- RSS Channel Showcase 1340759
- RSS Channel Showcase 8745322
- RSS Channel Showcase 7894670
- RSS Channel Showcase 4386215
Articles on this Page
- 11/07/17--21:58: _Cloud Generation En...
- 11/07/17--22:18: _7 Items You Must Ad...
- 11/07/17--23:08: _Sowbug：网络间谍团伙将目标瞄准南...
- 11/07/17--23:34: _Sowbug: 南米と東南アジアの政府...
- 11/08/17--07:30: _The Dark Overlord: ...
- 11/08/17--07:51: _Saluting Heroes on ...
- 11/09/17--15:22: _.Men in Black (and ...
- 11/10/17--06:20: _Latest Intelligence...
- 11/13/17--00:33: _2017年10月最新情报
- 11/13/17--00:42: _2017 年 10 月の最新インテリジェンス
- 11/27/17--01:45: _資料保護十大準則
- 12/07/17--03:29: _安卓恶意软件工具包冒充色情应用程序，并...
- 12/11/17--18:04: _進化する技術サポート詐欺 - パート 2
- 12/11/17--19:44: _技术支持型诈骗手段愈加复杂 – 第2部分
- 12/13/17--23:07: _アダルト系アプリに偽装して中国語ユーザ...
- 12/14/17--00:08: _Google Play に潜伏している...
- 12/14/17--00:14: _Google Play中发现双重隐藏的...
- 12/14/17--00:58: _2017年11月最新情报
- 12/14/17--22:07: _2017 年 11 月の最新インテリジェンス
- 12/14/17--22:31: _最近激增的垃圾邮件携带重新包装的Adw...
- 11/07/17--22:18: 7 Items You Must Add to Any Incident Response Plan
- 11/07/17--23:08: Sowbug：网络间谍团伙将目标瞄准南美和东南亚的各国政府
- 11/07/17--23:34: Sowbug: 南米と東南アジアの政府機関を狙うサイバースパイ集団を確認
- 11/08/17--07:30: The Dark Overlord: A New Cyber Threat Puts Schools at Risk
Conducting security audits to identify weaknesses and update/patch vulnerable systems;
Ensuring proper audit logs are created and reviewed routinely for suspicious activity;
Training staff and students on data security best practices and phishing/social engineering awareness; and
Reviewing all sensitive data to verify that outside access is appropriately limited.
- 11/08/17--07:51: Saluting Heroes on Veterans Day and Beyond
- 11/09/17--15:22: .Men in Black (and Gray)
- A site serving a cryptocurrency "miner" script. (More in the Potentially Unwanted Software realm than true Malware.)
- Several sites initially flagged as Suspicious, with notes about using shady redirects; these were later upgraded to Malware when they were seen triggering IDS alerts for malicious traffic.
- Several reported as Phishing, although given the frequent use of the word "winner" in some form in the domain name, and coupled with the fact that plain old spam is often labelled "phishing" by well-meaning but casual observers, I'm not sure that a category of Phishing is justified. But they're clearly shady.
- A bunch of others in the "shady redirect" group, that follow some particular domain naming patterns that make them easy to group. (Normally "shady redirect" sites are involved with either shady advertising or spam...)
- There were several of the sites included above in the Suspicious category that also had a category of WebAds/Analytics, indicating their likely usage. (These followed a different naming scheme that the more-numerous network in the previous item.)
- 11/10/17--06:20: Latest Intelligence for October 2017
- 11/13/17--00:33: 2017年10月最新情报
- 11/13/17--00:42: 2017 年 10 月の最新インテリジェンス
- 11/27/17--01:45: 資料保護十大準則
如果您無法確定哪些是敏感資料，那麼您顯然無法保護這些資料！請盡可能利用人才與技術，確保您能夠判斷出所有的敏感資料。有些資料很容易判斷，例如資料遺失防範或雲端存取安全代理 (CASB) 等技術都能確實找到這些資料，無論這些資料為靜止、動態或位於雲端都不成問題。然而，唯有在加入人為因素之後，一切問題才能迎刃而解。允許您的資料擁有者標記敏感資料，您就能使用完整的方法，在整段生命週期中為資料進行分類。
如果使用者開始出現行為異常 (想想信用卡公司如何監控異常消費行為以偵測詐欺)，或不再有合法的理由持有資料，那麼您可以限制其存取權限，甚至直接刪除。如此一來，雖然您無法遠端刪除文件 (我們尚未找到實現此奇蹟的方法！)，但您可以有效地鎖住文件並丟棄金鑰，使文件無法讀取。
資料保護系統的智慧整合能解決此問題。我們認為建立資料營運中心以整理來自各種系統 (如 DLP、CASB、聚焦於資訊的加密、驗證等) 的資訊，可協助您針對重要事件採取行動，並區分事件的重要性。
如果您想要深入瞭解，請按一下這裡觀看我們最新的網路研討會。在此研討會中，來自 Forrester Research 公司的 Heidi Shei 將探討多項資料保護難題，而我將展示賽門鐵克聚焦於資訊的安全措施。
- 12/07/17--03:29: 安卓恶意软件工具包冒充色情应用程序，并将目标瞄准中国用户
- 12/11/17--18:04: 進化する技術サポート詐欺 - パート 2
- 12/11/17--19:44: 技术支持型诈骗手段愈加复杂 – 第2部分
- 12/13/17--23:07: アダルト系アプリに偽装して中国語ユーザーを狙う Android マルウェアツールキット
- 12/14/17--00:08: Google Play に潜伏していることが判明した DoubleHidden マルウェア
- 12/14/17--00:14: Google Play中发现双重隐藏的恶意软件
- 12/14/17--00:58: 2017年11月最新情报
- 12/14/17--22:07: 2017 年 11 月の最新インテリジェンス
- 12/14/17--22:31: 最近激增的垃圾邮件携带重新包装的Adwind RAT躲避检测
In the last decade, the cloud has transformed business and made it routine for company employees to access data and applications remotely. People now work from anywhere, not just from their corporate headquarters. They telecommute regularly from hotels, airports or coffee shops - anyplace where they can get a connection (whether secured or not.)
At the same time, the proliferation of BYOD has added - literally - billions of devices into the enterprise ecosystem. But as organizations add these unmanaged devices to their networks, IT must address new security considerations, including plans for endpoint security.
Unfortunately, there is a tendency among many security managers to treat breaches on a one-off basis. Their default approach is to apply one point product after another to combat the latest emergency. That may work for putting out brushfires. But when they are suddenly faced with large-scale security incidents, like the WannaCry ransomware outbreak earlier this year, the organization will be totally unprepared to deal with the enormous scope of the attack.
Frankly, enterprises now square off against a cohort of hackers who are more sophisticated and better equipped than ever before to penetrate defenses and inflict losses. If businesses fail to integrate endpoint security as a strategic component of their network architecture, it will only make it that much easier for bad guys to have their way.
SEP 14 to SEP 14.1
In the past, defenders were forced to cobble together separate point products made by different vendors, but these solutions weren’t engineered to work together. With so many endpoints to protect, the challenge could easily prove overwhelming.
We took on that challenge with the introduction of Symantec Endpoint Protection 14 (SEP) one year ago. For the first time, customers could combat cyber threats with an integrated defense platform that would fully orchestrate prevention, detection and response across endpoints, gateways, messaging and the cloud.
How did we fare? The reviews speak for themselves.
Last year, the Economist Group suffered 350 security events, 55 percent of which were malware. But after implementing SEP 14, the company achieved what Vicki Gavin, the company’s head of business continuity, cyber security and data privacy, described as “stunning results.”
After rolling out SEP 14 in the United States and Asia, the company registered a 60% drop in malware events and now expects a further reduction once the rollout in Europe is complete.
More recently, Symantec won a gold award from Gartner for endpoint protection, beating out the likes of McAfee, Trend Micro, Cylance and others.
We did what we said we were going to do and now we are taking the next step, elevating endpoint security to another level to meet the myriad demands of cloud generation endpoint security with the introduction of SEP 14.1.
SEP 14.1 continues in the tradition of its predecessor to redefine endpoint security with lower complexity, bringing together a complete stack for endpoint security.
Not only do our detection and response features help expose, contain and resolve breaches resulting from advanced attacks, but customers don’t need to add separate modules to deploy these sophisticated features.
Deviously Effective Deception
And something entirely unique in the industry: SEP 14.1 adds deception technologies that defenders can use to turn the tables on attackers.
We did this to answer an urgent customer need.
Security teams often lack visibility into attackers’ intent and tactics. By the time companies finally detect an intruder, the damage is often done. (A recent Ponemon Institute report found that the average attacker spends as much as 191 days on a network before being detected.) But with SEP 14.1, organizations are now able to deceive attackers into giving up their locations by leaving fake assets to target. Not only will customers be able to deploy these deceptors at scale but they'll be able to customize them to their particular environments.
The more believable the fake asset, the better chance it has to lure an attacker into interacting with it instead of accessing real resources. The upshot: You'll be better equipped to deceive attackers and trick them into revealing their intent while you improve your overall security posture.
Symantec R&D Spells the Difference
All of these enhancements pay off in the coin of
improved protection - something that promises to be a boon to security operations center (SOC) analysts, whose success or failure often depends on reaction times. None of this is trivial. No other endpoint protection vendor offers deception technology. It took an enormous amount of engineering R&D along with years of experience knowing what works and what doesn't when it comes to protecting customers. In fact, Symantec’s R&D depth and 15-plus years of experience in building endpoint security shows in our ability to rapidly innovate and bring solutions like deception to market.
But that’s a reflection of Symantec’s particular strengths. When it comes to endpoint security, none of our competitors match up. They’re able to provide, at most, 2 to 3 areas of capability. When it comes to offering a full stack, none are in the same conversation.
Meanwhile, many of the traditional endpoint protection platform vendors have ignored mobile security and modern devices (both iOS and Android). But if customers are going to embrace the cloud, rest assured that mobile security will be a key element. Jim Routh, CSO at Aetna, one of our SEP Mobile customers, noted that "the mobile phone is the best surveillance device in history."
Reducing Cost, Reducing Complexity
We’re reducing complexity/OpEx for our customers with quick time to value. A great example is endpoint detection and response (EDR). Customers can leverage SEP (single agent) for deploying endpoint protection plus EDR as well as later on extending that for hardening and deception capabilities.
All this reduces costs and allows the resulting savings to flow directly to the bottom line as customers gain from improved overall total-cost-of-ownership. Instead of needing to invest in various security controls that don’t necessarily improve overall endpoint security, customers benefit from a complete endpoint protection with a single security stack.
Security is obviously a moving target but I think we’ve hit the bullseye with SEP, a product family that offers the most complete endpoint security in the industry. I’d love to hear your feedback. Give the product a look and let me know what you think.
Learn more about SEP14.1, integrated EDR, and SEP Mobile in our upcoming Webinar.
It’s a bad day when you’ve got a severe security incident to respond to. But the difference between a bad day and a disastrous one can be the quality of the response plan you’ve built. You did build a plan, didn’t you? Here are some key points you may have overlooked.
1. Have a Workable Plan
Surely, most large organizations have a well-thought out incident response plan in place, right? You’d think so, but the Ponemon Institute surveyed 623 companies in 2015, two-thirds of which had headcounts of more than 1,000 people. Of those organizations, 60% say they either have no incident response plan or an “ad hoc” plan; only 17 percent said they had a well-laid-out plan across their entire enterprise. That’s a heck of a thing, and downright scary when you think about it.
“Sort of having an idea” of how your organization will respond to a serious incident is simply not enough. If your organization doesn’t currently have a solid, formalized plan for how to respond to critical incidents, the first step is to put a good one together.
2. Define an “Incident”
As strange as it may sound, the first step in building an effective incident response plan is recognizing what actually constitutes an “incident”, then categorizing incidents by type and severity. For instance, you might have random scanning against your firewalls for open ports. Or you might have someone actively attempting to get into your network. Or maybe they've managed to get access to a system, and now they're attempting to access a repository of PII. Or perhaps you wake up to find ransomware has taken key data hostage. Just as each situation here is different, each requires a different level of response.
As part of your response plan, you need to define and categorize incident types. These definitions directly affect what your planned response will be. What is the severity and type of incident you are looking at? Once you’ve put some definition around what it is you’re dealing with, you can then determine the appropriate level of response. That's stuff that should be inside an incident response plan so that whenever people are using the plan, your organization has guidance as to how to appropriately escalate incidents, and at what point you need to activate the incident response team.
3.Keep the Plan (and Supporting Documentation) Up to Date
Whenever an organization hasn't really run through their plan in a while, they'll often find basic items like the phone lists are out of date, as people have left, or moved, or been promoted. Without regular updates, you may think you've got all that information at your fingertips, but when it comes time to activate your plan, you may find an absolutely outdated mess.
And it’s not true about just people. Some organizations are a disaster at asset management, documenting their networks, and standardizing policy among different units. That's especially common with M&A activity. Whenever you see new units come in through mergers and acquisitions, usually it takes a good long while (sometimes years!) for the network and the network security policies of the parent organization to get aligned with those of the company they’ve bought. Regular updates to your network documentation and incident response plan can go a long way to minimizing confusion when it’s time to use it.
4.Don’t Just Have a Plan. Test it
Of the organizations that did have an incident response plan, over a third don't actually do anything with the plan after they have it; it's basically done as a “check-the-box” exercise to meet a requirement, then sits and gathers dust. As a result, you end up with a plan that really hasn't been tested, and that’s never adapted to operational realities and organizational changes.
In some ways, that’s more dangerous than having no plan at all. If you have no plan at all, at least you know you have no plan. But if you have a plan that hasn't been tested, and isn't reiterated and refined, you may have a false sense of security thinking you’ve got a good working plan, when the truth is you probably don't.
One way to know if your plan is any good is to actually experience a breach, which is a fantastic way to learn, but a really costly, painful way to do so. A much less painful way to do it is to do tabletop exercises. What's great about tabletop exercises is they let you test how your organization responds to a major incident, and how well the various components in the organization are working together, all without the costs and associated panic of an actual breach.
5.Have the Right People Testing the Plan.
When you’re doing your drills, you want your core information security team members as part of it, of course, but it needs to be much larger than that. There is a role for senior leadership, and public relations or corporate communications play a massive role. Legal should be also represented. Additionally, the information technology folks (distinct from the information security types) definitely have a role in those tabletop exercises.
So, do any third parties or any partners that are going to be important to an actual incident or an actual breach scenario. Sometimes, some folks will work in law enforcement contacts. If these are people you're going to engage if you have an actual significant event, then it's probably good to have them as part of the tabletop exercise in order to test those lines of communication.
There's also value in just getting to know some of the people that you would be dealing with in a crisis that you may not deal with on a daily basis. For instance, information security generally doesn’t have daily touchpoints with legal or corporate communications. When something does hit and you're dealing with relative strangers, it’s harder to work together quickly. It's one thing if I have to go find a point of contact with Legal in an emergency, as opposed to picking up the phone and calling the exact person I worked with on a drill six months ago. I know who that person is, and she knows me. It makes for swifter communications and a better working relationship.
Sowbug は、カスタムの Felismus マルウェアを使っており、南米の外交政策に強い関心を示しています。
The education sector is learning the lessons of weak data security the hard way: Cyber thieves have attacked more than three dozen school districts this year, exploiting poorly-defended systems to steal valuable information or take over their networks and hold them for ransom.
It’s a familiar problem. The education field is seeing above average phishing attacks, malicious malware and SPAM than other sectors in the economy, according to Symantec’s 2017 Internet Security Threat Report - Government. No surprise, then, to learn that information security led the EDUCAUSE 2018 Top 10 IT Issues list for the third year in a row.
New Challenge Looms
Schools have previously been targeted by ransomware attacks, where malicious hackers encrypt an organization’s data and hold it hostage until they get paid. In this latest scheme, attackers flat out steal data and then try to sell it back to their victims. Unless the ransom gets paid, the attackers threaten to sell the purloined names, addresses, phone numbers and other student data.
As a way of applying added pressure on the schools, attackers also send email or text messages to parents and students raising the prospect of violence at their school. In one case, over 20 parents received these kinds of threatening messages.
One district was forced to shut down 30 schools for three days as a preventive measure. So far, law enforcement has not deemed any of these threats of violence to be credible. But the psychological damage is real with falling attendance at the targeted schools. Meanwhile, news of these incidents has resulted in copycat incidents leading to bogus threats to disrupt other schools.
The criminal gang behind these attacks calls itself the Dark Overlord. They have been described as foreign, but at least one member of the group has an excellent command of English. Most likely, the group is comprised of multiple members; at least one hails from an English-speaking country. These attackers have previously targeted healthcare organizations, movie studios and manufacturers.
Fighting the Dark Overlord
What can you do to blunt the threat posed by the Dark Overlord? First, don’t pay the ransom. There is absolutely no guarantee that the fraudsters will release data you pay to set free. You can’t trust criminals.
Secondly, keep these attackers out of your school from the start. And that means stepping up the work of securing your network and the data that resides on it. The Department of Education just issued some pretty good advice. They suggest:
Also, the FBI has spotlighted the practice where some attackers use anonymous FTP servers - most likely set up earlier and then forgotten by IT organizations - to gain access to an organization’s network. Unless there is a legitimate need to keep those servers in your organization, disable them now.
You don’t need to be afraid of cyber attackers. They may be evil, but they are not evil genius. They simply take advantage of mistakes we make. But we can fix the errors. It just takes diligence to follow best practices, put good security practices and products in place, and to be prepared.
By: Symantec CR and the Symantec Veteran Employee Resource Group (ERG)- VETS
“Veterans Day is important to pay tribute to those that have served. I also personally feel that it is vital, as a veteran, to recognize and be grateful for the support that this country and our communities provide.“ — Stewart Summers, Marine Corps veteran and graduate of Symantec’s Cyber Career Connection program.
This Saturday, Symantec joins people around the world in honoring, thanking, and paying our respects to the military veterans that have provided selfless service to their countries. On November 11, “Veterans Day” is celebrated in the United States, while Canada and Australia observe "Remembrance Day,” France commemorates the day the Armistice after World War I was signed (Fête de la Victoire), and Great Britain observes "Remembrance Day" on the Sunday nearest to November 11. As we unite and pay special tribute to all military veterans, and their families, across the globe we take time to reflect on the freedoms we enjoy within our workplace and at home.
Symantec Cyber Career Connection helps vets transition to jobs in cyber security
Noelle Summers grew up in a church right next to a Marine Corps base in Kaneohe, Hawaii and admired the courage and service of the Marines she met. She knew she wanted to travel, gain new experiences, and challenge herself. Stewart Summers was also looking for a challenge, and wanted to develop other talents and life skills before pursuing college. They both chose the Marine Corps and signed on to be cryptologic linguists, one of the most difficult military occupations with regard to education.
In addition to mastering a new language in less than two years (her Pashtu, him Arabic), they were also trained to be fluent in Signals Intelligence, helping the Corps decode messages. After five years of service, deployments to Afghanistan in support of Operation Enduring Freedom, and numerous accolades for each of them, they returned to the U.S. and needed to decide what was next.
Stewart completed his bachelor’s degree in Management and Information Systems (MIS), knowing technology was the right next step for him. “Understanding that I needed a new skill set to be successful in the civilian job market, technology seemed like the perfect fit. I had already been building computers for quite some time before I joined the Marine Corps, but I also understood that building computers and programming or exploiting vulnerabilities on systems were two completely different things,” Stewart said. Noelle began studying accounting and thought she’d go into Business Administration, but after seeing what Stewart was learning, she switched her bachelor’s from Accounting to MIS and never looked back.
They both grew passionate about cyber security. For Noelle, the agile and expansive nature of cyber security was the first thing that caught her attention, and she liked the various job paths the field could offer. She also saw cyberspace and the global impacts of security incidents as the next war front, and saw an opportunity to continue to serve her country in a new way. For Stewart, the appeal was how integrated technology and security were into our lives. “Security is everywhere. Cyber security really is what allows us to continue our way of life. Every aspect of our lives revolves around technology and sensitive information. Learning to protect this is a crucial skill.” Even with impressive military service, bachelor’s degrees, and a strong desire to work in the field, they couldn’t find a way to break into cyber security.
Stewart learned about the Symantec Cyber Career Connection (Symantec C3) program hosted by educational nonprofit NPower from a friend. The 26-week program, designed to train young adults and military veterans in computer sciences and cyber security fields, was appealing. For Stewart, “The transition from Signals Intelligence to a cyber security related job was tough. Even for a veteran working as a contractor for a prominent government agency. I had already finished my degree and started to complete a few certifications, but the barrier into the security field was still unforgiving. I decided to take a leap and participate in the Symantec C3 program. Not only was there the opportunity to learn more and gain certifications needed to get a foot in the door of cyber security, but the chance to gain exposure with industry leaders felt like it would pay off in and of itself.” Noelle also decided to complete the Symantec C3 program at NPower because she didn’t have the basic network and information security skills required for cyber security job positions. She had tried to learn these skills on her free time while working full-time, but that didn’t work very well. She was excited that the Symantec C3 program covered all the basic skills she needed to break into the cyber security industry.
Both Stewart and Noelle found the Symantec C3 program hosted by NPower to be a positive experience. Their class in Dallas, Texas was comprised completely of veterans who were excited to learn and supportive of each other. For Stewart, advancing his knowledge in Linux was the crucial step to a better understanding of most of the security related tools that are used in the field. He also appreciated that the program felt authentic in its support of veterans. “The program created by Symantec and hosted by NPower really felt as if it was there to truly support the veteran. It was extremely important for me to find a program that didn’t use veterans to advance an agenda used for publicity purposes. I was not let down in this regard.”
For Noelle, Symantec C3 is directly related to her success today. “I have never been a computer nerd and barely knew my way around an operating system before I joined the program. I knew I desperately needed this basic computer network knowledge and looked forward to each day we were learning about this section. I was interviewed and hired directly by a large consumer brands company after meeting a recruiter at an NPower cyber security luncheon. The program allowed me to forget all other distractions, to focus on building my skill-set, and to break into the cyber security industry,” she said. Noelle now works as a Network Defense Cyber Security Engineer and this fall started her Master’s in Information Sciences and Technology at Pennsylvania State University.
Stewart was fortunate enough to gain employment at a major defense contractor outside of the program, however, feels the program’s resume enhancement and general interviewing practice contributed to his success. He was recently promoted to work on his company’s Vulnerability Assessment team and is working on his Master’s Degree in Penn State’s Information Assurance and Cyber Security program.
Both Noelle and Stewart would recommend the Symantec C3 program at NPower to other veterans. “Without a doubt, I would recommend the program to any other veteran that knows they want to enter the field,” and goes on to offer advice to fellow veterans. “Whether you were in the military for two years or twenty, be a humble learner. Expect to have a book open in the morning when class starts, during your lunch break, on the dinner table, and on the nightstand. In the end, success is completely dependent on how you approach the mission.” Noelle adds, “I would recommend the Symantec C3 program to any of my fellow veterans. I would encourage them to wring every piece of value they can from the program, study hard, ask questions, get involved, and rub elbows with as many cyber security professionals as they can. Treat the program like boot camp: eat, sleep, and breathe information security and you will learn the basic skills you need to break into the cyber security industry.”
Symantec’s commitment to helping transitioning service members find careers they love
Both Stewart and Noelle feel that one of the biggest barriers for veterans entering private sector careers is the lack of directly translatable skills. “I believe that many veterans fail to realize that they will most likely have to learn an entirely new skill set before entering the work force. Whether it be technical school, an undergraduate degree, or relevant certifications, veterans must be willing to accept that they need to undertake continuing education, and that their civilian peers are now their competition,” said Stewart. Noelle added, “Finding a way to market your military skills to fulfill the requirements of most cyber security job positions is very difficult.”
To make this easier for veterans like Noelle and Stewart, Symantec partners with Hire Purpose, a job board designed specifically to support transitioning service members, veterans and military spouses. Symantec values the skills and experience of military veterans, and uses this dedicated platform to post job openings that target veterans, offering links between the skills we need and those we know many veterans possess.
As the leader in cyber security, we hire veterans to leverage their skills and experiences gained through military service. Our team provides security expertise to make the world a safer place by helping people, businesses, and governments protect and manage their information. Being the global leader in cyber security means we are uniquely positioned to protect against cybercrime, and our veteran employees are uniquely positioned to help us combat these threats.
Fostering a network of support
We encourage veterans at Symantec to join our Veteran Employees and Troop Support (VETS) Employee Resource Group (ERG). Like all of our ERGs, these groups play an important role in delivering on our diversity and inclusion strategies, while building cultural awareness and a sense of belonging for our employees. VETS works to support the efforts of our employees who have served our country and to make sure we value their unique experience. The group also strives to assist veterans and military spouses in their transition to the corporate environment.
“I began my career as a carrier-based Naval Aviator in the Air Reconnaissance community and am proud to serve as the Executive Sponsor for VETS today. Symantec provides veterans with an opportunity for a fulfilling and dynamic career in cyber security, and one that makes a difference. VETS provides a space for veterans across the globe to come together, support each other, and continue to make our world a safer place. I am proud to be a veteran, proud to work at Symantec, and would like to express my gratitude to all the veterans, and their families, who have sacrificed to serve their countries.”
– Scott Behm, Vice President, Consumer Business Information Security and VETS ERG Executive Sponsor
Supporting veterans outside of Symantec’s walls
We pride ourselves on living our corporate responsibility values both as a company and when working with our broader community and world. This November we became a Bronze Sponsor of the Vets in Tech (VIT) Gala. VIT supports current and returning veterans with re-integration services and provides educational, employment, and entrepreneurial opportunities for veterans.
We also have provided charitable support to Team Rubicon, a nonprofit that utilizes the skills and experiences of military veterans with first responders to rapidly deploy emergency response teams devastated by natural disasters. Through monetary contributions and volunteer hours, Symantec’s support furthers Team Rubicon’s mission to provide military veterans with opportunities to help restore communities hit hard by hurricanes, earthquakes, and fires. Symantec volunteer Tom Castellano, shown in the photo on the left, deploys with Team Rubicon to Beaumont Texas for Hurricane Harvey disaster recovery operations.
This December, Symantec will host two free webinars for military victim advocates, as military families are frequent targets of identity theft. According to a report by the Federal Trade Commission, military families report identity theft at twice the rate of civilians. Working with the Department of Defense (DOD) and National Organization for Victim Assistance (NOVA), Symantec’s LifeLock team will offer educational trainings on identifying common types of identity theft, strategies for enhancing digital safety, and resources and tips for military victim advocates.
Thank you to our Military Heroes
“Veterans deserve a day where the nation celebrates our service and what it has provided for our country.”— Noelle Summers, Marine Corps veteran and graduate of Symantec’s Cyber Career Connection program.
We appreciate and recognize all military veterans and their families across our company and thank them for their selfless service.
We’d like to thank Molly Handy and Tom Castellano for providing much of the content for this article. For veterans interested in cyber security, learn more about the Symantec Cyber Career Connection and feel free to connect with Stewart Summers on LinkedIn.
[This is #22 in our on-going series on Shady TLDs. Links to the previous posts are found at the bottom of the page.]
With the close of Q3, it's time to update our Top Ten list of the shadiest Top Level Domains (TLDs), as well as profile another of the shady ones.
First, the Top Ten list for Q3 of 2017:
|Rank||TLD||Percentage of Shady Domains (All Time) *|
* As of the end of September, 2017. Shady Percentage is a simple calculation: the ratio of "domains and subdomains ending in this TLD which are rated in our database with a 'shady' category, divided by the total number of database entries ending in this TLD". Shady categories include Suspicious, Spam, Scam, Phishing, Botnet, Malware, and Potentially Unwanted Software (PUS). Categories such as Porn, Piracy, and Placeholders (for example) are not counted as "shady" for this research; if they were, the percentages would be higher.
While eight of the Top Ten were on the membership list last quarter, and one (.win) has been profiled before, the .reise member is new, and therefore somewhat interesting. It's a German word, meaning "travel, trip, journey", and I wouldn't read too much into its presence in this quarter's Top Ten list. It hasn't been around long, and its percentage is based on just a few hundred ratings (barely over the minimum needed to make the list), rather than on thousands or tens of thousands (or even hundreds of thousands), like the other Top Ten members.
As always, we caution against reading too much into the relative positions of TLDs on this list. Rankings are very fluid from quarter to quarter. Also, we are not advocating setting up policy to block all domains on all of these TLDs. Any such recommendation would come only after more research into a TLD. In particular, .xin is rather popular in China, as is .kim in South Korea, and it would not be wise to automatically block such domains if you do any business there. Also, several TLDs have percentages based on lower numbers of domains than some of the other TLDs in the list. (As with .reise above.) In general, it's better to leave shady domain blocking up to the professionals...
.Men in Black (and Gray)...
One of last quarter's Top Ten that has dropped a bit (it's actually down to #33 in this quarter's rankings) is .men, the subject of this "deep dive".
Looking at the top 100 hosts (by number of requests in our traffic), we see the following breakdown of a recent week of world-wide traffic:
|Category||Count / Percentage|
In other words, going by our official list of "shady" categories, 79% of the hosts were in the Red Zone, and another 20 were in the Yellow Zone (not directly related to a security concern, but still somewhat shady). Keep in mind that both Porn and Piracy are common lures used by malicious actors.
That left only one site -- about Men's Health -- rated with a normal/clean category.
In checking some of our database notes for the sites with the worst ratings, it's a mixed bag:
Overall, most of these .men were not in black, but more dark- to light-gray. But still well worth blocking. We didn't see many .men in "white" in our traffic survey.
P.S. For easy reference, here are the links to the earlier posts in our "Shady TLD" series:
Symantec research shows users to be twice as likely to encounter threats through email as any other infection vector, and the spam rate declines slightly for the second month in a row.
シマンテックの調査により、ユーザーがメール経由で脅威に遭遇する確率は他の完成経路の 2 倍に達することが明らかになりました。一方、スパムの比率は 2 カ月連続で微減しています。
複数の手法を組み合わせてデバイスに潜伏する Android マルウェアが見つかりました。