DNS Threat Hunting

John Meyers

January 12, 2017 - Posted by John Meyers to Security Insight

DNS Threat Hunting

Recently, I read an article in SANS News Bytes about the Stegano malvertising campaign that was discovered by ESET Research. Instead of discussing this campaign in great detail, which ESET has already done, I am going to focus this blog on what you can do when information about a new malicious campaign becomes public.

One of the SANS News Bytes editors, Gal Shpantzer, recommended looking for the attack’s domain names in DNS logs. Most organizations do not retain their DNS traffic, but these can be a valuable source of information. In a corporate environment, having a historical record of traffic that traversed your network can aid in threat hunting, especially as new intelligence is made public. A SIEM is a... read more >

Social Engineering War Story

#WarStoryWednesday: Quick and Dirty Social Engineering

Michael Born

January 11, 2017 - Posted by Michael Born to Security Insight

On-site Social Engineering Assessment

Every now and then, I work on the assessments that normally Brent White and Tim Roberts blog about. When I’m privileged to get such an assignment, I typically create unnecessary pressure on myself in an effort to compete with the likes of my aforementioned teammates and their overwhelming success on Social Engineering Assessments. I find myself feeding off the pressure and nervous energy, turning it into excitement and focus. By drawing on my past experiences in the Broadcast Television industry, I convince myself that this will only help me succeed on such a project. Then, when I get word of the increased challenge level, whether due to the small size of the company being assessed, a shared work environment or building, or armed guards present, I actually find myself... read more >

IDN Homograph Attacks

How a Russian spammer registered ɢoogle.com

Brandon Louder

January 05, 2017 - Posted by Brandon Louder to Security News

A friend recently brought to my attention that the Google Analytics report for his website was showing that 18% of his visitors had the below message showing up under the language field. Typically, this field shows language abbreviations depicting the native language of the visitor to the site such as: “en”, “es”, “fr”.

“Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!”

Google Analytics Screen Shot

Looking beyond the political aspect of this message, there are two issues here. The second being the most unsettling:

  1. First of all, it is not uncommon for spammers to target Google Analytics with messages that incite the website owner to follow the link. This specific spammer has been active with this campaign for several months now. Google...
read more >

NTT Security 2017 Security Trends and Predictions

Jon-Louis Heimerl

December 29, 2016 - Posted by Jon-Louis Heimerl to Security Insight

2017 Predictions

As 2016 comes to a close, instead of discussing the past breaches and security issues of 2016, it’s time to start thinking about what challenges we will face in 2017. Monitoring major security trends and predictions can help your security program stay ahead of any potential threats, and anticipate where the cyber industry is going.

We asked several of our top leadership at NTT Security about 2017, and what security trends or predictions they may have. Below we list several trends to watch out for in the next several months:

Jon Heimerl, Manager, Threat Intelligence Communication Team, NTT Security

  • Resurgence in Hacktivism  
    As 2016 closes, political unrest has increased in several parts of the world for a variety of reasons. For example, the U.S. presidential election highlighted partisan disagreements, the European Union is struggling with...
read more >

The Story of Theft Season (A Holiday Jingle)

‘Twas 12 Days Before Theft Season

Ramece Cave

December 22, 2016 - Posted by Ramece Cave to Security Insight

‘Twas 12 days before Theft Season, when all through the smart house,
Not a device was active, not even an IoT mouse.
The device that you bought from a random seller online,
That shipped from far-far away, had arrived in due time.

It was the gift that she begged for, pleaded and wined,
The one that she pined for, for six months’ time.
Not finding the original, this knock-off will do,
She must be happy, she is my princess; what would you do?

Being the perfect Dad, and wanting things right,
You plugged it in and charged it forthright.
Manuals read, it was ready to go,
But little did you know, this was only the beginning of the show.

As visions of your princess’ happiness lead you to a sound slumber,
The process was the first day of 12 days of havoc, 12 days of plunder.
The fiendish, deceitful, treacherous crew,
Of malicious actors, cleverly deceived you.

Their... read more >

How Do You Strengthen Your Cybersecurity Posture?

Here’s the obvious answer…

Aaron Perkins

December 15, 2016 - Posted by Aaron Perkins to Security Insight

Protection

If you’ve ever wondered whether your company should spend its hard-earned money on strengthening its cybersecurity posture, the answer is a resounding YES! But why? That’s what we are going to discuss today.

Cybersecurity companies have been saying it for years: “The question is not if, but when your company will be attacked.” At an increasing rate, these attacks come in the form of phishing emails, where an unsuspecting (often untrained) employee opens what appears to be a legitimate email and subsequently clicks on a malicious link. With two clicks, your company and its associated data are now open to the world. An attacker has free rein of your entire network, thanks to the unsuspecting employee who clicked on the malicious link.

Perhaps all too often the obvious answer is to fire the employee – or is it so simple?

Truth be told, had that employee received acceptable training from the time their... read more >

Are You Prepared?

#WarStoryWednesday: Most incident response plans don’t survive first contact

David Biser

December 14, 2016 - Posted by David Biser to Security Insight

This is not technically a war story, however, it is an experience that I would like to share. I recently attended an event featuring a speaker from a large company that had experienced one of the most high profile and extensive breaches in recent history. For the sake of the company I will not name them in this blog, but I do want to stress that the company is very large and the breach was extensive, affecting millions of customers and their entire network. What was interesting is that the speaker was from the company’s legal department, and as such, is not a “technical” person. This provided a brand new perspective to incident response.

In my line of work as an incident response analyst, working in a Managed Security Services Provider company, I routinely help companies that suffer from security incidents. I have first-hand knowledge as to how devastating such an event can be to a company. This speaker stressed that their company lost well over a billion... read more >

<< Newer Entries | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS