DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS"

Transcription

1 DNS POISONING, AKA PHARMING, MAKES THE HEADLINES IN NOVEMBER S NEWS December 2011 November saw DNS Poisoning, aka Pharming, making the headlines on more than one occasion: To name a few, the online threat showcased in the high-profile hijacking of several Brazilian ISPs DNS servers; an incident that resulted in millions of Brazilian users being infected with a banking Trojan. As well, the FBI arrested half a dozen Estonianbased cybercriminals last month in connection with a fraudulent DNS-rerouting scheme that enabled the gang to rake in $14 Million in fraudulent advertising revenue. In view of November s DNS-related incidents, this month s highlight sheds light on the Domain Name System ( DNS ), including: What the DNS system Is How it works Potential threats as exemplified in recent cases Prevention and mitigation measures WHAT IS THE DOMAIN NAME SYSTEM? The Domain Name System ( DNS ) is a system designed to facilitate locating an internet resource, and can be likened to a phone directory, which resolves people s names to their respective phone numbers. In much the same way, DNS servers resolve web domains (such as to their correct IP addresses (for example, ). HOW DOES IT WORK? The Domain Name System is a distributed, hierarchical system that issues queries from a user s computer to other domain name servers until the IP address of the requested resource is located. When an online user enters a domain name in a browser s address bar, for example, the query undergoes the following flow of events: FRAUD REPORT

2 1. The OS queries a local file called Hosts, also known as the Hosts File. (In Windows systems, the file is located here: [LocalDisk]/Windows/system32/drivers/etc.) The Hosts file maps domains, aka hosts, to their IP address. (This is relevant to some operating systems, in which a query is first issued to the local Hosts file, before it is issued to external resources.) 2. If the IP address of the host is not defined in the Hosts file, the OS queries the user s local DNS cache. (You can view your local DNS cache by running the command ipconfig /displaydns.) 3. If the appropriate IP address is not located in the user s local DNS cache, the OS issues a query to the ISP s DNS servers (or the user s organization s DNS servers). 4. The ISP checks the cache of its own DNS servers, and if the resource for the host is not cached, it then issues a query to the root name servers to find the DNS server responsible for the relevant top level domain (TLD). For example, a query for the domain would be forwarded to the.com root name server (which is the authoritative DNS server for.com domains). 5. The TLD server locates the authoritative name server for which would normally be configured as ns1.website.com. 6. The authoritative name server, ns1.website.com, locates the IP address for and resolves the query. 7. The OS queries the IP address of and retrieves its content (the actual website). POTENTIAL THREATS AS EXEMPLIFIED IN RECENT CASES Potential threats to the integrity of the DNS query chain include classic pharming, DNS Cache Poisoning, Rogue DNS servers, and local pharming. These threats are explained below, along with relevant cases that made the headlines in November. Classic Pharming Classic pharming consists of the deliberate manipulation of DNS records with the objective of providing an incorrect IP address for a given domain query. For example, instead of resolving https://abc-bank.com to , a poisoned DNS record would return an incorrect IP address such as The false IP address returned to an online user could harbor a wide range of fraudulent content, including anything from a phishing attack that mimics the genuine website to a Trojan infection point containing a drive-by-download. DNS Cache Poisoning Earlier last month, cybercriminals reportedly hacked the cache of DNS servers belonging to several major ISPs in Brazil, changing the ISP s DNS cache records for high-traffic websites, such as Google Brazil, YouTube, Gmail, Hotmail and several large Brazilian Internet portals like Uol, Terra or Globo. A DNS server s cache functions as a storage area for responses received in previous DNS queries. DNS caches are employed with the objective of resolving DNS queries faster; improving users browsing experience by saving the time it takes to meander a query through all the relevant DNS servers until the appropriate IP address is returned. When trying to access the high-profile websites mentioned above from one of the affected ISPs, users were redirected to a website that forced them to download a banker Trojan (possibly one of the numerous variants of the Brazilian Baker Trojan), which masqueraded as a small, innocuous Java applet (a small Java application). Given that Brazil has over 70 million internet users, and that each ISP in the country serves at least 3 million subscribers, targeted financial institutions were likely heavily page 2

3 impacted by the DNS cache poisoning attack. The confidentiality of millions of online banking accounts was jeopardized as Banker Trojans easily collect usernames and passwords (either via keylogging, or the logging of all HTTP and HTTPS communications). The breach of the DNS servers cache may have resulted from inherent software vulnerabilities or from the criminal actions of a server administrator, who may have exploited his/her access to these servers to manipulate the servers cached responses. Such was the case that made headlines in early November, when an employee of a Brazilian ISP was arrested by the Brazilian Federal Police for continuously manipulating the ISP s DNS cache results over a 10-month period. The DNS cache poisoning in this incident resulted in the redirection of the ISP s subscribers to phishing attacks. Rogue DNS Servers Also in early November, the FBI announced that a fraud scheme involving the manipulation of users DNS settings resulted in a cybercrime gang s raking in $14 million in revenue, which the gang generated by earning commissions on clicks made by users on ads for which they acted as publishers. To get users to click on ads for which the cybercriminals would be paid commission, the gang rerouted search engine results to websites that featured revenue-generating ads (for which they acted as publishers). Plus, the crime ring replaced legitimate online ads with different ads for which they could once again earn commission. To accomplish their fraudulent feats, the gang manipulated users DNS settings by launching an infection campaign that compromised machines with a piece of malware called DNSChanger. The malware effected a change on users local DNS settings, rerouting their machines DNS queries to rogue DNS servers under the gang s control. This means that instead of querying their ISP s legitimate DNS servers, victims who downloaded DNSChanger constantly queried the gang s rogue DNS server, which served bogus search engine results and fraudulently-replaced ads on legitimate websites. Rerouting hyperlinks that came up on search engine results enabled the gang to generate revenue by leading them to a different webpage than the one indicated by the hyperlink, which contained advertisements purportedly related to a product they sought. Subsequent clicks by users on those ads generated commissions for the gang. This scheme is known as Click Hijacking or click-jacking. Another revenue-generating scheme deployed by the gang involved advertising replacement fraud. As stated by the FBI, Using the DNS Changer malware and rogue DNS servers, the defendants also replaced legitimate advertisements on websites with substituted advertisements that triggered payments to the gang. Local Pharming While not directly involving DNS servers, local pharming comprises another form of IP-resolution fraud. In some operating systems, hosts files are given priority over resolution by DNS systems. In such systems, if a given host (web domain) is located in the hosts file, no DNS query is performed to resolve its IP address, but rather the IP specified in the hosts file is used. Consequently, by changing the IP address associated with the host name (domain) of an entity, Local Pharming Trojans redirect victims to various fraudulent webpages, which may in turn serve malicious content ranging from phishing attacks to Trojan infection points and click-jacking schemes. Local pharming is especially popular among variants of the Brazilian Banker Trojan. PREVENTION AND MITIGATION MEASURES How can pharming be prevented? A set of specifications, issued as part of a larger industry-wide effort, called the Domain Name System Security Extensions (DNSSEC), consists of specifications that enable authentication of DNS responses, in an effort to improve the reliability of DNS responses and thwart DNS-poisoning efforts. The central idea behind DNSSEC is to enable DNS query responses to be authenticated using a page 3

4 digital signature. A digitally signed DNS query enables a user to verify whether the information received in response to a DNS query matches the information served by the authoritative DNS server for that domain, ensuring that the DNS response is correct and complete. How can a pharming attack be mitigated once launched? An outsourced solution, such as the RSA FraudAction Anti-Pharming Service, is designed to handle DNS poisoning attacks from the detection phase to the threat s complete shutdown. To detect pharming on a particular entity s website, RSA deploys dedicated servers that actively monitor the Internet in search for poisoned DNS servers. As illustrated below (and mentioned above), pharming, including local pharming, may be launched from four different points in the DNS query chain: The user s Hosts File (local pharming) The ISP s DNS server The Root Name Server The Authoritative Name Server As large scale attacks may be launched from the latter three points (ISPs DNS Server, the Root Name Server, and a domain s Authoritative Name Server), that is where mitigation solutions focus their monitoring and detection efforts. The FraudAction Anti-Pharming Service is focused on points 2, 3 and 4 (excluding the user s own PC), focusing on where the majority of large scale attacks can take place (see figure below). RSA FraudAction Anti-Pharming 1-4 represent the DNS hierarchy 1 Real-time Scanning User PC host file DNS bypass ISP DNS Root DNS server Bank/authoritative DNS server Bank s web server (As a side note, local pharming attacks, which are the product of Local Pharming Trojans, are detected, monitored, blocked and shut down using a different methodology. The RSA FraudAction Anti-Trojan Service detects and handles Local Pharming Trojans on a regular basis.) To detect pharming on a given set of domain names, the website domains of a specific organization for example, a system is set up to continuously query the above points of the DNS query chain. The system verifies the validity of the name server and IP-address responses to DNS queries on an organization s domains. In addition, the system scans select ISP DNS servers to ensure that their cached data has not been poisoned at any point in time. If an attack is detected and confirmed, the spoofed website is taken down, and the owner of the poisoned DNS server is contacted to enable the immediate removal of the manipulated DNS information. The key to fighting DNS poisoning is limiting the window of opportunity that a pharming attack has to serve malicious content (be it phishing attacks, Trojan attacks, or click-jacking) to a potential victim. Real-time detection of a pharming attack that is already in progress, combined with the means and capabilities to immediately remediate, can significantly curtail the debilitating impact such an attack may have. page 4

5 Phishing Attacks per Month In November, phishing volume increased 18 percent with 28,365 unique attacks detected by RSA. Compared to the same time last year (November 2010 vs. November 2011), phishing volume has increased 69 percent Dec 10 Nov Jan Feb Mar 11 Apr May Jul 11 Jun Aug 11 Sept Oct Nov 11 Source: RSA Anti-Fraud Command Center Number of Brands Attacked Last month, 313 brands were targeted within phishing attacks, marking a five percent increase. Fifty-five percent of the brands targeted last month endured less than five attacks each. This figure is slightly higher than the 51 percent recorded in October. It appears that an increasing number of brands are enduring less than five attacks per month as phishers look to expand the list of brands added to their target list Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sept 11 Oct Nov 11 Source: RSA Anti-Fraud Command Center page 5

6 100 10% 8% 11% 9% 11% 15% 12% 11% 10% 19% 6% 14% 9% US Bank Types Attacked 80 19% 18% 15% 15% 18% 22% 12% 20% 23% 20% 25% 12% 16% The portion of brands targeted in the U.S. credit union sector decreased five percent, while brands targeted with phishing in the regional US banking sector saw a four percent increase. In addition, the portion of phishing attacks against nationwide U.S. banks increased two percent % 74% 74% 76% 71% 63% 76% 69% 67% 61% 69% 74% 75% Source: RSA Anti-Fraud Command Center Nov 11 Oct 11 Sept 11 Aug 11 Jul 11 Jun 11 May 11 Apr 11 Mar 11 Feb 11 Jan 11 Dec 10 Nov 10 Top Countries by Attack Volume In September 2011, the UK overtook the U.S. s ostensibly perpetual position as the country that endured the highest volumes of phishing attacks each month. In November, the UK remains the country that has suffered the highest volume of phishing attacks with 51 percent of attacks launched against entities in the UK. a Australia South Korea Canada Australia 1% India 2% Brazil 3% 37 Other Countries 3% Canada 6% South Africa 8% Netherlands 1% China Colombia 1% Germany UK France United Kingdom 51% Nethe The U.S. endured the second highest volume -23 percent - less than half of the attacks experienced by the UK, followed by South Africa (8 percent) and Canada (6 percent). U.S. 23% page 6

7 Italy 2% South Africa 2% a US S Africa China 2% China Italy Colombia 2% Canada Netherlands India Bras Germany 2% Spain 3% Top Countries by Attacked Brands Through November, a total of 20 countries endured one percent or more of the world s phishing attacks. Together, the U.S. and UK accounted for 43 percent of the world s targeted brands, while the brands of eleven additional countries accounted for a total of 35 percent of phishing attacks in November. France 3% India 4% Canada 4% Australia 4% Brazil 7% U.S. 32% United Kingdom 11% 33 Other Countries 21% USA Australia South Korea Canada 2% Canada Poland 2% France 2% China Germany Netherlands 2% UK France Net Top Hosting Countries In November, the US hosted 61 percent of the world s phishing attacks, a seven percent increase from October. Nine of the top ten hosting countries in November retained their status from October with Poland replacing the Ukraine on that chart. Brazil 2% Australia 3% Russia 4% Germany 4% United Kingdom 5% U.S. 61% 65 Other Countries 14% page 7

8 CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. DEC RPT 1211

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD April 2013 As cybercriminals will have it, phishing attacks are quite the seasonal trend. It seems that every April, after showing a slight decline

More information

PHISH LOCKERS OUT IN THE WILD

PHISH LOCKERS OUT IN THE WILD PHISH LOCKERS OUT IN THE WILD August 2013 RSA researchers have been increasingly witnessing the activity of highly targeted Trojans, dubbed Phish Lockers, used at the hands of cybercriminals to steal credentials.

More information

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information

More information

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

BUGAT TROJAN JOINS THE MOBILE REVOLUTION BUGAT TROJAN JOINS THE MOBILE REVOLUTION June 2013 RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat s developers managed to develop and deploy mobile malware designed to

More information

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS May 2012 As of April 30th, 2012 the Citadel Trojan was at its fourth upgrade with Version 1.3.4.0 already in the hands of its customers. Citadel s features, bug

More information

BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION

BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION BEHIND THE SCENES OF A FAKE TOKEN MOBILE APP OPERATION December 2013 In the last few years, we have seen the mobile space explode with malware. According to a recent report by Trend Micro, the number of

More information

MALWARE TOOLS FOR SALE ON THE OPEN WEB

MALWARE TOOLS FOR SALE ON THE OPEN WEB MALWARE TOOLS FOR SALE ON THE OPEN WEB May 2014 RSA Research, while investigating a Zeus Trojan sample, discovered an additional drop server used by a fraudster who is offering a set of spyware tools for

More information

Phishing Activity Trends

Phishing Activity Trends Phishing Activity Trends Report for the Month of, 27 Summarization of Report Findings The number of phishing reports received by the (APWG) came to 23,61 in, a drop of over 6, from January s previous record

More information

Phishing Activity Trends Report June, 2006

Phishing Activity Trends Report June, 2006 Phishing Activity Trends Report, 26 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial account

More information

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud

Phishing Activity Trends Report. 1 st Half 2009. Committed to Wiping Out Internet Scams and Fraud 1 st Half 2009 Committed to Wiping Out Internet Scams and Fraud January June 2009 Phishing Report Scope The quarterly APWG analyzes phishing attacks reported to the APWG by its member companies, its Global

More information

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP August 2014 RSA agents recently traced a threat actor advertising a mobile credit card store application. The cybercriminal shared the information

More information

Phishing Activity Trends Report for the Month of December, 2007

Phishing Activity Trends Report for the Month of December, 2007 Phishing Activity Trends Report for the Month of December, 2007 Summarization of December Report Findings The total number of unique phishing reports submitted to APWG in December 2007 was 25,683, a decrease

More information

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers

DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

What Does DNSChanger Do to My Computer? Am I Infected?

What Does DNSChanger Do to My Computer? Am I Infected? DNSChanger Malware DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other.

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Who Is Fighting Phishing

Who Is Fighting Phishing Who Is Fighting Phishing An Overview of the Phishing Lifecycle and the Entities Involved White Paper Who Is Fighting Phishing An Overview of the Phishing Lifecycle and the Entities Involved Contents Introduction

More information

DNS Security FAQ for Registrants

DNS Security FAQ for Registrants DNS Security FAQ for Registrants DNSSEC has been developed to provide authentication and integrity to the Domain Name System (DNS). The introduction of DNSSEC to.nz will improve the security posture of

More information

Current counter-measures and responses by CERTs

Current counter-measures and responses by CERTs Current counter-measures and responses by CERTs Jeong, Hyun Cheol hcjung@kisa.or.kr April. 2007 Contents I. Malware Trends in Korea II. Malware from compromised Web sites III. Case Study : Malware countermeasure

More information

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation

More information

Using big data analytics to identify malicious content: a case study on spam emails

Using big data analytics to identify malicious content: a case study on spam emails Using big data analytics to identify malicious content: a case study on spam emails Mamoun Alazab & Roderic Broadhurst Mamoun.alazab@anu.edu.au http://cybercrime.anu.edu.au 2 Outline Background Cybercrime

More information

FAQ (Frequently Asked Questions)

FAQ (Frequently Asked Questions) FAQ (Frequently Asked Questions) Specific Questions about Afilias Managed DNS What is the Afilias DNS network? How long has Afilias been working within the DNS market? What are the names of the Afilias

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013

SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013 SYMANTEC INTELLIGENCE REPORT NOVEMBER 2013 p. 2 CONTENTS CONTENTS 3 Executive Summary 4 BIG NUMBERS 7 TARGETED ATTACKS 8 Targeted Attacks in 2013 8 Targeted Attacks per Day 8 First Attacks Logged by Month

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today

More information

MALICIOUS REDIRECTION A Look at DNS-Changing Malware

MALICIOUS REDIRECTION A Look at DNS-Changing Malware MALICIOUS REDIRECTION A Look at DNS-Changing Malware What are Domain Naming System (DNS)-changing malware? These recently garnered a lot of attention due to the recent Esthost takedown that involved a

More information

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats

More information

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR

場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR 場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance

More information

HOSPIRA (HSP US) HISTORICAL COMMON STOCK PRICE INFORMATION

HOSPIRA (HSP US) HISTORICAL COMMON STOCK PRICE INFORMATION 30-Apr-2004 28.35 29.00 28.20 28.46 28.55 03-May-2004 28.50 28.70 26.80 27.04 27.21 04-May-2004 26.90 26.99 26.00 26.00 26.38 05-May-2004 26.05 26.69 26.00 26.35 26.34 06-May-2004 26.31 26.35 26.05 26.26

More information

INTERNET DOMAIN NAME SYSTEM

INTERNET DOMAIN NAME SYSTEM INTERNET DOMAIN NAME SYSTEM http://www.tutorialspoint.com/internet_technologies/internet_domain_name_system.htm Copyright tutorialspoint.com Overview When DNS was not into existence, one had to download

More information

Ziv Mador Senior Program Manager and Response Coordinator. Jeff Williams Principal Group Manager. Microsoft Malware Protection Center

Ziv Mador Senior Program Manager and Response Coordinator. Jeff Williams Principal Group Manager. Microsoft Malware Protection Center Ziv Mador Senior Program Manager and Response Coordinator Jeff Williams Principal Group Manager Microsoft Malware Protection Center Trend of Malware and Potentially Unwanted Software becoming more regional

More information

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain

More information

Attack Intelligence Research Center Monthly Threat Report MalWeb Continues to Make Waves on Legitimate Sites

Attack Intelligence Research Center Monthly Threat Report MalWeb Continues to Make Waves on Legitimate Sites Attack Intelligence Research Center Monthly Threat Report MalWeb Continues to Make Waves on Legitimate Sites A l a d d i n. c o m / e S a f e Following up on some recent attacks, the AIRC team wanted to

More information

Phishing Activity Trends Report. 1 st Half 2011. Unifying the. Global Response To Cybercrime

Phishing Activity Trends Report. 1 st Half 2011. Unifying the. Global Response To Cybercrime 1 st Half 2011 Unifying the Global Response To Cybercrime January June 2011 Phishing Report Scope The APWG analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners,

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

White Paper August 2005. McAfee Phishing/Pharming. Phishing & Pharming Understanding Phishing and Pharming.

White Paper August 2005. McAfee Phishing/Pharming. Phishing & Pharming Understanding Phishing and Pharming. White Paper August 2005 McAfee Phishing/Pharming Phishing & Pharming Understanding Phishing and Pharming Understanding Phishing & Pharming 2 Table of Contents Introduction-Understanding Phishing and Pharming

More information

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS TABLE OF CONTENTS BEST SECURITY PRACTICES Home banking platforms have been implemented as an ever more efficient 1 channel through for banking transactions.

More information

A Cybercrime Hub. Trend Micro Threat Research. Trend Micro, Incorporated. A Trend Micro White Paper I August 2009

A Cybercrime Hub. Trend Micro Threat Research. Trend Micro, Incorporated. A Trend Micro White Paper I August 2009 Trend Micro, Incorporated Trend Micro Threat Research A Trend Micro White Paper I August 2009 TABLE OF CONTENTS INTRODUCTION...3 THE CYBERCRIME COMPANY...4 ROGUE DNS SERVERS...5 INTRANET OF CYBERCRIME...6

More information

Phishing Activity Trends Report. 1 st Quarter 2014. Unifying the. To Cybercrime. January March 2014

Phishing Activity Trends Report. 1 st Quarter 2014. Unifying the. To Cybercrime. January March 2014 1 st Quarter 2014 Unifying the Global Response To Cybercrime January March 2014 Published June 23, 2014 , Phishing Report Scope The APWG analyzes phishing attacks reported to the APWG by its member companies,

More information

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success

HACKER INTELLIGENCE INITIATIVE. The Secret Behind CryptoWall s Success HACKER INTELLIGENCE INITIATIVE The Secret Behind 1 1. Introduction The Imperva Application Defense Center (ADC) is a premier research organization for security analysis, vulnerability discovery, and compliance

More information

Median and Average Sales Prices of New Homes Sold in United States

Median and Average Sales Prices of New Homes Sold in United States Jan 1963 $17,200 (NA) Feb 1963 $17,700 (NA) Mar 1963 $18,200 (NA) Apr 1963 $18,200 (NA) May 1963 $17,500 (NA) Jun 1963 $18,000 (NA) Jul 1963 $18,400 (NA) Aug 1963 $17,800 (NA) Sep 1963 $17,900 (NA) Oct

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

Domain Name Abuse Detection. Liming Wang

Domain Name Abuse Detection. Liming Wang Domain Name Abuse Detection Liming Wang Outline 1 Domain Name Abuse Work Overview 2 Anti-phishing Research Work 3 Chinese Domain Similarity Detection 4 Other Abuse detection ti 5 System Information 2 Why?

More information

INFORMATION SECURITY REVIEW

INFORMATION SECURITY REVIEW INFORMATION SECURITY REVIEW 14.10.2008 CERT-FI Information Security Review 3/2008 In the summer, information about a vulnerability in the internet domain name service (DNS) was released. If left unpatched,

More information

Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron

Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron In its Beijing Communiqué of 11 April 2013, the ICANN Government Advisory Committee (GAC) called on ICANN to have new gtld

More information

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) 5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) survey says: There are things that go bump in the night, and things that go bump against your DNS security. You probably know

More information

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA

Prevent Malware attacks with F5 WebSafe and MobileSafe. Alfredo Vistola Security Solution Architect, EMEA Prevent Malware attacks with F5 WebSafe and MobileSafe Alfredo Vistola Security Solution Architect, EMEA Malware Threat Landscape Growth and Targets % 25 Of real-world malware is caught by anti-virus Malware

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

DNSChanger Remediation Techniques

DNSChanger Remediation Techniques DNSChanger Remediation Techniques Updated November 25, 2011 Internet Identity Threat Intelligence Department http://www.internetidentity.com Table of Contents Summary 3 DNSChanger: What does it do? 3 Remediation

More information

Security A to Z the most important terms

Security A to Z the most important terms Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from

More information

Phishing Scams Security Update Best Practices for General User

Phishing Scams Security Update Best Practices for General User Phishing Scams Security Update Best Practices for General User hishing refers to the malicious attack Pmethod by attackers who imitate legitimate companies in sending emails in order to entice people to

More information

The current case DNSChanger what computer users can do now

The current case DNSChanger what computer users can do now The current case DNSChanger what computer users can do now Content What happened so far? 2 What is going to happen on 8 March 2012? 2 How can I test my Internet settings? 2 On the PC 3 On the router 5

More information

2012 NORTON CYBERCRIME REPORT

2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 2012 NORTON CYBERCRIME REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND,

More information

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives Testimony of Fiona M. Alexander Associate Administrator, Office of International Affairs National Telecommunications and Information Administration United States Department of Commerce Before the Committee

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

STATE OF DNS AVAILABILITY REPORT

STATE OF DNS AVAILABILITY REPORT STATE OF DNS AVAILABILITY REPORT VOLUME 1 ISSUE 1 APRIL 2011 WEB SITES AND OTHER ONLINE SERVICES ARE AMONG THE MOST IMPORTANT OPERATIONAL AND REVENUE GENERATING TOOLS FOR BUSINESSES OF ALL SIZES AND INDUSTRIES.

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS The Internet Threat Landscape Symantec TM Dean Turner Director Global Intelligence Network Symantec Security

More information

Versafe TotALL Online Fraud Protection

Versafe TotALL Online Fraud Protection Versafe TotALL Online Fraud Protection Protect ALL users. From ALL malware, threat types. On ALL devices. ALL transparently to the end-user. Summary of Mobile Malware & Cross-Device Attacks Overview of

More information

THE UNIVERSITY OF BOLTON

THE UNIVERSITY OF BOLTON JANUARY Jan 1 6.44 8.24 12.23 2.17 4.06 5.46 Jan 2 6.44 8.24 12.24 2.20 4.07 5.47 Jan 3 6.44 8.24 12.24 2.21 4.08 5.48 Jan 4 6.44 8.24 12.25 2.22 4.09 5.49 Jan 5 6.43 8.23 12.25 2.24 4.10 5.50 Jan 6 6.43

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

2013 NORTON REPORT 13,022 ONLINE ADULTS AGED 18-64

2013 NORTON REPORT 13,022 ONLINE ADULTS AGED 18-64 2013 NORTON REPORT 2013 NORTON REPORT 24 COUNTRIES AUSTRALIA, BRAZIL, CANADA, CHINA, COLOMBIA, DENMARK, FRANCE, GERMANY, INDIA, ITALY, JAPAN, MEXICO, NETHERLANDS, NEW ZEALAND, POLAND, RUSSIA, SAUDI ARABIA,

More information

Symantec Intelligence Report: February 2013

Symantec Intelligence Report: February 2013 Symantec Intelligence Symantec Intelligence Report: February 2013 Welcome to the February edition of the Symantec Intelligence report, which provides the latest analysis of cyber security threats, trends,

More information

Acceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name.

Acceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name. This Acceptable Use Policy forms part of the Registry Policies that apply to and

More information

The Threat of DNS Spoofing on Financial Services

The Threat of DNS Spoofing on Financial Services The Threat of DNS Spoofing on Financial Services This executive whitepaper describes the DNS cache poisoning/spoofing attack in general, and the recent reports by Trusteer about the vulnerabilities of

More information

Phishing: Facing the Challenge of Email Identity Theft with Proper Tools and Practices

Phishing: Facing the Challenge of Email Identity Theft with Proper Tools and Practices Phishing: Facing the Challenge of Email Identity Theft with Proper Tools and Practices A Leadfusion White Paper 2012 Leadfusion, Inc. All rights reserved. The Threat of Phishing Email is an indispensable

More information

Protect Your Business and Customers from Online Fraud

Protect Your Business and Customers from Online Fraud DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently

More information

Phishing Countermeasures

Phishing Countermeasures Fraud Investigation and Education FIS www.fisglobal.com Phishing What is it? Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e mail messages that

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Computer Networks: Domain Name System

Computer Networks: Domain Name System Computer Networks: Domain Name System Domain Name System The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses DNS www.example.com 208.77.188.166 http://www.example.com

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Course Content: Session 1. Ethics & Hacking

Course Content: Session 1. Ethics & Hacking Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for

More information

Insecurity breeds at home

Insecurity breeds at home Insecurity breeds at home - Vulnerabilities in SOHO routers Amrita Center for Cyber Security Amrita University Small Office Home Office(SOHO) Routers 2 Problem at hand No technology available to detect/prevent

More information

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you

More information

Securing Your Business with DNS Servers That Protect Themselves

Securing Your Business with DNS Servers That Protect Themselves Product Summary: The Infoblox Secure DNS Solution mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate queries.

More information

Protection for Mac and Linux computers: genuine need or nice to have?

Protection for Mac and Linux computers: genuine need or nice to have? Protection for Mac and Linux computers: genuine need or nice to have? The current risk to computers running non-windows platforms is small but growing. As Mac and Linux computers become more prevalent

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table ARP and DNS Both protocols do conversions of a sort, but the distinct difference is ARP is needed for packet transfers and DNS is not needed but makes things much easier. ARP Address Resolution Protocol

More information

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security Web Security Gateway Web Security Web Filter Express Hosted Web Security Web Security Solutions The Approach In the past, most Web content was static and predictable. But today s reality is that Web content

More information

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft OVERVIEW 2 1. Cyber Crime Unit organization 2. Legal framework 3. Identity theft modus operandi 4. How to avoid online identity theft 5. Main challenges for investigation 6. Conclusions ORGANIZATION 3

More information

Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business

Win the Internet Security War. Keep Internet Criminals Out of Your Network and Protect Your Business Win the Internet Security War Keep Internet Criminals Out of Your Network and Protect Your Business Takeaways Cyber-criminals are using emails & social engineering to infiltrate your network Your team

More information

Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance

Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Computer Software Bugs and Other IT Threats to Critical Infrastructure: A Preliminary Set of Considerations for IT Governance Presentation for the Seventh European Academic Conference on Internal Audit

More information

Before the DEPARTMENT OF COMMERCE Internet Policy Task Force

Before the DEPARTMENT OF COMMERCE Internet Policy Task Force Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,

More information

Real World and Vulnerability Protection, Performance and Remediation Report

Real World and Vulnerability Protection, Performance and Remediation Report Real World and Vulnerability Protection, Performance and Remediation Report A test commissioned by Symantec Corporation and performed by AV-Test GmbH Date of the report: September 17 th, 2014, last update:

More information

DNS Changer Remediation Study

DNS Changer Remediation Study DNS Changer Remediation Study The following study was presented by Georgia Tech researchers at the M 3 AAWG 27 th General Meeting February 19, 2013, San Francisco M 3 AAWG Messaging, Malware and Mobile

More information

Phishing. Attack and Defense. Nilesh Kumar

Phishing. Attack and Defense. Nilesh Kumar Phishing Attack and Defense Nilesh Kumar Agenda What is Phishing Phishing Statistics Phishing Techiniques Phishing Defenses What is Phishing? Phishing = Social Engineering + Technical Subterfuge Phishers

More information

User Documentation Web Traffic Security. University of Stavanger

User Documentation Web Traffic Security. University of Stavanger User Documentation Web Traffic Security University of Stavanger Table of content User Documentation... 1 Web Traffic Security... 1 University of Stavanger... 1 UiS Web Traffic Security... 3 Background...

More information

Phishing Trends Report

Phishing Trends Report Phishing Trends Report Analysis of Online Financial Fraud Threats Second Quarter, 2009 For more information, please contact: info@internetidentity.com 888.239.6932 www.internetidentity.com Internet Identity

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR

ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES 01 One must remember that everyone and anyone is a potential target. These cybercriminals and attackers often use different tactics to lure different

More information

A!Team!Cymru!EIS!Report:!Growing!Exploitation!of!Small! OfCice!Routers!Creating!Serious!Risks!

A!Team!Cymru!EIS!Report:!Growing!Exploitation!of!Small! OfCice!Routers!Creating!Serious!Risks! ATeamCymruEISReport:GrowingExploitationofSmall OfCiceRoutersCreatingSeriousRisks PoweredbyTeamCymru sthreatintelligencegroup Page 1of 14www.team-cymru.com www.team-cymru.com Threat'Intelligence'Group EXECUTIVE

More information

OIG Fraud Alert Phishing

OIG Fraud Alert Phishing U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a

More information

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper

STOP Cybercriminals and. security attacks ControlNow TM Whitepaper STOP Cybercriminals and security attacks ControlNow TM Whitepaper Table of Contents Introduction 3 What the headlines don t tell you 4 The malware (r)evolution 5 Spear phishing scams 5 Poisoned searches

More information

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 AT&T Global Network Client for Windows Product Support Matrix January 29, 2015 Product Support Matrix Following is the Product Support Matrix for the AT&T Global Network Client. See the AT&T Global Network

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat www.etda.or.th

Cybersecurity: Thailand s and ASEAN s priorities. Soranun Jiwasurat www.etda.or.th Cybersecurity: Thailand s and ASEAN s priorities Soranun Jiwasurat www.etda.or.th Cyber Threat Landscape Overview 2 Cyber threat a hostile act using computers, electronic information and/or digital networks

More information

Operation Liberpy : Keyloggers and information theft in Latin America

Operation Liberpy : Keyloggers and information theft in Latin America Operation Liberpy : Keyloggers and information theft in Latin America Diego Pérez Magallanes Malware Analyst Pablo Ramos HEAD of LATAM Research Lab 7/7/2015 version 1.1 Contents Introduction... 3 Operation

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

Rogue DNS servers a case study

Rogue DNS servers a case study Rogue DNS servers a case study Feike Hacquebord Forward Looking Threat Research, Trend Micro Cupertino, CA, USA feikehayo_hacquebord@trendmicro.com Contents Introduction to DNS DNS Changer Trojans Rogue

More information

Authenticating and policing the internet for consumer confidence and security

Authenticating and policing the internet for consumer confidence and security Authenticating and policing the internet for consumer confidence and security Secure On-Line ID Introduction Unique zero intervention at a glance solution Built on positive site validation Allows policing

More information