Contrary to some initial alarmist screamers, yesterday's Internet outages (or more properly outages experienced by a large number of sites and apps) weren't caused by an attack, but rather by problems in Amazon's S3 cloud storage service. Ars Technica calls the incident "sputtering." It originated with errors in Amazon servers in the US state of Virginia. Outages were widespread, but were particularly severe on the North American East Coast. The incident is a reminder of how much infrastructure is in the hands of the private sector, especially in the US. Wired sees the outages as evidence that industry consolidation can compromise resilience. Services appear to have returned to normal last night.
IBM's X-Force looks at the venerable Dridex banking Trojan and notices that it's been updated to incorporate a more evasive injection technique, "AtomBombing." The new edition of Dridex (version 4) is active in the wild against banks in the UK and is expected to spread rapidly.BitSight's Anubis Labs warns that the Necurs spam botnet has been upgraded with a distributed denial-of-service capability that could outstrip the capacity Mirai demonstrated.
In industry news, Palo Alto Networks has announced its acquisition of behavioral analytics shop LightCyber.
Companies that collect data internationally (essentially any businesses working online) have yet to come to grips with GDPR compliance. The European Union's data protection regime will take full effect on May 25th, 2018, a date that will arrive with indecent haste.
The US Congress is thinking about how cyber attacks might constitute acts of war.