Attackers Target Home Routers with DNS Hijacking

Infosecurity Magazine | April 05, 2019

Attackers Target Home Routers with DNS Hijacking
Hackers have been breaking into home routers to change DNS server settings and hijack the traffic to redirect it to malicious sites, according to Troy Mursch, security researcher for Bad Packets. Researchers have detected different types of attacks that are targeting consumer routers, all of which were reportedly traced back to hosts on the Google Cloud Platform (AS15169) network. Mursch detailed three different waves of findings, which started in December 2018. In the most recent wave, discovered on March 26, “attacks came from three distinct Google Cloud Platform hosts and targeted additional types of consumer routers not previously seen before.” According to Mursch, determining the scope and scale of these attacks is virtually impossible unless researchers use the tactics employed by the malicious actors. “We have suspended the fraudulent accounts in question and are working through established protocols to identify any new ones that emerge. We have processes in place to detect and remove accounts that violate our terms of service and acceptable use policy, and we take action on accounts when we detect abuse, including suspending the accounts in question. These incidents highlight the importance of practicing good security hygiene, including patching router firmware once a fix becomes available," wrote a Google Cloud spokesperson.

Spotlight

Cybersecurity is one of the fastest growing industries today, and it's also one of the fastest moving. Cyber expert Anil Markose explains that if you're not staying ahead, then you're falling behind.

Related News

Cybersecurity expert talks online safety as people work from home, kids learn online

katv | August 24, 2020

As people continue to work from home and Arkansas students take classes virtually this year, online security is more important than ever.Chris Moss is the information security officer at Arkansas Tech University. He said one of the most important things people need to do right now is watch out for what devices are connecting to their home WiFi or hot spots, and making sure these devices are secure.All your data is going to flow across that wire, so if it's unsecured, anyone can see that wire," Moss said, "It's just not the little guy sitting. In the basement, you know, in the dark typing on the computer.

Read More

SOFTWARE SECURITY

NETSCOUT Introduces forensic cybersecurity for AWS Cloud Workloads

businesswire | December 16, 2020

NETSCOUT SYSTEMS, INC a main supplier of administration affirmation, security, and business examination, today reported the expansion of its Smart Perimeter Protection to AWS. The blend of NETSCOUT's Cyber Investigator (NCI) and CyberStream programming with new AWS parcel access administrations contains costs and accomplish better efficiencies in moderating novel security dangers as undertakings move applications to the cloud. As the danger surface extends, the arrangement utilizes parcel information and incredible digital examination to get to the main driver of network protection issues rapidly. NETSCOUT has teamed up with AWS on bundle access arrangements by acquainting numerous imaginative ways with access parcel traffic for network safety and end-client experience use cases. This incorporates the as of late declared Gateway Load Balancer (GWLB), which gives commonsense, reasonable, and adaptable admittance to parcel traffic for security and execution the board. Utilizing GWLB, clients can coordinate traffic from any Virtual Private Cloud (VPC) to CyberStream and Cyber Investigator without leaving the cloud. The new Smart Perimeter Protection arrangement consistently coordinates with AWS. “NETSCOUT is committed to providing the most cost-effective and consistent visibility and control regardless of where an application runs,” said Paul Barrett, CTO, Enterprise, NETSCOUT. “NCI and CyberStream extend security forensics capabilities into the cloud, unlike any other solution. Armed with NETSCOUT’s smart data, security, and IT operations teams benefit from a shared perspective and a cost-effective solution that scales to the needs of the cloud.” About NETSCOUT NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) helps assure digital business services against disruptions in availability, performance, and security. Our market and technology leadership stems from combining our patented smart data technology with smart analytics. We provide real-time, pervasive visibility and insights customers need to accelerate and secure their digital transformation. Our approach transforms the way organizations plan, deliver, integrate, test, and deploy services and applications. Our nGenius™ service assurance solutions provide real-time, contextual analysis of service, network, and application performance. Arbor Smart DDoS Protection by NETSCOUT products help protect against attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets. To learn more about improving service, network, and application performance in physical or virtual data centers, or in the cloud, and how NETSCOUT’s performance and security solutions powered by service intelligence can help you move forward with confidence.

Read More

DATA SECURITY

CompTIA ISAO Adds Real-time Cybersecurity Threat Analysis and Intelligence Resources from Sophos

CompTIA | August 05, 2021

Advanced cybersecurity threat analysis and intelligence capabilities are now available from the CompTIA Information Sharing and Analysis Organization (ISAO) through an expanded collaboration with global next-generation cybersecurity leader Sophos and it industry-leading and highly acclaimed threat research lab, SophosLabs. The announcement of the new cyber capabilities was made today by CompTIA, the nonprofit association for the information technology (IT) industry and workforce. CompTIA ISAO members can directly submit suspicious URLs and files through the ISAO's Cyber Forum to SophosLabs Intelix™ for rapid analysis to determine if they are known or zero-day cybersecurity threats. SophosLabs Intelix combines petabytes of threat intelligence derived from decades of SophosLabs threat research with Sophos AI tools and techniques, bringing a powerful new source of threat intelligence to the CompTIA ISAO and its managed services provider (MSP), vendor, distributor, and associate members. "SophosLabs research illustrates how adversaries are constantly changing their tactics, techniques and procedures (TTPs) to breach targets, move laterally and carry out ransomware and other attacks," said Simon Reed, senior vice president, SophosLabs. "The only way to effectively fight modern cybercrime is if we do it together. That's why Sophos is committed to sharing actionable threat intelligence with the CompTIA community. This new integration gives member organizations advanced abilities to quickly investigate suspicious URLs and files to determine their risk and to understand what happens if they are opened or executed. Powered by machine learning, SophosLabs Intelix predictively convicts never-before-seen threats, and is constantly improving based on the collective input of community intelligence." "This is a real differentiator for our members, who can access a powerful analysis resource to identify, classify and prevent threats, further protecting themselves and more importantly, their customers," said MJ Shoer, senior vice president and executive director of the CompTIA ISAO. The new integration expands Sophos' support of the CompTIA ISAO. As a Silver Industry Partner, Sophos has been contributing detailed threat analysis from SophosLabs Uncut to the CompTIA ISAO. "This is a significant addition to the resources available to our members," Shoer added. "It is the latest example of the support that industry partners such as Sophos have for the CompTIA ISAO, and the commitment we all have to make the industry more secure." The CompTIA ISAO is a community of nearly 1,200 member companies that share best practices, cyber threat intelligence, educational content and more to help address ever-evolving cyber threats. Working closely with public and private cybersecurity agencies and organizations, the CompTIA ISAO is helping its members understand the threat landscape, defend against current and future attacks and raise cybersecurity awareness throughout the global tech industry. About CompTIA The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world's economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. About Sophos Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today's most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K.

Read More

Spotlight

Cybersecurity is one of the fastest growing industries today, and it's also one of the fastest moving. Cyber expert Anil Markose explains that if you're not staying ahead, then you're falling behind.