Distributed denial-of-service (DDoS) attacks increased 71 percent year-over-year in Q3, Akamai reported Tuesday. DDoS attacks greater than 100 Mbps increased 138 percent, including two attacks attributed to the Mirai botnet. Mirai originated the October attacks against DynDNS, which caused outages and latency for major U.S. websites (see 1610210056). The DynDNS attacks have resulted in significant congressional interest in the cybersecurity of connected devices (see 1610260067). The House Communications and Commerce Trade subcommittees are set to hold a hearing Wednesday on IoT cybersecurity, partially in response to the DynDNS attacks (see 1611090063). In contrast, Akamai found that web application attacks decreased 18 percent, with U.S.-originating attacks down 67 percent.
As a way to help lawmakers and others find common ground and advance the encryption debate, BSA|The Software Alliance released an analytical tool to examine legislation and policy proposals, the industry group said in a Tuesday news release. They center around: improving data security; raising the capabilities of law enforcement; promoting privacy; protecting sensitive government data; encouraging innovation of data security tools free of government mandates; protecting critical infrastructure like banking and health; understanding the impact around the world; and increasing transparency of any legislative proposal.
The Trustworthy Accountability Group launched an anti-malware certification seal program for buyers, sellers and intermediaries in the digital advertising supply chain, said the ad industry initiative in a news release Tuesday. TAG, which was formed by the American Association of Advertising Agencies, Association of National Advertisers and Interactive Advertising Bureau, said it's also building and hosting an information-sharing hub to disseminate real-time intelligence about malware attacks to the industry and law enforcement. Adform, AppNexus, Google and RocketFuel are some ad companies and agencies that agreed to participate in the certification program, which entails complying with certain guidelines and best practices for scanning content for malware. The program "uses a multi-prong approach that includes consumer education, industry best practices, information sharing, and law enforcement to shut down malware distributors and protect the advertising supply chain," said TAG CEO Mike Zaneis. The threat-sharing hub will permit some companies to get data on the most recent infections, "serving as a type of immune system for the industry in helping it respond to new and emerging threats," TAG said. The anti-malware program is the fourth and last program in the initiative's mission to stop fraudulent traffic, fight malware and internet piracy and promote transparency.
The FCC warned consumers about a scam involving "callers pretending to be utility company employees demanding immediate payment," often by credit, debit or gift cards. If consumers receive such a call demanding payments that they don't believe they owe, they should hang up and call the utility company's phone number from a legitimate source such as a billing statement, said an alert Tuesday from the Consumer and Governmental Affairs Bureau. People who believe they have been targeted by the scam should report incidents to their utility company, local police, the FTC's Complaint Assistant or FCC's Consumer Help Center, it said.
The FTC, which held a September workshop on ransomware, is offering advice on guarding against the growing threat (see 1609070044). It has provided guidance and an accompanying video for businesses that become ransomware victims. In a Thursday blog post, staff attorney Ben Rossen said that the Privacy and Identity Protection Division also during the workshop proffered some tips for consumers, including updating software, thinking before clicking on questionable links or downloading attachments and backing up data. Rossen said consumers should try to contain an attack, possibly restore their computer and call law enforcement. "Law enforcement doesn’t recommend paying the ransom, although it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your files back," he wrote. There's no guarantee that criminals would restore files and they could possibly target people for other scams, he added.
The FCC Task Force on Optimal Public Safety Answering Point Architecture (TFOPA) will meet Dec. 2, the agency said Wednesday. It starts at 1 p.m. EST in the Commission Meeting Room at FCC headquarters. The gathering is to be the last under TFOPA’s current charter. TFOPA is to take up reports from its three working groups on optimal 911 service architecture, cybersecurity and resource allocation, a notice in the Federal Register said.
Responding to what it called a “significant uptick” in customers installing mobile security to protect devices, Symantec's Norton introduced an Android- and iOS-compatible version of its flagship mobile security product. The app deploys proactive protections against malicious apps and other threats and includes a “report card," the company announced.
Sen. Kelly Ayotte, R-N.H., and Democratic challenger Gov. Maggie Hassan critiqued each other’s record on cybersecurity issues Wednesday during a debate in the campaign for Ayotte’s Senate seat. Ayotte declined to directly answer a question about whether Russia had influenced next week's election via the hacking of national Democratic Party-related servers. The real issue is Democratic presidential nominee Hillary Clinton’s use of a private email server during her tenure as secretary of state and the possibility it resulted in the transmission of “classified information,” Ayotte said. If Hassan is “not going to break with Hillary Clinton on this, when is she ever going to break with Hillary Clinton?” Ayotte said. Hassan said Clinton’s use of the private server was wrong, but “it is concerning to me that” Republican presidential nominee Donald Trump “has showered praise on [Russian President] Vladimir Putin and in some ways invited him to” launch an attack on election-related IT systems. “That’s “one of the reasons I’m so concerned that [Ayotte] spent so much time supporting her nominee,” Hassan said.
Mobility platform company Aerohive plans a live video event on its Facebook page Thursday at 12:30 p.m. EDT to answer questions on how companies can protect their networks in the IoT age. The recent attack on DynDNS (see 1610210056), which caused massive website outages for Twitter, Spotify, Reddit and others, was attributed in part to a bot that scours the web for IoT devices such as video cameras that were protected by factory-default usernames and passwords, which the bot then used to attack online targets, said Aerohive. The attack was widely successful because many people were using default admin credentials and outdated firmware, said the company. Aerohive panelists will discuss tools available to prevent similar attacks.
Cisco, Dell, Juniper and seven other IT companies jointly formed the Zero Outage Industry Standard Association (ZOISA) Wednesday in a bid to jump-start an industry-wide discussion on safeguarding IT infrastructure reliability, the companies said. The group plans to develop a zero-outage framework of best practices to improve infrastructure safety and security, they said. The framework also would maximize infrastructure availability and improve industry wide customer satisfaction, the founding firms said. ZOISA's best practices framework will “specify consistent error response times, employee qualification levels and set security and platform requirements,” said a news release. “This can help companies to minimize errors, increase availability, ensure security and operate cost-effectively.”