network based protocol used for the advertisement and discovery of network...
Looking for a job? Cyber Aces is hosting another National Cybersecurity Career Fair in November
Last spring I wrote about Cyber Aces hosting its first National Cybersecurity Career Fair (NCCF). Cyber Aces is a non-profit organization dedicated to identifying and encouraging individuals with an aptitude for information security to refine their skills and talent. One of the organization's missions is to grow the cybersecurity...
Using sFlow for Security Analytics
sFlow (sampled flow) is a scalable protocol for statistical monitoring of a network. When used for security monitoring, it can provide valuable insight for establishing baseline behavior and identifying deviations from the baseline. Security administrators can be alerted when an anomaly is detected and investigate whether new security...
Software developers get SWAMP'ed, and that's good for software security assurance
October is National Cyber Security Awareness Month. The theme of this week's awareness messaging is how to build secure software products, and we've got a great tip on how you can do that. If you look at the evolution of software, it has changed quite a bit over the last 20 to 25 years. Software is more complex than ever, and the size...
Shellshock – Picking up the Pieces
4.1 million. That’s the number of news items, blogs, webpages, reports, and opinion articles related to the recently discovered ‘Shellshock’ (Bash) vulnerability that were matched via a quick Google search for ‘Shellshock bash bug’ this morning. There’s no denying that this vulnerability is one of the...
49½ pounds of DDoS attack visibility
Why is visibility important? The answer is an easy one to deliver. When you’re under a DDoS attack or when one of your customers comes under attack, “end-point pipe” visibility is the key to quick mitigation. You cannot proactively defend a network if you cannot detect, analyze and respond to the attack and this level of visibility is critical to proper DDoS protection.

SANS Institute's Webcast on Shellshock is Worth Watching
On September 25, Alan Paller, the Director of Research for the SANS Institute, sent out a FLASH report about the vulnerabilities involving Bash. This report has some very good information for security practitioners that is worth repeating here. The vulnerability, dubbed Shellshock, affects the Bash command processor which is used in most Linux...
D'oh! Get Your Hammer and Your Payment Card Hacked at "the Homer Depot"
By now the news of the massive payment card data breach at the Home Depot is well known. The company has acknowledged the theft of an estimated 56 million debit and credit card numbers, making it the largest retail breach on record. In a September 18 press release confirming the breach, the merchant says malware discovered on its systems...
Corero is growing - do you have the skills to be a part of the team?
Conversations recently overhead in the busy hallways of the Cambridge Innovation Center (CIC) include the number of in-flight projects being pursued by a single entrepreneur(60+!), a business plan for a(nother) new startup mining Facebook images, and the next international gig to be social media-enabled by another busy team. And starting...
Here's a Good Resource for Learning About Encryption Schemes Before You Put Data in the Cloud
If your organization is planning to have data and applications in the cloud, then you are probably planning to use encryption to secure the data. Encryption is a technology that transforms your data into an alternate format that only authorized parties with a decryption key can read. Like most technologies, encryption can be implemented in...
NATO Nations work to level the playing field in response to cyber attacks
It has been interesting to see news recently of a NATO agreement that indicated that member states would now come to each other’s aid in the event of digital attacks as well as in the case of military attacks. This newly signed deal reaffirms that cyber defense is now, more than ever critical component to a Nation’s comprehensive...
Promoting Voyeurism in the Name of Marketing and Advertising
About the same time the story about the celebrity photo hacking incident broke, I read another disturbing article that does not bode well for personal privacy. San Francisco tech blogger Wendy Lee wrote about advertisers trolling through personal photos that people are posting to social media sites to learn more about their customers. How creepy...
Victim Company Refuses to Pay DDoS Extortion Fee and Is Permanently Forced Out of Business
If your company relies on your website to conduct any amount of business, it's time to take notice of what has been happening lately with regards to DDoS attacks. In the past few weeks, numerous companies have experienced DDoS attacks in which there is a demand for money in order to stop the attacks. In plain words, extortion. According to...
When Trends Collide: Data Collectors Are Gathering Information from Smartphones Used for BYOD
I had an interesting conversation the other day with Rob Shavell, the co-founder and CEO of the online privacy company Abine. We talked about two big trends in mobile computing and what happens as a consequence of their intersection. This collision of trends could have big implications for companies that permit employees to use their...
Passwords Are Like Underwear—They Aren't Meant to Be Shared
In the world of IT security, perhaps nothing is so maligned as the humble computer password. End users hate jumping through hoops to create and remember complex passwords that contain letters, numbers and special characters. IT security professionals complain that end users ignore corporate policy and create obvious passwords like, well,...
First Line of Defense Against DDoS Attacks in a Hosting Environment
Hosting Providers and Datacenters must overcome the challenges associated with a wide range of hosting requirements; maintaining highly available applications, mission critical systems and maximum levels of reliability. Unfortunately, DDoS attacks threaten their ability to do so. This is problematic as a Web hosting, co-location and datacenter...
Boost Your Security Posture through Membership in an Industry Information Sharing and Analysis Center (ISAC)
It's a huge responsibility to try to ensure cyber security for an organization, regardless of its size. Few companies would say they have the full complement of resources they would like to have in order to properly protect themselves from cyber threats. On the belief that there is strength in numbers, many organizations are joining an...
Six Common Sense Steps from the FFIEC to Address DDoS Attacks
Who can forget the series of distributed denial of service (DDoS) attacks on American banks back in 2012 and 2013? Some of the attacks were highly effective in knocking online banking services offline for days at a time. Over time, financial institutions (FIs) learned to bolster their defenses until the attacks grew less and less effective at...
Why Prompt Breach Notification Is Important
In a blog post last April, I wrote about a merchant that waited up to a year to notify customers that their payment card information may have been compromised in a breach. There were extenuating circumstances; the federal authorities investigating the breach asked the merchant to stay silent about the incident during the lengthy investigation. The...
Specially Crafted Packet DoS Attacks, Here We Go Again
One of the unique types of Denial of Service (DoS) attacks involves the usage of specially-crafted packets. Most cybersecurity professionals are already familiar with volumetric and amplified DDoS attacks, but more recent attention has been surrounding fragmented and application-layer DDoS attacks. However, few understand what a...
A Real Story About Successful DDoS Mitigation
If you’re a cybersecurity professional, you may be all too familiar with the risks associated with DDoS attacks. Over the years, the threat landscape has had detrimental effects on organizations. Including, system downtime, brand damage, loss of customer confidence, and ultimately negatively impacting your bottom line. These implications can...
Considering Standards Security
The Internet Engineering Task Force (IETF) Request for Comments (RFCs) are required by RFC 2223, Instructions to RFC Authors, to have a section titled “Security Considerations” that is supposed to call out any special security implications relating to the protocol itself or to the networking infrastructure around it. Unfortunately, the...
Why Do We Call It Cyber Crime If We Don't Treat It Like a Crime?
My subdivision outside of Houston, Texas has a monthly newsletter, and one of the features is the neighborhood police patrol report. It's mostly stuff like items being taken from unlocked cars or suspicious people or vehicles in the neighborhood. Every now and then someone reports identity theft or fraudulent charges on their credit card. I...
Why Would a Cute Little Slow Loris Take Down a Web Server?
You've heard of the "infinite monkey theorem," which states that if you put a hundred monkeys in a room with a bunch of keyboards they will eventually type the works of Shakespeare. Is it possible that another little primate, the incredibly cute slow loris, is capable of taking down web servers with a clever type of denial of service...
DDoS Attacks Hit the World Cup. The Current Score: Anonymous 1, FIFA 0
The world’s most watched sporting event, the World Cup, is now underway in Brazil. Despite an expected audience of billions over the next few weeks, not everyone is a fan. Protesters of every ilk are using the prominence of this event to make a point. That includes hacktivists from Anonymous and other cyber groups looking for...
Securing the Data Center and Generating Revenue - #Winning
Corero CTO, Dave Larson, spoke recently to an audience of Hosting Providers during a (Web Hosting Industry Review) WHIR hosted webinar event. Dave addressed the audience alongside WHIR editor, Nicole Henderson, and explained how hosting providers have a new opportunity to increase their revenue and customer base. After an...
For Sale: Practically All the Details of Your Personal Life
When documents released by Edward Snowden showed that the National Security Agency (NSA) is collecting various types of data on ordinary American citizens, a lot of people were quick to voice their opinion that this is just wrong. Many Americans don’t believe our federal government should be able to snoop on us to learn who we choose to call...
Attack of the Month Video Blog Series: Blended DDoS Attacks
It’s no surprise that today's hackers are getting increasingly smarter. Unfortunately, traditional defenses aren't enough to fight against the different types of DDoS attacks, which are more sophisticated and common place. Hackers are now carrying out a combination of DDoS attacks, known as Blended DDoS attacks, to maximize...
Cash is King!
As early as 2005, government and other Internet security experts were openly discussing the concept of ‘Maybe the Cloud Can Help Secure the Internet’. Should the ISPs, Hosting Providers, Colocation and other bandwidth providers get involved in helping to secure the Internet? According to an article still floating around the...
The 2014 Verizon Data Breach Investigations Report Includes Recommendations to Control or Prevent DoS Attacks
Have you read the 2014 Verizon Data Breach Investigations Report (DBIR) yet—all 60 pages of it? Actually, if you’re pressed for time, you don’t need to read the whole report cover to cover. This year, Verizon made it easy on security practitioners by segmenting the report into 9 major incident patterns. So, you don’t...
Finding Needles in the Haystack of Security Events
I hate to throw a cliché at you, but when it comes to security event and log management, a picture (or a handful of pictures) is certainly worth a thousand words. Security devices generate volumes of raw data, usually in a proprietary manner. Parsing such unstructured data and making sense out of it is a tedious, if not an...
Here’s Why Even Official Public App Stores Can’t Be Trusted
Here’s Why Even Official Public App Stores Can’t Be Trusted One of the first rules of protecting end user devices has always been “Install anti-virus software and keep it up to date.” Even as people have shifted from laptops and desktops to more mobile devices like smart phones and tablets, security experts advise...
How to Get More Value from Your Vulnerability Assessments and Penetration Testing
A lot of companies do vulnerability assessments and penetration testing of their own systems to try to head off cyber attacks. Some companies are compelled to do annual pen testing because of regulations that govern their business. Regardless of the reasons for doing the testing, companies are spending good money on the process and should look for...
Best Common Practice - 38, Perhaps Wise Beyond Its Years
Best Common Practice - 38, Perhaps Wise Beyond Its Years Perhaps a little known fact in the inner workings of what we know as the World Wide Web, is that ability to spoof Service Provider source IP addresses and send traffic into the Internet using a fake or pseudo IP address is quite a common practice. Most often used for malicious purposes...
2014 – The rise and fall of the NTP Reflection Attack
I think the industry should set a goal to eliminate the NTP reflection attack before the end of 2014. I’m talking about total eradication, and I’ll tell you why I think it is possible. Although the ICS Cert was published in February of this year, the big news about NTP attacks started at the end of 2013, so...
The Oxymoronic Notion of “Online Privacy”: When Information is Too Private for a Search Engine to Display
There was a ruling by the Court of Justice of the European Union this week, and it’s causing quite a bit of controversy on the U.S. side of the pond. The ruling has to do with online privacy and the obligation of Internet search engine operators to respect individuals’ privacy by not displaying specific search results if requested to...
Life in the Fast Lane
Many of us buy premium gas at gas stations, premium seats on airlines, premium upgrades at hotels and premium groceries at boutique retailers. If individuals or their respective businesses are willing to pay for a premium service, why would anyone oppose it? I ask this question as we await a ruling from the FCC as it relates...
Big Things from Small Data
Big data is big, and security vendors across the globe participate in the phenomenon by collecting, slicing, and dicing representative traffic (good and otherwise) on customer networks to better identify, predict, and mitigate attacks on the front lines. Still, for all the data used daily to baseline, extrapolate, and diagnose, it is sometimes...
The State of PCI Compliance in 2014: Getting Better but Still Insufficient
2014 marks the 10-year anniversary of the Payment Card Industry Data Security Standards (PCI DSS). It is also the year that version 3.0 of the set of security standards was released. All merchants who accept credit and debit cards as a form of payment should now be upgrading their systems to meet the new higher standards of PCI DSS 3.0. There...
ISACA Launches Cybersecurity Nexus, a Comprehensive Program for Information Security Professionals
A few weeks ago I wrote about an opportunity for entry-level information security (infosec) professionals to get some training and “skill up” for their careers. Now there is a new option for people coming into the infosec profession. Today ISACA is launching a comprehensive new program called Cybersecurity Nexus (CSX).

What’s Hiding Behind that DDoS Attack?
Multi-vector patterns of DDoS attacks are becoming more commonplace in the world of cyber warfare. From the volumetric attacks aimed to fill your pipe and squeeze your Internet bandwidth down to nothing, to the low and slow application layer attacks that sneak right through traditional defenses – combination attacks are becoming the norm....
Communications Teams Get a Failing Grade Over Heartbleed
First of all, let me say thank you to the security professionals who are working their butts off to develop patches and permanent fixes for problems caused by Heartbleed. I know this is an extraordinary case of the highest priority. Thank you for using your talents and your time to plug this gaping hole and make your users safe again. That...
What’s Needed Now: Supply Chain Integrity Testing
Listen up, all you security experts who want to be an entrepreneur! John Pescatore, the SANS Institute Director of Emerging Security Trends, sees an opportunity for the Next Big Thing in tech security. In Pescatore’s view, there’s a growing need for supply chain integrity testing. In the wake of all the digital spying revelations...
Attack of the Month Video Blog Series: Network Layer Attacks In ICS
In the world of Industrial Control Systems (ICS) system outage or infiltration can result in system downtime, loss of productivity and loss of revenue, as well as loss of confidentiality, integrity and availability. Additionally, system outage or infiltration could possibly result in loss of life often due to the critical nature of these devices....
Who Are Breach Disclosure Laws Meant to Protect? One Merchant Held up Notifications for More Than a Year at the Request of Federal Authorities
I live in Texas, and there’s a regional retailer that has just announced a data breach that is believed to have affected more than half a million customers. The announcement is controversial because the company, Spec’s, supposedly knew about the theft of payment card data almost a year ago and is just now telling customers. As you...
New DDoS Warning Issued - Banking Industry Beware
The Federal Financial Institutions Examination Council (FFIEC), today released advisory statements warning Financial Institutions of risks associated with cyber-attacks on ATM's, credit card authorization systems and the continued DDoS attacks against public-facing websites. It is encouraging to see continued awareness and general guidance...
Who Is Reading Your Email, and for What Purpose?
Thanks to the NSA, so much attention has been on the fact that the federal government is collecting metadata about our phone calls that we have taken our eyes off what’s happening on the email front. There have been a few stark reminders in the news recently that email isn’t private and we shouldn’t use it to transmit sensitive...
Cybersecurity Professionals Are in Big Demand as Staffing Shortages Hit Critical Levels
In a previous blog post I talked about the upcoming National Cybersecurity Career Fair (NCCF) this June 18 and 19, 2014. NCCF is an innovative virtual meeting place for the top cybersecurity employers and entry to mid level cybersecurity jobseekers in the United States. It turns out that this job fair is desperately needed by employers in...
DDoS Attacks - A Mainstream Occurrence and Disruption to Your Business
Corero recently partnered with John Pescatore, Director of Emerging Security Trends with the SANS Institute in developing a survey program designed to shed more light on organizations’ experiences with DDoS attacks. What we uncovered does not come as a surprise to those well entrenched in the DDoS defense space. The results continue...
National Cybersecurity Career Fair in June Will Connect Employers to Entry Level Cybersecurity Workers
Do you know anyone who is an aspiring cyber security professional? Here is some important information to pass along to help them get their career started. This is also big news if your organization is looking to recruit entry-level people for IT security positions. Coming up this June 18 and 19, 2014, Cyber Aces is presenting the first National...
NTP Amplification DDoS Attacks Are Skyrocketing. Do You Have Your Defense System in Place?
In his recent “Attack of the Month Video Blog Series,” Stephen Gates talks about NTP reflective traffic as the latest technique being used to launch DDoS attacks against hapless victims. This is certainly something to pay attention to. Since the beginning of 2014, the number of attacks using this method has skyrocketed, largely because...
Vulnerable WordPress Servers, A Real Cause for Concern
Attacks against, and attacks used to manipulate WordPress servers have been seeing more of their fair share of publicity over the last several months. As we dig a little deeper into the two attack scenarios, a few key points come to light. In the spring of 2013 many WordPress servers located in both Hosting Centers and DMZs throughout the...
Attack of the Month Video Blog Series: NTP Reflective Attacks
NTP or Network Time Protocol attacks have been taking center stage as of late. What’s interesting here is that the move to exploit UDP based protocol suggests that we (the good guys) are raising the security bar and thus making it more difficult to successfully exploit DNS amplification attacks. NTP is another critical Internet service...
Business Lessons from the DDoS Attacks on Social Networking Site Meetup
In early March, the social networking site Meetup was hit by a series of DDoS attacks. The attacks did some damage, not the least of which was knocking the site offline for hours at a time over a period of several days. However, I have to say that it appears that the Meetup management and technical team did a few things right to get through this...
Internet Hosting Providers that Fail to Prepare for DDoS Attacks are Derelict in Their Duties to Care for Their Clients
On February 18, 2014, the online gaming website Wurm was the victim of a DDoS attack. The company posted the following note on its website at the time of its attack: "Shortly after today's update we were the target of a DDoS attack and our hosting provider had to pull us off the grid for now. We will be back as soon as possible but...
Cybersecurity in the U.S. Healthcare System is in Critical Condition and Needs Intensive Care
Last fall my husband was visiting a relative in the hospital when he noticed an Ethernet port on the side of the bed. He asked the nurse what the hospital uses the port for. She explained that they occasionally connect patient-monitoring devices to the port on the bed to facilitate transmission of alerts to the nurses’ station. For example,...
Watch for DDoS Attacks as a Diversionary Tactic for Other Types of Cyber Crime
Have you heard of a smash-and-grab robbery? In the physical world, it usually refers to a group of thugs who storm a retail store – often a jewelry store or a pawn shop – and smash the display cases with sledge hammers. They grab all the expensive merchandise they can get and run out of the store before shocked store clerks have much...
Attack of the Month Video Blog Series: Application Layer DDoS Attacks
Happy Valentine's Day everyone. For the LOVE of DDoS defense, I'm pleased to share with you another video blog, this time focused on Application Layer attacks. Today's 5 minute session I will cover Application Layer attacks in more detail: What are these attacks? Why are they an emerging threat, or continue to be a...
Hacking Attacks are Practically Guaranteed at the Sochi Olympics
The winter Olympics get underway in Sochi, Russia this week, and most of the attention about security has been focused on physical security and the potential for acts of terrorism. Russian President Putin has promised a “ring of steel” around the Olympic venues to provide a high level of physical safety for the athletes and tens of...The Role of Service Providers in Strengthening the Nation’s Cybersecurity
In November 2013, the President’s Council of Advisors on Science and Technology (PCAST) submitted a public report to U.S. President Barack Obama. The report, Immediate Opportunities for Strengthening the Nation’s Cybersecurity, provides key insights from a more comprehensive but classified assessment of the Nation’s cybersecurity...
What’s in that Refrigerator—Fish or Phish?
Well, here’s a switch. Usually televisions are bringing crap into our households. Now experts have learned that some smart TVs have been sending crap (in the form of spam) out of their owners’ houses. A recent press release from Proofpoint, Inc. details how the security service provider uncovered an Internet of Things (IoT) based...Federal Investigators Warn Retailers: If You Have a POS System in Operation, You May be at Risk
Hang on to your credit cards and start checking your free credit reports: The latest news about retail breaches is not good.