Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Threat Landscape. Show all posts
Zero-day Flaw
Malicious Files nation-state hackers Threat Landscape Vulnerabilities and Exploits Zero-day Flaw

Windows Shortcut Vulnerability Exploited by 11 State-Sponsored Outfits

 

Since 2017, at least 11 state-sponsored threat groups have actively exploited a Microsoft zero-day issue that allows for abuse of Windows shortcut files to steal data and commit cyber espionage against organisations across multiple industries. 

Threat analysts from Trend Micro's Trend Zero Day Initiative (ZDI) discovered roughly 1,000 malicious.lnk files that exploited the flaw, known as ZDI-CAN-25373, which allowed cyber criminals to execute concealed malicious commands on a victim's PC via customised shortcut files.

“By exploiting this vulnerability, an attacker can prepare a malicious .lnk file for delivery to a victim,” researchers at Trend Micro noted. “Upon examining the file using the Windows-provided user interface, the victim will not be able to tell that the file contains any malicious content.”

The malicious files delivered by cybercriminals include a variety of payloads, including the Lumma infostealer and the Remcos remote access Trojan (RAT), which expose organisations to data theft and cyber espionage. 

State-sponsored outfits from North Korea, Iran, Russia, and China, as well as non-state actors, are among those behind the flaw attacks, which have affected organisations in the government, financial, telecommunications, military, and energy sectors across North America, Europe, Asia, South America, and Australia. 

Additionally, 45% of attacks were carried out by North Korean players, with Iran, Russia, and China each accounting for approximately 18%. Some of the groups listed as attackers are Evil Corp, Kimsuky, Bitter, and Mustang Panda, among others.

According to Trend Micro, Microsoft has not fixed the flaw despite receiving a proof-of-concept exploit through Trend ZDI's bug bounty program. Trend Micro did not react to a follow-up request for comment on their flaw detection and submission timeline.

Microsoft's position remains that it will not be fixing the vulnerability described by Trend Micro at this time because it "does not meet the bar for immediate servicing under our severity classification guidelines," though the company "will consider addressing it in a future feature release," according to an email from a Microsoft spokesperson.

Meanwhile, Microsoft Defender can detect and block threat behaviour, as detailed by Trend Micro, and Microsoft's Windows Smart App Control prevents malicious files from being downloaded from the internet. Furthermore, Windows recognises shortcut (.lnk) files as potentially malicious file types, and the system will automatically display a warning if a user attempts to download one.
Read more »
Threat Landscape
Business Security Cyber Security Generative AI Threat Intelligence Threat Landscape

Nearly Half of Companies Lack AI-driven Cyber Threat Plans, Report Finds

 

Mimecast has discovered that over 55% of organisations do not have specific plans in place to deal with AI-driven cyberthreats. The cybersecurity company's most recent "State of Human Risk" report, which is based on a global survey of 1,100 IT security professionals, emphasises growing concerns about insider threats, cybersecurity budget shortages, and vulnerabilities related to artificial intelligence. 

According to the report, establishing a structured cybersecurity strategy has improved the risk posture of 96% of organisations. The threat landscape is still becoming more complicated, though, and insider threats and AI-driven attacks are posing new challenges for security leaders. 

“Despite the complexity of challenges facing organisations—including increased insider risk, larger attack surfaces from collaboration tools, and sophisticated AI attacks—organisations are still too eager to simply throw point solutions at the problem,” stated Mimecast’s human risk strategist VP, Masha Sedova. “With short-staffed IT and security teams and an unrelenting threat landscape, organisations must shift to a human-centric platform approach that connects the dots between employees and technology to keep the business secure.” 

95% of organisations use AI for insider risk assessments, endpoint security, and threat detection, according to the survey, but 81% are concerned regarding data leakage from generative AI (GenAI) technology. In addition to 46% not being confident in their abilities to defend against AI-powered phishing and deepfake threats, more than half do not have defined tactics to resist AI-driven attacks.

Data loss from internal sources is expected to increase over the next year, according to 66% of IT leaders, while insider security incidents have increased by 43%. The average cost of insider-driven data breaches, leaks, or theft is $13.9 million per incident, according to the research. Furthermore, 79% of organisations think that the increased usage of collaboration technologies has increased security concerns, making them more vulnerable to both deliberate and accidental data breaches. 

With only 8% of employees accountable for 80% of security incidents, the report highlights a move away from traditional security awareness training and towards proactive Human Risk Management. To identify and eliminate threats early, organisations are implementing behavioural analytics and AI-driven surveillance. A shift towards sophisticated threat detection and risk mitigation techniques is seen in the fact that 72% of security leaders believe that human-centric cybersecurity solutions will be essential over the next five years.
Read more »
USAID
Cyber Security Data Leak DOGE Elon Musk Threat Landscape USAID

Threat Analysts Warn of the 'Largest Data Breach' After Elon Musk's DOGE Controversy

 

The debate over Elon Musk's Department of Government Efficiency continues, with the world's richest man accused of snooping on some of America's most sensitive data. The DOGE has been tasked with reducing government spending by a paltry $2 trillion, which Musk himself admits might be unfeasible. 

However, the billionaire and his crew have lost no time to shed the fat, targeting everything from the National Space Council to USAID. Concerns have been raised regarding the DOGE's level of access, and some staff members have received death threats as a result of the debate.

"You can’t un-ring this bell,” the anonymous source told the local media outlet. Once these DOGE guys have access to these data systems, they can ostensibly do with it what they want." 

Four sources spoke to the local media outlet, but only Scott Cory would go on record. The former CIO for an HHS agency said: "The longer this goes on, the greater the risk of potential fatal compromise increases.” 

The National Oceanic and Atmospheric Administration, the Office of Personnel Management, the Department of Health and Human Services, and the U.S. Treasury have all apparently been accessed by the DOGE. "I don't think the public quite understands the level of danger," a federal agency administrator continued. 

With its newfound authority, the DOGE might prevent payments to government agencies and redirect funds to organisations it chooses. There are concerns that possible access to Federal Aviation could be "dire," even if Musk hasn't altered the current system yet. 

There have also been criticism that he has brought in a young team of technical wizards, but one payment-systems expert remarked that this is actually a good thing: "If you were going to organise a heist of the US Treasury, why in the world would you bring a handful of college students?" He went on to suggest that you'd need numerous people with at least ten years of experience with COBOL. 

Despite not being paid, working 120 hours a week, and sleeping in the offices, DOGE employees have been flexing their muscles to make some significant savings. Looking at the broad picture, one source concluded: "I'd want to believe that this is all so enormous and convoluted that they won't be successful in whatever they're attempting to do. But I wouldn't bet that outcome against their egos.”
Read more »
Threat Landscape
Cyber Security Home Security IoT Smart Device Threat Landscape

Three Ways to Safeguard Your Smart Home From Cybercriminals

 

Your smart home is a technological marvel. However, when camera flaws allow our neighbours to spy on us, smart speakers are manipulated with lasers, robot vacuums are breached to shout obscenities, and entire security systems are compromised by a smart plug, it's fair if you're hesitant to link your home to the internet. 

However, there is no reason to completely forgo the benefits of smart home devices. The idea is to recognise the risks and make use of available security features. Whether you have a network of smart kitchen gadgets or a single voice assistant, these measures will ensure that no one messes with your belongings. 

Secure your wi-fi network 

The majority of routers come with a model-specific SSID and either a random password or something generic, such as "admin," making it easier for cybercriminals to gain access to your home Wi-Fi and snoop about your linked smart home devices. Keep in mind that these manufacturer-supplied credentials are available online for anybody to use, so the first step is to secure your Wi-Fi network with a strong password. 

The process differs slightly depending on the device, but the basics are the same; here's how to get started. Those employing a mesh system will be able to manage security settings via a handy smartphone app. If your router supports it, consider altering the SSID, which is simply the name of your Wi-Fi network (e.g., PCMag_Home). While older devices are limited to WPA2, newer routers support the more secure WPA3 protocol. 

Replace outdated routers

You presumably purchased a new phone or laptop during the last several years. But how about your router? Has it accumulated dust on a shelf for far too long? If your internet performance isn't already hurting, the security of your linked gadgets very likely is. 

An ageing router indicates ageing security protocols—and an easier access point for undesirable actors. If you need a new router, the latest home internet standard is Wi-Fi 6. Prices for Wi-Fi 6 routers have dropped dramatically in recent years, with more alternatives available. Meanwhile, Wi-Fi 7 is still in its early stages of release. Check out our reviews of the finest wireless routers, gaming routers, and mesh networks.

Manage your account passwords

After securing the Wi-Fi network, it's time to safeguard the individual devices and services that connect to it. Numerous smart gadgets are managed by a smartphone app, so you'll need to create an account for each one. Using the same password for everything is handy, but it also poses a security risk.

If one of those accounts is compromised and the password is revealed, hackers may gain access to all of the other accounts on which you used that password. Instead, create a one-of-a-kind password that no one else will be able to guess. You may use a random password generator to generate difficult-to-guess codes, and a password manager to remember them all for you.
Read more »
Threat Landscape
Artificial Intelligence Crypto Hack Quantum computing Technology Threat Landscape

A Looming Threat to Crypto Keys: The Risk of a Quantum Hack

 


 The Quantum Computing Threat to Cryptocurrency Security

The immense computational power that quantum computing offers raises significant concerns, particularly around its potential to compromise private keys that secure digital interactions. Among the most pressing fears is its ability to break the private keys safeguarding cryptocurrency wallets.

While this threat is genuine, it is unlikely to materialize overnight. It is, however, crucial to examine the current state of quantum computing in terms of commercial capabilities and assess its potential to pose a real danger to cryptocurrency security.

Before delving into the risks, it’s essential to understand the basics of quantum computing. Unlike classical computers, which process information using bits (either 0 or 1), quantum computers rely on quantum bits, or qubits. Qubits leverage the principles of quantum mechanics to exist in multiple states simultaneously (0, 1, or both 0 and 1, thanks to the phenomenon of superposition).

Quantum Computing Risks: Shor’s Algorithm

One of the primary risks posed by quantum computing stems from Shor’s algorithm, which allows quantum computers to factor large integers exponentially faster than classical algorithms. The security of several cryptographic systems, including RSA, relies on the difficulty of factoring large composite numbers. For instance, RSA-2048, a widely used cryptographic key size, underpins the private keys used to sign and authorize cryptocurrency transactions.

Breaking RSA-2048 with today’s classical computers, even using massive clusters of processors, would take billions of years. To illustrate, a successful attempt to crack RSA-768 (a 768-bit number) in 2009 required years of effort and hundreds of clustered machines. The computational difficulty grows exponentially with key size, making RSA-2048 virtually unbreakable within any human timescale—at least for now.

Commercial quantum computing offerings, such as IBM Q System One, Google Sycamore, Rigetti Aspen-9, and AWS Braket, are available today for those with the resources to use them. However, the number of qubits these systems offer remains limited — typically only a few dozen. This is far from sufficient to break even moderately sized cryptographic keys within any realistic timeframe. Breaking RSA-2048 would require millions of years with current quantum systems.

Beyond insufficient qubit capacity, today’s quantum computers face challenges in qubit stability, error correction, and scalability. Additionally, their operation depends on extreme conditions. Qubits are highly sensitive to electromagnetic disturbances, necessitating cryogenic temperatures and advanced magnetic shielding for stability.

Future Projections and the Quantum Threat

Unlike classical computing, quantum computing lacks a clear equivalent of Moore’s Law to predict how quickly its power will grow. Google’s Hartmut Neven proposed a “Neven’s Law” suggesting double-exponential growth in quantum computing power, but this model has yet to consistently hold up in practice beyond research and development milestones.

Hypothetically, achieving double-exponential growth to reach the approximately 20 million physical qubits needed to crack RSA-2048 could take another four years. However, this projection assumes breakthroughs in addressing error correction, qubit stability, and scalability—all formidable challenges in their own right.

While quantum computing poses a theoretical threat to cryptocurrency and other cryptographic systems, significant technical hurdles must be overcome before it becomes a tangible risk. Current commercial offerings remain far from capable of cracking RSA-2048 or similar key sizes. However, as research progresses, it is crucial for industries reliant on cryptographic security to explore quantum-resistant algorithms to stay ahead of potential threats.

Read more »
Threat Landscape
Chinese Hackers Cyber Attacks Japan MirrorFace Threat Landscape

Japan Attributes Ongoing Cyberattacks to China-Linked MirrorFace Group

 


Japan's National Police Agency (NPA) and the National Centre of Incident Readiness and Strategy for Cybersecurity (NISC) have officially attributed a prolonged cyberattack campaign targeting Japanese organizations and individuals since 2019 to the China-linked threat actor MirrorFace, also known as Earth Kasha.

The cyberattacks were designed to steal sensitive information related to Japan's national security and emerging technologies. MirrorFace is reportedly a subgroup of the Chinese state-sponsored hacking collective APT10, notorious for deploying malware tools such as ANEL, LODEINFO, and NOOPDOOR.

Authorities have identified three distinct phases in MirrorFace's attack operations:
  • December 2019 – July 2023: Spear-phishing emails carrying malware like LODEINFO, LilimRAT, and NOOPDOOR targeted government agencies, think tanks, politicians, and media outlets.
  • February – October 2023: Malware such as Cobalt Strike Beacon, LODEINFO, and NOOPDOOR was deployed through vulnerabilities in network devices to infiltrate sectors like semiconductors, aerospace, and academic institutions.
  • June 2024 – Present: Phishing emails loaded with ANEL malware were sent to think tanks, political figures, and media organizations.

Sophisticated Cyberattack Techniques

MirrorFace utilized advanced methods to evade detection and maintain persistence, including:
  • Windows Sandbox Deployment: Malware was executed within the Windows Sandbox, a virtualized environment that limits malware persistence by erasing data upon system reset.
  • Evasion of Security Tools: This technique allowed malware to operate undetected by antivirus software.

Scale and Impact of the Cyberattacks

The NPA has connected MirrorFace to over 200 cyber incidents spanning five years. The affected sectors include:
  • Government Agencies
  • Defense Organizations
  • Space Research Centers
  • Private Enterprises in Advanced Technologies

Phishing emails often used compelling subjects like "Japan-US alliance" and "Taiwan Strait" to deceive recipients into downloading malicious attachments. Notable attacks linked to similar tactics include:
  • Japan Aerospace Exploration Agency (JAXA): Targeted in a sophisticated cyberattack.
  • Port of Nagoya (2023): Disrupted by a ransomware incident.

In response to these threats, the NPA issued a public warning:

“This alert aims to raise awareness among targeted organizations, businesses, and individuals about the threats they face in cyberspace by publicly disclosing the methods used in the cyber-attacks by ‘MirrorFace.’ It also seeks to encourage the implementation of appropriate security measures to prevent the expansion of damage from cyber-attacks and to avert potential harm.”

The warning underscores the need for heightened cybersecurity practices across sectors to mitigate risks from increasingly sophisticated cyber threats.
Read more »
Threat Landscape
Apple Artificial Intelligence Cyber Security Fake News Alert Threat Landscape

Apple Faces Backlash Over Misinformation from Apple Intelligence Tool

 



Apple made headlines with the launch of its Apple Intelligence tool, which quickly gained global attention. However, the tech giant now faces mounting criticism after reports emerged that the AI feature has been generating false news notifications, raising concerns about misinformation.

The British Broadcasting Corporation (BBC) was the first to report the problem, directly complaining to Apple that the AI summaries were misrepresenting their journalism. Apple responded belatedly, clarifying that its staff are working to ensure users understand these summaries are AI-generated and not official news reports.

Alan Rusbridger, former editor of The Guardian, criticized Apple, suggesting the company should withdraw the product if it is not yet ready. He warned that Apple’s technology poses a significant risk of spreading misinformation globally, potentially causing unnecessary panic among readers.

Rusbridger further emphasized that public trust in journalism is already fragile. He expressed concern that major American tech companies like Apple should not use the media industry as a testing ground for experimental features.

Pressure from Journalist Organizations

The National Union of Journalists (NUJ), a leading global body representing journalists, joined the criticism, urging Apple to take swift action to curb the spread of misinformation. The NUJ's statement echoes previous concerns raised by Reporters Without Borders (RSF).

Laura Davison, NUJ’s general secretary, stressed the urgency of the matter, stating,

"At a time when access to accurate reporting has never been more important, the public must not be placed in a position of second-guessing the accuracy of news they receive."

Apple is now under increasing pressure from media organizations and watchdog groups to resolve the issue. If the company fails to address these concerns promptly, it may be forced to remove the Apple Intelligence feature altogether.

With legal and regulatory scrutiny intensifying, Apple’s next steps will be closely watched. Prolonging the issue could invite further criticism and potential legal consequences.

This situation highlights the growing responsibility of tech companies to prevent the spread of misinformation, especially when deploying advanced AI tools. Apple must act decisively to regain public trust and ensure its technologies do not compromise the integrity of reliable journalism.
Read more »
User Security
Cyber Crime Email scam Indian Citizens Threat Landscape User Security

Threat Actors Are Sending Fraudulent Legal Notices to Target Indians

 

The Indian authorities have issued an urgent warning to residents over the widespread circulation of counterfeit emails impersonating Rajesh Kumar, CEO of the Indian Cyber Crime Coordination Centre (I4C). 

These fraudulent emails, with misleading subject lines like "Urgent Notification!" and "Court Notification," falsely accuse recipients of cybercrime and pressure them to respond. The PIB Fact Check team has identified these emails as fraudulent, emphasising that they were sent with malicious purpose to trick recipients and exploit their fears. 

Fake email threat

The bogus emails exploit the logos of prominent Indian institutions, such as the Indian Cyber Crime Coordination Centre (I4C), Intelligence Bureau (IB), and Delhi Police, as proof of legitimacy. They also represent themselves by using the names and contact information of senior officials to deceive recipients. These fake emails have been sent to government offices, people, and organisations, posing as official correspondence. 

In a tweet from its official handle, @PIBFactCheck, the bureau clarified that these emails are absolutely fraudulent and deceitful. "It is vital to note that neither the undersigned nor this unit originated such emails. Furthermore, no permission has been obtained for the creation or distribution of such content," the release noted. 

Cybercrime impact in India 

Concern over the rise in cybercrime in India is growing. Avinash Mohanty, the commissioner of police for Cyberabad, claims that cybercrime makes up more than 30% of the commissionerate's cognisable offences and that it may soon reach 50%. It is alarming to learn that every minute, Indian residents lose between 1.3 and 1.5 lakh rupees to hackers. This startling statistic emphasises the importance of raising awareness and vigilance against online fraud and scams. 

The recovery rate for cybercrime damages in the nation remains dismally low, averaging less than 20%. This increases the financial and emotional toll on sufferers. The increase in cybercrime impacts not only individuals and businesses, but also government institutions, which have been targeted in cases of espionage and data breaches.

In recent years, India has had a number of high-profile data breaches, the most significant of which involved Aadhaar, the country's unique citizen identification system. This breach affected over a billion Indians' personal information, including bank account numbers, addresses, and fingerprints. In 2024, the cost of data breaches in India would exceed two million US dollars, illustrating the increasing sophistication of cyberattacks and their devastating consequences.
Read more »
Subscribe to: Posts (Atom)