Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Aadhaar Verification Rules Amended as India Strengthens Data Compliance

  It is expected that India's flagship digital identity infrastructure, the Aadhaar, will undergo significant changes to its regulatory ...

All the recent news you need to know
Technology
AI tools Artificial Intelligence CyberCrime organizations Ransomware Technology

AI in Cybercrime: What’s Real, What’s Exaggerated, and What Actually Matters

 



Artificial intelligence is increasingly influencing the cyber security infrastructure, but recent claims about “AI-powered” cybercrime often exaggerate how advanced these threats currently are. While AI is changing how both defenders and attackers operate, evidence does not support the idea that cybercriminals are already running fully autonomous, self-directed AI attacks at scale.

For several years, AI has played a defining role in cyber security as organisations modernise their systems. Machine learning tools now assist with threat detection, log analysis, and response automation. At the same time, attackers are exploring how these technologies might support their activities. However, the capabilities of today’s AI tools are frequently overstated, creating a disconnect between public claims and operational reality.

Recent attention has been driven by two high-profile reports. One study suggested that artificial intelligence is involved in most ransomware incidents, a conclusion that was later challenged by multiple researchers due to methodological concerns. The report was subsequently withdrawn, reinforcing the importance of careful validation. Another claim emerged when an AI company reported that its model had been misused by state-linked actors to assist in an espionage operation targeting multiple organisations.

According to the company’s account, the AI tool supported tasks such as identifying system weaknesses and assisting with movement across networks. However, experts questioned these conclusions due to the absence of technical indicators and the use of common open-source tools that are already widely monitored. Several analysts described the activity as advanced automation rather than genuine artificial intelligence making independent decisions.

There are documented cases of attackers experimenting with AI in limited ways. Some ransomware has reportedly used local language models to generate scripts, and certain threat groups appear to rely on generative tools during development. These examples demonstrate experimentation, not a widespread shift in how cybercrime is conducted.

Well-established ransomware groups already operate mature development pipelines and rely heavily on experienced human operators. AI tools may help refine existing code, speed up reconnaissance, or improve phishing messages, but they are not replacing human planning or expertise. Malware generated directly by AI systems is often untested, unreliable, and lacks the refinement gained through real-world deployment.

Even in reported cases of AI misuse, limitations remain clear. Some models have been shown to fabricate progress or generate incorrect technical details, making continuous human supervision necessary. This undermines the idea of fully independent AI-driven attacks.

There are also operational risks for attackers. Campaigns that depend on commercial AI platforms can fail instantly if access is restricted. Open-source alternatives reduce this risk but require more resources and technical skill while offering weaker performance.

The UK’s National Cyber Security Centre has acknowledged that AI will accelerate certain attack techniques, particularly vulnerability research. However, fully autonomous cyberattacks remain speculative.

The real challenge is avoiding distraction. AI will influence cyber threats, but not in the dramatic way some headlines suggest. Security efforts should prioritise evidence-based risk, improved visibility, and responsible use of AI to strengthen defences rather than amplify fear.



Read more »
ShadyPanda campaign
Chrome Web Store malware Edge spyware extensions Koi Security report malicious browser extensions malware ShadyPanda campaign

Trusted Browser Extensions Turn Rogue in ShadyPanda Malware Campaign Affecting Chrome and Edge

 

Malicious browser extensions sometimes slip into official marketplaces like the Chrome Web Store by disguising themselves as genuine tools. Detecting them becomes even harder when they behave legitimately at first, only turning harmful after users have grown to trust them.

This tactic was recently uncovered on Google Chrome and Microsoft Edge. Researchers at Koi Security discovered several extensions on both platforms that functioned normally for years before being updated with malicious code. These updates enabled attackers to monitor user activity, collect sensitive information, and secretly send that data to external servers. The operation, dubbed ShadyPanda, amassed nearly four million downloads and continues to remain active on Edge.

Earlier this year, threat actors used a similar approach on Firefox. They first released harmless extensions designed to imitate popular cryptocurrency wallets. After gaining approval, downloads, and positive reviews, they later injected malicious functionality that logged user inputs in form fields, allowing attackers to access and steal crypto assets.

According to Koi Security, ShadyPanda originally began as an affiliate fraud scheme. Around 145 extensions posing as wallpaper and productivity tools were published across Chrome and Edge. In the initial phase, these add-ons inserted affiliate tracking codes and generated commission-based revenue through clicks to platforms like eBay, Amazon, and Booking.com. Over time, the campaign escalated to manipulating search results and eventually narrowed down to five extensions launched in 2018 that were later transformed into malware.

Some of these extensions gained significant credibility. They were labeled as Featured and Verified on Chrome, and one cache-cleaning tool called Clean Master achieved a 4.8-star rating from thousands of users. In 2024, updates to these extensions introduced malware capable of checking in hourly for commands, maintaining complete browser access, and transmitting user data back to ShadyPanda-controlled servers. These extensions have since been removed from Chrome.

In 2023, attackers also introduced five additional extensions to Microsoft Edge, including one called WeTab. Two of these functioned as full-scale spyware, and all remained active at the time of Koi Security’s report.

Because malicious extensions often masquerade as legitimate ones, simply scanning your installed add-ons may not reveal any obvious threats. Koi Security has published a list of extension IDs linked to the ShadyPanda campaign, which users should manually check.

On Chrome, users can enter chrome://extensions/ in the address bar, enable Developer mode, and view the IDs of installed extensions. These IDs can then be searched individually using the browser’s find function. If none match the listed malicious IDs, the browser is likely safe. If a match is found, the extension should be removed immediately. Edge users can follow the same steps via edge://extensions/.

This campaign highlights that even long-installed extensions can later be weaponized. Users should apply the same caution to browser add-ons as they do to mobile or desktop apps. Carefully review extension names, as fake ones often closely resemble legitimate tools. Watch for spelling errors, mismatched descriptions or images, and suspicious review patterns, such as an unusually high number of positive ratings in a short time. Conducting additional checks through online searches or community forums like Reddit can also help verify whether an extension is trustworthy.
Read more »
OpenAI
AI Model AI Models AI Systems ChatGPT ChatGPT. OpenAI Cyber Defenses Cyber Security cybersecurity risks OpenAI

OpenAI Warns Future AI Models Could Increase Cybersecurity Risks and Defenses

 

Meanwhile, OpenAI told the press that large language models will get to a level where future generations of these could pose a serious risk to cybersecurity. The company in its blog postingly admitted that powerful AI systems could eventually be used to craft sophisticated cyberattacks, such as developing previously unknown software vulnerabilities or aiding stealthy cyber-espionage operations against well-defended targets. Although this is still theoretical, OpenAI has underlined that the pace with which AI cyber-capability improvements are taking place demands proactive preparation. 

The same advances that could make future models attractive for malicious use, according to the company, also offer significant opportunities to strengthen cyber defense. OpenAI said such progress in reasoning, code analysis, and automation has the potential to significantly enhance security teams' ability to identify weaknesses in systems better, audit complex software systems, and remediate vulnerabilities more effectively. Instead of framing the issue as a threat alone, the company cast the issue as a dual-use challenge-one in which adequate management through safeguards and responsible deployment would be required. 

In the development of such advanced AI systems, OpenAI says it is investing heavily in defensive cybersecurity applications. This includes helping models improve particularly on tasks related to secure code review, vulnerability discovery, and patch validation. It also mentioned its effort on creating tooling supporting defenders in running critical workflows at scale, notably in environments where manual processes are slow or resource-intensive. 

OpenAI identified several technical strategies that it thinks are critical to the mitigation of cyber risk associated with increased capabilities of AI systems: stronger access controls to restrict who has access to sensitive features, hardened infrastructure to prevent abuse, outbound data controls to reduce the risk of information leakage, and continuous monitoring to detect anomalous behavior. These altogether are aimed at reducing the likelihood that advanced capabilities could be leveraged for harmful purposes. 

It also announced the forthcoming launch of a new program offering tiered access to additional cybersecurity-related AI capabilities. This is intended to ensure that researchers, enterprises, and security professionals working on legitimate defensive use cases have access to more advanced tooling while providing appropriate restrictions on higher-risk functionality. Specific timelines were not discussed by OpenAI, although it promised that more would be forthcoming very soon. 

Meanwhile, OpenAI also announced that it would create a Frontier Risk Council comprising renowned cybersecurity experts and industry practitioners. Its initial mandate will lie in assessing the cyber-related risks that come with frontier AI models. But this is expected to expand beyond this in the near future. Its members will be required to offer advice on the question of where the line should fall between developing capability responsibly and possible misuse. And its input would keep informing future safeguards and evaluation frameworks. 

OpenAI also emphasized that the risks of AI-enabled cyber misuse have no single-company or single-platform constraint. Any sophisticated model, across the industry, it said, may be misused if there are no proper controls. To that effect, OpenAI said it continues to collaborate with peers through initiatives such as the Frontier Model Forum, sharing threat modeling insights and best practices. 

By recognizing how AI capabilities could be weaponized and where the points of intervention may lie, the company believes, the industry will go a long way toward balancing innovation and security as AI systems continue to evolve.
Read more »
Ransomware
Cyber Crime CyberCrime Data Fraud India NCRB Ransomware

India Witnesses Sharp Surge in Cybercrime, Fraud Dominates NCRB 2023 Report

 

The cybercrime landscape in India has witnessed a drastic increase with NCRB data indicating cases jacking up from above 52,000 in 2021 to over 86,000 by 2023 led by fraud and online financial crime. Concurrently, threat intelligence shows that India is now a high‑risk ransomware and dark‑web ecosystem within the Asia‑Pacific region. 

NCRB data and growth trend 

The report suggests that NCRB’s “Crime in India” figures show an alarming and persistent increase in reported cybercrimes, increasing from just above 52,000 cases in 2021 to beyond 86,000 cases by 2023, owing to increased digitization, online payments and use of mobile internet. This is a 31.2% year-on-year increase between 2022 and 2023 alone and the country’s cybercrime rate has increased from 4.8 to 6.2 cases per lakh population. 

Fraud is the most prevalent motive, making up almost 69% of all cybercrime incidents in 2023, followed by sexual exploitation, and extortion, highlighting that attackers mainly prey on financial and personal vulnerabilities. States such as Karnataka, Telangana and Uttar Pradesh account for a large number of cases, reflecting higher IT penetration, urbanisation and digital adoption.

Ransomware and dark-web activity

Beyond the raw figures of the NCRB, the report places India among an Asia‑Pacific threat map of sorts, drawing upon the Cyble Monthly Threat Landscape Report for July 2025, to show that India is still among the key targets for operators of ransomware. It cited the Warlock ransomware group for targeting an India-based manufacturing firm, exfiltrating HR, financial, and design data, which was then used for extortion and exposure.

The report also notes dark‑web listings advertising unauthorized access to an Indian telecom network for around US$35,000, including credentials and critical operational details, highlighting the commoditization of network breaches. Regionally, Thailand, Japan, and Singapore each recorded six ransomware victims in the observed period, with India and the Philippines close behind, and manufacturing, government, and critical infrastructure sectors bearing the brunt of attacks. 

Additionally, South Asia is experiencing ideologically driven attacks, exemplified by the pro‑India Team Pelican Hackers, which claimed breaches of major Pakistani research and academic institutions. These campaigns blur the line between classic cybercrime and geopolitical conflict, indicating that Indian networks face both profit‑motivated and politically motivated breachs.
Read more »
Windows Security
Credential Theft Lumma Stealer malware malware infection National Cyber Security Centre New Zealand Cyber Security Online fraud Windows Security

Malicious Software Compromises 26000 Devices Across New Zealand


Thousands of devices have been infected with malware through New Zealand's National Cyber Security Center, showing the persistent risk posed by credential-stealing cybercrime, which has been causing New Zealand's National Cyber Security Center to notify individuals after an exposure. 

About 26,000 people have been notified by the agency that it is sending an email advising them to visit the Own Your Online portal for instructions on how to remove malicious software from their accounts and strengthen their account security. 

As NCSC Chief Operating Officer Michael Jagusch informed me, the alerts were related to Lumma Stealer, which is a highly regarded strain of malware targeting Windows-based devices. There is a danger that this malware can be used to facilitate identity theft or fraud by covertly harvesting sensitive data like email addresses and passwords. 

Officials noted that Lumma Stealer and other information-stealing tools are still part of an international cybercrime ecosystem that continues to grow, and so users should be vigilant and take proactive security measures in order to protect themselves. It has been reported that the National Cyber Security Centre of the Government Communications Security Bureau has conducted an assessment and found that it is possible that the malicious activity may have affected approximately 26,000 email addresses countrywide. 

As detailed in its statement published on Wednesday, the U.S. Department of Homeland Security has warned that the malware involved in the incident, dubbed Lumma Stealer, is specifically designed to be able to steal sensitive data, including login credentials and other personally identifiable information, from targeted systems.

As noted by the NCSC, this threat primarily targets Windows-based devices, and cybercriminals use this threat to facilitate the fraud of personal information and financial fraud. Thus, it highlights the continued exposure of everyday users to sophisticated campaigns aimed at stealing personal data. 

The issue was discovered by the National Cyber Security Centre's cyber intelligence partnerships, after the agency first worked with government bodies and financial institutions in order to alert a segment of those affected before expanding the effort to notify the entire public. Introducing the NCSC Chief Operating Officer, Michael Jagusch, he said the center has now moved to a broader direct-contact approach and this is its first time undertaking a public outreach of this sort on such a large scale. 

A step he pointed out was that the notifications are genuine and come from the official email address no-reply@comms.ncsc.govt.nz, which helps recipients distinguish between the legitimate and fraudulent ones. It is noteworthy that a recent BNZ survey indicates similar exposure across small and medium businesses, which is in line with the current campaign, which is targeted at households and individuals. 

The research reveals that 65% of small and medium-sized businesses believe scam activity targeting their businesses has increased over the past year; however, 45% of these businesses do not place a high priority on scam awareness or cyber education, despite the fact that their employees routinely handle emails, payment information and customer information. 

There were approximately half of surveyed SMEs who reported that they had been scammed in the last 12 months and many of them had been scammed by clicking links, opening attachments, or responding to misleading messages. According to BNZ fraud operations head Margaret Miller, criminals are increasingly exploiting human behavior as a means of committing fraud rather than exploiting technical flaws, targeting business owners and employees who are working on a daily basis. 

A substantial number of small business owners reported business financial losses following breaches, with 21% reporting business financial losses, 26% a personal financial loss and 30% experiencing data compromise, all of which had consequences beyond business accounts. According to Miller, the average loss was over $5,000, demonstrating that scammers do not only attempt to steal company funds, but also to steal personal information and sensitive business data in the form of financial fraud. 

It is the country's primary authority for helping individuals and companies reduce their cyber risk, and it is housed within the Government Communications Security Bureau.

The National Cyber Security Centre offers help to individuals and organisations and is a chief authority on cyber security. It has three core functions that form the basis of its work: helping New Zealanders make informed decisions about their digital security, ensuring strong cyber hygiene is embedded within essential services and in the wider cyber ecosystem in collaboration with key stakeholders, and using its statutory mandate to combat the most serious and harmful cyber threats through the deployment of its specialist capability. 

Own Your Online, a central part of this initiative, provides practical tools, guidance and resources designed to make cybersecurity accessible for householders, small businesses, and nonprofit organizations, as well as clear advice on prevention and what to do when an incident occurs. In particular, the NCSC owns the Own Your Online platform, which provides practical tools, guidance, and resources. 

There is no doubt that the incident serves as a timely reminder of the increasing sophistication and reach of modern cybercrime, as well as the shared responsibility that must be taken to limit its effects on society. Many experts continue to emphasize the importance of maintaining a safe system, including the use of strong, unique passwords, and the use of multi-factor authentication whenever possible. They advise maintaining your operating system and software up to date as well as using the proper passwords. 

Furthermore, users are advised to remain cautious of any unexpected emails or messages they receive, even if they appear to have come from trusted sources. Likewise, users should exclusively communicate through official channels to avoid any confusion. 

The focus continues to remain on raising awareness and improving resilience among individuals and organisations with the aim of improving digital awareness and improving collaboration between the authorities and the business and financial sector. 

A new approach has been adopted by agencies to encourage early detection, clear communication, and practical guidance that are aimed at reducing immediate harm while also fostering long-term confidence among New Zealanders in navigating an increasingly complex online world.
Read more »
Ransomware
Data Breach Data Theft eCommerce Japan MFA Ransomware

Askul Discloses Scope of Customer Data Theft Following October Ransomware Incident

 



Japanese e-commerce firm Askul Corporation has officially confirmed that a ransomware attack earlier this year led to the unauthorized access and theft of data belonging to nearly 740,000 individuals. The company made the disclosure after completing a detailed investigation into the cyber incident that occurred in October.

Askul operates a large-scale online platform that provides office supplies and logistics services to both corporate clients and individual consumers. The company is part of the Yahoo! Japan corporate group and plays a significant role in Japan’s business-to-business supply chain.

The cyberattack caused serious disruptions to Askul’s internal systems, resulting in an operational shutdown that forced the company to suspend product shipments. This disruption affected a wide range of customers, including major retail partners such as Muji.

Following the conclusion of its internal review, Askul clarified the categories of data that were compromised. According to the company, service-related records of approximately 590,000 business customers were accessed. Data connected to around 132,000 individual customers was also involved. In addition, information related to roughly 15,000 business partners, including outsourcing firms, agents, and suppliers, was exposed. The incident further affected personal data linked to about 2,700 executives and employees, including those from group companies.

Askul stated that it is deliberately limiting the disclosure of specific details related to the stolen data to reduce the risk of further exploitation. The company confirmed that affected customers and business partners will be informed directly through individual notifications.

Regulatory authorities have also been notified. Askul reported the data exposure to Japan’s Personal Information Protection Commission and has implemented long-term monitoring measures to identify and prevent any potential misuse of the compromised information.

System recovery remains ongoing. As of December 15, shipping operations had not fully returned to normal, and the company continues to work toward restoring all affected services.

Responsibility for the attack has been claimed by the ransomware group known as RansomHouse. The group publicly disclosed the breach at the end of October and later released portions of the stolen data in two separate leaks in November and December.

Askul shared limited technical findings regarding how the attackers gained access. The company believes the intrusion began through stolen login credentials associated with an administrator account belonging to an outsourced partner. This account did not have multi-factor authentication enabled, making it easier for attackers to exploit.

After entering the network, the attackers conducted internal reconnaissance, collected additional authentication information, and expanded their access to multiple servers. Askul reported that security defenses, including endpoint detection and response tools, were disabled during the attack. The company also noted that several ransomware variants were deployed, some of which bypassed existing detection mechanisms despite recent updates.

The attack resulted in both data encryption and widespread system failures. The ransomware was executed simultaneously across multiple servers, and backup files were deliberately erased to prevent rapid system recovery.

In response, Askul disconnected affected networks, restricted communication between data centers and logistics facilities, isolated compromised devices, and strengthened endpoint security controls. Multi-factor authentication has since been enforced across critical systems, and all administrator account passwords have been reset.

The financial consequences of the incident have not yet been determined. Askul has postponed its earnings report to allow additional time for a comprehensive assessment of the impact.



Read more »
Subscribe to: Comments (Atom)

Featured