DOCSLIB.ORG

Fast Facts February 2021

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fast Facts February 2021 Fast Facts February 2021 Monthly data-driven threat landscape updates Contents • Contents • FRS • FRS • Introduction – Malware Families – Banking Malware • Disclaimer • Updates & Top 5 • Updates & Top 5 • SPN • Segments • Segments • – Total Threats • Industries Industries – • Blocked – Malware Campaigns Macro Malware • • Queries • Updates & Top 5 Updates & Top 5 • – Ransomware Threats • Segments Segments • • Blocked • Industries Industries – • Protection Layers – Ransomware PoS Malware • Updates & Top 5 • Updates & Top 5 • ERS • New Families • Segments – Spam Attachments • Segments • Industries – BEC • Industries • Overall and CEO Fraud • BEC Impersonation • BEC Intent 2 © 2021 Trend Micro Inc. Contents • WRS • SHN • Appendix – C&C Server Malware – Events, Devices, and Routers – What is SPN, MARS, • Updates & Top 5 • All Events, Devices, and Routers SHN, and IoTRS? – Botnet • Top 5 Bidirectional Events – What is MARS? • Connections • Key Events and Outbound/Inbound Groups – What is SHN? • C&C Servers – Outbound Events – What is IoTRS? • MARS • Possible Outbound Attacks (Events), – What is BEC? – – Android Malware Devices, and Routers What is ZDI? – • Updates & Top 5 • Top 5 Outbound Attacks (Events) What is an Botnet, C&C • Server? • ZDI Top Possible Outbound Attacks by Device Type – Vulnerabilities – Inbound Events • Per Vendor • Possible Inbound Attacks (Events), Devices, • Zero-day and Routers • ICS • Top 5 Possible Inbound Attacks (Events) • ICS Zero-day • Top Possible Inbound Attacks by Device Type 3 © 2021 Trend Micro Inc. Introduction • In the state of a prolonged worldwide health pandemic, threat detections have remained in billions for January and February, with threat actors utilizing the virus outbreak to abuse users’ systems. – Trend Micro™ Smart Protection Network™ (SPN) has blocked a total of 6.2 billion threats. – Malware families have indicated a total of 1.1 million unique detections. – EMOTET is no longer the top malware in January and February in malware detections. – RAMNIT is back to the top banking malware, taking over the position of EMOTET. – EMOTET, RYUK, and TRICKBOT also shows a 43.0% decrease only for EMOTET. – Overall BEC attacks have increased by 28.3% – New datasets for BEC to indicate the distributions of impersonations and intents. – Trend Micro Smart Home Network (SHN) shows significant increases by 429.9% and 394.9%, for devices and routers respectively related to inbound possible attacks. – See the rest of this presentation for more of our data. 4 © 2021 Trend Micro Inc. Disclaimer • Trend Micro Research is sharing monthly threat landscape updates based on Trend Micro™ Smart Protection Network™ (SPN) security infrastructure data through Email Reputation Service (ERS), File Reputation Service (FRS), and Web Reputation Service (WRS). With SPN sensors, gathered data also come from Trend Micro researchers, the Zero Day Initiative (ZDI) team, the PH Threat Hunting team, the Mobile App Reputation Service (MARS) team, and Smart Home Network (SHN), and IoT Reputation Service (IoTRS). – The cutoff date for the monthly data is at the end of each month. For this report, the cutoff was on February 28, 2020. The numbers are their exact counts (i.e., no rounding decimals off to whole numbers or to the nearest thousand). – The data in this report is a snapshot of the data gathered from sensors and parameters Trend Micro core technology experts used during the report’s creation. As such, readers should be aware of the possibility that the figures in the report may change retrospectively due to any future enhancements applied to the sensors and parameters. Corresponding explanations shall accompany any changes in succeeding reports. – Please note that these detection numbers are from the coverage of the SPN sensors distributed globally, which is not exhaustive. Those regional rankings and figures cannot be free from such market-share influenced distribution bias. 5 © 2021 Trend Micro Inc. SPN (Smart Protection Network) Total Threats 6 © 2021 Trend Micro Inc. Total Threats - Blocked Trend Micro has blocked 6.2 billion threats in February, a 3.8% decrease from January’s 6.4 billion. 7 © 2021 Trend Micro Inc. Total Threats - Blocked While ERS has dominated the detection counts, only both WRS and FRS shows an increase of 25.4% and 10.3%, respectively. 8 © 2021 Trend Micro Inc. Total Threats - Blocked As of February, the total of threats blocked in 2021 is at 12.7 billion. 9 © 2021 Trend Micro Inc. Total Threats - Blocked (Continued) 10 © 2021 Trend Micro Inc. Total Threats - Queries The total number of queries in February had an decrease of 3.9% from January. 11 © 2021 Trend Micro Inc. Total Threats - Queries URL queries for WRS have indicated the SPN queries' top source with more than 60%. The second is FRS, while ERS is the last. 12 © 2021 Trend Micro Inc. Total Threats - Queries As of February, the threat queries in 2021 are at 861.4 billion. 13 © 2021 Trend Micro Inc. Total Threats – Queries (continued) 14 © 2021 Trend Micro Inc. Ransomware Threats The number of annual ransomware detections from 2016 to 2019 ranges from 55 million to over 1 billion. As of February, the total number of ransomware detections in 2020 is at 3.0 million. 15 © 2021 Trend Micro Inc. Ransomware Threats The number of ransomware threats blocked is 1.5 million in February, indicating a 0.8%% decrease from January. WRS dominates the Ransomware threats blocked. 16 © 2021 Trend Micro Inc. ERS (Email Reputation Service) Spam Attachments and BEC 17 © 2021 Trend Micro Inc. File Types Used as Spam Attachments Feb-21 Jan-21 1 .PDF 662,787 .PDF 1,430,887 2 .DOC 42,706 .DOC 28,462 3 .HTM 24,884 .EXE 27,509 4 .XLS 21,128 .XLS 24,659 5 .EXE 20,558 .HTML 19,301 The total count of detections for file types used in spam attachments has decreased by 47.6% from January to February .PDF was able to hold the top file type used in spam despite its 53.7% decrease. 18 © 2021 Trend Micro Inc. Business Email Compromise (BEC) While the CEO fraud attempts have increased by 9.1%, the Overall BEC attempts had grown by 28.6% from January to Feburary. 19 © 2021 Trend Micro Inc. BEC incident submission - Impersonation Datasets for both spoofed and targeted positions are not available now due to the process issue. And from January 2021, we have started monitoring the datasets like impersonation and intent from the case submissions. 20 © 2021 Trend Micro Inc. BEC incident submission – Intent Datasets for both spoofed and targeted positions are not available now due to the process issue. And from January 2021, we have started monitoring the datasets like impersonation and intent from the case submissions. 21 © 2021 Trend Micro Inc. FRS (File Reputation Service) Malware Families, Campaigns, and Ransomware 22 © 2021 Trend Micro Inc. Malware Family Feb-21 Jan-21 1 WCRY 12,524 WCRY 15,923 2 COINMINER 9,476 COINMINER 11,610 3 DOWNAD 6,691 VIRUX 7,217 4 DLOADER 6,445 DLOADER 7,178 5 NEMUCOD 6,210 DOWNAD 7,026 The number of malware families has decreased by 13.9% from January to February. As EMOTET dropped, WCRY is back to the usual top malware family detected position. 23 © 2021 Trend Micro Inc. Malware Family – Segments The consumer segment has remained the most significant number of malware detections in January and February, followed by the enterprise. 24 © 2021 Trend Micro Inc. Malware Family – Segments ENT Feb-21 Jan-21 Cons Feb-21 Jan-21 1 WCRY 12,067 WCRY 15,407 1 NEMUCOD 5,543 NEMUCOD 5,526 2 VIRUX 5,358 VIRUX 6,752 2 COINMINER 3,699 COINMINER 4,273 3 VIRUX 5,135 COINMINER 6,689 3 DLOADER 3,554 DLOADER 4,150 4 DOWNAD 4,599 DOWNAD 4,996 4 DRIDEX 2,419 LOCKY 2,567 5 EQUATED 3,322 EQUATED 4,618 5 POWLOAD 2,387 POWLOAD 2,544 SMB Feb-21 Jan-21 Others Feb-21 Jan-21 1 COINMINER 640 EMOTET 1,003 1 ADLOAD 77 LOCKY 64 2 DOWNAD 498 COINMINER 644 2 DLOADER 67 DLOADER 50 3 SALITY 324 DOWNAD 463 3 DRIDEX 40 POWLOAD 41 4 EMOTET 304 POWLOAD 385 4 LOCKY 36 Mackeeper 37 5 WCRY 290 DLOADER 381 5 POWLOAD 27 DRIDEX 29 In February, WCRY has continued to be the top malware family for the enterprise segment, while EMOTET has dropped to the fourth for SMB, and out of top 5 for customer. 25 © 2021 Trend Micro Inc. Malware – Industries Feb-21 Jan-21 1 Manufacturing 29,933 Manufacturing 76,467 2 Healthcare 28,531 Healthcare 37,359 3 Government 24,739 Government 25,949 4 Banking 18,553 Education 22,583 5 Education 17,908 Banking 21,488 6 Technology 13,188 Technology 16,060 7 Telecommunications 10,019 Telecommunications 13,336 8 Materials 8,654 Financial 7,752 9 Financial 6,272 Food and beverage 6,166 10 Food and beverage 5,976 Transportation 6,017 The manufacturing industry remains at the top with the most malware detections in February, despite a decrease of 60.9% from January. And the healthcare industry has gained the second spot in 2021. 26 © 2021 Trend Micro Inc. Malware Campaigns EMOTET, RYUK, and TRICKBOT are the three malware families with the most active campaigns. However, EMOTET shows a significant decrease of 43.0% from January to February. 27 © 2021 Trend Micro Inc. Malware Campaigns – Segments EMOTET shows a significant decrease from January to February in all segments. EMOTET’s increase in Others is negligible. 28 © 2021 Trend Micro Inc. Malware Campaigns – Industries Feb-21 Jan-21 1 Government 224 Manufacturing 183 2 Manufacturing 148 Government 175 3 Healthcare 114 Healthcare 131 4 Telecommunications 106 Financial 122 5 Food and beverage 71 Telecommunications 112 6 Education 30 Real estate 97 7 Technology 27 Food and beverage 84 8 Comm and Media 16 Technology 70 9 Banking 12 Education 59 10 Transportation 12 Transportation 35 The government has taken the top from the manufacturing industry with the highest number of malware detections, followed by the manufacturing and healthcare industries in the second and the third, respectively.
Load more

Recommended publications
  • 2 | 2013 2 | Volume Issue ISSN 2190-3387 Law
    2 | 2013 Volume 4 (2013) Issue 2 ISSN 2190-3387 Law and Electronic Commerce Information Technology, Intellectual Property, Journal of Articles Online Sexual Harassment: Issues & Solutions by Mohamed Chawki, Yassin el Shazly Breathing Space for Cloud-Based Business Models: Exploring the Matrix of Copyright Limitations, Safe Harbours and Injunctions by Martin Senftleben A Model Framework for publishing Grey Literature in Open Access by Matěj Myška, Jaromír Šavelka Injunctions against innocent Third Parties: The Case of Website Blocking by Martin Husovec Evaluation of the Role of Access Providers Discussion of Dutch Pirate Bay Case Law and Introducing Principles on Directness, Effectiveness, Costs, Relevance and Time by Arno R. Lodder, Nicole S. van der Meule Das Verhältnis zwischen Urheberrecht und Wissenschaft: Auf die Perspektive kommt es an! by Alexander Peukert Editors: Thomas Dreier Axel Metzger Gerald Spindler Lucie Guibault Miquel Peguera Journal of Intellectual Property, Information Technology and Table Of Contents Electronic Commerce Law Volume 4 Issue 2, August 2013 Articles www.jipitec.eu [email protected] Online Sexual Harassment: Issues & Solutions A joint publication of: by Mohamed Chawki, Yassin el Shazly 71 Prof. Dr. Thomas Dreier, M. C. J., Karlsruhe Institute of Technology, Vincenz-Prießnitz-Str. 3, Breathing Space for Cloud-Based Business Models: 76131 Karlsruhe Exploring the Matrix of Copyright Limitations, Safe Prof. Dr. Axel Metzger, LL. M., Harbours and Injunctions Exploring the Matrix of Institute for Legal Informatics,
    [Show full text]
  • Combating Spyware in the Enterprise.Pdf
    www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • Darknet As a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks
    Darknet as a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks Claude Fachkha A Thesis in The Department of Electrical and Computer Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at Concordia University Montreal, Quebec, Canada November 2015 c Claude Fachkha, 2015 CONCORDIA UNIVERSITY SCHOOL OF GRADUATE STUDIES This is to certify that the thesis prepared By: Claude Fachkha Darknet as a Source of Cyber Threat Intelligence: Entitled: Investigating Distributed and Reflection Denial of Service Attacks and submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy complies with the regulations of the University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: 'U'HERUDK'\VDUW*DOH Chair 'U0RKDPPDG=XONHUQLQH External Examiner 'U-RH\3DTXHW External to Program 'U5DFKLGD'VVRXOL Examiner 'U5RFK+*OLWKR Examiner 'U0RXUDG'HEEDEL Thesis Supervisor Approved by 'U$EGHO5D]LN6HEDN Chair of Department or Graduate Program Director 'U$PLU$VLI Dean of Faculty ABSTRACT Cyberspace has become a massive battlefield between computer criminals and com- puter security experts. In addition, large-scale cyber attacks have enormously ma- tured and became capable to generate, in a prompt manner, significant interruptions and damage to Internet resources and infrastructure. Denial of Service (DoS) attacks are perhaps the most prominent and severe types of such large-scale cyber attacks. Furthermore, the existence of widely available encryption and anonymity techniques greatly increases the difficulty of the surveillance and investigation of cyber attacks. In this context, the availability of relevant cyber monitoring is of paramount im- portance.
    [Show full text]
  • DS0122 1007 FISE:DS0100 0605 FT EE.Qxd.Qxd
    FaceTime Internet Security Edition™ Total Control for Web and Real-Time Internet Communications About FaceTime Internet Security FaceTime Internet Security Edition is the next generation Internet security solution, providing Edition total control over web usage and real-time communications. For the first time, enterprises FaceTime Internet Security Edition can enable, secure and manage all Internet channels – web browsing, IM, P2P, Skype, and enables the safe and productive use chat - with unified policy management through a single access point. FaceTime Internet of the Internet including web brows- Security Edition combines state-of-the-art IM & P2P security with an industry leading URL ing, IM, P2P, Skype and other real- filtering database and award winning gateway anti-spyware solution. time communications applications. Purpose-built and integrated to pro- Real-time Communications in the Enterprise vide total visibility and control, Internet communications have evolved from point-to-point channels such as email to real- FaceTime Internet Security Edition time, presence-oriented communications like IM, P2P file-sharing, Skype, and web confer- allows organizations to implement encing. For the new generation of workers, access to real-time communications is an powerful policies that detect, assumption; if it’s not available, they will download it to their computer regardless of policy, secure, manage and enable real- because they know what a positive impact these applications can have on effectiveness and time collaborative applications while efficiency. preventing malware threats, mini- mizing information leakage, and FaceTime terms these real-time communications applications ‘greynets’ – often installed by control employee Internet use. end users without the permission or knowledge of the IT department and use highly evasive techniques to circumvent the existing security infrastructure.
    [Show full text]
  • Instructional Objectives
    Information Security Governance & Compliance Assessment Essentials: Strategies for Staying Current with Technology Douglas Brown – CISM, CISSP, Security Solutions Architect HP Security and Risk Management HP Services © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Instructional objectives • Share enabling technologies taxonomy as it applies to the P5 Model • Familiarize one’s self with common technologies encountered during security engagements • Understand HP’s security product portfolio • Understand HP’s strategy in selecting and aligning with 3rd party partners • Know where to go for “quick” education on security tools 5/25/2007 2 1 Agenda • Assessing technology controls • Technology types • Emerging technologies • Enabling technologies • Applying enabling technologies • HP security technologies • Consultant resources • Security technology predictions • Breakout 5/25/2007 3 Assessing Technology Controls © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 2 Assessing technology controls • Role and responsibility − Understand technology in place to manage/mitigate threats • Why are they using it? • How are they using it? • How could they use it better? − Recognize that you won’t know every technology in use • Clients expect us to know every single tool as an expert • Use probing questions to mask lack of awareness of a particular technology 5/25/2007 5 Technology ecosystem Firewall Rules Management What
    [Show full text]
  • Government-Wide Cyber Security
    White Paper Government-Wide Cyber Security Leveraging Network Intelligence Technology April 2009 Enabling True Network Intelligence Everywhere White Paper Government-Wide Cyber Security Executive Summary Governments and multi-government organizations can better support IT network security across applications and government functions with a common technology platform leveraging Network Intelligence building blocks. IT security continues to be the greatest challenge facing government CIOs worldwide. Most experts agree that governments require stronger partnerships between the public and private sectors for both better protection of government IT systems from intruders and for greater visibility into operators’ network traffic to fight crime. However, government systems and intelligence activities constitute a very sensitive information environment. Governments must proceed with caution when forming technology partnerships for hardening their IT network security. Melissa E. Hathaway, who in February 2009 was named to be the Obama Administration’s top cyber security official, points out how government IT organizations should be asking questions such as: Who designed the security technology? Who built the technology? Who operates and maintains the technology? Who upgrades the technology? Who retires the technology?1 Commercial-Off-The-Shelf (COTS) products are not always suited for government network security needs. Governments can better support network security across applications and government functions with a common technology platform consisting of reusable technology building blocks. Such a global approach would enable government organizations to control the development, performance and maintenance of security applications, while preserving the confidentiality of security mechanisms for detecting cyber criminals and protecting information. Qosmos Network Intelligence provides this capability. Qosmos Network Intelligence provides this capability with technology to extract detailed IP metadata from network traffic.
    [Show full text]
  • OSINT Handbook September 2020
    OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 OPEN SOURCE INTELLIGENCE TOOLS AND RESOURCES HANDBOOK 2020 Aleksandra Bielska Noa Rebecca Kurz, Yves Baumgartner, Vytenis Benetis 2 Foreword I am delighted to share with you the 2020 edition of the OSINT Tools and Resources Handbook. Once again, the Handbook has been revised and updated to reflect the evolution of this discipline, and the many strategic, operational and technical challenges OSINT practitioners have to grapple with. Given the speed of change on the web, some might question the wisdom of pulling together such a resource. What’s wrong with the Top 10 tools, or the Top 100? There are only so many resources one can bookmark after all. Such arguments are not without merit. My fear, however, is that they are also shortsighted. I offer four reasons why. To begin, a shortlist betrays the widening spectrum of OSINT practice. Whereas OSINT was once the preserve of analysts working in national security, it now embraces a growing class of professionals in fields as diverse as journalism, cybersecurity, investment research, crisis management and human rights. A limited toolkit can never satisfy all of these constituencies. Second, a good OSINT practitioner is someone who is comfortable working with different tools, sources and collection strategies. The temptation toward narrow specialisation in OSINT is one that has to be resisted. Why? Because no research task is ever as tidy as the customer’s requirements are likely to suggest. Third, is the inevitable realisation that good tool awareness is equivalent to good source awareness. Indeed, the right tool can determine whether you harvest the right information.
    [Show full text]
  • Optimal Techn Ology G Uidance
    Report Comprehensive Information Technology Assessment August 10, 2016 Optimal TechnologyOptimal Guidance Optimal Technology Guidance Technology Optimal Client Locations Coast-to-Coast Practice Locations California Illinois Minnesota North Carolina 800.806.3080 www.clientfirstcg.com Comprehensive IT Assessment Report City of West Covina, CA TABLE OF CONTENTS ENGAGEMENT PURPOSE AND BACKGROUND ............................................ 3 Comprehensive Information Technology Assessment Objective ......................................... 3 Deliverables ........................................................................................................................... 3 Methodology and Approach .................................................................................................. 4 CURRENT INFORMATION TECHNOLOGY ENVIRONMENT SUMMARY .............. 5 Summary IT Environment ..................................................................................................... 5 Key Statistics and Metrics ..................................................................................................... 6 IT STRATEGIES, GOALS, AND OBJECTIVES ............................................ 10 INFORMATION TECHNOLOGY (IT) PRINCIPLES ......................................... 13 Vision / Mission Statement .................................................................................................. 13 IT INITIATIVES ...................................................................................... 14 Introduction .........................................................................................................................
    [Show full text]
  • Warren Harrop Thesis
    Using immersive real-time collaboration environments to manage IP networks A thesis submitted for the degree of Doctor of Philosophy Warren Harrop, BEng(Hons)(Telecommunications and Internet Technologies) & BAppSc(Multimedia Technologies) (Swinburne University), Centre for Advanced Internet Architectures, Faculty of Science, Engineering and Technology, Swinburne University of Technology, Melbourne, Victoria, Australia. August 21, 2014 Declaration This thesis contains no material which has been accepted for the award to the candidate of any other degree or diploma, except where due reference is made in the text of the examinable outcome. To the best of the candidate’s knowledge this thesis contains no material previously published or written by another person except where due reference is made in the text of the examinable outcome; and where the work is based on joint research or publications, discloses the relative contributions of the respective workers or authors. Warren Harrop Centre for Advanced Internet Architectures (CAIA) - Faculty of Science, Engineering and Technology Swinburne University of Technology August 21, 2014 iii Publications arising from this thesis Some preliminary results and discussions in this thesis have been previously published in peer- reviewed literature: W. Harrop and G. Armitage, “Intuitive Real-Time Network Monitoring Using Visually Orthog- onal 3D Metaphors,” in Australian Telecommunications Networks & Applications Conference 2004 (ATNAC 2004), Sydney, Australia, 8-10 December 2004, pp. 276–282. [Online]. Available: http: //caia.swin.edu.au/pubs/ATNAC04/harrop-armitage-ATNAC2004.pdf W. Harrop and G. Armitage, “Modifying first person shooter games to perform real time network monitoring and control tasks,” in NetGames ’06: Proceedings of 5th ACM SIGCOMM workshop on Network and system support for games.
    [Show full text]
  • Dissertation
    Securing the Internet by Analysing and Controlling DNS Traffic: Email Worm Detection and Mitigation vorgelegt von Diplom-Ingenieur Nikolaos Chatzis von der Fakult¨atIV - Elektrotechnik und Informatik der Technischen Universit¨atBerlin zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften { Dr.-Ing. { genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr. Hans-Ulrich Heiß Berichter: Prof. Dr. Radu Popescu-Zeletin Berichter: Prof. Dr. Jean-Pierre Seifert Berichter: Prof. Dr. Dimitrios Serpanos Tag der wissenschaftlichen Aussprache: 17. November 2010 Berlin 2010 D 83 ii iii Abstract The Domain Name System (DNS) is a critical infrastructure of the Internet because almost all applications that run on Internet-connected machines depend on the name resolution service it provides to work. The DNS consists of three components: the domain name space, the name servers, and the clients, formally referred to as resolvers. Due to its critical nature, the domain name space and the name servers have been for many years very attractive targets for attackers seeking to inflict widespread damage. To deal with this state of affairs, substantial attention and investment have been directed at enhancing the security of and protecting the DNS to ensure its continuous, reliable and efficient operation. This, in conjunction with a notable shift in the motivation and profile of attackers have led in recent years to a considerable change in the Internet attack landscape. Attacks have gradually become more sophisticated and focused, and financial gain has evolved into the major driving force behind them. In this new era, attackers have realised that misusing the name servers or exploiting the name resolution service comes with greater damage or economic profit than directly attacking the components of the DNS or disrupting the name resolution service.
    [Show full text]
  • Datasheet Facetime Enterprise
    FaceTime Enterprise Edition™ End-to-End Solution for Security & Management of IM, P2P & Other Greynets About FaceTime Enterprise Edition FaceTime Enterprise Edition is the leading solution used by the world's largest firms to FaceTime Enterprise Edition is a secure and manage real-time communications, and ensure that the use of instant messaging comprehensive solution for the and other real-time communication tools complies with corporate security policies and gov- ernment regulations. security, management and compli- ance of real-time communications, consisting of user policy manage- Real-time Communications in the Enterprise ment, message hygiene, spyware Instant messaging (IM), Web conferencing and other real-time communication and collabora- prevention and targeted remedia- tion tools have become requirements for strategic and competitive advantage in today’s real- tion, archiving for compliance, time enterprises. The productivity benefits reaped from the use of these tools have dramati- blocking unauthorized usage, and cally expanded their use in many organizations. protecting the network against Instant messaging in particular has quickly moved from personal communications niche to a sophisticated user workarounds. valuable business tool. Industry analysts expect that public IM usage will be ubiquitous by 2008 and the Enterprise Instant Messaging (EIM) penetration will approach 100% by 2010. EIM products are moving rapidly towards becoming unified communication and collaboration platforms integrating a wide range of real-time communications
    [Show full text]
  • DS0126-1007 USG:DS0100 0605 FT EE.Qxd.Qxd
    Unified Security Gateway™ Total Control for Web and Real-Time Internet Communication About FaceTime Unified Security The Reality of Real-time Communications Gateway The Web 2.0 landscape is alive with participation and collaboration. More than 200 social Unified Security Gateway is a secure networking sites are available to anyone with a browser. Several have evolved into full-blown devel- Web gateway that enables organizations opment platforms – Facebook alone supports almost 20,000 applications. From the enterprise side, to integrate the management, security, it’s become common practice for human resources to review candidates’ social networking activities and compliance of the full range of as part of the hiring process, and for knowledge workers, social networks have become an always-on real-time communications, Web usage, focus group for testing and reviewing new ideas. including social networks and other dynamic communications environ- Today’s young generation of workers grew up with instant messaging and are used to the immediacy ments, and enterprise-class unified of communication offered by social networks; it is natural for them to expect the same level of communications such as Microsoft OCS immediacy in the business environment, because they innately understand its value. They see no and IBM Lotus Sametime. reason not to interact with social networks from inside the corporate network. However, as the line between corporate networks and social networks blurs, social networks and their applications – many of which involve real-time communications – become an issue for enterprise IT. Unfortunately, most IT departments cannot actually see these new activities at all, because they KEY FEATURES bypass traditional corporate network protection measures.
    [Show full text]