Wednesday, October 15, 2014

Companies to watch - Advance notice

Vulnerable Disclosures will be releasing information later today or early tomorrow on some entities that are being reported as conducting DDOS, Brute Force Login Attacks and that are either spreading malware or have IP address information showing up in botnet activity reports and malware type indicators.

During our recent research we have been noticing many companies that are appearing in our analysis that have machines that are involved in denial of service attacks, malware and spam campaigns as well as host that are directly attacking others with brute force logins. These companies are not considered breached but we should be vigilant in watching for future activity. All of the following entities have been seen attacking others from IP space owned by the companies. Keep in mind this may not be accurate as there are inaccurate entries in ARIN and WHOIS databases so this information may not be 100% correct. We feel that it's important to list out these companies in the event that they are breached in the future to at least note that activity was seen from these companies in distributed IDS systems as well as in logs that we have been able to review.

Again it's important for us to put the disclaimer that this does not necessarily indicate that a company has been breached just that we are seeing indicators that would be consistent with infrastructure being under the control of a third party.  We do not assume that these companies are breached only that others are reporting malicious activity originating from these organizations.

These companies should be reviewing their logs and ensuring that they are not infected or should be reaching out to their security teams to perform reviews to determine why they are showing up in these IDS/IPS and firewall logs at other organizations.

We will be emailing the companies on the list directly prior to releasing their information. If they provide any feedback we may remove them from the list or alternatively post them with comments provided.

No comments:

Post a Comment