[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Sandboxing vs. heuristic-based scanning: a malware detection 101
The threat landscape is challenging for signature-based detection with an ever-increasing number of threats and the shortened duration time for the effectiveness of a single signature variation.
Because of these difficulties, complements to signature-based detection, such as heuristic-based scanning, sandboxing and/or multi-scanning (scanning for threats with multiple anti-malware engines) are needed to more effectively address modern risks.
In this post, we look at the pros and cons of both heuristic-based scanning, which is used alongside signature-based detection in multi-scanning solutions to increase detection rates, and sandboxing.
Both heuristic-based scanning and sandboxing present unique strengths and weaknesses, and for different situations one scanning method may be more appropriate than the other. The best security comes from utilising both methods simultaneously in order to minimise the number of samples which may be able to evade detection.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=aaa5bd5d29&e=20056c7556
Borg blacklist assimilates Cryptolocker domain name generators
Cisco has developed a means to accurately identify the fleeting pop-up domains used by some of the world’s worst malware.
The platform builds a reputation score that is in part based on word sources including more than 60 dictionaries, Census data and Alexa top 1000 domains.
“A linear model was built to calculate the randomness score [where] the weights on the features values as well as thresholds involved in the decision were carefully tuned against legitimate domain names in the Alexa dataset as well as [those] generated by a variety of reverse-engineered DGA (domain generation algorithms,” Cisco’s Talos security team wrote.
The false negative rate was less than two percent and often lower than half a percent when detecting domains from DGAs in use by Cryptolocker, Tinba, and Zeus variants.
In an additional test the Borg platform identified all 13 random domains a Cryptolocker variant used to set up personalised fleecing portals for victims.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=cc5d315731&e=20056c7556
DHS cyber center gets new leadership
DHS Secretary Jeh Johnson announced the appointment of a new NCCIC point person, Andy Ozment, who serves as DHS assistant secretary of the Office of Cybersecurity and Communication.
Along with a new lead, NCCIC will also get a new director of operations in John Felker, who will manage the daily workflow at the center.
Felker joins DHS from serving as director of Cyber and Intelligence Strategy for HP Enterprise Services and previously served as deputy commander of U.S. Coast Guard Cyber Command. He filled several cyber-related positions during his 30-year tenure with the Coast Guard, including commander of the Cryptologic Group and coordinator between Coast Guard Intelligence and the National Intelligence Community.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dd7e917189&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=3c849e61bf)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)