Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


    0 0

    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    No
    Twitter カードのスタイル: 
    summary

    In the last decade, the cloud has transformed business and made it routine for company employees to access data and applications remotely. People now work from anywhere, not just from their corporate headquarters. They telecommute regularly from hotels, airports or coffee shops - anyplace where they can get a connection (whether secured or not.)

    At the same time, the proliferation of BYOD has added - literally - billions of devices into the enterprise ecosystem. But as organizations add these unmanaged devices to their networks, IT must address new security considerations, including plans for endpoint security.

    Unfortunately, there is a tendency among many security managers to treat breaches on a one-off basis. Their default approach is to apply one point product after another to combat the latest emergency. That may work for putting out brushfires. But when they are suddenly faced with large-scale security incidents, like the WannaCry ransomware outbreak earlier this year, the organization will be totally unprepared to deal with the enormous scope of the attack.

    Frankly, enterprises now square off against a cohort of hackers who are more sophisticated and better equipped than ever before to penetrate defenses and inflict losses. If businesses fail to integrate endpoint security as a strategic component of their network architecture, it will only make it that much easier for bad guys to have their way.

    SEP 14 to SEP 14.1

    In the past, defenders were forced to cobble together separate point products made by different vendors, but these solutions weren’t engineered to work together. With so many endpoints to protect, the challenge could easily prove overwhelming.

    We took on that challenge with the introduction of Symantec Endpoint Protection 14 (SEP) one year ago. For the first time, customers could combat cyber threats with an integrated defense platform that would fully orchestrate prevention, detection and response across endpoints, gateways, messaging and the cloud.

    How did we fare? The reviews speak for themselves.

    Last year, the Economist Group suffered 350 security events, 55 percent of which were malware. But after implementing SEP 14, the company achieved what Vicki Gavin, the company’s head of business continuity, cyber security and data privacy, described as “stunning results.”

    After rolling out SEP 14 in the United States and Asia, the company registered a 60% drop in malware events and now expects a further reduction once the rollout in Europe is complete.

    More recently, Symantec won a gold award from Gartner for endpoint protection, beating out the likes of McAfee, Trend Micro, Cylance and others.  

    We did what we said we were going to do and now we are taking the next step, elevating endpoint security to another level to meet the myriad demands of cloud generation endpoint security with the introduction of SEP 14.1.

    SEP 14.1 continues in the tradition of its predecessor to redefine endpoint security with lower complexity, bringing together a complete stack for endpoint security.

    Not only do our detection and response features help expose, contain and resolve breaches resulting from advanced attacks, but customers don’t need to add separate modules to deploy these sophisticated features.

    Deviously Effective Deception

    And something entirely unique in the industry: SEP 14.1 adds deception technologies that defenders can use to turn the tables on attackers.

    We did this to answer an urgent customer need.

    Security teams often lack visibility into attackers’ intent and tactics. By the time companies finally detect an intruder, the damage is often done. (A recent Ponemon Institute report found that the average attacker spends as much as 191 days on a network before being detected.) But with SEP 14.1, organizations are now able to deceive attackers into giving up their locations by leaving fake assets to target. Not only will customers be able to deploy these deceptors at scale but they'll be able to customize them to their particular environments.

    The more believable the fake asset, the better chance it has to lure an attacker into interacting with it instead of accessing real resources. The upshot: You'll be better equipped to deceive attackers and trick them into revealing their intent while you improve your overall security posture.  

    Symantec R&D Spells the Difference

    All of these enhancements pay off in the coin of

    improved protection - something that promises to be a boon to  security operations center (SOC) analysts, whose success or failure often depends on reaction times. None of this is trivial.  No other endpoint protection vendor offers deception technology. It took an enormous amount of engineering R&D along with years of experience knowing what works and what doesn't when it comes to protecting customers. In fact, Symantec’s R&D depth and 15-plus years of experience in building endpoint security shows in our ability to rapidly innovate and bring solutions like deception to market.

    But that’s a reflection of Symantec’s particular strengths. When it comes to endpoint security, none of our competitors match up. They’re able to provide, at most, 2 to 3 areas of capability. When it comes to offering a full stack, none are in the same conversation.

    Meanwhile, many of the traditional endpoint protection platform vendors have ignored mobile security and modern devices (both iOS and Android). But if customers are going to embrace the cloud, rest assured that mobile security will be a key element. Jim Routh, CSO at Aetna, one of our SEP Mobile customers, noted that "the mobile phone is the best surveillance device in history."

    Reducing Cost, Reducing Complexity

    We’re reducing complexity/OpEx for our customers with quick time to value. A great example is endpoint detection and response (EDR). Customers can leverage SEP (single agent) for deploying endpoint protection plus EDR as well as later on extending that for hardening and deception capabilities.

    All this reduces costs and allows the resulting savings to flow directly to the bottom line as customers gain from improved overall total-cost-of-ownership. Instead of needing to invest in various security controls that don’t necessarily improve overall endpoint security, customers benefit from a complete endpoint protection with a single security stack.  

    Security is obviously a moving target but I think we’ve hit the bullseye with SEP, a product family that offers the most complete endpoint security in the industry. I’d love to hear your feedback. Give the product a look and let me know what you think.

    ****

    Learn more about SEP14.1, integrated EDR, and SEP Mobile in our upcoming Webinar.


    0 0

    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    No
    Twitter カードのスタイル: 
    summary

    It’s a bad day when you’ve got a severe security incident to respond to. But the difference between a bad day and a disastrous one can be the quality of the response plan you’ve built. You did build a plan, didn’t you?  Here are some key points you may have overlooked.

    1. Have a Workable Plan

    Surely, most large organizations have a well-thought out incident response plan in place, right?  You’d think so, but the Ponemon Institute surveyed 623 companies in 2015, two-thirds of which had headcounts of more than 1,000 people. Of those organizations, 60% say they either have no incident response plan or an “ad hoc” plan; only 17 percent said they had a well-laid-out plan across their entire enterprise. That’s a heck of a thing, and downright scary when you think about it.

    “Sort of having an idea” of how your organization will respond to a serious incident is simply not enough.  If your organization doesn’t currently have a solid, formalized plan for how to respond to critical incidents, the first step is to put a good one together.

    2. Define an “Incident”

    As strange as it may sound, the first step in building an effective incident response plan is recognizing what actually constitutes an “incident”, then categorizing incidents by type and severity. For instance, you might have random scanning against your firewalls for open ports.  Or you might have someone actively attempting to get into your network. Or maybe they've managed to get access to a system, and now they're attempting to access a repository of PII. Or perhaps you wake up to find ransomware has taken key data hostage.  Just as each situation here is different, each requires a different level of response.

    As part of your response plan, you need to define and categorize incident types. These definitions directly affect what your planned response will be.  What is the severity and type of incident you are looking at? Once you’ve put some definition around what it is you’re dealing with, you can then determine the appropriate level of response.  That's stuff that should be inside an incident response plan so that whenever people are using the plan, your organization has guidance as to how to appropriately escalate incidents, and at what point you need to activate the incident response team.

    3.Keep the Plan (and Supporting Documentation) Up to Date

    Whenever an organization hasn't really run through their plan in a while, they'll often find basic items like the phone lists are out of date, as people have left, or moved, or been promoted. Without regular updates, you may think you've got all that information at your fingertips, but when it comes time to activate your plan, you may find an absolutely outdated mess.

    And it’s not true about just people. Some organizations are a disaster at asset management, documenting their networks, and standardizing policy among different units. That's especially common with M&A activity. Whenever you see new units come in through mergers and acquisitions, usually it takes a good long while (sometimes years!) for the network and the network security policies of the parent organization to get aligned with those of the company they’ve bought.  Regular updates to your network documentation and incident response plan can go a long way to minimizing confusion when it’s time to use it.

    4.Don’t Just Have a Plan. Test it

    Of the organizations that did have an incident response plan, over a third don't actually do anything with the plan after they have it; it's basically done as a “check-the-box” exercise to meet a requirement, then sits and gathers dust. As a result, you end up with a plan that really hasn't been tested, and that’s never adapted to operational realities and organizational changes.

    In some ways, that’s more dangerous than having no plan at all. If you have no plan at all, at least you know you have no plan. But if you have a plan that hasn't been tested, and isn't reiterated and refined, you may have a false sense of security thinking you’ve got a good working plan, when the truth is you probably don't.

    One way to know if your plan is any good is to actually experience a breach, which is a fantastic way to learn, but a really costly, painful way to do so. A much less painful way to do it is to do tabletop exercises. What's great about tabletop exercises is they let you test how your organization responds to a major incident, and how well the various components in the organization are working together, all without the costs and associated panic of an actual breach.

    5.Have the Right People Testing the Plan.

    When you’re doing your drills, you want your core information security team members as part of it, of course, but it needs to be much larger than that. There is a role for senior leadership, and public relations or corporate communications play a massive role. Legal should be also represented. Additionally, the information technology folks (distinct from the information security types) definitely have a role in those tabletop exercises.

    So, do any third parties or any partners that are going to be important to an actual incident or an actual breach scenario. Sometimes, some folks will work in law enforcement contacts. If these are people you're going to engage if you have an actual significant event, then it's probably good to have them as part of the tabletop exercise in order to test those lines of communication.

    There's also value in just getting to know some of the people that you would be dealing with in a crisis that you may not deal with on a daily basis. For instance, information security generally doesn’t have daily touchpoints with legal or corporate communications. When something does hit and you're dealing with relative strangers, it’s harder to work together quickly. It's one thing if I have to go find a point of contact with Legal in an emergency, as opposed to picking up the phone and calling the exact person I worked with on a drill six months ago. I know who that person is, and she knows me. It makes for swifter communications and a better working relationship.


    0 0

    网络间谍团伙使用定制的Felismus恶意软件,对南美外交政策特别感兴趣。

    続きを読む

    0 0

    Sowbug は、カスタムの Felismus マルウェアを使っており、南米の外交政策に強い関心を示しています。

    続きを読む

    0 0

    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    No
    Twitter カードのスタイル: 
    summary

    The education sector is learning the lessons of weak data security the hard way: Cyber thieves have attacked more than three dozen school districts this year, exploiting poorly-defended systems to steal valuable information or take over their networks and hold them for ransom.

    It’s a familiar problem. The education field is seeing above average phishing attacks, malicious malware and SPAM than other sectors in the economy, according to Symantec’s 2017 Internet Security Threat Report - Government. No surprise, then, to learn that information security led the EDUCAUSE 2018 Top 10 IT Issues list for the third year in a row.

    But as malicious hackers continue to target school districts, the US Department of Education is now warning of an even more insidious form of cyber-extortion.

    New Challenge Looms

    Schools have previously been targeted by ransomware attacks, where malicious hackers encrypt an organization’s data and hold it hostage until they get paid. In this latest scheme, attackers flat out steal data and then try to sell it back to their victims. Unless the ransom gets paid, the attackers threaten to sell the purloined names, addresses, phone numbers and other student data.  

    As a way of applying added pressure on the schools, attackers also send email or text messages to parents and students raising the prospect of violence at their school. In one case, over 20 parents received these kinds of threatening messages. 

    One district was forced to shut down 30 schools for three days as a preventive measure. So far, law enforcement has not deemed any of these threats of violence to be credible. But the psychological damage is real with falling attendance at the targeted schools. Meanwhile, news of these incidents has resulted in copycat incidents leading to bogus threats to disrupt other schools. 

    The criminal gang behind these attacks calls itself the Dark Overlord. They have been described as foreign, but at least one member of the group has an excellent command of English. Most likely, the group is comprised of multiple members; at least one hails from an English-speaking country. These attackers have previously targeted healthcare organizations, movie studios and manufacturers. 

    Fighting the Dark Overlord

    What can you do to blunt the threat posed by the Dark Overlord?  First, don’t pay the ransom. There is absolutely no guarantee that the fraudsters will release data you pay to set free. You can’t trust criminals.

    Secondly, keep these attackers out of your school from the start. And that means stepping up the work of securing your network and the data that resides on it. The Department of Education just issued some pretty good advice.  They suggest:

    • Conducting security audits to identify weaknesses and update/patch vulnerable systems;

    • Ensuring proper audit logs are created and reviewed routinely for suspicious activity;

    • Training staff and students on data security best practices and phishing/social engineering awareness; and

    • Reviewing all sensitive data to verify that outside access is appropriately limited.

    Also, the FBI has spotlighted the practice where some attackers use anonymous FTP servers - most likely set up earlier and then forgotten by IT organizations - to gain access to an organization’s network. Unless there is a legitimate need to keep those servers in your organization, disable them now.

    You don’t need to be afraid of cyber attackers. They may be evil, but they are not evil genius. They simply take advantage of mistakes we make. But we can fix the errors. It just takes diligence to follow best practices, put good security practices and products in place, and to be prepared.  


    0 0

    Symantec supports veterans with resource group and fulfilling new careers in cyber security
    Publish to Facebook: 
    No

    By: Symantec CR and the Symantec Veteran Employee Resource Group (ERG)- VETS

    “Veterans Day is important to pay tribute to those that have served. I also personally feel that it is vital, as a veteran, to recognize and be grateful for the support that this country and our communities provide.“ — Stewart Summers, Marine Corps veteran and graduate of Symantec’s Cyber Career Connection program.

    4 men wearing LifeLock for Good tshirts, holding flags
    Above: Tempe volunteers Jeffrey Vernon, John Tharp, Benji Vesterby, and Tom Castellano volunteer for Flag Detail at the U.S. Departments of Veterans Affairs – National Memorial Cemetery of Arizona to honor those who served.

    This Saturday, Symantec joins people around the world in honoring, thanking, and paying our respects to the military veterans that have provided selfless service to their countries. On November 11, “Veterans Day” is celebrated in the United States, while Canada and Australia observe "Remembrance Day,” France commemorates the day the Armistice after World War I was signed (Fête de la Victoire), and Great Britain observes "Remembrance Day" on the Sunday nearest to November 11. As we unite and pay special tribute to all military veterans, and their families, across the globe we take time to reflect on the freedoms we enjoy within our workplace and at home.

    Symantec Cyber Career Connection helps vets transition to jobs in cyber security

    Noelle Summers grew up in a church right next to a Marine Corps base in Kaneohe, Hawaii and admired the courage and service of the Marines she met. She knew she wanted to travel, gain new experiences, and challenge herself. Stewart Summers was also looking for a challenge, and wanted to develop other talents and life skills before pursuing college. They both chose the Marine Corps and signed on to be cryptologic linguists, one of the most difficult military occupations with regard to education.

    In addition to mastering a new language in less than two years (her Pashtu, him Arabic), they were also trained to be fluent in Signals Intelligence, helping the Corps decode messages. After five years of service, deployments to Afghanistan in support of Operation Enduring Freedom, and numerous accolades for each of them, they returned to the U.S. and needed to decide what was next.

    Noelle Summers, middle left, a Marine Corps veteran and Symantec C3 graduate on deployment.
    photo credit: Noelle Summers, middle left, a Marine Corps veteran and Symantec C3 graduate on deployment.

    Stewart completed his bachelor’s degree in Management and Information Systems (MIS), knowing technology was the right next step for him. “Understanding that I needed a new skill set to be successful in the civilian job market, technology seemed like the perfect fit. I had already been building computers for quite some time before I joined the Marine Corps, but I also understood that building computers and programming or exploiting vulnerabilities on systems were two completely different things,” Stewart said. Noelle began studying accounting and thought she’d go into Business Administration, but after seeing what Stewart was learning, she switched her bachelor’s from Accounting to MIS and never looked back.

    They both grew passionate about cyber security. For Noelle, the agile and expansive nature of cyber security was the first thing that caught her attention, and she liked the various job paths the field could offer. She also saw cyberspace and the global impacts of security incidents as the next war front, and saw an opportunity to continue to serve her country in a new way. For Stewart, the appeal was how integrated technology and security were into our lives. “Security is everywhere. Cyber security really is what allows us to continue our way of life. Every aspect of our lives revolves around technology and sensitive information. Learning to protect this is a crucial skill.” Even with impressive military service, bachelor’s degrees, and a strong desire to work in the field, they couldn’t find a way to break into cyber security.

    Stewart learned about the Symantec Cyber Career Connection (Symantec C3) program hosted by educational nonprofit NPower from a friend. The 26-week program, designed to train young adults and military veterans in computer sciences and cyber security fields, was appealing. For Stewart, “The transition from Signals Intelligence to a cyber security related job was tough. Even for a veteran working as a contractor for a prominent government agency. I had already finished my degree and started to complete a few certifications, but the barrier into the security field was still unforgiving. I decided to take a leap and participate in the Symantec C3 program. Not only was there the opportunity to learn more and gain certifications needed to get a foot in the door of cyber security, but the chance to gain exposure with industry leaders felt like it would pay off in and of itself.” Noelle also decided to complete the Symantec C3 program at NPower because she didn’t have the basic network and information security skills required for cyber security job positions. She had tried to learn these skills on her free time while working full-time, but that didn’t work very well. She was excited that the Symantec C3 program covered all the basic skills she needed to break into the cyber security industry.

    Stewart Summers, left, with fellow Marine Corps veterans
    photo credit: Stewart Summers, left, with fellow Marine Corps veterans

    Both Stewart and Noelle found the Symantec C3 program hosted by NPower to be a positive experience. Their class in Dallas, Texas was comprised completely of veterans who were excited to learn and supportive of each other. For Stewart, advancing his knowledge in Linux was the crucial step to a better understanding of most of the security related tools that are used in the field. He also appreciated that the program felt authentic in its support of veterans. “The program created by Symantec and hosted by NPower really felt as if it was there to truly support the veteran. It was extremely important for me to find a program that didn’t use veterans to advance an agenda used for publicity purposes. I was not let down in this regard.”

    For Noelle, Symantec C3 is directly related to her success today. “I have never been a computer nerd and barely knew my way around an operating system before I joined the program. I knew I desperately needed this basic computer network knowledge and looked forward to each day we were learning about this section. I was interviewed and hired directly by a large consumer brands company after meeting a recruiter at an NPower cyber security luncheon. The program allowed me to forget all other distractions, to focus on building my skill-set, and to break into the cyber security industry,” she said. Noelle now works as a Network Defense Cyber Security Engineer and this fall started her Master’s in Information Sciences and Technology at Pennsylvania State University.

    Stewart was fortunate enough to gain employment at a major defense contractor outside of the program, however, feels the program’s resume enhancement and general interviewing practice contributed to his success. He was recently promoted to work on his company’s Vulnerability Assessment team and is working on his Master’s Degree in Penn State’s Information Assurance and Cyber Security program.

    Both Noelle and Stewart would recommend the Symantec C3 program at NPower to other veterans. “Without a doubt, I would recommend the program to any other veteran that knows they want to enter the field,” and goes on to offer advice to fellow veterans. “Whether you were in the military for two years or twenty, be a humble learner. Expect to have a book open in the morning when class starts, during your lunch break, on the dinner table, and on the nightstand. In the end, success is completely dependent on how you approach the mission.” Noelle adds, “I would recommend the Symantec C3 program to any of my fellow veterans. I would encourage them to wring every piece of value they can from the program, study hard, ask questions, get involved, and rub elbows with as many cyber security professionals as they can. Treat the program like boot camp: eat, sleep, and breathe information security and you will learn the basic skills you need to break into the cyber security industry.”

    Symantec’s commitment to helping transitioning service members find careers they love

    Both Stewart and Noelle feel that one of the biggest barriers for veterans entering private sector careers is the lack of directly translatable skills. “I believe that many veterans fail to realize that they will most likely have to learn an entirely new skill set before entering the work force. Whether it be technical school, an undergraduate degree, or relevant certifications, veterans must be willing to accept that they need to undertake continuing education, and that their civilian peers are now their competition,” said Stewart. Noelle added, “Finding a way to market your military skills to fulfill the requirements of most cyber security job positions is very difficult.”

    To make this easier for veterans like Noelle and Stewart, Symantec partners with Hire Purpose, a job board designed specifically to support transitioning service members, veterans and military spouses. Symantec values the skills and experience of military veterans, and uses this dedicated platform to post job openings that target veterans, offering links between the skills we need and those we know many veterans possess.

    As the leader in cyber security, we hire veterans to leverage their skills and experiences gained through military service. Our team provides security expertise to make the world a safer place by helping people, businesses, and governments protect and manage their information. Being the global leader in cyber security means we are uniquely positioned to protect against cybercrime, and our veteran employees are uniquely positioned to help us combat these threats.

    For Memorial Day Observance, John Tharp is on Flag Detail at the U.S. Department of Veterans Affairs National Memorial Cemetery of Arizona
    For Memorial Day Observance, John Tharp is on Flag Detail at the U.S. Department of Veterans Affairs National Memorial Cemetery of Arizona

    Fostering a network of support

    We encourage veterans at Symantec to join our Veteran Employees and Troop Support (VETS) Employee Resource Group (ERG). Like all of our ERGs, these groups play an important role in delivering on our diversity and inclusion strategies, while building cultural awareness and a sense of belonging for our employees. VETS works to support the efforts of our employees who have served our country and to make sure we value their unique experience. The group also strives to assist veterans and military spouses in their transition to the corporate environment.

    “I began my career as a carrier-based Naval Aviator in the Air Reconnaissance community and am proud to serve as the Executive Sponsor for VETS today. Symantec provides veterans with an opportunity for a fulfilling and dynamic career in cyber security, and one that makes a difference. VETS provides a space for veterans across the globe to come together, support each other, and continue to make our world a safer place. I am proud to be a veteran, proud to work at Symantec, and would like to express my gratitude to all the veterans, and their families, who have sacrificed to serve their countries.”

    – Scott Behm, Vice President, Consumer Business Information Security and VETS ERG Executive Sponsor

    Supporting veterans outside of Symantec’s walls

    Man working to repair a houseWe pride ourselves on living our corporate responsibility values both as a company and when working with our broader community and world. This November we became a Bronze Sponsor of the Vets in Tech (VIT) Gala. VIT supports current and returning veterans with re-integration services and provides educational, employment, and entrepreneurial opportunities for veterans.

    We also have provided charitable support to Team Rubicon, a nonprofit that utilizes the skills and experiences of military veterans with first responders to rapidly deploy emergency response teams devastated by natural disasters. Through monetary contributions and volunteer hours, Symantec’s support furthers Team Rubicon’s mission to provide military veterans with opportunities to help restore communities hit hard by hurricanes, earthquakes, and fires. Symantec volunteer Tom Castellano, shown in the photo on the left, deploys with Team Rubicon to Beaumont Texas for Hurricane Harvey disaster recovery operations.

    This December, Symantec will host two free webinars for military victim advocates, as military families are frequent targets of identity theft. According to a report by the Federal Trade Commission, military families report identity theft at twice the rate of civilians. Working with the Department of Defense (DOD) and National Organization for Victim Assistance (NOVA), Symantec’s LifeLock team will offer educational trainings on identifying common types of identity theft, strategies for enhancing digital safety, and resources and tips for military victim advocates.

    Thank you to our Military Heroes

    Veterans deserve a day where the nation celebrates our service and what it has provided for our country.”— Noelle Summers, Marine Corps veteran and graduate of Symantec’s Cyber Career Connection program.

    We appreciate and recognize all military veterans and their families across our company and thank them for their selfless service.

    We’d like to thank Molly Handy and Tom Castellano for providing much of the content for this article. For veterans interested in cyber security, learn more about the Symantec Cyber Career Connection and feel free to connect with Stewart Summers on LinkedIn.


    0 0
  • 11/09/17--15:22: .Men in Black (and Gray)
  • Shady TLD Research, pt. 22
    Publish to Facebook: 
    No

    [This is #22 in our on-going series on Shady TLDs. Links to the previous posts are found at the bottom of the page.]

    With the close of Q3, it's time to update our Top Ten list of the shadiest Top Level Domains (TLDs), as well as profile another of the shady ones.

    First, the Top Ten list for Q3 of 2017:

    Rank TLD Percentage of Shady Domains (All Time) *
    1 .country 99.95%
    2 .stream 99.74%
    3 .download 99.58%
    4 .gdn 99.50%
    5 .racing 99.27%
    6 .xin 99.25%
    7 .bid 98.97%
    8 .reise 98.97%
    9 .win 98.75%
    10 .kim 98.74%

    * As of the end of September, 2017. Shady Percentage is a simple calculation: the ratio of "domains and subdomains ending in this TLD which are rated in our database with a 'shady' category, divided by the total number of database entries ending in this TLD". Shady categories include Suspicious, Spam, Scam, Phishing, Botnet, Malware, and Potentially Unwanted Software (PUS). Categories such as Porn, Piracy, and Placeholders (for example) are not counted as "shady" for this research; if they were, the percentages would be higher.

    While eight of the Top Ten were on the membership list last quarter, and one (.win) has been profiled before, the .reise member is new, and therefore somewhat interesting. It's a German word, meaning "travel, trip, journey", and I wouldn't read too much into its presence in this quarter's Top Ten list. It hasn't been around long, and its percentage is based on just a few hundred ratings (barely over the minimum needed to make the list), rather than on thousands or tens of thousands (or even hundreds of thousands), like the other Top Ten members.

    Caveats

    As always, we caution against reading too much into the relative positions of TLDs on this list. Rankings are very fluid from quarter to quarter. Also, we are not advocating setting up policy to block all domains on all of these TLDs. Any such recommendation would come only after more research into a TLD. In particular, .xin is rather popular in China, as is .kim in South Korea, and it would not be wise to automatically block such domains if you do any business there. Also, several TLDs have percentages based on lower numbers of domains than some of the other TLDs in the list. (As with .reise above.) In general, it's better to leave shady domain blocking up to the professionals...

    .Men in Black (and Gray)...

    One of last quarter's Top Ten that has dropped a bit (it's actually down to #33 in this quarter's rankings) is .men, the subject of this "deep dive".

    Looking at the top 100 hosts (by number of requests in our traffic), we see the following breakdown of a recent week of world-wide traffic:

    Category Count / Percentage
    Malware 7
    Phishing 5
    Suspicious 63
    P.U.S. 1
    Spam 1
    Scam 2
    Porn 3
    Adult 3
    Piracy Concern 14
    Health 1

    In other words, going by our official list of "shady" categories, 79% of the hosts were in the Red Zone, and another 20 were in the Yellow Zone (not directly related to a security concern, but still somewhat shady). Keep in mind that both Porn and Piracy are common lures used by malicious actors.

    That left only one site -- about Men's Health -- rated with a normal/clean category.

    How Dangerous?

    In checking some of our database notes for the sites with the worst ratings, it's a mixed bag:

    • A site serving a cryptocurrency "miner" script. (More in the Potentially Unwanted Software realm than true Malware.)
    • Several sites initially flagged as Suspicious, with notes about using shady redirects; these were later upgraded to Malware when they were seen triggering IDS alerts for malicious traffic.
    • Several reported as Phishing, although given the frequent use of the word "winner" in some form in the domain name, and coupled with the fact that plain old spam is often labelled "phishing" by well-meaning but casual observers, I'm not sure that a category of Phishing is justified. But they're clearly shady.
    • A bunch of others in the "shady redirect" group, that follow some particular domain naming patterns that make them easy to group. (Normally "shady redirect" sites are involved with either shady advertising or spam...)
    • There were several of the sites included above in the Suspicious category that also had a category of WebAds/Analytics, indicating their likely usage. (These followed a different naming scheme that the more-numerous network in the previous item.)

    Overall, most of these .men were not in black, but more dark- to light-gray. But still well worth blocking. We didn't see many .men in "white" in our traffic survey.

    --C.L.

    @bc_malware_guy

    P.S. For easy reference, here are the links to the earlier posts in our "Shady TLD" series:

    .country

    .kim

    .science

    .gq

    .work

    .ninja

    .xyz

    .date

    .faith

    .zip

    .racing

    .cricket

    .win

    .space

    .accountant (and .realtor)

    .top

    .stream

    .christmas

    .gdn

    .mom

    .pro


    0 0

    Symantec research shows users to be twice as likely to encounter threats through email as any other infection vector, and the spam rate declines slightly for the second month in a row.

    続きを読む

    0 0
  • 11/13/17--00:33: 2017年10月最新情报
  • 赛门铁克的研究表明,用户遭受电邮威胁的比例是其他感染媒介的两倍,垃圾邮件比例连续两个月小幅下降。

    続きを読む

    0 0

    シマンテックの調査により、ユーザーがメール経由で脅威に遭遇する確率は他の完成経路の 2 倍に達することが明らかになりました。一方、スパムの比率は 2 カ月連続で微減しています。

    続きを読む

    0 0
  • 11/27/17--01:45: 資料保護十大準則
  • Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    No

    即便人類過去幾千年來經歷了巨大的轉變,但對多數人來說,過去傳承下來的十誡中,這十條簡單的準則仍然有助於塑造好公民以及進步的文明社會。

    這讓我開始思考,我們是否能找到十條用於資料保護的十誡,這就是我在部落格中將要探討的主題。

    隨著企業組織持續朝向數位轉型發展,資料安全性變得更加複雜。負責的資料管理人員開始整合各種要素以確保資料安全,而優秀的資料管理人員則更進一步建立整合系統,結合各種技術、程序與人類行為。以下是我提出的資料保護十大準則

    1. 了解您的資料

      如果您無法確定哪些是敏感資料,那麼您顯然無法保護這些資料!請盡可能利用人才與技術,確保您能夠判斷出所有的敏感資料。有些資料很容易判斷,例如資料遺失防範或雲端存取安全代理 (CASB) 等技術都能確實找到這些資料,無論這些資料為靜止、動態或位於雲端都不成問題。然而,唯有在加入人為因素之後,一切問題才能迎刃而解。允許您的資料擁有者標記敏感資料,您就能使用完整的方法,在整段生命週期中為資料進行分類。

    2. 為您的資料提供一致的保護

      現在您對敏感資料已有完整的了解,必須確保這些資料的安全。最佳的保護方式為何?那就是加密。利用資料分類以確定保護的需求,讓您能夠依據敏感程度一致地套用適當的保護,避免每次都重複進行相同的作業。

    3. 提供無所不在的保護

      事情並非總是非黑即白,那麼要如何保護灰色地帶的安全性?例如,允許某些人開啟文件,甚至進行編輯,但不允許將文件列印出來。將加密提升至更高層級並結合數位著作權管理,將為您帶來更佳的彈性與控制能力。

    4. 為您的雲端增加信心

      雲端呈現了人類最好與最壞的一面,提供開放的協同合作,讓人們展現人類精神中慷慨的一面。但這種慷慨可能導致資料過度分享,反而破壞了人們彼此的信任。這裡有一個更好的方法,那就是讓保護隨著資料移動,即使資料位於雲端也不例外,能確保無論資料位於何處或由何人保管,慷慨分享總是帶來有益的結果。

    5. 別輕易讓任何人破解您的密碼

      解密金鑰若落入壞人手中將會非常危險。如何控管哪些人可存取您的資料?比起只依賴解密金鑰,不如乾脆將使用者身份嵌入程序中。另外,如果您新增第三維的多要素驗證,那麼在使用者開啟文件時,您可以確定開啟文件的是使用者而非冒充者。這就是您開始降低帳戶盜用風險的方法。

    6. 密切留意資料使用者

      如同優秀的牧羊人能看顧羊群,您也可以多留意您的資料使用者,特別是不在您的組織裡以及位於世界各地的使用者。

      由於使用者需獲得授權才能存取檔案,因此您可以觀察到誰從何處存取哪些檔案。您可以鼓勵優秀的使用行為,並在任何人偏離正軌之前加以干預。如此可協助使用者重視敏感資料,您也能繼續往完整保護的目標前進。

    7. 在資料層級執行控制以達成全面保護

      您不再需要懼怕未知的情況,即使資料分散至四面八方,多次儲存於雲端及各種裝置,又經過多個國家與使用者,但聚焦於資訊的安全概念仍能確保資料安全,例如,在資料層級採用基於身份的授權可讓您保有完整的控制權。您知道只有對的人擁有存取權,您也能透過情境感知來提高或降低安全性,例如,如果使用者從遠端未受管理的裝置存取資料,您可以要求額外層級的驗證。

    8. 具備隨時撤銷存取資料權限的能力

      當人們跳槽升遷、擔任新職位或更換外部廠商時,會發生什麼情況?您是否能取回已授予他們的權限?您現在已經能夠追蹤誰正在存取資料,若資料處於遭濫用的風險中,您也會知道。利用能追蹤並控制企業組織內外使用者存取權限的雲端代管服務,您將擁有能提供「具備行動力情報」的系統。

      如果使用者開始出現行為異常 (想想信用卡公司如何監控異常消費行為以偵測詐欺),或不再有合法的理由持有資料,那麼您可以限制其存取權限,甚至直接刪除。如此一來,雖然您無法遠端刪除文件 (我們尚未找到實現此奇蹟的方法!),但您可以有效地鎖住文件並丟棄金鑰,使文件無法讀取。

    9. 只管理真正重要的資料

      這是個有趣的難題。我們不但有更多的資料要保護,而且我們保護資料的方法反而創造了更多的資料!這是資料呈平方增加的問題!我們該怎麼做,才能監控所有敏感的資料,知道這些資料是否移動到雲端,或已由行動使用者與裝置存取。這是不可能的任務,因此我們必須聚焦於真正重要的警報,但我們如何知道什麼是真正重要的?

      舉例來說:如果您的系統可保護離開組織的敏感資料,那麼這些資料是安全的,您不需要做任何事。但如果您的資料保護系統為獨立運作,可能會產生多個事件,讓您的團隊不堪負荷。

      資料保護系統的智慧整合能解決此問題。我們認為建立資料營運中心以整理來自各種系統 (如 DLP、CASB、聚焦於資訊的加密、驗證等) 的資訊,可協助您針對重要事件採取行動,並區分事件的重要性。

    10. 針對性的做好威脅保護措施

      帳戶盜用是很嚴重的問題,當合法帳戶被惡意使用者控制,您的問題就來了,由於攻擊者現在擁有您大門的鑰匙,就能輕易迴避您的安全系統。 

      您不僅要監控哪些人存取您的資料,還要監控他們如何存取資料,這能讓您掌握更多情報。有能力在您的資料營運中心挖掘資料,並找出資料與使用者行為分析之間的關聯,將顯示出您的風險所在。您不僅能找出可能已遭入侵的使用者帳戶,還能發現無意間讓資料處於風險之中的善意使用者。關鍵在於能快速針對上述資訊採取行動以便控制風險,甚至在風險發生之前就及時阻止。

      聚焦於資訊的安全概念

      遵循上述十大準則,您可將資料保護提升至更高的水準。您充分運用技術與人才,讓人們彼此分享、支持、鼓勵,同時消除部分的重大風險領域。我們以這些準則為基礎,建立聚焦於資訊的整體安全措施,確保您不會阻礙資訊的流動,並且能夠控制資訊分享的對象與方式,讓您同時維持可見度與控制能力,即使是外部使用者也在控制範圍之內。由於您可以撤回存取權限,因此保護措施是動態的。我們不希望讓資料洪流淹沒您,因此我們使用遙測技術克服資料洪流,並協助您保護重要的資料,而智慧分析可確保您在入侵發生之前或之後,立即採取快速且果斷的行動。

      讓我們來回顧一下資料保護十大準則:

      1. 了解您的資料

      2. 為您的資料提供一致的保護

      3. 提供無所不在的保護

      4. 為您的雲端增加信心

      5. 別輕易讓任何人破解您的密碼

      6. 密切留意資料使用者

      7. 在資料層級執行控制以達成全面保護

      8. 具備隨時撤銷存取資料權限的能力

      9. 只管理真正重要的資料

      10. 針對性的做好威脅保護措施

      如果您想要深入瞭解,請按一下這裡觀看我們最新的網路研討會。在此研討會中,來自 Forrester Research 公司的 Heidi Shei 將探討多項資料保護難題,而我將展示賽門鐵克聚焦於資訊的安全措施。


    0 0

    赛门铁克在应用程序网站、论坛、种子网站和知名社交网络上发现了一种伪装成色情应用程序的恶意工具包。

    続きを読む

    0 0

    技術サポート詐欺は、AES による不明瞭化などの新たな手口を取り込みながら進化を続けています。

    続きを読む

    0 0

    技术支持型网络诈骗犯不断采用新技术(包括AES)来混淆诈骗内容。

    続きを読む

    0 0

    シマンテックは、アプリを集めたサイトやフォーラム、Torrent サイト、あるいは人気のソーシャルネットワークなどから利用できるアダルト系アプリに偽装する悪質なツールキットを発見しました。

    続きを読む

    0 0

    複数の手法を組み合わせてデバイスに潜伏する Android マルウェアが見つかりました。

    続きを読む

    0 0

    安卓恶意软件使用多种手段隐藏在设备之中。

    続きを読む

    0 0
  • 12/14/17--00:58: 2017年11月最新情报
  • 垃圾邮件和网络钓鱼电邮比例有所增加,赛门铁克发现未知网络间谍团伙。

    続きを読む

    0 0

    スパムもフィッシングも比率が上昇し、シマンテックはこれまで知られていなかったサイバースパイ集団を確認しました。

    続きを読む

    0 0

    网络攻击者试图传播新型重包装Adwind RAT变体,导致垃圾邮件最近在数量上猛增,每个月超出了一百万封。

    続きを読む