[ Team Cymru Community Services ] [ Team Cymru Commercial Services ] [ Dragon Research Group ]
BOYD, CYOD, COPE - acronym soup and sensible advice: 5 things to help build good #infosec strategies http://t.co/guQXzNjMVg | CNN news app has major security flaw, user data at risk http://t.co/0vhGaPzfWT | going to #BlackHat USA 2014? reach out to chat with @dmonnier, he's there on Wednesday, to hear how we can help you http://t.co/i6hLlvBzyy | A look at Pafish (Paranoid Fish) performing anti debugger/vm/sandbox tricks to mess with your #malware work http://t.co/JTuOfdxpVn | Webinar Follow-up: “Reverse Engineering Malware: A Look Inside Operation Tovar” http://t.co/exCyloDB1P | Italy gives Google 18-month privacy compliance deadline http://t.co/eaRb5v1fmP | As Apple rescinds Bitcoin 'app ban' is Gliph the private, secure messaging app you've been looking for? http://t.co/EwrobuWC39 | Charlie Miller pauses his #hacks of Apple to invent a gizmo to protect your car from being p0wned, uses 'Limp Mode' http://t.co/KdNJEr9GIu | So simple: virtually all home alarm systems fail to encrypt signals between sensors and C2 panels (=very hackable) http://t.co/dkEtxhrpqh | Potential Wall Street Journal breach - w0rm posts creds to Twitter http://t.co/bo48jG1u1F | Alleged Stormbot Source Code Advertised for Sale on YouTube http://t.co/xM6HPhX5q1 | making identity theives work fractionally harder: removal of Irish genealogy data site to prevent identity theft http://t.co/57eA3myxTA | #infosec tool "web2intel": Script to fetch malicious domain, URLs from sites that publish RSS feeds or raw HTML pages http://t.co/GB3kKRMWTV | Card Breach at Goodwill Industries, likely over 21 US States since mid-2013 http://t.co/QMLOOvimMC | IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches, open since May and Dell might have a few too http://t.co/KWskghiiln | EFF Releases Open Wireless Router Firmware - try it out on a Netgear WNDR3800 if you like. Might save the world... http://t.co/SrkW14tGq4 | Clever and terrifying social engineering attack using little more than a WhatsApp profile picture for starters http://t.co/Yuoof1Ws9D | researchers find that 34% of all recent imessage spam came from one single company, got one? send to 7726 http://t.co/uDf1n3XjaD | Dell becomes the largest ecommerce merchant to accept Bitcoin http://t.co/VBNGOPkb6E | French researcher 'Kafeine' details CTB-Locker (Curve-Tor-Bitcoin Locker) AKA Critoni.A, available for $3,000/€2,220 http://t.co/8OWAFqHNve | Jesus Molina previews his Black Hat deck: shows how hotels use old home automation on the guest WiFi: total nightmare http://t.co/0jCP0e6Pyn | Cydia's popular BigBoss repo allegedly gets #hacked, 14k packages ripped off, highly likely to be trojaned now:beware http://t.co/P4QCLCAXr7 | Whats worse: the staggering detail held in Passenger Name Record's given to US Gov't, or the way they are stored? http://t.co/saVFxeMNsg | EFF, others sponsor Defcon Router hacking competition called "SOHOpelessly Broken" ...you'd better watch out ;) http://t.co/6eD7Okl8gG | Australian "Catch of the Day" e-commerce site user? You got breached...38 months ago! (they knew and just kept quiet) http://t.co/61LGayGX3L | Judge: warrant for access to all content of email account is justified: difficult decisions, courts still debating http://t.co/pO1mirMIkY | Facebook #malware : beware of 'hahaha' messages bearing jpgs (java --> dropbox --> Bitcoin mining infection) http://t.co/RKf2jHfZIX | We are looking for a Cyber Security Sales Engineer based in our Lake Mary, FL offices http://t.co/bahcbP8HLp | We are looking for a Malware Analyst/Reverse Engineer based in our Lake Mary, FL offices http://t.co/Fd9kK87G3B | Astonishing dearth of chats between #infosec teams and their executive management: half chat once annually or never http://t.co/tITsJHuvPm
Team Cymru - SOHO Pharming Update YouTube RSS Feed Twitter

Recent Data

[ Data Page 1 ] [ Data Page 2 ] [ Data Page 3 ] [ Data Page 4 ] [ Data Page 5 ]

Sampled Internet Traffic Rate (daily)

We receive sampled and generalized information about Internet traffic flow rates from many partners, and this chart reflects those rates over the past 30 days, aggregated daily. This is by no means the "full speed" of the Internet, but a way of seeing trends and patterns within the overall mix of traffic.

View all available monitoring graphs

IP Protocol Trends

Our global view of Internet traffic provides many useful insights, one of which is the relative prevalance of various IP protocols. This chart shows the most commonly seen IP protocols, and their relative popularity in sampled network traffic over the past 30 days. Note that the Y axis is scaled logarithmically, so even small differences on the chart reflect significant differences in usage levels.

View all available monitoring graphs

Top 10 TCP Ports (logarithmic scale)

This chart shows the top 10 TCP ports seen in sampled global Internet traffic in our most recent hourly data sample. This chart is on a logarithmic scale, so the difference between the top port (usually TCP/80) and the bottom port may be more significant than it appears to the naked eye.

View all available monitoring graphs

Daily DDoS Attacks

Our malicious activity monitoring includes insight into distributed denial of service (DDoS) attacks launched by various botnets around the globe. This chart indicates the number of attacks seen each day across a subset of our monitoring infrastructure, giving some insight into trends and patterns in miscreant activity.

View all available monitoring graphs

Internet Malicious Activity Maps

Internet Malicious Activity Hilbert Map The map to the left shows network locations of malicious activity on the Internet within the past 30 days, plotted using a Hilbert curve. Check out our Internet Malicious Activity Maps page for full details and a larger view of this and other maps.

Recent Releases

Our contribution to Operation Ghost Click

[17 NOV 2011] On 09 November 2011, US law enforcement released details of a major series of arrests as part of Operation Ghost Click. Team Cymru is proud to have been able to add details of victim computers that were part of this criminal infrastructure into one of our daily feeds of data that is provided at no cost to providers around the world. These lists of affected IP addresses enable network managers to identify and remediate computers infected by malware that are taking part in criminal activities.

This has a direct impact on people: it disrupts criminals and improves the lives of legitimate Internet users everywhere; we're honored to have been able to contribute to this effort. Our great thanks to all who contributed to this team effort.

Details of the case and our commentary can be found in this darkreading.com article. Images of the data we provided to our partners can be found via Twitter here and here.

Unexpected and unsubstantiated blog post

[25 OCT 2011] A recent blog post appeared to draw the unsubstantiated conclusion that more than 760 organizations were compromised with some of the same resources used to hit RSA earlier this year. Team Cymru was one of the organizations named in the posting.

We have no evidence of compromise related to incidents at RSA or anywhere else. The source of the report, and those who revealed and posted it, didn't take the time to contact us, or to share incident details with us. Thus we are unable to investigate further. We hope that those who gathered this data will responsibly disclose it to the potential victims.

Please note that without more details on the methodology used to determine the list of organizations, and a scientific review of the same, it's not safe to assume that an entry on the list means either "victim" or "false positive". We've seen no data or methodology description that would support either case.

New Underground Insight: A Criminal Perspective on Exploit Packs

[05 MAY 2011] The Team Cymru Business Intelligence Team is pleased to announce the release of their latest paper, entitled "A Criminal Perspective on Exploit Packs". This paper chronicles the genesis and historical eveolution of the Browser Exploit Pack (BEP). We discuss our research into the installation and usage of 40 different packs. Most notably, the paper discusses dishonor among coding thieves and the entrenched practice of "statistics shaving". Finally, we examine the monetization, code protection, and overall effectiveness of the various packs. For full details, check out the whitepaper, and don't forget to look at the rest of our whitepapers as well!

Team Cymru moving to Florida

[04 MAY 2011] Team Cymru today announced that they are relocating their headquarters staff from Chicago, Illinois, to Central Florida over the summer. The majority of our Chicago staff will move and are excited at the prospect of continuing to use our insight to improve lives, but from a significantly warmer location.

We do not forsee any disruption to our community or commercial feeds and services during this transition and we will continue to update our partners with news as appropriate. If you have any questions or concerns in the meantime, please e-mail outreach@cymru.com and we will be happy to discuss them with you!

View older news items in our news archives.

Friends of Team Cymru  
  CSIRT-MU DomainSponsor Dyn, Inc. F-Secure  
  FIRST GoDaddy.com Interoute Communications Oversee.net GOVCERT-LU  
  REN-ISAC Savvis Communications Support Intelligence Tata Communications Verizon Business INTECO CERT  

Team Cymru Community Services