Attention Marketers: Access 30 Million IT Decision Makers with ECT News Network's INSTA-LEADS · Click to Learn More!
Welcome Guest | Sign In

Cybersquatters Prepare for Mischief

Cybersquatters Prepare for Mischief

"People are registering domains in typical cybersquatting fashion, and it could result in being quite dangerous for the average home user should they take a laptop or mobile device outside their network," said OpenDNS Research Lead and Evangelist Andrew Hay. When using a network outside the home, a laptop or mobile device could be deceived into connecting to a squatter's network.

By John P. Mello Jr.
04/28/14 9:19 AM PT

Cybersquatting is a seedy practice that's as old as dot-com, but the upcoming expansion of domain names could be breathing new life into the practice, while offering seamier elements on the Net an invitation for mischief.

In the early days of the Internet, nimble squatters would register domain names of brands, then sell them back to the owners for tidy sums. Rules eventually were adopted to squash squatters, but with as many as 1,300 new top-level domains appearing on the Internet in the next three years, squatting may be in vogue once again.

Squatting for cash, though, is only one way the new domains may be abused. One particular domain -- home.network -- can be exploited by the unscruplous to gain unauthorized access to a consumer's network, OpenDNS warned.

The home.network domain typically is used by home routers to identify devices on a home network. Just as it's easier to remember a URL like than 66.233.160.0 so too is it easier to remember a device's address with a domain like disk.home.network.

"People are registering domains in typical cybersquatting fashion, and it could result in being quite dangerous for the average home user should they take a laptop or mobile device outside their network," OpenDNS Research Lead and Evangelist Andrew Hay told TechNewsWorld.

Wild, Wild Domains

While at home, a laptop or mobile device will be connecting to something like disk.home.network on its network. When using a network outside the home, though, the laptop or mobile device could be deceived into connecting to a hacker who has squatted on disk.home.network.

"If you have applications that continuously try to access a printer or map a drive," Hay explained, "those requests would go out to a malicious domain and malicious server instead of your home network because you're no longer at home."

That could be very problematic if your laptop is doing automatic file syncing with a device on the network. Your files would end up on the malicious server. Worse, files from the malicious server could end up on your system, Hay noted. "Clicking on one of those files could infect your system with a Trojan or some other piece of malware."

Prior to the expansion of top level domains, that problem couldn't be created, because a domain with .network couldn't be created.

"With the new global top level domain registrations, where it's like the wild west and there's a dot-everything, there appears to be some overlap that wasn't anticipated by Linksys and other router vendors," Hay said.

Verizon Threat Report

Verizon released its annual Data Breach Investigations Report last week. The report's researchers pore through a vast amount of data on security incidents each year, and this year was no exception, as they looked at more than 63,000 security incidents from 50 organizations from around the world.

One striking aspect of this year's report was Verizon's assessment of the threats it has encountered over the last 10 years. Of all the incidents examined during that time, 92 percent of them can be pigeonholed into nine patterns: point of sale intrusions, cyber espionage, denial of service attacks, crimeware, Web app attacks, insider misuses, miscellaneous errors, payment card skimming, and physical theft and loss.

An interesting comparison made in this year's report shows the percentage of breaches attributed to a particular pattern in 2013, compared to the incidents attributed to that pattern for the last 10 years. For instance, point-of-sale intrusions accounted for only 1 percent of the incidents in the last decade -- yet in 2013, they accounted for 14 percent of the breaches.

In one of those breaches, the attack on Target, a supplier was used to foster the attack. There's a lesson to be learned from that, noted Mike Lloyd, CTO at RedSeal Networks.

"One thing is clear: Businesses are increasingly dependent upon other businesses," he told TechNewsWorld.

"As you take on connections to vendors, suppliers and partners, you increase your attack surface and add to your network complexity," he explained. "It's critical to control the level of access you grant all your business partners."

Old Tricks

Another component in the Target attack was RAM scraping. It exploits data left in memory after an operation is performed.

"One key takeaway from this report is that organizations should not simply forget about an old threat, because just like with fashion, it could come back to be a pain," Neohapsis security consultant Joe Schumacher told TechNewsWorld. "RAM scraping malware was barely on the list over the last three years but shot to No. 4 in 2013."

There was some good news in the Verizon report for sellers of cloud services who frequently encounter organizations digging their heels in, resisting moving to the nimbus for security reasons.

"Notably, there are no major breaches coming from the public cloud sector in the report," said Kevin O'Brien, an enterprise solutions architect for CloudLock.

Cloud service providers shouldn't break out the party hats and vuvuzelas just yet, however.

"That doesn't mean that the cloud is immune to breach or loss, but rather, this is likely the next major front for security incidents," O'Brien told TechNewsWorld.

In a report with many recommendations, one of the oddest was for organizations to adopt unappealing technology in order to deter theft.

"It reminds me of a scene in one of William Gibson's novels in which someone is applying spray-on rust to a brand new bicycle in order to make it look unattractive to thieves," Tom Cross, director of security research at Lancope, told TechNewsWorld.

Breach Diary

  • April 21. Security researchers discover active malware campaign that steals Apple ID credentials from jailbroken iOS devices.
  • April 21. Eloi Vanderbeken of Synacktiv Digital Security reveals that patch released in January to close backdoor in some Linksys and Netgear DSL routers doesn't close the backdoor but only hides it.
  • April 22. Verizon releases annual data breach report. It received data from 63,437 security incidents of which 1,367 were confirmed breaches.
  • April 22. Mass. Attorney General Martha Coakley announces her office has opened an investigation into data breach at data broker U.S. Info Search and the credit reporting company Experian that exposed database containing personal information of more than 200 million U.S. citizens.
  • April 22. Brian Krebs reports that an unusual number of physicians in several U.S. states have been victimized by tax fraudsters, which suggests a national physician database may have been breached.
  • April 22. AOL acknowledges its mail system was hacked and that some user accounts are being used to send out spam.
  • April 22. NEC announces program, NeoFace, that uses face recognition to access a PC. The software, which costs about (US)$97 a PC, will be sold to businesses in Japan, North America and the rest of Asia over the next three years.
  • April 23. Iowa State University alerts some 48,000 current and former students that their personal information may have been compromised in a data breach that occurred in February.
  • April 23. Coordinated Health of Pennsylvania reports 733 patient records may be compromised by theft of laptop computer from an employee's car. Agency is offering patients Experian identity theft monitoring free of charge. Experian is currently under investigation by several states for a data breach earlier this year.
  • April 23. The New York Times reports an FBI informant known as "Sabu" coordinated a wave of cyberattacks in 2012 that included websites operated by the governments of Iran, Syria, Brazil and Pakistan.
  • April 24. Google announces it will begin rolling out to Chrome browser users a new TLS cipher suite that will increase security as well as reduce processing overhead on devices without AES encryption acceleration.
  • April 24. California Senate rejects bill that require smartphones sold in the state to include a "kill switch."
  • April 24. Linux Foundation announces Core Infrastructure Initiative to fund and support projects critical to the global information infrastructure. Among beneficiaries of the initiative is OpenSSL, recently victimized by the Heartbleed bug, which will initially receive $100,000 a year for the next three years.
  • April 24. Ibrahim Baggili and Jason Moore, researchers from the University of New Haven's Cyber Forensics Research & Education Group demonstrate how social chat app Viber sends video and images without encryption and stores material online afterward at a publicly available address.
  • April 25. Mozilla announces it will start to more strictly enforce industry best practices for SSL starting with the release of Firefox 31 in July. At the same time, it announced a $10,000 bug bounty for certificate verification in that version of its browser.

Upcoming Security Events

  • April 29. BSides London 2014. Kensington & Chelsea Town Hall, Horton Street, London. Free.
  • April 29. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • April 29-May 1. InfoSecurity Europe. Earl's Court, London. Admission: Free.
  • April 30. SecureWorld Expo. Hood Center, 452 South Anderson Rd., Rock Hill, SC. One day pass,
  • $165; SecureWorld Plus, $545; VIP, $315; exhibits and open sessions, $25.
  • May 7. The Security of Things Forum. 8 a.m.-4 p.m. ET. Sheraton Commander Hotel, 16 Garden St., Cambridge, Mass. Registration: $125, plus $4.12 fee.
  • May 9-10. B-Sides Boston 2014. New England Research & Development Center, Kendall Square, Cambridge, Mass. Fee: $20.
  • May 9-10. B-Sides Algiers 2014. Ecole Nationale Supérieure d'Informatique, Oued Smar, Algiers. Free.
  • May 10. B-Sides San Antonio 2014. Texas A&M, San Antonio-Brooks City Base. Fee: $10.
  • May 13. Kansas City SecureWorld Expo. Kansas City Convention City, 301 West 13th Street #100, Kansas City, Mo. One Day Pass: $165; SecureWorld Plus, $545; exhibits and open sessions, $25.
  • May 17. B-Sides Nashville 2014. Lipscomb University Camps, Nashville, Tenn. Free.
  • May 17. B-Sides New Orleans 2014. Hilton Garden Inn, New Orleans Convention Center, 1001 South Peters Street, New Orleans. Fee: $10.
  • May 17. B-Sides Cincinnati 2014. Main Street Theater, Tangeman Hall, University of Cincinnati, Cincinnati. Free registration, pizza and beer.
  • May 20. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • May 21. Houston SecureWorld. Stafford Centre, 10505 Cash Road, Stafford, Texas. One Day Pass: $165; SecureWorld Plus, $545; exhibits and open sessions, $25.
  • June 3. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • June 5. Cyber Security Summit. Sheraton Premiere, Tysons Corner, Va. Registration: $250; government, $50.
  • June 5. Portland SecureWorld. DoubleTree by Hilton, 1000 NE Multnomah, Porland, Ore. One Day Pass: $165; SecureWorld Plus, $545; exhibits and open sessions, $25.
  • June 6-7. B-Sides Asheville. Mojo Coworking, Asheville, NC. Fee: NA.
  • June 6-7. B-Sides Cape Town. Dimension Data, 2 Fir St., Cape Town, South Africa. Fee: NA.
  • June 14. B-SidesCT. Quinnipiac University-York Hill Campus, Rocky Top Student Center, 305 Sherman Ave, Hamden, Conn. Fee: NA.
  • June 24. Meeting on Commercial Use of Facial Recognition Technology. 1-5 p.m. ET. Held by National Telecommunications and Information Administration at American Institute of Architects, 1735 New York Ave. NW, Washington, D.C.
  • June 21-30. SANS Fire. Hilton Baltimore, 401 W. Pratt St., Baltimore. Courses: by April 30, $1,249-$4,695; by May 14, $1,249-$4,845; after May 14, $1,249-$5,095.
  • Aug. 2-7. Black Hat USA. Mandalay Bay, Las Vegas. Registration: through June 2, $1,795; through July 26, $2,195; after July 26, $2,595.
  • Aug. 7-10. Defcon 22. Rio Hotel & Casino, Las Vegas. Registration: $220.
  • Sept. 17-19. International Association of Privacy Professionals and Cloud Security Alliance Joint Conference. San Jose Convention Center, San Jose, Calif. Sept. 18. Cyber Security Summit. The Hilton Hotel, New York City. Registration: $250; government, $50.
  • Sept. 29-Oct. 2. ISC2 Security Congress 2014. Georgia World Congress Center, Atlanta. Registration: through Aug. 29, member or government, $895; non-member, $1,150. After Aug. 29, member and government, $995; non-member, $1,250.


John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.


Facebook Twitter LinkedIn Google+ RSS