A couple of years ago Netflix introduced a concept they called a “Simian Army“. The idea was to have a bunch of automated processes that checked their cloud’s resilience to various failure scenarios. A prime example was a “Chaos Monkey” which randomly shuts down servers in their infrastructure to test the application’s ability to withstand server failures. When you know that a Chaos Monkey is running free in your infrastructure and your service stays up you know that you are can handle server failure effectively. We think that a similar approach applies to securing cloud infrastructure. Read more
In a recent piece in Forbes following the Anthem data-security breach, legendary venture capitalist Vinod Khosla wrote “There’s a universal truth regarding every cyber-attack: attack behavior never appears normal”.
While Mr. Khosla is a maverick in many fields I believe this time he got it wrong. Please allow me to explain.
Let’s consider a different example, the recent Carbanak cyber crime campaign, through which over 100 global banks were robbed of an estimated one billion dollars. The technology aspect of the attacks got the most media attention. However, in reality the technology was not nearly as advanced as state-of-the-art technology used by some intelligence agencies around the world (e.g. Stuxnet, Flame or the Equation Group). Read more
On February 16th, 2015, Kaspersky lab published a report titled “Carbanak APT – The Great Bank Robbery”, telling the story of a cyber attack campaign on numerous banks and financial institutions, spanning from late 2013, and resulting in an estimated cumulative losses of $1B. The attack has been dubbed by Media outlets such as CNN “the Ocean’s eleven of cyber strikes”. Read more