Attack Prediction: Malicious gTLD Squatting May Be The Next Big Threat

Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years. These new  gTLDs and internationalized domain names (IDNs) are awesome ideas if you think about the creativity sparked around the names one can possibly register.

Some examples include .SINGLES (2013-08-28) and .SEXY (2013-09-11). Right before last holiday season, .CHRISTMAS (11-21-2013) was made available for use. We are seeing more interesting ...

Using Data Breadcrumbs to ID Targeted Attacks

Earlier this year at RSA, our CTO Dan Hubbard presented on how predictive systems can be used to identify attacks before they happen, and discussed how we could possibly predict when they will happen in the future.

His presentation reviews how the OpenDNS research team is using Big Data science to discover and predict attacks and includes real-world visualized examples. Enjoy!

Hitting the Ground Running

April 8th, 2014 was a pretty exciting day for me.

After admiring OpenDNS as a researcher, and then as a customer, I officially began working at the company as Director of Security Engineering. For the prior 6+ years, I had been Director of Security Operations at Yahoo! having built a rock star team of security engineers.  I learned a lot there about scale, building resilient systems, and protecting user data. It’s refreshing to land in a place surrounded by like ...

When Suspended Domains Are Actually Targeted Attacks

Our models and manual investigations often uncover unlabeled domain names that are likely to be part of an infection chain – eventually leading to domains already known to be malicious.

During the first week of March, cdn11[.]net and cdn777[.]net were observed, before other domains, serving exploit kits.

Curiously, our DNS database didn’t have any information about these specific domains – and using a local DNS resolver offered no additional insight. The dnsws[.]net authoritative servers were apparently not answering any queries about these ...

CanSecWest Vancouver 2014 Report

A few weeks ago, Ping Yan and I went to Vancouver for the CanSecWest conference in order to present our talk entitled “Intelligent Use of Intelligence: Design to Discover”. Being accepted at this worldwide event, needless to say, we were pretty excited!

This article will give a short overview and a quick recap of all the speakers/events that caught our attention.

We left beautiful San Francisco on March 10th and went directly to our Vancouver office. The weather was sunny ...