IID (company)

Last updated
IID
Type Private
Industry Internet security
Founded1996
Headquarters Tacoma, Washington United States
Key people
Lars Harvey (CEO), Rod Rasmussen (President and Chief Technology Officer)
Website www.internetidentity.com

IID, previously Internet Identity, was a privately held Internet security company based in Tacoma, Washington, United States. IID was acquired in an all-cash transaction by Infoblox on February 8, 2016. It primarily provides cyberthreat data, a platform to exchange cyberthreat data, and anti-phishing, malware and domain control [1] security services to US federal government agencies, financial service firms, and e-commerce, social networking and Internet Service Provider(ISP) companies. Microsoft uses IID as a data feed for its anti-phishing software [2] [3] as well as a partner in their Domain Defense Program. [4] Other customers include BECU (Boeing Employees’ Credit Union), Monster.com and Yakima Valley Credit Union. [5]

Contents

History

IID was founded in 1996 providing outsourced domain management services. In 1997, the company claims to have discovered and disabled one of the earliest phishing attacks. [6] Since then, IID’s business has revolved around protecting companies against cyber attacks. In 2013, IID accepted its first round of institutional funding for $8 million from Bessemer Venture Partners. [7] IID was acquired in an all-cash transaction by Infoblox on February 8, 2016.

Products and services

ActiveTrust

ActiveTrust is IID’s Threat Intelligence Management System. The company claims it gets threat data from thousands of sources, and determines what data is useful to defend against cyberattacks. ActiveTrust feeds this data into Fortune 500 companies’ and U.S. government agencies’ cybersecurity appliances, leading IID to claim that ActiveTrust is the world’s largest commercial cyberthreat data exchange. [8]

ActiveTrust Data

Provides a list of the latest malicious (or compromised) IP addresses, domains and e-mail accounts, and identifies those "bad players" the organization is connected to through its extended enterprise. ActiveTrust Data was formerly known as "ActiveKnowledge."

Threat Intelligence

IID’s Threat Intelligence team investigates, analyzes and validates threat data to identify patterns and trends, revealing ongoing attacks and future hazards. The TI team takes shared data from ActiveTrust and uses filtering and analysis to add structure and context.

DNS Services

Detects, diagnoses and mitigates DNS (Domain Name System) security and configuration issues for an organization and its Extended Enterprise. This tool reportedly helped IID identify the DNS hijacking of Twitter in December 2009. [9] [10] It also reportedly helped find that half of all Fortune 500 companies were infected with DNSChanger. [11]

Mitigation

Provides anti-phishing and malware security solutions that help organizations ensure that online brands are trusted. Mitigation was formerly known as "ActiveControl" and "Power Shark."

Industry partnerships

IID holds leadership positions in various security industry groups including the Anti-Phishing Working Group (APWG), Internet Corporation for Assigned Names and Numbers (ICANN) and Messaging Anti-Abuse Working Group (MAAWG). [12]

Related Research Articles

<span class="mw-page-title-main">Phishing</span> Attempt to trick a person into revealing information

Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Centre reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

<span class="mw-page-title-main">Naukowa i Akademicka Sieć Komputerowa</span>

Naukowa i Akademicka Sieć Komputerowa or NASK is a Polish research and development organization and data networks operator.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Anti-phishing software consists of computer programs that attempt to identify phishing content contained in websites, e-mail, or other forms used to accessing data and block the content, usually with a warning to the user. It is often integrated with web browsers and email clients as a toolbar that displays the real domain name for the website the viewer is visiting, in an attempt to prevent fraudulent websites from masquerading as other legitimate websites.

Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires unprotected access to target a computer, such as altering a customer's home computer, rather than a corporate business server.

<span class="mw-page-title-main">OpenDNS</span> Domain name system provided by Cisco using closed-source software

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

Website spoofing is the act of creating a website with the intention of misleading readers that the website has been created by a different person or organization. Normally, the spoof website will adopt the design of the target website, and it sometimes has a similar URL. A more sophisticated attack results in an attacker creating a "shadow copy" of the World Wide Web by having all of the victim's traffic go through the attacker's machine, causing the attacker to obtain the victim's sensitive information.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

Trusteer is a Boston-based computer security division of IBM, responsible for a suite of security software. Founded by Mickey Boodaei and Rakesh K. Loonkar, in Israel in 2006, Trusteer was acquired in September 2013 by IBM for $1 billion.

Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.

DNSChanger is a DNS hijacking Trojan. The work of an Estonian company known as Rove Digital, the malware-infected computers by modifying a computer's DNS entries to point toward its own rogue name servers, which then injected its own advertising into Web pages. At its peak, DNSChanger was estimated to have infected over four million computers, bringing in at least US$14 million in profits to its operator from fraudulent advertising revenue.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products, including operating systems Windows 8 and later, the applications Internet Explorer, Microsoft Edge. SmartScreen intelligence is also used in the backend of Microsoft's online services such as the web app Outlook.com and Microsoft Bing search engine.

Markus Jakobsson is a computer security researcher, entrepreneur and writer, whose work is focused on the issue of digital security.

Infoblox, formerly (NYSE:BLOX), is a privately held IT automation and security company based in California's Silicon Valley. The company focuses on managing and identifying devices connected to networks—specifically for the Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), and IP address management. According to Gartner, by 2015 the Infoblox market share was 49.9 percent of the $533 million enterprise DDI market. In June 2016, IDC, a market intelligence firm, named Infoblox as the dominant player in DNS, DHCP and IP address management. No other competitor had a market share greater than 15 percent.

Cyren Inc. was a cloud-based, Internet security technology company providing security as a service and threat intelligence services to businesses until it announced its collapse in February 2023. Cyren provided eb security, DNS security, cloud sandboxing, inbound/outbound anti-spam services, real-time phishing detection and blocking, ransomware protection, URL filtering, IP reputation for email, malware attack detection, anti-malware and IP intelligence, botnet attack prevention, and cloud threat lookup. Cyren also provided endpoint protection, including anti-malware for mobile devices, URL filtering for mobile devices, and inbound/outbound Internet of Things (IoT) gateway protection. Major corporate clients using Cyren's services include Microsoft, Google, Check Point, Dell, T-Mobile, and Intel.

Numbered Panda is a cyber espionage group believed to be linked with the Chinese military. The group typically targets organizations in East Asia. These organizations include, but are not limited to, media outlets, high-tech companies, and governments. Numbered Panda is believed to have been operating since 2009. However, the group is also credited with a 2012 data breach at the New York Times. One of the group's typical techniques is to send PDF files loaded with malware via spear phishing campaigns. The decoy documents are typically written in traditional Chinese, which is widely used in Taiwan, and the targets are largely associated with Taiwanese interests. Numbered Panda appears to be actively seeking out cybersecurity research relating to the malware they use. After an Arbor Networks report on the group, FireEye noticed a change in the group's techniques to avoid future detection.

Trojan.Win32.DNSChanger is a backdoor trojan that redirects users to various malicious websites through the means of altering the DNS settings of a victim's computer. The malware strain was first discovered by Microsoft Malware Protection Center on December 7, 2006 and later detected by McAfee Labs on April 19, 2009.

References

  1. "Napster.com WHOIS, DNS, & Domain Info - DomainTools". Whois.domaintolls.com. Retrieved 4 January 2015.
  2. "Microsoft Enhances Phishing Protection for Windows, MSN and Microsoft Windows Live Customers". Microsoft News Center. November 17, 2005. Retrieved December 21, 2010.
  3. Chris Preimesberger (November 11, 2005). "Microsoft Expands Its Anti-Phishing Database". eWeek. Retrieved December 21, 2010.
  4. "Microsoft Launches Enforcement Campaign Targeting Web Site "Cybersquatters" Who Use Online Ads". Microsoft News Center. August 22, 2006. Retrieved December 21, 2010.
  5. Credit Union Times (October 6, 2010). "New Fraud Alert Network". Credit Union Times. Retrieved December 21, 2010.
  6. "APWG: ELENS". Archived from the original on 18 July 2012.
  7. Eric Blattberg (November 5, 2013). "IID accepts $8M, its first VC funding after 17 years, for security social network". VentureBeat. Retrieved March 19, 2015.
  8. William Jackson (February 11, 2014). "Social platform for sharing cyberthreat intell goes live". Government Computer News. Retrieved March 19, 2015.
  9. Jenna Wortham and Nick Bilton (December 18, 2009). "Web Attack on Twitter Is Third Assault This Year". New York Times. Retrieved December 21, 2010.
  10. Kelly Jackson Higgins (December 18, 2009). "Twitter Hit By DNS Hijacking Attack". Dark Reading. Retrieved December 21, 2010.
  11. Brian Krebs (February 2, 2012). "Half of Fortune 500s, US Govt. Still Infected with DNSChanger Trojan". Krebs On Security. Retrieved March 19, 2015.
  12. "Rod Rasmussen". Icannwiki.org. Retrieved 4 January 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.