View Post

Security lessons from the Deutsche Telekom cyberattack

In Blog post by Clavister Blog StaffLeave a Comment

Hundreds of thousands of Deutsche Telekom customers in Germany found themselves unable to access the internet recently, thanks to a massive cyberattack that attempted to infect around a million routers. The attackers were using Mirai malware, which attempts to hijack vulnerabilities in connected devices like routers, harnessing them to join the enormous global Mirai botnet. Then, as part of the botnet, those machines are used to launch attacks on other organizations, whether Distributed Denial of Service (DDoS) attacks to force them offline, flooding them with spam, or attempting to inject additional sophisticated malware and social engineering attacks. The bigger the botnet grows, the more damaging those attacks become. No less …

View Post

Tele2 goes all in on SDN/NFV

In Blog post by Sam ColemanLeave a Comment

A bold transformation is happening in the telco space, a shift that is – in many ways – as substantive as the shift from GPRS to 3G and all that’s subsequently come after. As the telco carriers see the 5G horizon coming at them, a few pioneers are quickly realizing that the future is an SDN/NFV one, that the prize on the horizon is virtual that allows unparalleled performance, Opex and Capex reduction and a fully scalable multi-core environment. The end of Big Iron appliances is here and for these visionary telcos – tired of rip and replace – it’s not soon enough. Tele2, one of the biggest telco operators …

View Post

What will the Trump administration mean for IT security?

In Blog post by Clavister Blog StaffLeave a Comment

We all know that people running for political office will make many promises that they have no intention of ever fulfilling.  But a key battleground of the recent US presidential election was related to cybersecurity:  Hillary Clinton’s emails, the FBI versus Apple, hacking the Democratic National Party and more. So what does the Trump administration mean for enterprise security, and the cybersecurity industry? “So we have to get very, very tough on cyber and cyber warfare,” is the closest we got from Trump during debates.   But given his vocal position on forcing Apple to crack the encrypted iPhone used by the San Bernardino shooter, it’s not unreasonable to expect him …

View Post

The end of ‘Big Iron’ security appliances for communication service providers: new guide

In Blog post by Clavister Blog StaffLeave a Comment

As Communications Service Providers (CSPs) look to take advantage of the elastic scalability that virtualization offers, it’s critical that they build security into these new network environments, to protect their infrastructure and subscriber data against threats. Gartner believes CSPs can anticipate Opex reductions of 60% and Capex reductions of 40%* with the adoption of SDN/NFV infrastructures, as well as introduce valuable new services such as Software-Defined WAN and virtual CPEs. Gartner also claims CSPs looking to deliver new digital services and service enhancements, such as on-demand virtual VPN services for enterprises, will find that SDN and NFV can drive robust revenue from these sources, thanks to vastly improved operational efficiency …

View Post

Lessons from the Liberian DDoS attack

In Blog post by Clavister Blog StaffLeave a Comment

A massive DDoS attack has compelled the Liberian authorities to request assistance from the UK and the US in securing the country’s IT infrastructure.  While the attack did not take down the country’s entire Web access, nor affect the African Coast to Europe (ACE) submarine fibre cable which links Liberia to the wider internet as some initial media reports suggested, it did bring down the country’s Lonestar MTN internet service provider, which is responsible for about 60% of the country’s network.  What’s more, the outage lasted for around two weeks – far too long for individuals and businesses alike. The source of the attack has not been confirmed, but suspicions …

View Post

Was the Tesco Bank heist an inside job?

In Blog post by Clavister Blog StaffLeave a Comment

Millions of pounds have been stolen from the accounts of 9,000 Tesco Bank customers, in what the company’s chief executive has called ‘a systematic, sophisticated attack’.  That’s nearly 7% of the bank’s 136,000 current accounts, with suspicious activity tracked across another 40,000 (30%). And the amounts of money stolen weren’t all small either:  2,400 UKP was the largest amount taken from a single customer. This attack is of course, not the first on a major bank and it is unlikely to be the biggest in terms of losses, either – these are currently estimated at around 2.5million UKP.  What does make the attack unusual is the sheer number of consumer …

View Post

Political hack

In Blog post by Sam ColemanLeave a Comment

The US presidential election tonight isn’t the first time Russians have used cyber mischief to disrupt voting… but it certainly is the most consequential. The small polling stations that were manned by both officials, volunteers and observers were surprisingly efficient; each playing their role in the democratic process of electing legislative members in a representative democracy. Local citizens – eager to cast their votes – had waited hours in the chilly night, determined to use their voice in this historic election, one that had seen an unprecedented tussle for presidential power. One presidential hopeful, a woman with vast political experience yet plagued by scandal, clashed with a billionaire tycoon who …

View Post

Thick Click: Security is the Culprit, Not the Victim

In Blog post by Clavister Blog StaffLeave a Comment

It’s tempting, when an individual in a business clicks on a dubious link, or opens a suspicious looking attachment, to blame them for any ensuing malware infections or data breaches. They should have known better, right? We all know, these days, that infected links and attachments are key attack vectors for cybercriminals – that individual shouldn’t have behaved so carelessly. They are directly responsible for the negative business impact that follows. According to Ira Winkler, president of Secure Mentem and widely considered one of the world’s most influential cybersecurity professionals, this attitude is short-sighted and foolish. “If a single user click can take down your network, then your network sucks,” …

View Post

Cyber threats: going nuclear

In Blog post by Clavister Blog StaffLeave a Comment

In 2016, we have seen damaging cyberattacks against factories, power plants, airlines and other industrial systems. An attack using BlackEnergy malware struck a Ukraine power company, leaving hundreds of thousands of residents in the dark. The SCADA systems of the Bowman Dam in Rye, New York were attacked, as was Warsaw’s Chopin Airport, where Polish planes were grounded for a weekend after a plane was hit by a DDoS attack. Cybercriminals are clearly becoming ever savvier when it comes to attacking critical infrastructure – a set of organizations that includes metropolitan traffic control systems, factories and manufacturing plants, power generation facilities and water treatment systems. All have a critical role …

View Post

The Dyn DDoS attack is just the latest IoT propelled attack… and it won’t be the last

In Blog post by Sam ColemanLeave a Comment

With the recent ramp up of DDoS attacks, the Mirai source code release, criminality and unsecured nature of IoT become painfully – and dangerously – clear. In some ways, it was a story that we’re slowly, painfully getting used to. On Friday, a massive denial of service attack (DDoS) was launched against one of the biggest DNS providers in the US named Dyn. The New Hampshire based provider, a New Hampshire-based Internet company that provides the “phone book” service to the most-trafficked sites on the Internet – brands such as Netflix, Twitter, Spotify and others – suffered wave after wave of attacks, consumers denied services they enjoy and rely on. …