Global DNS Hijacking Blamed on Iranian Hackers

Infosecurity Magazine | January 10, 2019

Global DNS Hijacking Blamed on Iranian Hackers
Security researchers have spotted a new series of DNS hijacking attacks successfully targeting organizations globally on a large scale and traced back to Iran. The attacks have managed to compromise “dozens” of domains run by government, telecommunications and internet infrastructure in the Middle East and North Africa, Europe and North America. In so doing, they change DNS records to direct users to malicious but legitimate-looking, Let’s Encrypt certified domains where email credentials are harvested. FireEye observed three attack methods, with activity first spotted in January 2017. The first uses previously compromised credentials to log-in to a DNS provider’s administration panel with the aim of changing DNS A records. The second exploits a previously compromised registrar or ccTLD to change DNS nameserver (NS) records. A third technique is used in combination with the previous two, to return legitimate IP addresses for users outside the targeted domains.

Spotlight

As technology and the information age continues to propel organizations forward at a faster and faster pace, risk-based information security concerns must be top-of-mind for not only IT staff but also executive management. The high speed at which information is shared increases the possibility of a data breach. To keep up, state and federal laws are ever-changing and continue to impose stricter obligations to protect the data that an organization collects, stores, processes, uses and discloses.

Related News

Backed by Clearlake Capital and TA Associates, Ivanti announces MobileIron to further automate and safe endpoints

prnewswire | September 28, 2020

Ivanti, Inc. , which automates IT and Security Operations to discover, manage, secure and service from cloud to edge, and is backed by affiliates of Clearlake Capital Group, L.P. (together with its affiliates, "Clearlake") and TA Associates, today announced it has signed definitive agreements to acquire MobileIron Inc. ("MobileIron"), a leading provider of mobile-centric unified endpoint management solutions, and Pulse Secure LLC ("Pulse Secure"), a leading provider of secure access and mobile security solutions.

Read More

DATA SECURITY

Optiv Security Launches Next-Gen Managed XDR to Stop Threats Earlier in Attack Lifecycle, Minimize Business Impact

Optiv | August 09, 2021

Optiv Security, the leading end-to-end cybersecurity solutions partner, launched its Managed Extended Detection and Response (MXDR) offering at Black Hat USA 2021. The technology-independent offering enables clients to take rapid and decisive action against today's most critical cyberattacks and strengthen their security posture. "Optiv MXDR brings simplicity, transparency and automation to clients' environments, enhancing existing defenses to counter known and emerging threats with confidence and speed," said David Martin, chief services officer for Optiv. "What's more, we can seamlessly leverage the power of Optiv to extend and layer the offering with a full suite of complementary services like remediation, incident response, threat hunting, and beyond." Optiv MXDR is the only managed cloud-based, next-gen advanced threat detection and response service that ingests data across various layers of technologies to correlate, normalize, enrich, and enable automated responses to malicious activity in real-time. By automating incident investigation with actionable insights, organizations can detect threats faster and prioritize which threats to mitigate first, significantly reducing the attack surface. "We know the threat landscape; both what's at stake and how to circumvent threat actors while significantly reducing time to detect and respond," said John Ayers, XDR vice president for Optiv. "We meet clients where they are and customize our continuously managed approach to ease the burden of the unknown and allow teams to detect, respond and remediate threats faster while also automating deeper investigation for future improvements." Devo has been named a foundational partner in Optiv MXDR, delivering scalable, cloud-native logging and security analytics via the Devo Platform, enabling full visibility across cloud and on-premise environments for Optiv customers. "Security teams are eager to learn more about XDR as they look to consolidate their security stack for greater efficiency and accuracy in threat detection and response," said Ted Julian, SVP of Product at Devo. "Two constraints have always stood in their way: lack of real-time access to historical data, and the inability to collect and analyze the massive data volumes associated with modern operational environments. Devo eliminates these concerns and is uniquely qualified to power solutions like Optiv's MXDR." Optiv delivers threat management solutions to more than 60 percent of Fortune 500 companies. View the complete MXDR service brief and find out how organizations can enhance their security posture with Optiv. Optiv Security: Secure your security.TM Optiv is a security solutions integrator "one-stop" trusted partner with a singular focus on cybersecurity. Our end-to-end cybersecurity capabilities span risk management and transformation, cyber digital transformation, threat management, cyber operations, identity and data management, and integration and innovation, helping organizations realize stronger, simpler and more cost-efficient cybersecurity programs that support business requirements and outcomes. At Optiv, we are modernizing cybersecurity to enable clients to innovate their consumption models, integrate infrastructure and technology to maximize value, achieve measurable outcomes, and realize complete solutions and business alignment.

Read More

DATA SECURITY

Modus Collaborates with AgileBlue to Introduce Modus Data Protector™, for Managed Breach Protection from Cybersecurity Threats

AgileBlue | April 30, 2021

Security threats grow rapidly, and proper investigation and response necessitate the use of people who are familiar with endpoints, networks, cloud systems, and other technologies. Many businesses need a professional SOC manager, an accomplished Security Analyst, a Threat Researcher, a Security Architect, a Security Analyst, a Cloud Security Architect, and so on. This ensures that you need a team that is always improving to have the best skills as you need them. Unfortunately, there is a critical lack of specialized cybersecurity expertise in the overall talent industry, and there are not enough qualified resources to fulfill the need. Cybersecurity is complicated, and different technologies will often be needed to work together. Maintaining technical expertise to implement, update, and customize each component, as well as educating the staff on new versions and features, is needed. You must manage these distributor relationships, licenses, and training operations if you operate your SOC. Having coverage 24 hours a day, seven days a week is no longer discretionary. It's a must! Allowing an enemy to sow seeds for hours, days, or weeks makes it infinitely more difficult to control and eliminate risks. The adversary is aware that they only have a finite amount of time to do as much harm as possible, as in the case of ransomware, or to set back doors, as in the case of data exfiltration. You have the best chance of recovery if you can investigate and answer within minutes, so having a solution that is available 24 hours a day, seven days a week is essential. If money isn't a problem and you have the resources devoted to building out a 24x7 Security Operations Center, it could make sense to go in that direction. If you are limited on any of those fronts, Modus suggests that SOCaaS is a safer option. In summary, Modus Data ProtectorTM SOCaaS will allow you to: • Leverage security insights from other organizations • Have predictable spending – no need for surprise budget requests • Handle alerts more efficiently and with more predictable results • Have the agility and keep pace with your ever-changing organization’s IT demands • Enjoy a 24 x 7 x 365 promise to you that includes human-based responses, asset discovery, vulnerability assessment, intrusion detection, behavior monitoring, log management, and cloud-based SIEM About AgileBlue AgileBlue is a software firm that offers a cutting-edge SOC-as-a-Service for 24X7 network monitoring, cloud security, data protection, and enforcement. AgileBlue's team of cybersecurity and technical experts created a new SOC-as-a-Service technology that safeguards the company's sensitive network infrastructure, cloud, and confidential data. AgileBlue, founded by Joe Marquette and Tony Pietrocola, is a premier 24X7 Autonomous CyberSOC. AgileBlue Leadership also advises executives and boards of directors on cyber threats, creating a cyber policy, and providing cyber risk management as a service. About Modus Modus Discovery, Inc is a relationship-driven data analytics firm founded by experienced founders and industry veterans. As corporate owners, CIOs/CTOs, general counsel, and cybersecurity professionals, we've been in your shoes. They understand the difficulties you are experiencing because they have faced them earlier. This empathy is what motivates them to provide you with the most successful solutions and to make each information governance or eDiscovery partnership a stunning success. Modus puts individuals, systems, and technologies together to assist clients with compliance and eDiscovery problems. The Modus team has gained subject matter expertise through decades of hands-on experience in their respective fields, resulting in informed and empowered advisors ready to make timely choices that support their clients and their needs.

Read More

Spotlight

As technology and the information age continues to propel organizations forward at a faster and faster pace, risk-based information security concerns must be top-of-mind for not only IT staff but also executive management. The high speed at which information is shared increases the possibility of a data breach. To keep up, state and federal laws are ever-changing and continue to impose stricter obligations to protect the data that an organization collects, stores, processes, uses and discloses.