Faced with the upsurge and the continually increasing strength of cyberattacks, a simulation exercise of a cyberattack in the finance industry will be organized by the members of the G7, the world’s major economic powers.
In the French presidency context, France will
be the one that will run this test in which 24 financial authorities of the 7
members of the G7 will participate during 3 days.
Today it is no secret that the banking sector is
one of the most targeted by cybercriminals [according to an IBM’s research, 19%
of the attacks would aim banking institutions].
Thus, for the first time, the G7 countries organize a cyberattack cross-border simulation in early June 2019. This test is organized by the Banque de France (the central bank of France) and proposes the following scenario: a malware will be injected in a technical component widely used in the financial sector.
As indicated by Bruno Le Maire, the Minister of
Economy and Finance of France “cyber threats are the proof that we need more
multilateralism and cooperation between our countries”.
According to this argument, this same exercise
will be conducted at the same time in the other countries, giving it a specific
dimension. If other exercises of this kind have indeed already been done
before, particularly by the Bank of England and the European Central Bank, none
of these tests was done simultaneously.
What are the results sought in this joint exercise?
Firmly establishing the risks of a cyberattack’s epidemic spread, in order to
be able to enhance the infrastructures security and to ensure the reactivity in
case of attack and prevent a wide contagion.
The actors and utility providers invade the
connected world, benefiting from the innovations that the rest of the world
opportunely provides them. It wouldn’t be a problem if we didn’t live in an age
where hacking a power plant became possible.
In 2015 and 2016, hackers shut down power to
thousands of users in the middle of the Ukrainian winter. Since then, the
American government openly admitted that foreign powers tried every day to take
control of the energy grid control rooms of the United States. And this is
important because we are currently connecting decades old infrastructures in an
environment which is swimming with threats that it was never designed to
protect against.
Engineers have not always played well with
computer scientists. These disciplines are different, they are different
mindsets with different aims, different cultures and of course, different technologies.
Engineers can plan for accidents and failures, while cybersecurity
professionals plan for attacks. There are completely different industry
standards for each discipline and very few standards for the growing field of
the Internet of Things (IoT), which is increasingly weaving its way into
utility environments. Those two worlds are now colliding.
Much of the IT used in utilities infrastructure
was previously isolated, operating without fear of the hackers, with systems
built for availability and convenience, not for security. Their creators didn’t
consider how a user might have to authenticate to a network to prove that they
are a trusted actor. That might have been acceptable in the past, but now we
have a landscape littered with outdated machines weighed down with insecure
codes that are unequipped for modern IT threats. The upgrading of these systems
and the security afterward, won’t solve all those security problems and
replacing them entirely would be too expensive, difficult to envisage and
almost utopian for many. And today, this is a real problem to connect them in
an environment exposed to threats and adversaries searching for the next easy
target.
Today, the world tends to connect more and
more, particularly through Internet of Things (IoT), we talk about connected
cars, baby monitors connected to a parent’s smartphone and doorbells informing
homeowners who is at their doors, fridges, washing machines become connected…
and utilities follow the trends, naturally wanting to be part of this world’s
evolution towards the increasing computerisation of physical objects.
Exciting as these new innovations might sound, evidence
mounts every day of the IoT’s insecurity. Whether it’s hardcoded passwords, an
inability to authenticate its outward and inward connections or an inability to
update, there is little argument about their security. These products are often
rushed to market without a thought for this important factor.
Enterprises and governments are seizing the IoT
as a way to transform the way they do business, and utilities are doing the
same. Large infrastructures will increasingly be made up of IoT endpoints and
sensors – able to relay information to its operators and radically improve the
overall function of utilities.
Unfortunately, in the rush to innovation, eager
adopters often ignore the glaring security problems that shiny new inventions
often bring with them. In an industrial or utilities environment the IoT means
something that is similar at a descriptive level, but radically different in
real-world impact. A connected doll is one thing, a connected power plant is
another entirely!
The risks on utilities are real. There are
plenty of examples. Stuxnet, the virus which destroyed the Iranian nuclear
program is just one. The aforementioned attacks on the Ukrainian power grid
could be another. Furthermore Western governments, including France, now admit
that foreign actors are attempting to hack their utilities on a daily basis.
But if this is such a big problem, you might
ask, then why hasn’t it happened more often? Why haven’t we heard about such
potentially devastating attacks even more? Well, the fact is that many won’t
know they’ve already been hacked. Many organizations go for weeks, months and
often years without realizing that an attacker has been lurking within their
systems. The Ponemon Institute has found that the average time between an organization
being breached and the discovery of that fact is 191 days, nearly half a year.
This is especially true if one of those aged legacy systems has no way of
telling what is anomalous. Others may just hide their breach, as many
organizations do. Such attacks are often embarrassing, especially with the
regulatory implications and public backlash that a cyberattack on a utility
brings with it.
Furthermore, most attacks are often not
catastrophic events. They are commonly attempts to gain data or access to a
critical system. For most, that’s a valuable enough goal to pursue. Edging into
the more destructive possibilities of such an attack would essentially be an
act of war and not many cybercriminals want to earn the attention – or the ire
– of a nation state.
The theory of the
black swan –
theorized by Nassim Nicholas Taleb: a
situation that is hard to predict and seems wildly unlikely, but has
apocalyptic implications – fits perfectly here. We don’t know when, how or
if such an event might happen but we had better start preparing for it. Even if
the likelihood of such an event is small, the cost of waiting and not preparing
for it will be much higher. The IoT market, particularly in the utilities
sector need to start preparing for that black swan.
Public Key
Infrastructures (PKI) using certificates will allow utilities to overcome many of these
threats, providing unparalleled trust for an often hard to manage network.
It’s been built on interoperable and standardized protocols, which have been
protecting web-connected systems for decades. It offers the same for the IoT.
PKIs are highly scalable, making them a great
fit for industrial environments and utilities. The manner in which many
utilities will be seizing hold of the IoT is through the millions of sensors
that will feed data back to operators and streamline day-to-day operations,
making utilities more efficient. The sheer number of those connections and the
richness of the data flowing through them make them hard to manage, hard to
monitor and hard to secure.
A PKI ecosystem can secure the connections
between devices, the systems and those that use them. The same goes for older
systems, which have been designed for availability and convenience, but not for
the possibility of attack. Users, devices and systems will also be able to
mutually authenticate between each other, ensuring that behind each side of a
transaction is a trusted party.
The data that is constantly travelling back and
forth over those networks is encrypted under PKI using the latest cryptography.
Attackers that want to steal that data will find that their ill-gotten gains
are useless when they realize they can’t decrypt it.
Further ensuring the integrity of that data is
code signing. When devices need to update over the air, code signing lets you
know that the author of the updates is who they say they are and that their
code hasn’t been insecurely tampered with since they wrote it. Secure boot will
also prevent unauthorized code from loading when a device starts up. PKI will
only allow secure, trusted code to run on a device, hamstringing hackers and
ensuring the data integrity that utilities require.
The possibilities of an attack on a utility can
sometimes seem beyond the pale. Just a few years ago a hack on a power grid
seemed almost impossible. Today, news of IoT vulnerabilities regularly fills
headlines around the world. The full destructive implications of this new
situation have yet to be fully realized, but just because all we see are white
swans, it doesn’t mean a black one isn’t on its way.
Users will soon start demanding these security
provisions from companies. The Federal Energy Regulatory Commission (FERC) has
recently fined a utility company that was found guilty of 127 different
security violations $10 million. The company wasn’t named, but pressure groups
have recently mounted a campaign, filing a petition with FERC to publicly name
and shame it. Moreover, with the advent of the General Data Protection
Regulation and the NIS directive last year, utilities now have to look a lot
closer at the way they protect their data. All over the world, governments are
looking at how to secure the IoT, especially when it comes to the physical
safety risks involved. Utilities security matters because utilities hold a
critical role in the functioning of society. It is just as important that they
be dragged into the 21st century, as they are protected from it. PKIs can offer
a way to do just that.
Mike Ahmadi, DigiCert VP of Industrial IoT
Security, works closely with automotive, industrial control and healthcare
industry standards bodies, leading device manufacturers and enterprises to
advance cybersecurity best practices and solutions to protecting against
evolving threats.
This article on the publication of Mike Ahmadi, is from an article of Intersec website.
In a previous article of Lucie Loos dated of the 21st of last February, the study by the Duma, the lower Chamber of the Russian Parliament, of a draft legislation with the aim to create a “sovereign Internet” in Russia was mentioned. With this law, the country would be able to function in total independence if Russia was cut from the major global servers, by creating Russia’s internal DNS system, which would ensure the link between web address and IP address of the corresponding web servers, without relying on the root servers of the global Internet.
On Wednesday, the 1st
of May 2019, Vladimir Putin signed a bill to create Russia’s “Sovereign
Internet” into law, its entry into force is planned for November 2019.
Sovereign Internet: IT security or control of Internet?
The bill thus plans to create an “infrastructure
allowing to ensure the functioning of the Russian Internet resources in case of
the impossibility for the Russian operators to connect to the foreign sources
Internet servers”.
The Russian Internet service providers will
have to implement technical means allowing a “centralized control of the
traffic” on their networks in order to face potential cyberattacks from foreign
powerful countries. A control that will be done by Roskomnadzor, the agency in
charge of the monitoring of the Russian Telecom and Medias, which has been often
accused of arbitrarily blocking web content, and by the Russian Federal
Security Service (FSB).
Officially, the “sovereign Internet” was
created for the purpose of IT security, but according to many experts, this
might be an excuse. This bill is criticized and deemed by many militants as an
attempt to control web contents and progressively isolate the Russian Internet
in an environment of increasing pressure from the authorities regarding the
freedom of expression on Internet.
Many rallies against this bill were organized in Moscow and gathered thousands of Russians last March. Several weeks later, in a joint statement, many international human rights and freedom of expression organizations, of which Reporters without borders and Human Rights Watch, had called on Vladimir Putin not to sign the bill that is “against Moscow’s international commitments in terms of respect for Human rights and particularly poses a threat to media freedom and the rights to freedom of information for people in Russia”. Despite this, the Russian president chose to ignore it and thus the bill was signed on the 1st of May 2019, and will enter into force starting this coming November.
At a time of a growing awareness by companies that domain names have become strategic intangible assets, sometimes having a higher value than brands, Nameshield is happy to inform you that it has overseen and financed, during three years, the CIFRE thesis of Mr. Clement GENTY, who received his PhD, covering the subject: Internet governance and global economy: proposal of a valuation model of a domain name’s value as intangible asset.
Publicly defended on April, 23rd 2019, at Angers’ Laboratory of engineering,
processes and innovation of the “Ecole
Nationale Supérieure d’Arts et Métiers of Paris Tech”, first, the thesis
compiles a state of the art and a historical overview of the domain name
diffusion in the World since the Domain Name System’s creation (DNS) in 1983.
It demonstrates the loss of the link between identification/trust by the
abolition of the initial naming rules for the benefit of an unbridled and
mercantile economic development from the registries.
The second part of the thesis is dedicated to
an analysis of the technical and semantic parameters allowing to define the
domain names’ average value.
The third part of the thesis presents a
monetary valuation tool for domain names, developed by Nameshield as part of
the research work, and based on a database of
more than 1.4 million transactions passed.
This scientific research work, validated by
this thesis, falls within a vast process initiated by Nameshield for many years
in order to raise awareness of the value of the domain names’ strategic
intangible assets, and to evaluate them. This work led by Jean-Manuel GAGET,
Nameshield’s Strategy and Consulting Director, focuses in particular on:
A consulting activity regarding the optimization of a domain names’ portfolio management, through a naming and defense strategy adapted to the real issues;
A process of extra-financial rating and valuation of the capital domain name, integrated to the “Thesaurus Capital immatériel”, which measures intangible assets of all kinds, promoted by the “Institut de comptabilité de l’immatériel” (Intangible accounting Institute);
A method of domain names analysis and a domain names monetary valuation tool, scientifically validated today by this thesis.
The decision of the Council of State at the end of 2016, which focuses on the taxation applicable to the domain name ebay.fr has strengthened the obligation of the companies to monetarily valuate their domain names well, in order to account them as intangible assets under some conditions. As such, the tax experts are highly interested in the domain names’ issues in the constitution of the transfer price. This first world thesis on the economy of the domain names and their valuation will serve without a doubt as a useful material to the reflection of the financial world’s actors on this subject.
As with each event where massive interest is
expected, the launch of the final season of Game of Thrones is a golden
opportunity for pirates.
According to a Kaspersky’ study, this series would be the favorite of the cybercriminals. It represented 17% of the infected contents last year, i.e. 20 934 web users! According to this same study, the most targeted episodes are logically the first and last episodes of the season.
For if the fans are many in France, without
subscription, the only solution to watch the so awaited episodes is illegal
downloading on torrent websites.
It is through this means that the
cybercriminals infect the unsuspecting web users’ computers. First warning, do
not install programs at the request of the torrent websites, they can contain a
malware!
Indeed, two kinds of
frauds are principally used:
Malwares: the malicious software are launched on
torrent websites used by the fans of the series to access to the watching of
the precious episodes.
Phishing: many phishing attempts have been counted, the
pirates use the official image of Game of Thrones to try to retrieves your
personal data.
This season, the cybercriminals are almost as
creative as the scriptwriters of the successful series: many and various fake
contests allow these hackers to collect email addresses and other bank details.
Counterfeiting is also in the game, with an
observed increase of websites proposing many so-called “official” products but
being nothing more than counterfeits.
Thus, Nameshield
recommends to the fans to be highly vigilant!
For reminder, here are the basic principles to
respect in order to serenely navigate and not be trapped by unscrupulous
hackers:
Do
not download any plugin of suspicious origin
Properly
analyze the URLs before any purchase
Check
the presence of the famous HTTPS
Check
that the final address corresponds to the searched website
As always on the web, an extra vigilance is
needed, because if spring wins our regions, don’t forget that on the web,
winter is coming…
On April 15, 2019, ANSSI (the National Cybersecurity Agency of France), unveiled its annual report during a press conference. The agency identified 1869 alerts, 391 incidents without counting critical importance operators, 16 major incidents and 14 cyber defence operations for 2018. ANSSI also identified 5 major trends in terms of cyber threats observed in France and in Europe in 2018.
Analysis of cyber threat in 2018 – The 5 major trends
1.Cyber-espionage
Major concern for ANSSI in 2018, according to
the agency, cyber-espionage represents the highest risk for the organizations.
Extremely discrete, benefiting from important
financial resources, the attackers plan for many years highly targeted and
highly sophisticated attacks. In 2018, it was noted that the cyber attackers
are increasingly interested in vital activity sectors and specific critical
infrastructures like the defence, health or research sectors.
2.Indirect attacks
According to ANSSI, indirect attacks have known
an important increase in 2018. Indeed, to avoid the security measures
implemented by big companies, which are more and more aware of the cyber risk,
the attackers aim intermediaries, like providers, who are more vulnerable, to reach
their final targets.
Compromising one partner is enough to reach
many companies. So it is essential to choose partners that place their
information system’s security at the top of their concerns.
3.Destabilization and influence operations
Because of the nature of the targets and the
claims, these attacks though technically moderate, have often an important
symbolic impact. An increase has been observed in 2018.
4.Cryptojacking
For reminder, cryptojacking is a cyberattack
that consists in using the computer’s power of its victim to mine
cryptocurrency.
In 2018, many attacks of this kind were
observed. The more and more organized attackers benefit from the security flaws
to compromise their victims’ equipment by placing cryptocurrencies’ miners
without them knowing it.
5.Online frauds
Online frauds represent as much of a constant cyber threat for the companies and the big organizations as for the individuals. ANSSI noted an important growth of online frauds last year. Big operators are becoming more concerned about cybersecurity, so the attackers turn towards targets less exposed but more vulnerable, like territorial authorities or actors in the health sector which thus were the targets of many phishing attacks in 2018.
Conclusion
The multiplicity and the magnitude of the attacks observed during 2018, prove that it is essential to implement security measures to prevent these cyber threats, within big organizations, big groups as well as small companies.
“The
conclusion is clear: 2018 proves once again that digital risk, far from being
ethereal, must be at the heart of our concerns. Not only those of ANSSI! The
cyberattacks affect all of society. That is why we must all seize the matter.” explains
Guillaume Poupard, ANSSI’s General Director.
A month ago, ICANN held its first annual meeting with the
Internet community in Kobe, Japan. At this summit, ICANN presented the major
projects of the year and those of the coming years. Let’s look back at the main
topics.
The implicitely constraint
of the GDPR
While in May 2018, Europe adopted ambitious legislation to protect users’ personal data, ICANN imposed a regulatory framework on domain name players to bring the industry into line with the constraints of the GDPR.
In the absence of consensus, this framework was imposed when the GDPR came into force on May 25, 2018. It contains non-consensual provisions such as no longer publishing in the registry’s registration directory service, which currently operates via the Whois protocol, data that can be assimilated to personal data for contacts associated with domain names: registrant contacts, administrative contacts, technical contacts. Exit therefore the names, first names, postal addresses, telephone numbers and anonymization of email addresses or hidding via a contact form.
However, as provided for in the Bylaws, the rules governing the role and operation of ICANN, non-consensual rules may not be imposed beyond one year. ICANN therefore had the May 2019 deadline in mind throughout the Kobe meeting.
To build on this, last year ICANN initiated an expedited policy development process (ePDP) whose delicate mission was to develop consensus rules to replace the temporary provisions currently in place.
Shortly before ICANN64, this working group, in which Nameshield participates, submitted its proposals to the GNSO, the ICANN body that manages policy development for generic domain names. This report, which is currently open for comments, is expected to result in a final framework that will be submitted to the ICANN Board in early May for voting and promulgation.
The proposals outline a target date for implementation by 29 February 2020. ICANN has therefore focused its efforts on managing the transition period between May 2019 and this still distant deadline of February 2020. The prevailing approach is rather pragmatic as it consists in keeping the provisions currently in place such as the masking of personal data in the Whois until all the new provisions can be implemented by actors such as registrars and registries by the above-mentioned deadline.
Access to hidden data
subject to tensions
Launched in 2012 during the last round of openings of new domain name extensions but quickly relegated to the boxes, the RDAP (Registration Data Access Protocol), an alternative to the aging Whois protocol, has resurfaced with the GDPR because of its modularity, which allows, unlike Whois, to filter access to certain data according to the user’s profile.
ICANN confirmed in Kobe that this protocol will be widely deployed by this summer. First, this protocol will coexist alongside the Whois protocol. Registrars will therefore provide access to domain name data through both protocols.
The stakeholders present at ICANN64 also learnt about the project submitted by a technical study group mandated by ICANN on the operational way envisaged through the RDAP protocol for access to hidden domain name data. It has been the subject of tensions because it is not the result of a consensual process and ICANN suggested it could play a central role in collecting all requests to validate their authorization, with authentication of requests being carried out upstream by agents accredited by data protection authorities. This topic is also part of the new mission of the Policy Development Working Group (ePDP) in the coming months. Things can therefore evolve on this subject in the future.
Goran Marby, ICANN CEO, speaking on the proposed functioning of access to hidden data for domain names through the future RDAP
A multi-year
strategic plan
At ICANN64, ICANN also presented progress on the implementation of a strategic operating plan for the organization for the period 2021-2025.
The adoption of a five-year plan is new for this organization, which has always operated on an annual basis. This plan must determine the priorities for the coming years, which is also a novelty in a context where multiple projects have always been carried out simultaneously without any real prioritization.
We already know that DNS security is one of the major issues of the coming period. Among the priorities identified are the reinforced fight against malware and the increased security of the DNS, in particular through a faster deployment of DNSSEC.
For the next round of new domain names extensions openings also mentioned, ICANN has also indicated that it will take into account the lessons learned from the previous round. Among them, new extensions are ten times more targeted than historical generic extensions (like .COM,.NET,.ORG,.BIZ,.INFO) by malicious practices such as typosquatting and dotsquatting on which phishing and pharming practices proliferate.
Feel free to contact your Nameshield consultant, who is very knowledgeable on all these subjects.
In its last quarterly report, Nexusguard stated that after the FBI closed 15 websites providing cyberattacks services, a decrease of 85% of the DDoS attacks’ scale and 24% of big attacks were observed.
In the same way, these closings would lead to the decrease of 11% of the
attacks’ volume comparing to the same period in 2018 and at an international
level.
Indeed, it was in December 2018 that the FBI successfully shut down 15 websites proposing DDoS attacks services, called “booters” or “booters services” in the business.
To achieve their goals, these booters use IP stresser, which originally are tools allowing to test the server or the network’s resilience. The cybercriminals hijack these IP stresser and send through them a large volume of requests towards the servers until they are overloaded and unable to respond anymore.
The Nexusguard report also indicates that the 15 websites closed by the FBI would be the technical source of about 11% of the global DDoS attacks of various sizes since 2014. Of course, this decrease might only be temporary, the multiplication of bot networks being the real plague of our decade in terms of cybercriminality.
In the domain names’ world, the rules applied by many registries of “first come, first served” often lead to many cases of abusive registrations and of cybersquatting in particular. This is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.
In order to fight against these fraudulent actions and to assert their rights, brands’ owners can implement a targeted action to recuperate or suppress the cybersquatted domain name, called UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure is administered by an Arbitration Center like the one of the WIPO, the World Intellectual Property Organization.
According to the WIPO’s General Director, Francis
Gurry: “Domain names involving fraud and
phishing or counterfeit goods pose the most obvious threats, but all forms of
cybersquatting affect consumers. WIPO’s UDRP caseload reflects the continuing
need for vigilance on the part of trademark owners around the world.”
UDRP complaints filed with WIPO in 2018*
On March 15, 2019, the WIPO published its last annual report on domain names’ disputes.
In 2018, the WIPO’s Arbitration and Mediation Center received a record of 3447 UDRP cases filed by brands’ owners, i.e a rise of 12% compared to the previous year.
Source: WIPO Statistics Database
However these disputes concerned 5655 domain
names, a decrease comparing to 2017 which counted 6371 names.
The main gTLDs in the cases filed with WIPO are unsurprisingly, the .COM (far ahead with 72.88%), the .NET (4.62%), the .ORG (3.50%) and the .INFO (2.23%).
Regarding the disputes on the domain names registered in the new extensions, they represent nearly 13% of the disputes, mostly in .ONLINE, .LIFE and .APP domains.
And lastly, nearly 500 complaints regarding names registered in ccTLDs have been filed, nearly 15% of all the disputes administered by the WIPO in 2018.
The 3 main sectors of complainant activity are
the sectors of banking and finance, biotechnology and pharmaceuticals, and
Internet and IT.
Geographically, France is placed second with 553 cases filed with the WIPO, just behind the United States (976 complaints) and is one the most reactive countries on this subject.
Note that on all the UDRP cases filed in 2018, Nameshield ranks second in the filing world complaints with 343 cases filed and 66 represented customers**.
Our teams are of course at your disposal to inform you on the possibilities of contentious domain names recovery actions.
*Source: WIPO Statistics Database
**Source: Nameshield’s report on UDRP procedures, 2018
On the article dated from February 22, 2019, we discussed about the Brexit’s consequences on the .EU domain names and the publication of the action plan by EURid, the .EU registry, following two scenarios, in case of no deal or in case of a withdrawal agreement between the United Kingdom and the European Union.
In short, as a result of the Brexit, companies and individuals, holders
of a .EU will no longer be able to renew or register names in .EU if they are
not residing in the European Union.
In case of no deal, .EU domain names’ holders will have 2 months from March 30, 2019 to demonstrate their eligibility or to transfer their name to an
eligible registrant (whose country code isn’t either GB/GI). All registrants
who did not demonstrate their eligibility will be deemed ineligible and their
domain names will be withdrawn.
In case there is a withdrawal agreement, this plan of actions will be
implemented as of January
1, 2021.
Due to ongoing uncertainties over the United Kingdom’s withdrawal from the European Union, EURid announced on March 22, 2019, that this plan would be placed on hold while waiting for an official update from the European Commission.
To be continued.
Nameshield uses cookies
Nameshield wishes to use cookies to ensure the proper functioning of the site and, with our partners, to measure its audience🍪.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
![Game of Thrones: The return of the [MALWARES] white walkers by dozens](https://blog.nameshield.com/wp-content/uploads/2019/04/Game-of-Thrones-Le-retour-des-malwares-M-1200x675.jpg)
![Game of Thrones: The return of the [MALWARES] white walkers by dozens](https://blog.nameshield.com/wp-content/uploads/2019/04/Game-of-Thrones-Le-retour-des-malwares-M.jpg)
