During the past year, we have become numb to the sheer outrage of cyber-attacks and the devastating impacts they have left in our wake. In fact, I still hear today an incredible amount of dismissive words to ascribe the attacks as “nuances” or “disturbances,” which is clearly anything but the case for the organizations that are battling the attacks and tallying the financial losses of such events.read more
Black Hat has come and gone again, the swag has been dispersed, the livers are recovering and delegates are returning to their normal lives with new ideas and newfound fears. My colleagues will be reporting on their findings, but I wanted to just touch on a few highlights of the conference, some sadness and talk about the value of research.read more
In the last few years, we’ve discovered that many of our customers have been putting up with artificial clients hitting their websites. Scraping competitors’ websites for business intelligence purposes is quickly becoming a common practice. Recently, an article by Slashdot shared that people are even using bots and scripts to score restaurant reservations. Likewise, Variable Pricing software and methods are being used by many e-commerce websites in order to reduce their sales costs and obtain greater control over the buying process.read more
Last night, the Wall Street Journal ran a story around the Food and Drug Administration’s (FDA) warning to makers of medical devices that the gear they’re producing is at risk of being infected with computer viruses that can endanger patients.read more
This past weekend, Security Week ran a byline I wrote regarding Long Term Evolution (LTE).
Although this brings the promise of relieving traffic jams for mobile operators, it also brings new security risks. As traffic generated by smartphones grow, LTE networks’ fast mobile broadband will assist handling the increased traffic.
However, mobile operators will have to learn how to handle the new threats. New Advanced Persistent Threats (APT) are emerging and mobile carriers and mobile user will find themselves struggling with similar APTs that we see at Enterprises today. For Long Term Evolution networks not to fall short on security, mobile operators must realize the increased threats from malware, fraud, distributed denial of service (DDoS) attacks and many other attacks, and adopt more comprehensive and innovative security strategies.
Although LTE, which is commonly referred as mobile network 4th generation (4G), provides a solid infrastructure to deliver advanced, content-rich applications in real-time, I discuss a few security challenges that should be addressed in order to protect the network from overload and declining quality of service.
The article can be found here. I invite you to read it, and feel free to share any comments or questions you may have for me.read more
The naïve and still common perception of DoS/DDoS attacks is that to be destructive, attacks must use brute force and generate massive traffic. Low & Slow DDoS application attacks prove otherwise. Similar to guerilla warfare tactics, Low & Slow application attacks create significant damage with minimal resources. What’s more? Detecting and preventing these attacks presents a significant challenge. The following post goes in-depth to break down why Low & Slow application level attacks are difficult to detect and mitigate.read more