Zombie-Proof Your Endpoints for Cybersecurity Awareness Month

Anthony Di Bello

The Department of Homeland Security has named October National Cybersecurity Awareness Month in an attempt to motivate everyone from government organizations and corporations to individual citizens to build stronger cybersecurity defenses. But with shrill “big hack” headlines appearing almost daily, how could any government or corporate organization not be hyper-aware of the rising threat level?

Hiding in Plain Sight: Spotting Botnet Activity in the UDP Channel with EnCase Analytics

Alfred Chung

In its 2014 Application Usage and Threat Report, Palo Alto Networks shared their finding that hackers are using old-school exploit techniques in new ways and in new places. Their research found that common network applications such as FTP, RDP, SSL, NetBIOS, and UDP are being used as gateways or pivot points to communicate directly with endpoints for the purpose of data exfiltration.

The company’s analysis showed that nearly all threat activity was visible in only a small number of applications, and that “nearly 99 percent of all malware logs were generated by a single threat across a single application: unknown UDP.” UDP has become the command-and-control channel for botnets as a safe place to “hide in plain sight,” with the ZeroAccess botnet generating the heaviest amount of malware activity.