Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Businesses. Show all posts
Ransomware
Businesses Cyber Attacks nord stellar RaaS Ransomware

Ransomware Attacks Surge in 2025, With Smaller Businesses and Manufacturers Most Affected

 



Ransomware threats are rising fast in 2025, with the first half of the year already showing a sharp increase in attacks. New research shows that U.S.-based companies, small and medium-sized businesses, and firms in the manufacturing sector are currently among the top targets for these cybercriminal campaigns.

Between January and June this year, nearly 4,200 ransomware incidents were made public on the dark web. That’s a 49% jump compared to the same time period in 2024, according to recent findings by cybersecurity firm NordStellar.

Experts suggest that several factors may be driving this rise. These include the growing use of Ransomware-as-a-Service (RaaS) — a model where criminal groups rent out ransomware tools to others, as well as challenges related to remote or hybrid working setups. Additionally, ongoing economic struggles may be pushing more individuals toward illegal activities, including cybercrime.

In terms of geography, the United States experienced the highest number of attacks, with 596 cases. This accounted for nearly half of all reported incidents worldwide. Other affected countries included Germany (84 cases), Canada (74), the UK (40), and Spain (37). Analysts believe that U.S. companies are often targeted because of their size, visibility, and the potential financial damage of a public attack. These businesses are more likely to pay the ransom quickly to avoid reputational harm.

Tight regulations around data privacy and system availability may also push organizations to resolve incidents faster, especially if they fear penalties or losing client trust.

The manufacturing sector was hit particularly hard, with 223 reported cases. Construction (97 incidents) and the IT industry (88) followed close behind. Experts point out that many of these organizations rely on older systems that lack regular updates, and they often operate in multiple locations, making cybersecurity harder to manage across the board.

Small to mid-sized firms, especially those with 51 to 200 employees and annual revenue between $5 million and $25 million, faced the most ransomware attempts. Researchers say this may be because these companies often depend on third-party IT providers and don’t always have strong internal security policies.

As for which ransomware gangs are most active in 2025, the group known as Qilin leads with 214 reported attacks. SafePay, allegedly linked to a recent incident involving a global tech distributor, followed with 201 cases, and Akira came in third with 200.

Cybersecurity professionals continue to emphasize basic but crucial practices: employee training on phishing threats, use of multi-factor authentication, and better password protection. Beyond that, building a full-scale cybersecurity plan is key to identifying and stopping threats early, before they cause widespread damage.

Read more »
Technology
Businesses Data Gen AI Technology

A Simple Guide to Launching GenAI Successfully

 


Generative AI (GenAI) is one of today’s most exciting technologies, offering potential to improve productivity, creativity, and customer service. But for many companies, it becomes like a forgotten gym membership, enthusiastically started, but quickly abandoned.

So how can businesses make sure they get real value from GenAI instead of falling into the trap of wasted effort? Success lies in four key steps: building a strong plan, choosing the right partners, launching responsibly, and tracking the impact.


1. Set Up a Strong Governance Framework

Before using GenAI, businesses must create clear rules and processes to use it safely and responsibly. This is called a governance framework. It helps prevent problems like privacy violations, data leaks, or misuse of AI tools.

This framework should be created by a group of leaders from different departments—legal, compliance, cybersecurity, data, and business operations. Since AI can affect many parts of a company, it’s important that leadership supports and oversees these efforts.

It’s also crucial to manage data properly. Many companies forget to prepare their data for AI tools. Data should be accurate, anonymous where needed, and well-organized to avoid security risks and legal trouble.

Risk management must be proactive. This includes reducing bias in AI systems, ensuring data security, staying within legal boundaries, and preventing misuse of intellectual property.


2. Choose Technology Partners Carefully

GenAI tools are not like regular software. When selecting a provider, businesses should look beyond basic features and check how the provider handles data, ownership rights, and ethical practices. A lack of transparency is a warning sign.

Companies should know where their data is stored, who can access it, and who owns the results produced by the AI tool. It’s also important to avoid being trapped in systems that make it difficult to switch vendors later. Always review agreements carefully, especially around copyright and data rights.


3. Launch With Care and Strategy

Once planning is complete, the focus should shift to thoughtful execution. Start with small projects that can demonstrate value quickly. Choose use cases where GenAI can clearly improve efficiency or outcomes.

Data used in GenAI must be organized and secured so that no sensitive information is exposed. Also, employees must be trained to work with these tools effectively. Skills like writing proper prompts and verifying AI-generated content are essential.

To build trust and encourage adoption, leaders should clearly explain why GenAI is being introduced and how it will help, not replace employees. GenAI should support teams and improve their performance, not reduce jobs.


4. Track Success and Business Value

Finally, companies need to measure the results. Success isn’t just about using the technology— it’s about making a real impact.

Set clear goals and use simple metrics, like productivity improvements, customer feedback, or employee satisfaction. GenAI should lead to better outcomes for both teams and clients, not just technical performance.

To move beyond the GenAI buzz and unlock real value, companies must approach it with clear goals, responsible use, and long-term thinking. With the right foundation, GenAI can be more than just hype, it can be a lasting asset for innovation and growth.



Read more »
North Korea
Black Mail Businesses Crypto Cyber Crime Extortion NFTs North Korea

US Seizes $7.7 Million From Crypto Linked to North Korea's IT Worker Scam


The US Department of Justice has filed a civil forfeiture complaint against North Korean IT workers for illegally gaining employment with US businesses, and earning millions for the Korean government, which amounts to violations of sanctions.

The government seized $7.7m in funds in 2023 that involved Sim Hyon Sop- a worker at the North Korean Foreign Trade Bank (FTB) who joined hands with IT workers to launder the money for Pyongyang.

According to the complaint, the North Korean IT workers escaped security via fraud IDs and tactics that hid their real location. The salaries were credited in stablecoins like USDT and USDC.

To launder the money, employees created accounts using fake IDs, transferred funds in small amounts to other blockchains (chain hopping), and/or converted them into other digital currencies (token swapping).

Scammers also bought non-fungible tokens (NFTs) and used US accounts to make their operations look real. Sim worked with Kim Sang Man, the CEO of the “Jinyong IT Cooperation Company,” who served as a middleman between the FTB and the IT workers. 

According to the Justice Department’s National Security Division, North Korea, for years has “exploited global remote IT contracting and cryptocurrency ecosystems to evade US sanctions and bankroll its weapons programs.” 

Department head Sue Bai said, “Today’s multimillion-dollar forfeiture action reflects the Department’s strategic focus on disrupting these illicit revenue schemes. We will continue to use every legal tool available to cut off the financial lifelines that sustain the DPRK and its destabilizing agenda.”

North Korean IT workers have been slithering their way into employment in US firms for many years.  However, the advancement of these operations was exposed in 2024 when security expert KnowBe4 disclosed that even their organization was tricked into hiring an IT specialist from North Korea.

After that, Google has cautioned that US businesses remain a primary target and also warned that the threat actors have nor started focusing their operations at Europan firms.  While few do normal work to get paid, there is also a concern that their organization access allows them to extract important data and use it for extortion.

Read more »
Technology
ActionAgents AI Agent Businesses Freelancers Technology

Now You Can Hire AI Tools Like Freelancers — Thanks to This Indian Startup

 



A tech startup based in Ahmedabad is changing how businesses use artificial intelligence. The company has launched a platform that allows users to hire AI tools the same way they hire freelancers— on demand and for specific tasks.

Over the past few years, companies everywhere have turned to AI to speed up their work, reduce costs, and make smarter decisions. But finding the right AI tool has become a tough task. With hundreds of platforms available online, most users—especially those without a technical background— don’t know where to start. Many tools are expensive, difficult to use, or don’t work as expected.

That’s where ActionAgents, a platform by ActionLabs.ai, comes in. The idea behind the platform began when the team noticed that many of their business clients kept asking which AI tool to use for particular needs. There was no clear or reliable place to compare different tools and test them first.

At first, they created a directory that listed a wide range of AI tools from different sectors. But it didn’t solve the full problem. Users still had to leave the site, sign up for external tools, and often pay for something that didn’t meet their expectations. This made it harder for small businesses and non-technical users to benefit from AI.

To solve this, the team launched ActionAgents in January. It is a single platform that brings various AI tools together and lets users access them directly. There’s no need to subscribe or download anything. Users can try out different AI agents and only pay when they use a service.

The platform currently offers over 50 AI-powered mini tools. These include tools for writing resumes and cover letters, checking job applications against hiring systems, generating business names, planning trips, finding gifts, building websites, and even analyzing WhatsApp chats.

In just two months, more than 3,000 people have signed up. Every day, about 80–100 new users join, and over 200 tasks are completed by the AI agents. What’s more impressive is that the startup has done all this without spending money on advertising. People from countries like India, the US, Canada, and those in Europe and the Middle East are using the platform.

The startup started with an investment of ₹15–20 lakh and is already seeing steady growth in users and revenue. Now, ActionAgents plans to reach 10,000 users in the next few months. Over the next two years, it aims to grow its user base to around 1 million.

The team also wants to open the platform to developers, allowing them to build their own AI tools and offer them on ActionAgents. This move could help more people build, sell, and earn from their own AI creations.


From a Small Home to a Big AI Dream

The person who started ActionAgents, Jay, didn’t come from a rich background. He grew up in Ahmedabad, where his family worked very hard to earn a living. His father drove a rickshaw and often worked extra hours to support them. His mother stitched clothes for a living and also taught other women how to sew, so they could earn money too.

Even though they didn’t have much money, Jay’s parents always believed that education was important. They wanted him to study in an English-medium school, even when relatives made fun of them for spending money on it. They hoped a good education would give him better chances in life.

That decision made a big difference. Today, Jay is building a powerful AI platform from scratch, without taking any money from investors. He started small, but now he’s working to make AI tools easy and affordable for everyone, whether they are tech-savvy or not.

He is not doing it alone. A young and talented team is helping him bring this idea to life. People like Jash Jasani, Dev Patel, Deepali, and many others are part of the ActionAgents team. Together, they are working on building smart solutions that can help businesses and individuals with simple tasks using AI.

Their goal is to change how people use technology in daily work by making it easier, quicker, and more helpful. From a small beginning, they are now working towards a big vision: to shape the future of how people work with the help of AI.

Read more »
SaaS security
1Password Manager Businesses Privacy SaaS security

1Password Acquires Trelica to Strengthen SaaS Management and Security

 


1Password, the renowned password management platform, has announced its largest acquisition to date: Trelica, a UK-based SaaS (Software-as-a-Service) management company. While the financial details remain undisclosed, this strategic move aims to significantly enhance 1Password’s ability to help businesses better manage and secure their growing portfolio of applications.

In today’s rapidly evolving digital landscape, organizations are increasingly adopting numerous SaaS tools to streamline operations. However, this surge in digital adoption often leads to "SaaS sprawl," where companies lose oversight of active software tools, and "shadow IT," where employees use unauthorized apps without IT supervision. Both issues heighten security vulnerabilities and inflate operational costs.

1Password's Extended Access Management (EAM) platform already focuses on managing access to devices and applications. With Trelica’s advanced SaaS management capabilities, 1Password will be better equipped to tackle these growing challenges by offering a more comprehensive security solution.

What Trelica Brings to 1Password

Founded in 2018, Trelica specializes in simplifying SaaS application management. Its tools empower IT teams to streamline software oversight and bolster security. Key functionalities include:
  • Access Control: Automates granting and revoking employee access to apps during onboarding and offboarding, ensuring seamless transitions.
  • Shadow IT Detection: Identifies unauthorized or unmonitored apps in use, reducing potential security risks.
  • License Optimization: Monitors and manages unused licenses to minimize software costs.
  • Permission Oversight: Tracks user permissions when employees change roles to prevent over-permissioning.
By automating these processes, Trelica helps organizations save time, cut costs, and mitigate risks associated with unmanaged software use.

Integrating Trelica’s tools into 1Password’s platform will empower businesses to regain control over unauthorized applications, reclaim unused licenses, and enforce stronger security policies. This proactive approach ensures that software usage remains compliant and secure.

Jeff Shiner, CEO of 1Password, emphasized that while tools like single sign-on and mobile device management solve some issues, they don’t address all access management challenges. Trelica’s solution effectively bridges these gaps by streamlining user provisioning and license management, offering a more holistic security framework.

Trelica’s platform already integrates with over 300 widely used applications, including industry leaders like Google, Microsoft, Zoom, Salesforce, and Adobe. This wide compatibility allows businesses to centralize SaaS management, improving both productivity and security.

The acquisition positions 1Password as a leader in access and SaaS management, offering enterprises a unified solution to navigate the complexities of the digital age. As businesses increasingly depend on SaaS tools, maintaining security, efficiency, and organization becomes more critical than ever.

1Password’s acquisition of Trelica marks a significant step toward redefining SaaS security and management. By combining Trelica’s automation and oversight tools with 1Password’s robust security platform, businesses can expect a safer, more efficient digital environment. This partnership not only safeguards organizations but also paves the way for smarter, streamlined SaaS operations in a fast-paced digital world.
Read more »
UK
attacks Businesses Cyber Crime CyberCrime global cooperation guidance insurance Ransomware resilience Security UK

Global Effort Unites Against Ransomware: New Guidance to Strengthen Business Defenses

  

Ransomware attacks continue to pose significant challenges for businesses worldwide, with incidents on the rise. 

In response, the UK, along with 38 other nations and international cyber insurance organizations, has collaborated to release updated guidance aimed at supporting victims and enhancing resilience. This guidance advises against making immediate ransom payments, as recovery of data or malware removal is not guaranteed, and paying ransoms often encourages further criminal activity.

Instead, businesses are urged to create a comprehensive response plan, with policies and contingency measures in place. Organizations that fall victim to ransomware should report the incident to law enforcement and consult security professionals for expert guidance.

Ransomware has become a lucrative venture for cybercriminals, causing an estimated $1 billion in losses in 2023. By removing the incentive for criminals, these new policies aim to weaken the ransomware business model and reduce future attacks.

"International cooperation is crucial in fighting ransomware as cybercrime knows no borders," stated Security Minister Dan Jarvis. He emphasized that this collective effort will hit cybercriminals financially and better protect businesses in the UK and beyond.

The UK is taking a leading role, collaborating with three major insurance organizations—the Association of British Insurers, the British Insurance Brokers' Association, and the International Underwriting Association—to issue co-sponsored guidance. Meanwhile, the UK National Crime Agency has taken steps by sanctioning 16 individuals from the 'Evil Corp' cybercrime group, responsible for over $300 million in theft from critical infrastructure, healthcare, and government sectors.

Jonathon Ellison, Director for National Resilience at the NCSC, highlighted the urgency of addressing ransomware threats: "This guidance, backed by both international bodies and cyber insurance organizations, represents a united front in bolstering defenses and increasing cyber readiness."
Read more »
Technology
Artificial Intelligence Businesses Deep Fakes Financial Loss Scotland Technology

Why AI-Driven Cybercrime Could Be Your Business's Biggest Risk


 


The way technology keeps shifting its paradigm, the line between genuine interactions and digital deception is becoming increasingly difficult to distinguish. Today’s cybercriminals are leveraging the power of generative artificial intelligence (AI) to create more closely intricate and harder-to-detect threats. This new wave of AI-powered cybercrime represents a humongous challenge for organisations across the globe.

Generative AI, a technology known for producing lifelike text, images, and even voice imitations, is now being used to execute more convincing and elaborate cyberattacks. What used to be simple email scams and basic malware have developed into highly realistic phishing attempts and ransomware campaigns. Deepfake technology, which can fabricate videos and audio clips that appear genuine, is particularly alarming, as it allows attackers to impersonate real individuals with unprecedented accuracy. This capability, coupled with the availability of harmful AI tools on the dark web, has armed cybercriminals with the means to carry out highly effective and destructive attacks.

While AI offers numerous benefits for businesses, including efficiency and productivity, it also expands the scope of potential cyber threats. In regions like Scotland, where companies are increasingly adopting AI-driven tools, the risk of cyberattacks has grown considerably. A report from the World Economic Forum, in collaboration with Accenture, highlights that over half of business leaders believe cybercriminals will outpace defenders within the next two years. The rise in ransomware incidents—up 76% since late 2022— underlines the severity of the threat. One notable incident involved a finance executive in Hong Kong who lost $25 million after being deceived by a deep fake video call that appeared to be from his CFO.

Despite the dangers posed by generative AI, it also provides opportunities to bolster cybersecurity defences. By integrating AI into their security protocols, organisations can improve their ability to detect and respond to threats more swiftly. AI-driven algorithms can be utilised to automatically analyse code, offering insights that help predict and mitigate future cyberattacks. Moreover, incorporating deepfake detection technologies into communication platforms and monitoring systems can help organisations safeguard against these advanced forms of deception.

As companies continue to embrace AI technologies, they must prioritise security alongside innovation. Conducting thorough risk assessments before implementing new technologies is crucial to ensure they do not inadvertently increase vulnerabilities. Additionally, organisations should focus on consolidating their technological resources, opting for trusted tools that offer robust protection. Establishing clear policies and procedures to integrate AI security measures into governance frameworks is essential, especially when considering regulations like the EU AI Act. Regular training for employees on cybersecurity practices is also vital to address potential weaknesses and ensure that security protocols are consistently followed.

The rapid evolution of generative AI is reshaping the course of cybersecurity, requiring defenders to continuously adapt to stay ahead of increasingly sophisticated cybercriminals. For businesses, particularly those in Scotland and beyond, the role of cybersecurity professionals is becoming increasingly critical. These experts must develop new skills and strategies to defend against AI-driven threats. As we move forward in this digital age, the importance of cybersecurity education across all sectors cannot be overstated— it is essential to safeguarding our economic future and maintaining stability in a world where AI is taking the steering wheel.


Read more »
Ransomware
Businesses Data Breach data security Japan Kadokawa Group Ransomware

Kadokawa Group Hit by Major Ransomware Attack


 

Kadokawa Group, the parent company of renowned game developer FromSoftware, has fallen victim to a gruesome ransomware attack. The Japanese conglomerate, known for its diverse involvement in book publishing, the video-sharing service Niconico, and various other media enterprises, revealed the breach on Thursday. While the extent of the damage is still being assessed, the company is actively investigating potential information leaks and their impact on its business operations for the upcoming year.

The cyberattack, which occurred on Saturday, June 8, targeted the servers located in Kadokawa Group’s data centre. Niconico and its related services were the primary targets of this attack. Kadokawa Group stated that they are working on solutions and workarounds on a company-wide basis to restore normalcy to their systems and business activities. Despite the attack, Kadokawa assured that they do not store credit card information in their systems, which provides some relief regarding financial data security.

FromSoftware, the acclaimed studio behind hits like Dark Souls and Elden Ring, has not been specifically mentioned in Kadokawa’s disclosure about the affected businesses. This leaves some uncertainty about whether FromSoftware’s data and systems were compromised. However, Kadokawa’s broad approach to addressing the issue suggests a company-wide effort to mitigate any potential damage.

This incident is not an isolated one in the gaming industry. FromSoftware’s publishing partner, Bandai Namco, experienced a ransomware attack in 2022. Other prominent gaming companies, including Capcom, CD Projekt Red, and Insomniac Games, have also faced similar breaches. Notably, Rockstar Games suffered a major data breach in 2022, which resulted in the leak of an in-development build of Grand Theft Auto VI. In response, Rockstar took measures to enhance security, including limiting remote work.

Kadokawa Group is expected to provide further updates on the ransomware attack and the status of their systems in July. The company’s ongoing efforts to investigate and resolve the issue are crucial in determining the full impact of the breach.

While FromSoftware’s next project remains a mystery, fans eagerly anticipate the possibility of a Bloodborne sequel. Despite the current uncertainties surrounding the ransomware attack, the gaming community continues to look forward to future announcements from the esteemed game studio.

Kadokawa Group’s handling of this cyberattack will be closely watched as it unfolds, with implications for both their media operations and the wider industry’s approach to cybersecurity.


Read more »
Subscribe to: Posts (Atom)