Saturday, October 06, 2012

Red Sky Weekly: What lies behind the DDoS?

Interestingly enough, I’ve got folks now sending me inputs for the portal, but they’re not members. Their management probably doesn’t know that they’re sending me good information, but they (the practitioner level) know they need help and one of the best ways to get help is to ask.

This week I received a call from a large credit card company wanting to know what Red Sky knows about the DDoS attacks. While we don’t much track DDoS, we do track activity going on in the noise. So one thing I can tell you is this.. while the DDoS got the press because of potential geopolitical connections, the real story is what was going on behind the noise. So let’s try this:

  1. Major changes in the way one fairly prolific (economic espionage focused) group does business ---and a resulting uptick in their activity during the DDoS activities.
  2. Two others (both non-members) wanted to know what we knew about malware used to steal accounts and money from banks. Evidently there was an uptick there too.
  3. Did anyone else find it interesting that the DDoS attacks seemed to go quiet during a Chinese Golden Week?
  4. This week we released Fusion Report 26 which details a new variant of downloader leveraged by a known threat group. The report also included information on the potential targeting of 13 additional entities ranging from  government organizations to defense contractors. We provided a targeted analysis on the inner workings of the new malware and a tailored signature for identification of it on the wire. FR12-026 provided over 60 new indicators and artifacts for proactive defense.

Our answers to those questions resulted in two new membership packages being sent out, and two new applications both now in legal review of our terms and conditions. This is exciting stuff. What’s even more exciting is that at least three CISOs that have moved to new positions are buying Red Sky accounts almost immediately upon arrival at their new jobs. One of them (who just left a defense contractor) told me he’d made it a condition of his employment! How freakin cool is that!?

I’ve got a bunch of consulting work this week, and will be attending DARPA’s Plan X and then the i4 Conference in DC next week, so I’m hitting the road today. I’ll be driving for about nine hours, so if you want information about Red Sky, Beadwindow,
or our Research Service, give me a call. It’s a long drive!

Until next week,
Jeff