The UK Government recently launched a Call for Views on its Initial National Cyber Security Skills Strategy. The closing date for stakeholder responses is 1 March 2019, with the final strategy document expected to be published late in 2019. Continue reading
Month: December 2018
Earlier this year, the French Competition Authority (“FCA“) published the results of its 2-year inquiry into the online advertising sector, identifying competition concerns in the sector. The inquiry concluded that two major global players hold “overwhelming” market power and generated almost 90% of the online advertising industry’s growth in 2017.
The head of the FCA, Isabelle de Silva, has now confirmed that the FCA will be launching a probe into the collection of data by companies and whether such data were accessible by others. She declined to name the companies under investigation, although has explained that the focus will be on companies that are defined by their access to and use of data.
Regardless of the subjects of the new investigation, its very existence highlights an increasing trend of regulatory scrutiny with respect to data. In a year that has seen a significant focus on personal data and privacy as a result of the implementation of the GDPR across Europe, this latest investigation shows that it is not just the data privacy regulators who are interested in the impact that data has. Continue reading
The Mirai malware gained its infamy in October 2016 following its record breaking attack on systems operated by domain name system provider Dyn, using unsecured Internet of Things (“IoT“) enabled “smart” devices (such as CCTV recorders, webcams and routers). It resulted in the widely reported outage of Twitter, Netflix, Spotify and Airbnb, amongst others.
Mirai is highly effective as it targets devices which often run unattended, do not have anti-virus installed, and have no external visual indication that they have been compromised. Mirai works by systematically trying the 62 most common default username/password combinations against the Telnet/SSH port of internet connected devices in an attempt to gain administrative access to the device. Whilst simple, the sheer number of vulnerable devices on the internet means that “botmasters” (the creators and controllers of the collections of compromised computers and IoT devices (each a bot and together a botnet)) have been able to create and sustain botnets containing up to 100,000 devices. Botmasters are then able to sell the use of their botnets online to the highest bidder for use in, for example, Distributed Denial of Service attacks against specific targets (e.g. Dyn). Continue reading