Attacks/Breaches

11/20/2015
01:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Georgia Tech Joins M3AAWG to Fight Cybercrime

San Francisco, November 17, 2015 – Looking to share its advanced research on bot behavior, emerging infections and mitigation processes with the security community, Georgia Institute of Technology is the first academic institution to join the Messaging, Malware and Mobile Anti-Abuse Working Group.  The university sees the closed, vetted structure within M3AAWG as a rare opportunity to disseminate its findings on the latest threats directly to network operators and public policy advisors while also obtaining feedback from these industry professionals, according to Dr. Manos Antonakakis, computer systems and software assistant professor at Georgia Tech, School of Electrical and Computer Engineering, and M3AAWG Academic Committee co-chair.

"M3AAWG bridges the gap between academia and industry.  As researchers, we often identify new strategies to understand and disable complex illicit infrastructures, such as botnets and malware, and objectively measure other aspects of Internet abuse, for example, spam and ad fraud.  We want to share this information with the security community as quickly as possible and M3AAWG is an active channel for disseminating this data.  On the other hand, in order to commercialize this work, we need input from security professionals who are dealing with these challenges every day.  M3AAWG closes this loophole by providing the operational feedback that helps us turn our research into products industry can use to solve specific threats," Antonakakis said.

M3AAWG is recruiting university cybersecurity research programs to join its anti-abuse work so it can provide its members access to the experimental processes and academic studies that help improve end-user security.  The in-depth research at these institutions is especially important in a world where criminals can change a bot's coding to avoid detection in just minutes and new threats are always emerging.  In addition, universities also can participate in other projects.  For example, Dr. Mustaque Ahamad, professor at Georgia Tech’s School of Computer Science, is co-chair of the M3AAWG Voice and Telephony Abuse Special Interest Group, according to Michael Adkins, M3AAWG chairman.

Adkins said, "Georgia Tech has developed one of the leading computer science programs in the world and has a strong understanding of anti-abuse issues.  They have presented groundbreaking research at our meetings in the past, including early research on the effectiveness of bot mitigation notifications with its study of the DNS Charger program in 2013, data on new malware infections and updates on known threats.  We look forward to strengthening our relationship with their researchers, bringing the latest threat findings to our members, and providing input on new research and processes."

The recently established Institute for Information Security and Privacy (IISP) at Georgia Tech will significantly grow these research programs and related curricula to make fundamental advances in cybersecurity. U.S. News and World Report ranked its computer engineering program among the top ten in the nation.  

About Georgia Tech

The Georgia Institute of Technology (http://www.gatech.edu/), also known as Georgia Tech, is one of the nation’s leading research universities, providing a focused, technologically based education to more than 25,000 undergraduate and graduate students. Georgia Tech has many nationally recognized programs, all top-ranked by peers and publications alike, and is ranked in the nation’s top 10 public universities by U.S. News and World Report. It offers degrees through the Colleges of Architecture, Computing, Engineering, Sciences, the Scheller College of Business, and the Ivan Allen College of Liberal Arts. As a leading technological university, Georgia Tech has more than 100 centers focused on interdisciplinary research that consistently contribute vital research and innovation to American government, industry and business.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.M3AAWG.org) represents more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), [email protected], Astra Communications

M3AAWG Board of Directors: AT&T (NYSE: T); CenturyLink (NYSE: CTL); Cloudmark, Inc.; Comcast (NASDAQ: CMCSA); Constant Contact (NASDAQ: CTCT); Cox Communications; Damballa, Inc.; Facebook; Google; LinkedIn; Mailchimp; Orange (NYSE: ORAN) and (Euronext: ORA); Return Path; Time Warner Cable; Verizon Communications; and Yahoo! Inc.

M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; dotmailer; Dyn; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ, NASDAQ: IIJI); Listrak; Litmus; McAfee Inc.; Microsoft Corp.; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Rackspace; Spamhaus; Sprint; Symantec and Twitter.

A complete member list is available at http://www.M3AAWG.org/about/roster

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20165
PUBLISHED: 2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVE-2019-1716
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...
CVE-2019-1763
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...
CVE-2019-1764
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the ...
CVE-2019-1765
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permis...