View Post

Political hack

In Blog post by Sam Coleman0 Comments

The US presidential election tonight isn’t the first time Russians have used cyber mischief to disrupt voting… but it certainly is the most consequential. The small polling stations that were manned by both officials, volunteers and observers were surprisingly efficient; each playing their role in the democratic process of electing legislative members in a representative democracy. Local citizens – eager to cast their votes – had waited hours in the chilly night, determined to use their voice in this historic election, one that had seen an unprecedented tussle for presidential power. One presidential hopeful, a woman with vast political experience yet plagued by scandal, clashed with a billionaire tycoon who …

View Post

Thick Click: Security is the Culprit, Not the Victim

In Blog post by Clavister Blog Staff0 Comments

It’s tempting, when an individual in a business clicks on a dubious link, or opens a suspicious looking attachment, to blame them for any ensuing malware infections or data breaches. They should have known better, right? We all know, these days, that infected links and attachments are key attack vectors for cybercriminals – that individual shouldn’t have behaved so carelessly. They are directly responsible for the negative business impact that follows. According to Ira Winkler, president of Secure Mentem and widely considered one of the world’s most influential cybersecurity professionals, this attitude is short-sighted and foolish. “If a single user click can take down your network, then your network sucks,” …

View Post

Cyber threats: going nuclear

In Blog post by Clavister Blog Staff0 Comments

In 2016, we have seen damaging cyberattacks against factories, power plants, airlines and other industrial systems. An attack using BlackEnergy malware struck a Ukraine power company, leaving hundreds of thousands of residents in the dark. The SCADA systems of the Bowman Dam in Rye, New York were attacked, as was Warsaw’s Chopin Airport, where Polish planes were grounded for a weekend after a plane was hit by a DDoS attack. Cybercriminals are clearly becoming ever savvier when it comes to attacking critical infrastructure – a set of organizations that includes metropolitan traffic control systems, factories and manufacturing plants, power generation facilities and water treatment systems. All have a critical role …

View Post

The Dyn DDoS attack is just the latest IoT propelled attack… and it won’t be the last

In Blog post by Sam Coleman0 Comments

With the recent ramp up of DDoS attacks, the Mirai source code release, criminality and unsecured nature of IoT become painfully – and dangerously – clear. In some ways, it was a story that we’re slowly, painfully getting used to. On Friday, a massive denial of service attack (DDoS) was launched against one of the biggest DNS providers in the US named Dyn. The New Hampshire based provider, a New Hampshire-based Internet company that provides the “phone book” service to the most-trafficked sites on the Internet – brands such as Netflix, Twitter, Spotify and others – suffered wave after wave of attacks, consumers denied services they enjoy and rely on. …

View Post

Clavister showcases solutions at IT-SA, Nuremberg

In Blog post by Clavister Blog Staff0 Comments

This week, Clavister is demonstrating its advanced security solutions, including its Multi Factor Authentication suite at IT-SA 2016.  The three day event in Nuremberg is one of Germany’s biggest IT Security events and Clavister is exhibiting in hall 12, booth 226 with our distribution partner sysob. Clavister MFA is designed to match all the key business requirements for strong authentication without adding administrative complexity. It combines: Server:  the Clavister MFA Server keeps unauthorized individuals out of the corporate network. Authenticator: The Clavister Authenticator is a mobile app that works on Apple and Android phones. Once the employee starts the app, it generates a new One Time Password (OTP) every 30 …

View Post

Fighting security fatigue

In Blog post by Clavister Blog Staff0 Comments

Have you heard about the latest cybersecurity threat?  If your heart sank a little when you read that sentence, then you’ve probably already been infected by it:  it’s called security fatigue. Long gone are the days when cybersecurity was a term understand only by IT security professionals, discussed only in niche publications. Now, it regularly appears in mainstream news articles, warning consumers about the dangers in their phone operating system, the data breaches affecting their social media accounts and the enormous sums of money stolen by audacious cybercriminals. This is, in many ways, a positive shift. It means that CEOs and other business decision-makers are far more likely to understand …

View Post

A SWIFT lesson in cybersecurity

In Blog post by Clavister Blog Staff0 Comments

As if a USD81 million heist from Bangladesh Bank earlier this year wasn’t enough, it has been revealed that criminals have launched several further attacks on the SWIFT global financial messaging system – some of them successful. According to a letter that SWIFT sent to its clients and member organizations, all of the victims shared weaknesses in their local network security that criminals were able to exploit. While SWIFT did not elaborate on what these weaknesses actually were, we do know that the original attack exploited flaws in Bangladesh Bank’s infrastructure, such as deploying second-hand routers and then leaving them with default passwords, and in some sites, not having any …

View Post

Compromised credentials: a problem for every business

In Blog post by Clavister Blog Staff0 Comments

A huge 97% of large organizations have suffered a leak of crucial corporate login credentials, according to recent research. 97 %! Across the world’s largest 1,000 organizations, there were 5 million leaked credentials – an average of 706 per organization. How were these credentials leaked? The majority were stolen via LinkedIn and Adobe – two services that people are likely to sign up to using their work email addresses and related passwords. This underlines how sophisticated cybercriminals may target third parties in an attempt to secure a route into large enterprises. As a result, if one of your staff members uses their work login details to register for a third party …

View Post

Using Government firewalls? They won’t snoop on you. Honest.

In Blog post by Clavister Blog Staff0 Comments

The UK’s Government Communications Headquarters (GCHQ) – that is, its national surveillance agency – has recently announced plans to create what is described as a national British firewall. This would initially protect ‘government sites and industries regarded as critical to national security’, but could potentially be expanded out to protect large private sector companies of all kinds. This sounds great in theory – a unified national layer of cyber protection, delivered by a highly specialized security agency – but in practice it also carries risk. GCHQ is already known to intercept companies’ private data, when national security aims have justified such actions. In coming under the protection of a managed …

View Post

Ransomware-as-a-Service (RaaS) – Paving the way for Cyber-Crime as a part-time job?

In Blog post by Sam Coleman0 Comments

By Andreas Åsander Most of us — especially we who are in the cybersecurity industry, have noticed that cyber-crime is on the steep rise. Malware is no longer about fame and glory: these days it’s all about making quick (and dirty) money. In fact, it’s such big business that Europol claims that cybercrime is an industry that generates a whopping EURO 290 billion loss/turnover each year, making it bigger than the global trade of marijuana, cocaine and heroin combined. With a clear trend of cyber-crime expanding from relatively contained cells of organized criminals towards the bigger mass, there is good reason to believe that we will be seeing more ransomwares, …