View Post

Protecting against the insider threat

In Blog post by Clavister Blog Staff

In the cybersecurity sector, we’re usually focused on keeping the bad guys out of our networks. But what if there’s a bad guy on the inside? Such insider threats can put companies at an even bigger risk than an external attacker. Depending on the nature of the organisation, the threat can span beyond data breaches or leaking business secrets, to compromising critical infrastructure and even national security. Yet identifying and defending against insider threats is often not given the attention it warrants. This is something that Israeli cyber espionage firm NSO Group is learning, as an ex-employee is reportedly being indicted for allegedly attempting to sell company secrets and software …

View Post

Will the U.S. Government force backdoors into software updates?

In Blog post by Clavister Blog Staff

The American Civil Liberties Union (ACLU) is warning that software companies may be forced by the US Government to embed tracking and surveillance capabilities, and even malware, into otherwise legitimate software updates, which may damage trust in software updates altogether. In its report on the issue, the ACLU has highlighted that the US government may force companies to embed snooping code into software updates that can bypass passcode lockouts, enable wiretapping, switch on functions such as microphones and cameras, or physically track people. The report comes after numerous attempts by the FBI and other government agencies to encourage companies to give the government a “backdoor” – or privileged access a …

View Post

VPNFilter botnet gets bigger and more dangerous – so what should you do?

In Blog post by Clavister Blog Staff

Originally discovered infecting hundreds of thousands of Internet routers in 2016, the VPNFilter Malware has been found to be even more prolific and dangerous than originally thought. The malware has been broadly distributed by botnets, and has had a resurgence over the last few weeks that has even made the FBI concerned about its scale and growth. VPNFilter was thought to be the work of a Kremlin-sponsored hacking group, and a recent report by researchers at Cisco stated it could have infected at least 500,000 routers, and possibly even more.  What’s more, the malware has recently discovered capabilities that could be particularly dangerous. What do we know? Initially, it was …

View Post

Rotten to the core? New Meltdown & Spectre vulnerabilities emerge

In Blog post by Clavister Blog Staff

There is a common cycle when new vulnerabilities are announced.  The security conscious among us find out what software is affected, what the vulnerability enables cyber criminals to do, and we’re warned to apply patches to the software and keep up good security practices. But two recently-disclosed vulnerabilities have served as a warning that even the fundamentals of our connected world are vulnerable – down to the physical hardware. On May 21st, two new variations of the Spectre and Meltdown vulnerabilities were disclosed. Although there have so far been no reports of the vulnerabilities being exploited, they could enable attackers to gather sensitive data from multiple types of computing devices. …

View Post

WannaCry – what a difference a year makes. Or does it?

In Blog post by Clavister Blog Staff

If you’re an IT or cybersecurity professional, you’ll probably remember exactly what you were doing on the afternoon of Friday May 12, 2017.  That was the day the WannaCry ransomware attack started.  The infection spread with incredible speed worldwide, infecting over 200,000 PCs and servers across 150 countries in just 72 hours, scrambling business data and causing widespread, indiscriminate disruption. Some of the high-profile businesses impacted were the telco Telefónica, FedEx, Deutsche Bahn, Renault, Nissan and the UK’s National Health Service.  The attack has been estimated to have caused financial damages and losses of anything up to four billion dollars. WannaCry was able to spread so fast because it exploited …

View Post

Can we afford to have cities held to ransom?

In Blog post by Clavister Blog Staff

Earlier this month, the City of Atlanta was successfully targeted by ransomware attacks that brought down the systems of at least five local government departments. In the words of Atlanta’s Mayor Keisha Lance Bottoms, “We are dealing with a hostage situation.” Attackers infiltrated the court system, the police department, payment portals for water bills and communication systems for critical infrastructure. Each of these areas was brought down by a single form of ransomware—a simple but effective strain called SamSam, which was first identified in 2016. Those behind SamSam are known for their highly organised methods and targeted attacks. Since the strain was first identified, hackers have used it to make …

View Post

Back to basics: why cybersecurity fundamentals are still critical

In Blog post by Clavister Blog Staff

“The more things change, the more things stay the same.” This was the observation made by Dave Hogue, technical director of the NSA’s Cybersecurity Threat Operations Center when he addressed the Cyber UK 2018 Conference this month. During the talk, Hogue discussed how, while businesses rely on increasingly sophisticated software and services to transform their business and get the job done, they still fail to get basic cyber-defense strategies right. He pointed out that threat actors are still exploiting the same old bad security habits. The situation is getting worse as organisations continue to overlook the security basics, continue to use old solutions that are no longer supported, and fail …

View Post

Getting critical: cyber-attacks against infrastructure cause international concern

In Blog post by Clavister Blog Staff

Espionage, network outages, data held to ransom; the consequences of cyber-attacks have long given cause for concern. But when threat actors have the backing of nation states and critical infrastructure is the target, it’s clear there’s even more at stake. Over the last few years, a growing number of cyberassaults have been launched at critical infrastructure. The essential systems that we rely on in our everyday lives are vulnerable, and future attacks could bring entire countries to their knees. If electricity was cut off for just 48 hours, businesses would cease to function, risking serious economic damage if banking and trading systems fail. Hospital patients and vulnerable people would be …

View Post

Memcrashed? Meeting the growing DDoS threat

In Blog post by Clavister Blog Staff

In late February, code hosting platform GitHub fell victim to the largest DDoS attack yet recorded.  The platform, used by upwards of 4.5million developers every day, was hit by a staggering 1.35 terabits of traffic per second, which took it offline temporarily. Botnets tend to be involved in such large-scale attacks. Indeed, when Dyn DNS fell victim to the second-largest DDoS attack on record in October 2016, tens of millions of IP addresses associated with the Mirai botnet were part of the attack. But this latest attack on GitHub did not involve botnets:  the perpetrators used a new technique to launch the mega-scale attack.  They targeted servers running Memcached, which …

View Post

Cloudy with a Chance of Outage

In Blog post by Clavister Blog Staff

Businesses are generating and storing more data than ever before. Recent figures estimate that the US alone generates an average of 2,657,700 gigabytes of Internet data every minute–and much of that business-critical data is being processed and stored in leading cloud-based services such as Microsoft Azure, Amazon Web Services (AWS) and Google Cloud.  But what would the impact be on your business if a cloud service that you rely on should fail? What’s the damage? According to a new report by insurance market Lloyds of London, if a top cloud provider suffered an extreme cyber-incident that took them offline for three to six days, businesses in the US could lose …