Domain-name lookups only reveal websites visited, not individual pages viewed, right? Wrong: the interaction between a user and the DNS is more revealing than previously believed, according to a paper from German postdoc researcher Dominik Herrmann.
In work published at pre-print server Arxiv, Herrmann writes that behavioural tracking using recursive name servers is a genuine privacy risk. Someone with access to the infrastructure can easily watch a user's behaviour while they have one IP address, create a classifier for that user, and look for behaviour that matches that classifier when the IP address changes.Read more
Security researchers have found a new memory-scraping malware program that steals payment card data from point-of-sale (PoS) terminals and sends it back to attackers using the Domain Name System.
Dubbed Multigrain, the threat is part of a family of malware programs known as NewPosThings, with which it shares some code. However, this variant was designed to target specific environments. That's because unlike other PoS malware programs that look for card data in the memory of many processes, Multigrain targets a single process called multi.exe that's associated with a popular back-end card authorization and PoS server.Read more
Named JS_JITON, this new threat was first spotted in attacks at the end of December 2015, continuing to infect devices up until this day, hitting its peak in February 2016, with over 1,500 infections per day. The malware's infection chain is simple. According to Trend Micro researchers, attackers place malicious code on compromised websites and wait for users to visit these pages using mobile devices.Read more
Seventy-six percent of organizations in the USA and United Kingdom have suffered a DNS attack, according to Cloudmark. Three hundred IT decision makers were polled across the USA and UK and, of those who reported suffering a DNS attack, more than half admitted to losing business critical data or revenue.
An astounding third of respondents also confirmed they had lost confidential customer information. The survey findings suggest that large organisations are not only inadequately protecting company intellectual property against DNS attacks but more needs to be done to help educate businesses on the methods used by DNS attackers.Read more
Cybercriminals have started a new trend for conducting distributed denial-of-service attacks and rely on a type of DNS amplification that leverages text records for making the operation more effective; in some campaigns, parts of a press release from the White House have been observed by researchers.
The tactic is not new, but more and more incidents of this sort have been recorded. The entertainment sector is the most targeted. Attackers have used large TXT records in reflection attacks in the past. Cybercriminals often use intermediate victims to reflect the bad traffic to their target.Read more
Websites come and go over time; rarely is a second thought given to those sites left by the wayside. Recently, the Blue Coat Security Labs team has looked into the nature of the host names that make up the Web, and the fleeting nature of many of them is truly surprising.
In a recent 90-day period of traffic, we counted over 660 million unique host names. (That’s about one host name for every 10.6 people in the world.) While the sheer number of hosts is notable, more remarkable is the volume of hosts that were present for only a single day in that 90-day window; we call these hosts “one-day wonders”. An astounding 71% (~470M) of the hosts were so transient that they only appeared in a single day's traffic over the course of 12 weeks.Read more