Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT Industry. Show all posts
IT Industry
Automakers Automotive Industry Breaches Cyber Attacks Cyber Breaches Cyberattacks IT incident IT Industry

Automakers Face Surge in Cyberattacks as Jaguar Land Rover and Renault Recover from Major Breaches

 

Cybersecurity experts have warned that global automakers are likely to face an increasing wave of cyberattacks, as recent incidents continue to disrupt operations at leading manufacturers. The warning follows a series of high-profile breaches, including a major cyberattack on Jaguar Land Rover (JLR), which remains one of the most significant security incidents to hit the automotive industry in recent years. 

Jaguar Land Rover suffered a severe cyberattack at the end of August, forcing the company to shut down its IT systems and suspend production across multiple facilities. The disruption caused widespread operational chaos, but JLR recently confirmed it has begun a phased restart of production at its Electric Propulsion Manufacturing Centre (EPMC) and Battery Assembly Centre (BAC) in the West Midlands. The automaker plans to expand the restart to other key sites, including Castle Bromwich, Halewood, Solihull, and its manufacturing facility in Nitra, Slovakia. 

JLR CEO Adrian Mardell expressed gratitude to employees for their efforts during the recovery, stating, "We know there is much more to do, but our recovery is firmly underway." However, the company remains cautious as it works to fully restore systems and strengthen security controls. 

French automaker Renault also confirmed that one of its third-party data processing providers had been targeted in a separate cyberattack, compromising customer information such as names, addresses, dates of birth, gender, phone numbers, vehicle registration details, and VIN numbers. While Renault clarified that no financial or password data was accessed, the company has begun notifying affected customers and advising them to be wary of phishing attempts or fraudulent communications.  
Ignas Valancius, head of engineering at cybersecurity firm NordPass, warned that cybercriminals often exploit such incidents to impersonate company representatives, lawyers, or even law enforcement to extract additional personal or financial data. He emphasized the growing sophistication of social engineering attacks, noting that scammers may pose as attorneys offering to help victims claim compensation, only to defraud them further. 

The automotive sector's vulnerability has become increasingly evident in 2025, with luxury manufacturers frequently targeted by ransomware and data theft operations. In addition to JLR and Renault, other global brands have reported breaches. 

Meanwhile, Swedish HR software provider Miljödata suffered a breach that compromised the personal information of Volvo North America employees, and Stellantis confirmed unauthorized access to its customer contact database via a third-party provider. Valancius highlighted that cybercriminals appear to be deliberately targeting luxury brands, seeking to exploit their association with high-net-worth clientele. "It seems that luxury brands have been prime targets for hacker groups in 2025," he said, adding that these incidents could lead to more sophisticated spear-phishing campaigns and targeted extortion attempts. 

As automakers increasingly rely on digital systems, connected vehicles, and cloud-based infrastructure, experts stress that robust cybersecurity measures and third-party risk management are now essential to safeguard both company data and customer privacy. The recent breaches serve as a stark reminder that the automotive industry's digital transformation has also made it a lucrative target for global cybercriminal networks.
Read more »
IT Industry
Cyber Security Cybersecurity Precautions cybersecurity research cybersecurity risks cybersecurity vulnerabilities Global Supply-Chain Attack IT Industry

Global Supply Chains at Risk as Indian Third-Party Suppliers Face Rising Cybersecurity Breaches

 

Global supply chains face growing cybersecurity risks as research highlights vulnerabilities in Indian third-party suppliers. According to a recent report by risk management firm SecurityScorecard, more than half of surveyed suppliers in India experienced breaches last year, raising concerns about cascading effects on international businesses. The study examined security postures across multiple sectors, including manufacturing for aerospace and pharmaceuticals, as well as IT service providers. 

The findings suggest that security weaknesses among Indian suppliers are both more widespread and severe than analysts initially anticipated. These vulnerabilities could create a domino effect, exposing global companies that rely on Indian vendors to significant cyber threats. Despite the generally strong security posture of Indian IT service providers, they recorded the highest number of breaches in the study, underscoring their position as prime targets for attackers. 

SecurityScorecard noted that IT service providers worldwide face heightened cyber risks due to their central role in enabling third-party access, their expansive attack surfaces, and their value as high-profile targets. In India, IT companies were found to be particularly vulnerable to typosquatting domains, compromised credentials, and infected devices. The research further revealed that suppliers of outsourced IT operations and managed services were linked to 62.5% of all documented third-party breaches in the country—the highest proportion the company has ever recorded. 

Given India’s dominant role in the global IT services market, the implications are profound. Multinational corporations across industries rely heavily on Indian IT vendors, making them critical nodes in the international digital economy. “India is a cornerstone of the global digital economy,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard. “Our findings highlight both strong performance and areas where resilience must improve. Supply chain security is now an operational requirement.” 

The report also emphasized the risks of “fourth-party” vulnerabilities, where the suppliers of Indian companies themselves create additional points of weakness. A single ransomware attack or disruptive incident against an Indian vendor, the researchers warned, could halt manufacturing, delay service delivery, or disrupt logistics across multiple countries. 

The risks are not limited to India. A separate SecurityScorecard study revealed that 96% of Europe’s largest financial institutions have been affected by a breach at a third-party supplier, while 97% reported breaches stemming from fourth-party partners, a sharp increase from 84% two years earlier. 

As global supply chains become increasingly interconnected, these findings highlight the urgent need for businesses to strengthen third-party risk management and enforce stricter cybersecurity practices across their vendor ecosystems. Without stronger safeguards, both direct and indirect supplier vulnerabilities could leave multinational enterprises exposed to significant financial and operational disruptions.
Read more »
MSP
CISO best practices Cyber Attacks Cyber-recovery Cybersecurity measures cybersecurity solutions Data Recovery IT Industry MSP

Clarity, Control, And Recovery Define Effective Response To Cyberattacks For IT Teams And MSPs

 

When a cyberattack strikes, the impact is immediate. Systems slow down, files are locked, phones flood with alerts, and the pressure mounts by the second. The speed and precision of the response often determine whether the situation ends in recovery or spirals into disaster. What IT teams and managed service providers need most in these moments are clarity, control, and a dependable recovery path. Without them, even the most experienced professionals risk being overwhelmed as damage escalates. With them, organizations can act decisively, protect clients, and reduce the fallout. 

Clarity is often the first and most urgent requirement. Cyberattacks cause confusion because the nature of the threat is not always obvious at the start. Without a clear understanding of whether it is ransomware, phishing, insider activity, or some other form of compromise, teams are left to guess. Guesswork wastes time and can worsen the situation. Real-time visibility into anomalies such as suspicious login attempts, sudden file encryption, or unusual network traffic provides a unified picture of what is happening. This enables teams to see the blast radius, identify compromised systems, and determine which data remains safe. With clarity, chaos turns into something manageable, allowing quick decisions on isolating, preserving, or shutting down systems. 

Once clarity is achieved, control becomes the next critical step. Attacks often spread through privilege escalation, lateral movement, or data exfiltration. Containment prevents small breaches from becoming catastrophic. Rapidly isolating infected endpoints, revoking exploited credentials, and automatically enforcing protective policies are crucial for slowing or halting an attack. Effective incident response relies not only on tools but also on predefined roles, playbooks, and escalation paths, so teams know exactly what actions to take under pressure. Efficiency also matters: the more capabilities managed through a single interface, the faster the recovery. Integrated solutions such as endpoint detection and response or extended detection and response make it easier to contain incidents before they spread. 

Even after containment, damage may remain. Data can be encrypted, systems may be taken offline, and clients demand immediate answers. At this point, the most valuable resource is a reliable recovery lifeline. Secure backup systems provide assurance that even if primary operations are disrupted, organizations can restore data and systems. Backups that are immutable prevent ransomware from altering recovery points, while granular restore functions allow for quick access to specific files or applications. Disaster recovery solutions can even spin up workloads in secure environments while remediation continues. For IT teams, recovery prevents operations from grinding to a halt, and for MSPs, it preserves customer trust. 

Cyberattacks are not hypothetical but inevitable. The organizations that fare best are those that prepare in advance, investing in monitoring, building strong response playbooks, and deploying robust recovery solutions. Preparation does not eliminate attacks, but it makes the difference between manageable disruption and catastrophe.
Read more »
IT Industry
AI technology AI tools Corporate data Cyber Security cybersecurity posture cybersecurity risks data security Data Visualisation Generative AI IT Industry

How Generative AI Is Accelerating the Rise of Shadow IT and Cybersecurity Gaps

 

The emergence of generative AI tools in the workplace has reignited concerns about shadow IT—technology solutions adopted by employees without the knowledge or approval of the IT department. While shadow IT has always posed security challenges, the rapid proliferation of AI tools is intensifying the issue, creating new cybersecurity risks for organizations already struggling with visibility and control. 

Employees now have access to a range of AI-powered tools that can streamline daily tasks, from summarizing text to generating code. However, many of these applications operate outside approved systems and can send sensitive corporate data to third-party cloud environments. This introduces serious privacy concerns and increases the risk of data leakage. Unlike legacy software, generative AI solutions can be downloaded and used with minimal friction, making them harder for IT teams to detect and manage. 

The 2025 State of Cybersecurity Report by Ivanti reveals a critical gap between awareness and preparedness. More than half of IT and security leaders acknowledge the threat posed by software and API vulnerabilities. Yet only about one-third feel fully equipped to deal with these risks. The disparity highlights the disconnect between theory and practice, especially as data visibility becomes increasingly fragmented. 

A significant portion of this problem stems from the lack of integrated data systems. Nearly half of organizations admit they do not have enough insight into the software operating on their networks, hindering informed decision-making. When IT and security departments work in isolation—something 55% of organizations still report—it opens the door for unmonitored tools to slip through unnoticed. 

Generative AI has only added to the complexity. Because these tools operate quickly and independently, they can infiltrate enterprise environments before any formal review process occurs. The result is a patchwork of unverified software that can compromise an organization’s overall security posture. 

Rather than attempting to ban shadow IT altogether—a move unlikely to succeed—companies should focus on improving data visibility and fostering collaboration between departments. Unified platforms that connect IT and security functions are essential. With a shared understanding of tools in use, teams can assess risks and apply controls without stifling innovation. 

Creating a culture of transparency is equally important. Employees should feel comfortable voicing their tech needs instead of finding workarounds. Training programs can help users understand the risks of generative AI and encourage safer choices. 

Ultimately, AI is not the root of the problem—lack of oversight is. As the workplace becomes more AI-driven, addressing shadow IT with strategic visibility and collaboration will be critical to building a strong, future-ready defense.
Read more »
Supply chain vulnerability
CNI CrowdStrike CrowdStrike outage Cyber Security cybersecurity resilience IT Industry IT Systems Supply chain vulnerability

2024 CrowdStrike Outage Reveals Critical IT Vulnerabilities

 


The CrowdStrike outage in July 2024 exposed significant weaknesses in global IT supply chains, raising concerns about their resilience and dependence on major providers. The disruption caused widespread impact across critical sectors, including healthcare, transportation, banking, and media. Key services—such as parts of the NHS, international transport hubs, and TV networks—experienced significant downtime, highlighting vulnerabilities in centralized IT systems.

The outage was attributed to a faulty software update for Microsoft Windows users provided by cybersecurity firm CrowdStrike. Initial fears of a cyberattack were ruled out, but the incident shed light on the inherent risks of reliance on a few dominant providers in global IT supply chains. Experts warned that such dependencies create singular points of failure, leaving essential infrastructure exposed to systemic disruptions.

One of the most affected sectors was healthcare, where operations in the NHS were forced to revert to manual methods like pen and paper. Dafydd Vaughan, chief technology officer at Public Digital, emphasized the dangers of monopolistic control in critical services. He highlighted that EMIS, a provider serving over 60% of GP surgeries in England and Wales, dominates the healthcare IT landscape. Vaughan advocated for increased competition within IT supply chains to mitigate risks and enhance resilience.

Far-Reaching Impacts

The repercussions of the outage extended beyond healthcare, disrupting transport systems, banking operations, and broadcasting networks. These interruptions prompted calls for enhanced safeguards and reinforced the need for robust IT infrastructure. Recognizing the severity of these vulnerabilities, the UK government elevated data centres to the status of critical national infrastructure (CNI). This designation ensures they receive additional protection and resources, similar to essential utilities like water and energy.

Government Response and Future Legislation

In response to the crisis, the Labour Government, which assumed power in July 2024, announced plans to introduce the Cyber Security and Resilience Bill in 2025. This proposed legislation aims to expand regulatory oversight, enforce stringent cybersecurity standards, and improve reporting protocols. These measures are designed to fortify national defenses against both outages and the escalating threat of cyberattacks, which increasingly target critical IT systems.

The CrowdStrike incident underscores the pressing need for diversified and resilient IT supply chains. While the government has taken steps to address existing vulnerabilities, a sustained focus on fostering competition and enhancing infrastructure is essential. By proactively preparing for evolving threats and ensuring robust safeguards, nations can protect critical services and minimize the impact of future disruptions.

Read more »
South Korea
cryptocurrency cryptocurrency theft cyber espionage Cyber Security IT Industry North Korea North Korea Hackers South Korea

Sanctions Imposed on North Korean Cyber Activities Supporting Nuclear Ambitions

 

South Korea has announced sanctions against 15 North Korean nationals and the Chosun Geumjeong Economic Information Technology Exchange Corporation for orchestrating schemes that finance North Korea’s nuclear weapons and missile programs. These measures target a global network involved in IT job fraud, cryptocurrency theft, and cyberattacks. 

The sanctioned individuals are linked to the 313th General Bureau, a division of North Korea’s Ministry of Munitions Industry. This bureau oversees the production and development of weapons and ballistic missiles. According to South Korea’s Peninsula Policy Bureau, these operatives are dispatched to countries such as China, Russia, Southeast Asia, and Africa. Using fake identities, they secure positions in international IT companies, generating revenue funneled back to the regime. 

Central to this operation is the Chosun Geumjeong Economic Information Technology Exchange Corporation. This organization plays a critical role by deploying IT professionals abroad and channeling significant financial resources to North Korea’s military projects. In recent years, North Korean operatives have increasingly infiltrated Western companies by posing as IT workers. This tactic not only generates revenue for the regime but also enables cyber espionage and theft. These workers have been found installing malware, stealing sensitive company data, and misappropriating funds. Some have even attempted to infiltrate secure software development environments. 

Despite the gravity of these actions, the stigma associated with hiring fraudulent workers has led many companies to keep such breaches private, leaving the true scope of the issue largely unknown. Additionally, South Korea accuses North Korea of being a major player in global cryptocurrency theft. A 2024 United Nations report found that North Korean hackers carried out 58 cyberattacks against cryptocurrency firms between 2017 and 2023, amassing approximately $3 billion in stolen funds. North Korean nationals have also reportedly violated international sanctions by earning income through employment in various industries, including construction and hospitality. 

These activities pose significant risks to the global cybersecurity landscape and international stability. South Korea asserts that the funds generated through these operations directly support North Korea’s nuclear and missile programs, emphasizing the need for a unified international response. By imposing these sanctions, South Korea aims to disrupt North Korea’s illicit financial networks and mitigate the broader risks posed by its cyber activities. 

This marks a crucial step in the global effort to counter the threats associated with Pyongyang’s nuclear ambitions and its exploitation of cyberspace for financial gain.
Read more »
Security
cyber attack Cyber Attacks FBI IT Industry Passwords Ransomware Security

IT Manager Faces Charges for Locking Computers to Demand Money


 

A recent case has highlighted that ransomware threats can sometimes come from within an organisation. Daniel Rhyne, a 57-year-old IT administrator from Kansas City, Missouri, has been accused of holding his own company hostage by locking down their systems and demanding a ransom to restore access.

The incident occurred in November last year when Rhyne was employed at an industrial company based in Somerset County, New Jersey. According to the Federal Bureau of Investigation (FBI), Rhyne allegedly took control of the company’s network by resetting the passwords of network administrator accounts as well as those of hundreds of employees. He then proceeded to delete critical backups and locked out both servers and workstations, crippling the organisation’s operations.

An hour after initiating the attack, Rhyne allegedly sent an email to the company's employees informing them of the situation and demanding a ransom in exchange for unlocking the systems. The FBI claims this was an attempt at extortion, with Rhyne threatening further damage if his demands were not met.

Rhyne’s actions were investigated by the FBI, and he has been charged with multiple counts, including extortion, intentional damage to a protected computer, and wire fraud. Should he be convicted of all charges, he faces up to 35 years in prison and a $500,000 fine, as reported by The Register.

Several pieces of evidence were gathered by the FBI to support their case against Rhyne. For instance, he allegedly used a tool known as PsPasswd, a Windows Sysinternals utility, to reset user passwords. The new password set for the accounts was "TheFr0zenCrew!", a telling detail that investigators believe connects him directly to the attack. Rhyne also reportedly kept a hidden virtual machine (VM) on his company-issued laptop, allowing him to maintain remote access to the network's administrative controls.

Adding to the case, the FBI noted that Rhyne's digital activities prior to the attack were suspicious. He allegedly used his work laptop to search for ways to alter administrator passwords via command-line tools, which are often used by IT professionals to manage networks remotely. Investigators claim that on the day of the attack, Rhyne was seen logging into his work laptop, conducting these searches, and reviewing company password spreadsheets while also accessing the hidden VM.

The fact that he used his company-issued laptop to perform these actions leaves a strong digital trail linking him to the crime. The FBI’s detailed investigation paints a clear picture of how the attack was executed, utilising common IT tools to gain unauthorised control over the company’s systems.

If Rhyne is found guilty, his actions could serve as a warning to organisations about the potential for internal threats. It highlights the need for companies to have strong security protocols in place, not just to defend against external hackers but also to safeguard against malicious insiders who have privileged access to sensitive systems.

This case illustrates how cyberattacks are evolving and how attackers, even those within the organisation, can exploit their knowledge and access to launch devastating attacks. Organisations must remain vigilant and continually monitor for suspicious behaviour, no matter the source, to protect their critical digital infrastructure.


Read more »
Privacy
Business Cloud Computing Cloud Services data security Healthcare IT Industry Privacy

Rethinking the Cloud: Why Companies Are Returning to Private Solutions


In the past ten years, public cloud computing has dramatically changed the IT industry, promising businesses limitless scalability and flexibility. By reducing the need for internal infrastructure and specialised personnel, many companies have eagerly embraced public cloud services. However, as their cloud strategies evolve, some organisations are finding that the expected financial benefits and operational flexibility are not always achieved. This has led to a new trend: cloud repatriation, where businesses move some of their workloads back from public cloud services to private cloud environments.

Choosing to repatriate workloads requires careful consideration and strategic thinking. Organisations must thoroughly understand their specific needs and the nature of their workloads. Key factors include how data is accessed, what needs to be protected, and cost implications. A successful repatriation strategy is nuanced, ensuring that critical workloads are placed in the most suitable environments.

One major factor driving cloud repatriation is the rise of edge computing. Research from Virtana indicates that most organisations now use hybrid cloud strategies, with over 80% operating in multiple clouds and around 75% utilising private clouds. This trend is especially noticeable in industries like retail, industrial sectors, transit, and healthcare, where control over computing resources is crucial. The growth of Internet of Things (IoT) devices has played a defining role, as these devices collect vast amounts of data at the network edge.

Initially, sending IoT data to the public cloud for processing made sense. But as the number of connected devices has grown, the benefits of analysing data at the edge have become clear. Edge computing offers near real-time responses, improved reliability for critical systems, and reduced downtime—essential for maintaining competitiveness and profitability. Consequently, many organisations are moving workloads back from the public cloud to take advantage of localised edge computing.

Concerns over data sovereignty and privacy are also driving cloud repatriation. In sectors like healthcare and financial services, businesses handle large amounts of sensitive data. Maintaining control over this information is vital to protect assets and prevent unauthorised access or breaches. Increased scrutiny from CIOs, CTOs, and boards has heightened the focus on data sovereignty and privacy, leading to more careful evaluations of third-party cloud solutions.

Public clouds may be suitable for workloads not bound by strict data sovereignty laws. However, many organisations find that private cloud solutions are necessary to meet compliance requirements. Factors to consider include the level of control, oversight, portability, and customization needed for specific workloads. Keeping data within trusted environments offers operational and strategic benefits, such as greater control over data access, usage, and sharing.

The trend towards cloud repatriation shows a growing realisation that the public cloud is only sometimes the best choice for every workload. Organisations are increasingly making strategic decisions to align their IT infrastructure with their specific needs and priorities. 



Read more »
Subscribe to: Comments (Atom)