View Post

Getting critical: cyber-attacks against infrastructure cause international concern

In Blog post by Clavister Blog Staff0 Comments

Espionage, network outages, data held to ransom; the consequences of cyber-attacks have long given cause for concern. But when threat actors have the backing of nation states and critical infrastructure is the target, it’s clear there’s even more at stake. Over the last few years, a growing number of cyberassaults have been launched at critical infrastructure. The essential systems that we rely on in our everyday lives are vulnerable, and future attacks could bring entire countries to their knees. If electricity was cut off for just 48 hours, businesses would cease to function, risking serious economic damage if banking and trading systems fail. Hospital patients and vulnerable people would be …

View Post

Memcrashed? Meeting the growing DDoS threat

In Blog post by Clavister Blog Staff0 Comments

In late February, code hosting platform GitHub fell victim to the largest DDoS attack yet recorded.  The platform, used by upwards of 4.5million developers every day, was hit by a staggering 1.35 terabits of traffic per second, which took it offline temporarily. Botnets tend to be involved in such large-scale attacks. Indeed, when Dyn DNS fell victim to the second-largest DDoS attack on record in October 2016, tens of millions of IP addresses associated with the Mirai botnet were part of the attack. But this latest attack on GitHub did not involve botnets:  the perpetrators used a new technique to launch the mega-scale attack.  They targeted servers running Memcached, which …

View Post

Cloudy with a Chance of Outage

In Blog post by Clavister Blog Staff0 Comments

Businesses are generating and storing more data than ever before. Recent figures estimate that the US alone generates an average of 2,657,700 gigabytes of Internet data every minute–and much of that business-critical data is being processed and stored in leading cloud-based services such as Microsoft Azure, Amazon Web Services (AWS) and Google Cloud.  But what would the impact be on your business if a cloud service that you rely on should fail? What’s the damage? According to a new report by insurance market Lloyds of London, if a top cloud provider suffered an extreme cyber-incident that took them offline for three to six days, businesses in the US could lose …

View Post

Dig this: why cryptomining could be the new ransomware

In Blog post by Clavister Blog Staff0 Comments

If 2017 was the year of ransomware, is 2018 set to be the year of cryptomining malware? While ransomware attacks increased at up to 10 times the rate seen in 2016 over the past 12 months, the second half of 2017 also saw a massive increase in the use of cryptomining malware. Unlike fast, disruptive ransomware attacks which aim to pressure victims into doing a deal with cybercriminals, cryptominers are intended to operate under the radar and remain undetected for as long as possible, to hijack unsuspecting users’ systems and crunch the necessary numbers and generate cryptocurrency. The advantages to criminals of this stealthy approach were highlighted in a recent …

View Post

Move Over GDPR, NIS is the Gorilla in the Room

In Blog post by Sam Coleman0 Comments

The new acronym has a far greater impact for cybersecurity than the privacy focussed GDPR act. The legislative armageddon known as the General Data Protection Regulation or GDPR is fast approaching this May with the financial consequences for non-compliance (up to 4 percent of worldwide total) causing a fair amount of justified alarm. But however important that new legislation is, another critical and impactful legislation that some say will have even greater impact is on the horizon, especially in the realm of cybersecurity. That law is The Network and Information Security (NIS) Directive which has as its focus securing critical infrastructure and creating a regulatory climate that creates urgency for cybersecurity defences. …

View Post

Putting its money where its mouth is: Verizon goes all in with a USD 10 bln cost cutting commitment using virtualisation

In Blog post by Sam Coleman0 Comments

As everyone in both the telecom and security industries know, virtualisation is a Holy Grail for both performance and cost savings. Verizon bets on the latter to give it a multi-billion payback. John Stratton, EVP & president of global operations for Verizon, knew that the room was filled with anxious investors, wanting to know how the telecom was planning to stay competitive in one of the most contested spaces in business. The telecom business, squeezed by price competition, pushed to deliver its services faster and with better QoS, is looking for the data revolution of 5G to buoy its market, all the while demanding bold moves and initiatives to deliver …

View Post

The non-nuclear North Korea could be as deadly as the nuclear one

In Blog post by Sam Coleman0 Comments

With mounting evidence pointing to the hermit kingdom as a nation state cybercriminal, experts wonder which battlements Kim Jong Un is wiling to use: cyber weapons or nuclear ones? Some say the tipping of the North Korean cyber army’s hand was a slight that the temperamental Dear Leader 2.0 could not let stand. In 2016, irreverent and sacred cow slayer Seth Rogan and wingman James Franco produced the filmic stocking stuffer The Interview, a spoofing comedy where Kim Jong Un is seen as a needy, petulant dictator who’s head is ceremoniously and to comic effect blown off. Had it not been for North Korea’s covert cyber reaction, the film would have …

View Post

Of Artificial Intelligence and Machine Learning: how cybersecurity needs to know the value of each to get the best of both

In Blog post by Sam Coleman0 Comments

Recent discussions within the security community point to a need to understand this two fields to apply them affectively. The increasing drumbeat of machine learning (ML) and Artificial Intelligence (AI) as it affects cybersecurity is growing, a fact that was easily seen at the recent Black Hat 2017 gathering. Of the vendors and solutions present, on the lips of many of the presenters in a myriad of sessions, AI and ML were liberally thrown about and bandied as the future of cybersecurity. And while there’s no doubt that the two technologies will be more pervasive and disruptive to the security field, it’s also true that they’re greatly understood, even in …

View Post

Summer is here and the kids are… cybersecuring?

In Blog post by Sam Coleman0 Comments

As a growing cybersecurity talent gap emerges, governments and industry recruit tomorrow’s cyber defenders at an ever younger age. Elizabeth Lewelling is—at first glance—your typical all American kid. She’s gregarious and confident, a seasoned pro as a Girl Scout, not afraid to knock on doors to sell thin mints nor be in the wilderness to get her survival badge. But these months, she’ll be participating in an all together different activity than what most people expect Girl Scouts or any young person to be doing during the hot lemonade days of summer. She—along with 1.8 million Girl Scouts—will be shooting for the latest badge offered by the Scouts: one in …

View Post

A breach of (public) trust?

In Blog post by Sam Coleman0 Comments

Two massive political fallouts—one European, one Asian—show that the tolerance for data mishandling is zero. And when GDPR arrives, the repercussions will be financial as well. This week, the Swedish government barely managed to survive one its most serious challenges. A vote of no confidence was mounted against three ministers by the opposition that—in normal situations—would’ve triggered snap elections and the government stepping down. But instead the Social Democratic government punted and did a cabinet reshuffle with two ministers exiting their jobs and the defence minister in peril. What was the trigger? Data sloppiness. The Swedish Transport Agency had given a contract to IBM to handle its data needs into …