As with each event where massive interest is
expected, the launch of the final season of Game of Thrones is a golden
opportunity for pirates.
According to a Kaspersky’ study, this series would be the favorite of the cybercriminals. It represented 17% of the infected contents last year, i.e. 20 934 web users! According to this same study, the most targeted episodes are logically the first and last episodes of the season.
For if the fans are many in France, without
subscription, the only solution to watch the so awaited episodes is illegal
downloading on torrent websites.
It is through this means that the
cybercriminals infect the unsuspecting web users’ computers. First warning, do
not install programs at the request of the torrent websites, they can contain a
malware!
Indeed, two kinds of
frauds are principally used:
Malwares: the malicious software are launched on
torrent websites used by the fans of the series to access to the watching of
the precious episodes.
Phishing: many phishing attempts have been counted, the
pirates use the official image of Game of Thrones to try to retrieves your
personal data.
This season, the cybercriminals are almost as
creative as the scriptwriters of the successful series: many and various fake
contests allow these hackers to collect email addresses and other bank details.
Counterfeiting is also in the game, with an
observed increase of websites proposing many so-called “official” products but
being nothing more than counterfeits.
Thus, Nameshield
recommends to the fans to be highly vigilant!
For reminder, here are the basic principles to
respect in order to serenely navigate and not be trapped by unscrupulous
hackers:
Do
not download any plugin of suspicious origin
Properly
analyze the URLs before any purchase
Check
the presence of the famous HTTPS
Check
that the final address corresponds to the searched website
As always on the web, an extra vigilance is
needed, because if spring wins our regions, don’t forget that on the web,
winter is coming…
On April 15, 2019, ANSSI (the National Cybersecurity Agency of France), unveiled its annual report during a press conference. The agency identified 1869 alerts, 391 incidents without counting critical importance operators, 16 major incidents and 14 cyber defence operations for 2018. ANSSI also identified 5 major trends in terms of cyber threats observed in France and in Europe in 2018.
Analysis of cyber threat in 2018 – The 5 major trends
1.Cyber-espionage
Major concern for ANSSI in 2018, according to
the agency, cyber-espionage represents the highest risk for the organizations.
Extremely discrete, benefiting from important
financial resources, the attackers plan for many years highly targeted and
highly sophisticated attacks. In 2018, it was noted that the cyber attackers
are increasingly interested in vital activity sectors and specific critical
infrastructures like the defence, health or research sectors.
2.Indirect attacks
According to ANSSI, indirect attacks have known
an important increase in 2018. Indeed, to avoid the security measures
implemented by big companies, which are more and more aware of the cyber risk,
the attackers aim intermediaries, like providers, who are more vulnerable, to reach
their final targets.
Compromising one partner is enough to reach
many companies. So it is essential to choose partners that place their
information system’s security at the top of their concerns.
3.Destabilization and influence operations
Because of the nature of the targets and the
claims, these attacks though technically moderate, have often an important
symbolic impact. An increase has been observed in 2018.
4.Cryptojacking
For reminder, cryptojacking is a cyberattack
that consists in using the computer’s power of its victim to mine
cryptocurrency.
In 2018, many attacks of this kind were
observed. The more and more organized attackers benefit from the security flaws
to compromise their victims’ equipment by placing cryptocurrencies’ miners
without them knowing it.
5.Online frauds
Online frauds represent as much of a constant cyber threat for the companies and the big organizations as for the individuals. ANSSI noted an important growth of online frauds last year. Big operators are becoming more concerned about cybersecurity, so the attackers turn towards targets less exposed but more vulnerable, like territorial authorities or actors in the health sector which thus were the targets of many phishing attacks in 2018.
Conclusion
The multiplicity and the magnitude of the attacks observed during 2018, prove that it is essential to implement security measures to prevent these cyber threats, within big organizations, big groups as well as small companies.
“The
conclusion is clear: 2018 proves once again that digital risk, far from being
ethereal, must be at the heart of our concerns. Not only those of ANSSI! The
cyberattacks affect all of society. That is why we must all seize the matter.” explains
Guillaume Poupard, ANSSI’s General Director.
In its last quarterly report, Nexusguard stated that after the FBI closed 15 websites providing cyberattacks services, a decrease of 85% of the DDoS attacks’ scale and 24% of big attacks were observed.
In the same way, these closings would lead to the decrease of 11% of the
attacks’ volume comparing to the same period in 2018 and at an international
level.
Indeed, it was in December 2018 that the FBI successfully shut down 15 websites proposing DDoS attacks services, called “booters” or “booters services” in the business.
To achieve their goals, these booters use IP stresser, which originally are tools allowing to test the server or the network’s resilience. The cybercriminals hijack these IP stresser and send through them a large volume of requests towards the servers until they are overloaded and unable to respond anymore.
The Nexusguard report also indicates that the 15 websites closed by the FBI would be the technical source of about 11% of the global DDoS attacks of various sizes since 2014. Of course, this decrease might only be temporary, the multiplication of bot networks being the real plague of our decade in terms of cybercriminality.
Last weekend, the media has widely communicated on the consequences of
an unprecedented attack that targeted the domain names.
Indeed, during the night of 22-23 February ICANN reported the large-scale attacks on the domain names: it is DNS hijacking. These attacks consist in “replacing the authorized servers addresses” with “addresses of machines controlled by the attackers”, as explained by the organization, allowing the attackers to examine the data in order to find passwords, email addresses etc., even to completely capture the traffic towards their servers.
A wave of attacks that began in November 2018
Actually, this is not an attack but a wave of attacks that the domain
names system has endured for several weeks now.
Since the end of November 2018, an attack has targeted Lebanon and the
United Arab Emirates and affected .GOV domain names. In this attack, the
cybercriminals have proceeded with DNS hijacking.
At the beginning of January 2019, the company FireEye reported in an article, a wave of DNS hijacking that has affected domain names belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.
If the attackers were then not identified, the initial research
suggested the attacks could be conducted by persons based in Iran.
Important fact regarding the attack of February 22: this time, it
struck, sometimes successfully, important actors of the Internet.
What are these attacks?
The method used is the DNS hijacking deployed on a large scale. This is
a malicious attack, also called DNS redirection. Its aim: overwrite the TCP/IP
parameters of a computer in order to redirect it towards a fraudulent DNS
server instead of the configured official DNS server. To do this, the attacker
takes control of the targeted machine through different techniques to alter the
DNS configurations.
The American government, among others, recently warned about these
series of highly sophisticated attacks of which the aim would be to siphon a
large volume of passwords. These attacks would target more specifically
governments and private companies.
Between DNS hijacking and cyber espionage
According to Talos’ article of November 2018, the attackers behind these attacks would have collected emails and connection information (login credentials – passwords) by hijacking the DNS, so that the traffic of the emails and the VPN (Virtual Private Networking) of the targeted institutions would be redirected to a server controlled by the cybercriminals.
Once the connectors collected, other attacks can be launched for
espionage purposes, like the Man-In-The-Middle.
Then how to effectively protect yourself?
You must be aware that if these attacks essentially aim the domain names
system, we can never say it enough, the
first entry point of your domain names portfolio for an attacker is your access
to the management platform.
The first and utmost recommendation is to protect your access
For many years, Nameshield has developed securing measures for the access to the domain names management platform (IP filter, ACL, HTTPS) and in addition proposes the 2 factors authentication and the SSO.
If these complementary solutions are still not implemented, Nameshield
strongly recommends to implement them, in particular the 2 factors
authentication in order to fight against passwords thefts.
To implement the DNSSEC protocol
The implementation of DNSSEC, if it was more widely deployed, would prevent or at least lessen the impact of these attacks by limiting their consequences.
It’s becoming increasingly urgent that DNSSEC is adopted on a massive
scale, for both resolvers and authoritative servers.
To protect your domain names
The implementation of a registry lock on your strategic names will prevent their fraudulent modifications.
Although no perfect solution exists today to fully protect the infrastructures from cyberattacks, it is the implementation of several preventive measures combined that will allow to reduce the vulnerabilities (so) easily exploited by the pirates.
Lately, the DNS keeps being talked about! After the first KSK rollover
of October 2018, then the deactivation of the former KSK key on last January
11, here comes the time of the DNS Flag
Day!
DNS Flag Day: What is it all about?
The Flag day is an expression used in IT to indicate the deadline and/or
radical change.
Let us remember that when it was created, the weight of cybercrime
threats affecting the DNS infrastructure didn’t exist. If the security was
relegated to the background, the evolution of attacks have made it absolutely
necessary: The DNS must be strengthened!
It’s in this context that the EDNS standard has been created in 1999 (updated in 2013 in the RFC6891). EDNS has particularly allowed the implementation of DNSSEC, the DNS’ geolocation and other measures aiming to strengthen the security.
This transition was not without difficulties. Abusive EDNS standard
adoptions, lack of updates, bypasses have led to the creation of many patches
and accommodations of the recursive servers’ code (particularly, in order to be
able to differentiate DNS servers which cannot properly support EDNS from the
ones unreachable for other reasons).
Two decades later, the maintenance of all these patched software has
become more than difficult and leads to bugs that can compromise the DNS
security. Obviously, the weight of these patches affects the speed of the
response times.
It’s time for this standard to be implemented by all, or they will no
longer be able to efficiently deal with new DNS attacks, like amplification or
layer 7 attacks.
That’s why, major IT actors (Google, Cloudfare, Facebook, Cisco..), of which the developers of recursive servers decided as one to no longer support DNS servers that do not respect the EDNS standard as of February 1, 2019. The Flag Day arrives!
And concretely?
From the DNS Flag Day, on
February 1, all the DNS servers not in
compliance with the EDNS standard (or not functioning because of a firewall
incompatible with EDNS), thus not responding to EDNS requests will be considered as unreachable;
accommodations and other patches being removed from the new versions of the DNS
software.
To simplify, not placed on compatible DNS, your domain name may no
longer respond.
How to anticipate?
That is why it is important to ensure that DNS servers hosting your
names‘ zones are compatible EDNS, in particular if they are not placed on
Nameshield’s DNS infrastructure or if your company maintains its own
infrastructure.
The DNS Flag Day website also allows to test the compliance of your name: https://dnsflagday.net/
Of course, our team is at your disposal for any question.
The CESIN (Club of Information and digital security experts) just published the fourth edition of its annual barometer realized with OpinionWay within its 174 members, 84% are CISO (Chief information security officer) of big French companies. This annual study allows to better define the perception and reality of cybersecurity and its issues within the companies which are members of CESIN.
The most common cyberattacks and their impacts
During these twelve last months, although the
attacks number tends to stabilize, 80% of the interviewed companies have been
the victims of at least one cyberattack, and the consequences on the business (stopping
of the production, unavailable website, revenue loss…) are more important than
in 2017.
Each year, companies face five kinds of
cyberattack on average.
Among the attacks suffered, phishing is the
most frequent with 73% of companies affected, followed by the “Fake President” fraud with 50% of the respondents affected,
then in third position is the ransomware and the malware infection.
Regarding cyber risks, Shadow IT is the most
frequently encountered risk, 64% of the interviewed CISO estimate that this is
a threat to deal with. Indeed, the implementation and use of non-approved and often
free applications can escape the control of the Information systems department.
Cloud and IoT: the impact of the digital transformation on the security of Information systems
For 98% of the companies, digital
transformation has a real impact on the security of Information and data
systems and increases the cyberattacks’ perimeter. Particularly through the
important use of Cloud, used by 87% of the companies, of which 52% store their
data in public Clouds.
This use of Cloud represents an important risk
because of the lack of control from the hosting provider regarding the
company’s data (through administrators or others), or regarding the
subcontracting chain used by the hosting provider, or even regarding the data
not deleted. For 89% of the CISO, these issues imply the use of complementary
securing tools to the ones proposed by the service provider in order to secure
the data stored in the Cloud.
Concerning IoT (Internet of Things), the race
for innovation and the increasingly common use of connected things lead to the
apparition of new cybersecurity threats, notably due to security flaws in these
devices.
A cyber resilience to develop
To face these cyber risks, the CISO develop
many technical solutions.
However, despite all these solutions, the CISO
are less confident comparing to last year regarding the company’s capacity to
face these cyber risks, and less than one out of two estimates that their
company is prepared to manage a large scale cyberattack. And yet, only 12% have
implemented a real cyber resilience program, it is in process for 33% and 34%
are planning to implement one.
Three essentially human issues for the future of the cybersecurity
Awareness of the user
According to 61% of the interviewed CISO, the main
issue for the future of the cybersecurity is the training and the awareness of
the users to the cybersecurity issue. According to the respondents, “even if
the employees are aware, they are still not involved enough and do not
necessarily follow the recommendations. An important education work remains.”
Governance of the cybersecurity
For 60% of the respondents, the governance of
the cybersecurity needs to be placed at the right level. Although the
compliance to the GDPR allowed the companies to be aware of the data protection
issues, the confidence in the ability of the executive committee to take into
account the cybersecurity issues stays uneven depending on the activity
sectors.
Human resources
The lack of Information system security profiles
observed by 91% of the CISO, is a real challenge for the companies while 50% of
these companies plan to increase the workforce allocated to cybersecurity.
Upstream to the Annual Meeting in Davos that took place on January 22 to 25 in Switzerland, the World Economic Forum presented its Global Risks Report, a report which highlights the main global risks and issues, based on a survey of 1000 international decision-makers from the public sector, private sector, academia and civil society. So what are the main risks that the World is facing?
Cyber risks in the top 5
For the third year in a row, environment-related risks are at the top of the decision-makers’ concerns. They hold the top three of the risks likely to occur in 2019, followed by technology risks which are Data fraud or theft in 4th place, and cyberattacks in 5th.
Thus in 2019, 82% of the interviewed experts
expect data and money theft, and 80% expect services and infrastructures
disruptions resulting from cyberattacks.
The 5 risks most likely
to occur according to experts
Extreme
weather events
Failure
of climate-change mitigation and adaptation
Natural
disasters
Data fraud or theft
Cyberattacks
The top 10 risks in terms of impact
Weapons
of mass destruction
Failure
of climate-change mitigation and adaptation
Extreme
weather events
Water
crisis
Natural
disasters
Biodiversity
loss and ecosystem collapse
Cyberattacks
Critical information infrastructure breakdown
Man-made
environmental disasters
Spread
of infectious diseases
Cyberattacks take the 7th place, and
the critical information infrastructure breakdown the 8th place of
the ranking, hence making it into the top 10.
Regarding technology, Børge Brende, the World
Economic Forum’s President highlights that “Technology
continues to play a profound role in shaping the global risks landscape.
Concerns about data fraud and cyber-attacks were prominent again in the GRPS,
which also highlighted a number of other technological vulnerabilities: around
two-thirds of respondents expect the risks associated with fake news and
identity theft to increase in 2019”. These concerns result from 2018 being
traumatized by the increase of massive cyberattacks, breaches in IT security
systems of States, massive data theft and the increase of artificial
intelligence’s use for carrying out cyberattacks always more powerful.
Last September, Accenture published the research “Gaining Ground On the Cyber Attacker 2018 State of Cyber Resilience” and highlighted the doubling of the cyberattacks number suffered by the companies (232 on average in 2018 versus 106 in 2017 at international level), but also the improvement of the companies’ ability to identify and counter these attacks.
The attacks number has
more than doubled between 2017 and 2018…
This research deserves attention as it
differentiates from many very alarmist reports. If everything is not perfect,
in particular due to the ingenuity and increasing complexity of the attacks,
the companies continue to improve their defense capacity, were able to strengthen
their cyber resilience and stood efficient despite the threats. The companies
are able to defend themselves better, particularly by detecting the attacks
much earlier.
… But where a third of the attacks were
successful in 2017, the part of successful attacks decreased to 1 on 8 (12,5%)
in 2018.
A report that blows hot
and cold
Security teams have made great progress but
there is still more work to be done. Companies now prevent 87% of all targeted
attacks, but are still facing two to three security breaches per month on
average.
Companies might be cyber resilient in two to
three years, but the pressure and the threats’ complexity increase every day.
If 90% of the respondents expect the investment in cybersecurity to increase in
the next 3 years, only 31% think that it will be sufficient.
The new technologies are essential, but the
investments are lagging behind. If 83% of the respondents agreed that new
technologies are essential, only two out of five are investing in AI, machine
learning and automation technologies.
Confidence around cybersecurity measures
remains high, but a more proactive approach of the cybersecurity is needed. If
more than 80% of the respondents are confident in their capacity to monitor
breaches, on the other hand 71% said that cyberattacks are still a bit of a
black box, they do not know how or when they will affect their organization.
The board of directors and management are more
engaged with cybersecurity. 27% of cybersecurity budgets are authorized by the
board of directors and 32% by the CEO. The role and responsibilities of the
CISO must improve towards more transversality in the company.
5 steps to cyber
resilience
Accenture highlights five steps to optimize the
companies’ defense and move towards the ultimate aim of cyber resilience in a
world that continues to change towards new threats territories (artificial
intelligence, omnipresence of the cloud, social networks, smartphones, internet
of things) for more and more complex threats difficult to counter and a need
becoming strategic: the data protection.
Build a strong foundationby identifying high value assets, in order to better protect them
including from internal risks. It is necessary to ensure that controls are
implemented throughout the value chain of the company.
Test the IT security by training
cybersecurity teams
to the best hackers’ techniques. The role plays staging an attack and defense
team with training coaches can allow to bring out the improvement points.
Employ new technologies. For a company, it is recommended
to invest in technologies able to automate cyber defense and in particular to
use the new generation of identity management which relies on multi-factor
authentication and the user behavior monitoring.
Be proactive and anticipate threats by developing a strategic team
(“threat intelligence”) in charge of evolving an intelligent security operation
center (SOC) relying on a collect and mass analysis of the data (“data-driven
approach”).
Evolve the role of the CISO (Chief
information security officer). The CISO is closer to professions, they find the right balance between
security and risk taking and they communicate more and more with the executive
management, which now holds 59% of the security budget versus 33% a year ago.
Conclusion
The Accenture study highlights a real growing
awareness on cyber threats by companies, and the implementation of investment
to better protect themselves. The race is now launched to tend to cyber
resilience, between more and more organized attackers and more and more
sophisticated defense system. See you at the end of the year to make an
assessment of the forces involved.
After the first changing of the cryptographic
key in last October, it is now, on January 11, that the old KSK key (Key
Signing Key) of the root zone will be deactivated.
The process initiated in October 2018 to improve the security of the root zone, with the deployment of the Key Signing Key-2017, finds its achievement with the revoking of the root of the old key KSK-2010.
As indicated by Paul Hoffman, ICANN’s Principal Technologist, “The ICANN organization does not expect problems with the revocation. However, this is the first time a KSK in the Domain Name System (DNS) root has been revoked, so the ICANN org and the DNS technical community will be watching carefully for at least 48 hours after the publication of the revoked KSK-2010.”
To note, during the rollover on October, the
negative impacts were extremely limited and it would seem that only two
Internet services providers were impacted by interruptions during the process.
Of course, ICANN encourages solutions providers to no longer ship KSK-2010 in their products. ICANN should later publish a white paper about the full rollover process, including the lessons learned from this operation. ICANN communities will then be able to open discussions regarding upcoming rollovers that could happen.
The European Data Protection Regulation (GDPR) came into effect on 25th May and its impact on the management of your SSL certificates portfolio is not neutral.
All Certification Authorities have previously always relied on the WHOIS of the domain name that needs to be certified in order to validate that the certificate applicant has the domain name technical operator’s agreement.
In order to validate an order, one of the authentication steps involved sending an email to one of the email addresses (admin or technical) found on the WHOIS.
However, the GDPR has left its mark and registrars no longer have the right to provide domain name owner personal data without the owner’s explicit consent. This means that the WHOIS database is unusable in terms of Certification Authorities being able to send out validation emails.
Faced with this situation, the Certification Authorities propose sending domain validation emails to one of the following generic addresses by default:
What if none of these addresses exist or is it too complicated to create?
There is an alternative solution. The Certification Authorities are able to validate that you have the domain name technical operator’s agreement through TXT record verification in the DNS zone of the domain name to be certified.
By verifying the presence of this TXT record, the Certification Authority is able to:
issue the certificate if it is a simple DV certificate (Domain validation)
continue to the next authentication steps if it is an OV (Organization Validation) or EV (Extended Validation) certificate.
Even with this in mind, the GDPR is changing the game and is having a significant impact on the SSL industry.
If the generic email validation method is not possible and we have to use TXT record verification method then we will indeed see an increase in certificate processing times.
What are the benefits of using Nameshield to manage your SSL certificates portfolio?
As a Registrar, Nameshield offers a unique market advantage for its SSL clients.
Nameshield carries out a pre-authentication process before each order reaches the Certificate Authority. This makes it possible to anticipate any blocking factors and if necessary to act quickly to resolve them:
Modification of a WHOIS
Edition of the zone to set up a TXT record (if the DNS are those of Nameshield)
Creation of alias admin @, administrator @, webmaster @, postmaster @, hostmaster @ (if the MX are those of Nameshield)
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
![Game of Thrones: The return of the [MALWARES] white walkers by dozens](https://blog.nameshield.com/wp-content/uploads/2019/04/Game-of-Thrones-Le-retour-des-malwares-M-1200x675.jpg)
![Game of Thrones: The return of the [MALWARES] white walkers by dozens](https://blog.nameshield.com/wp-content/uploads/2019/04/Game-of-Thrones-Le-retour-des-malwares-M.jpg)
