It is critical to have meaningful security conversations with your vendors. Operators depend on their vendors to supply products and solutions that are secure. As all operators have experienced, “secure products” is almost always a vendor afterthought. This leads to an operational risk that in some cases turns deadly. In this session, we will explore
Category: Threat Actors
Threat Actors are people who are acting counter to you or your organization’s interest. They are a threat to yourself, your family, your community, your organization (company), your society, and your nation. They cannot be taken for granted. You can classify the world in the four key threat actor categories:
- Cyber-Criminal Threats – Cyber-Crime is an International Legal problem that has no short term resolution. There will always be someplace in the world that is a harbor for cyber-criminal activity.
- Nation State Threats – Post-Snowden, the secret world of nation-state security is now all in the open. Your network is a valid “Battle Space” for any Cyber-War.
- Political, Patriotic, Protestors (P3) – There are always going to be someone, somewhere, who is upset with society – with the ability to make their anxiety know through any network – anywhere.
- Corporate Threats (New!) – The dialog between US & China will accelerate the corporate on corporate threat vector.
Protecting your Domain Names: Taking the First Steps
Protecting your domain names is often overlooked, ignored, and neglected. Everyone and everything on the Internet depends on the Domain Name System (DNS) being functional. The DNS has been a common vector for attacks in recent years. Attacking DNS will continue in the future. The 2019 DNSpionage Campaign and Sea Turtle attacks were wake calls
DNS is Under Attack – the Miscreant’s Offensive Playbook with a Defensive Counter
Our DNS is Under Attack is not something anyone wants to hear. DNS’s critical role is a threat attacker. Taking out DNS is easier than trying to take down a web site. Smart miscreants have a playbook of offensive DNS attack techniques that they can use against any organization. Attacks against DNS are broad, yet
Realities of Today’s DDoS Security Risk
Focusing on the lessons from the 2020 – 2021 DDoS Extortion Campaigns DDoS Extortion will not go away. It is a cyclical International crime that can only be stopped with the DDoS Extortionist are arrested. In 2020, organizations woke up to a new wave of DDoS Extortion activities. These attacks caught organizations with the DDoS
Securing Your Network Using Shadowserver’s Daily Network Reports
Securing your Network using Shadowserver Reports helps organizations learn about this unique public benefit tool. What if there was a public benefit, free to use, security report that provided you a complete overview of your security risk? What if this tool allowed you to see what the bad guys are seeing on your network? What
Conference Talks, Workshops, and Webinars
Barry frequently presents at conference talks, workshops, and webinars. Barry enjoys working with peers to share, empower, and entertain with live interactive sessions. 40 years of public speaking experience is reflected in the list of talks below. Crafted conference talks tuned to the organizer’s audience. The general theme for all the talks is to help
DDoS Attack Preparation Workbook
Internet DDoS Attacks are a force of nature on the Internet. They are like earthquakes, hurricanes, floods, tornados, tsunamis, and all other disasters. Organizations need to prepare for a DDoS Attack the same way they prepare for severe weather and natural disasters. These guides have been crafted based on my personal experience (+25 years of
DDoS Extortionist’s Behaviors
Smart and prepared organizations use DDoS Extortionist’s Behaviors as a Defensive Tool. We have a long history of DDoS Extortionists. In the early 2000s, we had DDoS Extortionists who would threaten “gambling sites” with a DDoS Attack 30 minutes before a match. This crew was later tracked by law enforcement and arrested. DDoS Extortion has
Conficker Working Group – Archive of Materials
Conficker Still Survives! While public attention to Conficker has faded since the widely publicized April 1st, 2009 “attack date”, the fact is that a huge number of computer systems remain infected with Conficker. As recently as late October 2009, the number of systems infected with the A+B+C variants topped seven million. The Conficker Working Group
Expected DoS Attacks – 10 Steps to Prepare for the Pain
Version 1.0 It is time to prepare for Expected DoS Attacks. There is no perfect anti-DoS solution. But with forethought, planning, coordination, and practice any organization minimizes the impact of the DoS attacks. What follows ten essential steps that have proven to help organizations prepare for DoS attacks. The fundamental principles you will find in