In part 1, we discussed the various definitions of cloud and looked at cloud incidents related to data breaches, such as outages. In this part, we’re taking a close look at major cloud data breach incidents over the past few years. Are the majority of these breaches associated with sophisticated advanced attackers or malicious insiders?…
Read MoreYears ago, I worked on a consulting project for a large financial services company, which had recently invested $20 million into their core offering, a managed services platform for financials that was used by hundreds of customers. We did a Failure Mode Effect Analysis for them, looking at every component making up the major service—every…
Read MoreWeb Application Security Our biggest research story of the year was our 2019 Application Protection Series, which focused on looking at an entire year of application-related breaches as well as a year of global web attack traffic. In that story, we noted how PHP vulnerabilities comprise 81% of the attack traffic, much of it…
Read MoreGood or bad, the cloud adoption represents a new pathway for anyone to become a software startup without having to hire operations or infrastructure personnel. Although they can quickly get a minimally viable application up and running, that application may lack both robustness and security measures of more traditional, well-engineered systems. I’m pretty sure that…
Read MoreEMEA’s mainstream media’s spotlight on ransomware attacks may have dimmed over the last 18 months but that doesn’t mean the threat has disappeared. There is certainly no room for complacency, and we would do well to pay attention to recent events across the pond. Far from diminishing in disruptive impact, ransomware attacks appear to have…
Read MoreFrom tech giants and gamers to politicians and retailers, nobody is safe from today’s mutating threat landscape. 2019 was another frenzied maelstrom of cyberattacks, mitigations, pre-emptions and preventions, with the old (phishing and DDoS et al) rubbing havoc-wreaking shoulders with the new (new vistas in cyberwars, automation and AI). As ever, continuous pressure also begets…
Read MoreBlack Friday, Cyber Monday and the seasonal ecommerce feeding frenzy are always big news. Hyperactive online activity and potentially compromised purchasing, promotion and sales behaviours are like a red rag to a bull for enterprising cybercriminals. From denial of service (DoS) attacks shutting down retailers in their revenue-generating prime to ransomware campaigns extorting your hard-earned…
Read MoreSecurity researchers at F5 Networks constantly monitor web traffic at various locations all over the world. This allows us to detect “in the wild” malware, and to get an insight into the current threat landscape. In December 2019, security researchers detected a 100% increase in new threat campaigns as compared to November 2019. This was…
Read MoreMy Apple News app recently served up some targeted marketing that really hit home. There before me was the opportunity to purchase a limited-edition 11 Herbs & Spices Firelog from KFC and Envirolog, sold through Walmart. In addition to the advertising and sales mechanisms that brought me to this point, there are also all of…
Read MoreWhat Does a Typical Brute Force Attack Look Like at a Service Provider? Brute force attack methods vary. It’s not uncommon, for example, for mobile phone service providers to encounter unauthorized online account activity in which an attacker accesses accounts by trying a phone number in combination with a PIN code. These types of attacks…
Read More