Infrastructure Security Response, Google excludes 11M+ domains

Google officially removed a “freehost” provider from a Korean Company that was providing the .co.cc domain (link to The Register article).  This was done on the basis of a large percentage of spammy or low-quality sites.  According to the Anti-Phishing Working Group (report) this top level domain accounted for a large number of mal-ware, phishing, and spam traffic.

This defensive move by Google frames nicely a counter move to what I have termed as ‘Infrastructure level attacks’.  These types of attacks are executed through planned and global programs designed to bypass the fundamental security safeguards organizations deploy.  The popular examples are RSA SecureID Tokens and Comodo certificates.

The challenge has been how to respond equally to such attacks, and here we are seeing an exploration into this response.  The U.S. Government is exploring filters and preventive tools at the ISP level, and here we have a propagator of search results eliminating the possibility of users connecting to such domains – regardless of any possible non-malicious site.

This highlights the need to examine the information security program of your organization and the core providers.  This examination must consider risks that are known and ‘far-fetched ideas’ (such as the domain being blocked at the ISP level) that may impact your business.  Such continuous programs of risk assessment are key, but just as critical is the examination and pivoting of the program itself.  (yes.. a risk assessment of the risk assessment program).

Counter thoughts?

James DeLuccia

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s