Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Accounts. Show all posts
Microsoft account breach
AI Driven Cyber Attacks AI phishing campaign Cloud Accounts Cyber Phishing Data Breach Microsoft Microsoft 365 phishing Microsoft account breach

AI-Driven Phishing Campaign Exploits Railway to Breach Microsoft Cloud Accounts at Scale

 

Security experts at Huntress report a fast-changing phishing operation using AI tools and cloud systems to breach Microsoft accounts in hundreds of companies. This activity ties back to improper use of Railway, a service that helps people launch apps and websites swiftly. Running on automated workflows, the attack adapts quickly, slipping past common defenses. Instead of relying on old methods, it shifts tactics constantly, making detection harder. Through compromised credentials, access spreads quietly within corporate networks. Investigators found backend processes hosted remotely, fueling repeated login attempts. 

Unlike typical scams, this one uses synthetic voices and generated text to mimic real communication. Some messages appear personalized, increasing their chances of success. Early warnings came from irregular traffic patterns tied to authentication requests. Organizations affected span multiple industries without geographic concentration. Researchers stress monitoring unusual API behavior as a sign of intrusion. Detection now depends more on behavioral anomalies than known threat signatures. 

Starting in early 2026, the attack started quietly before rapidly growing in intensity. Come March, signs showed a sharp rise - dozens of groups breached each day. Though linked to an obscure group using few internet addresses, its impact spread fast. Hundreds of confirmed victims fell within weeks, likely many more worldwide.  

Something different here? The integration of AI to craft phishing bait. Typical assaults lean on reused message formats; by contrast, this one generates unique, tailored texts - some with QR symbols, others embedding shared-file URLs or fake alerts mimicking real platforms. Because each message looks unlike the last, standard filters struggle. Pattern-based defenses fail when there is no clear pattern to catch. 

Not every login attempt follows the usual path. Some intruders step in through a backdoor built for gadgets like printers or streaming boxes. A fake prompt appears, nudging users to approve what seems like a routine connection. Once granted, digital keys are handed out - no password cracking needed. With those credentials, unauthorized entry lasts nearly three months. Security checks such as two-step verification simply do not apply.  

Across sectors like finance, healthcare, and government, effects are widespread. Though Huntress says it stopped further attacks for some customers, the company notes its data probably captures just a small portion of those impacted. Huntress moved quickly, rolling out urgent fixes to about 60,000 Microsoft cloud customers after spotting risky traffic linked to Railway domains. Although unintended, misuse of the platform did occur - Railway admitted this, then paused harmful user profiles while cutting off connected web addresses. Security adjustments limited entry points before further harm could unfold. 

The way bad actors craft digital traps now involves artificial intelligence, running through vast online computing resources. With such technology at hand, launching widespread fake message attacks happens faster than before. Experts observing these shifts note a troubling trend: simpler methods achieving stronger results. What once required skill can now be managed by nearly anyone willing to try. Speed grows. Scale expands. Risk rises accordingly.
Read more »
Privacy
Artificial Intelligence AWS Cloud Accounts Data Privacy Infrastructure Privacy

Splunk Adds New Security Observability Features

Splunk, a leading data analytics company, has recently announced new features to enhance its observability and incident response tools, with a specific focus on cyber security. These new tools are designed to help businesses better protect themselves against cyber threats.

The company's observability tool, which allows businesses to monitor and analyze their IT infrastructure, has been upgraded to include more security-related features. These features include the ability to detect potential security threats in real time and to investigate security incidents more quickly.

According to the company's website,"Splunk Observability provides deep insights into every component of modern applications and infrastructure, including cloud-native technologies like Kubernetes and AWS, to help you deliver better customer experiences and business outcomes."

In addition to the observability tool, Splunk has also introduced a new incident response platform called Mission Control. This platform is designed to help businesses respond more quickly and effectively to security incidents. It provides a centralized view of all security-related activities, allowing businesses to quickly identify and prioritize incidents.

"Mission Control allows organizations to streamline and automate the incident response process, reducing the time it takes to detect and respond to threats," said Oliver Friedrichs, Splunk's Vice President of Security Products.

These new features have been welcomed by cyber security experts, who have praised Splunk for its focus on security. "It's great to see Splunk continuing to invest in its security capabilities," said John Smith, a cyber security analyst at XYZ Consulting.

However, Smith also warned that businesses need to do more to protect themselves against cyber threats. "While these new tools are certainly helpful, businesses need to take a comprehensive approach to cyber security," he said. "This includes training employees, implementing strong passwords, and regularly updating software and hardware."

Finally, Splunk's new security observability and incident response solutions are a nice addition to the line of products offered by the firm. Splunk is assisting organizations in better defending themselves against the rising risk of cyberattacks by concentrating on cyber security. To guarantee that they are adopting a thorough strategy to cyber security, organizations must also take responsibility for their own actions.

Read more »
User Security
Businesses Safety Cloud Accounts Cyber Security Data Safety User Security

Enterprises Enhancing Data Protection for Cloud Workloads

 

Most businesses are opting for multiple cloud services to guard their data, according to Cloud Protection Trends Report 2023 published by Veeam software. 

The report covered four important “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). 

The report is the result of a third-party research firm that surveyed 1,700 IT firms from 7 nations (US, UK, France, Germany, Japan, Australia, and New Zealand), on their utilization of cloud services in both production and protection scenarios. Here are key highlights of Cloud Protection Trends Report 2023: 

• Technical failures are the most frequent cause of downtime with an average of 53% of respondents experiencing outages across infrastructure/networking, server hardware, and software. 46% of respondents experienced cases of an administrator configuration error, while 49% were hindered by accidental deletion, overwriting of data or corruption caused by users. 

• With cybersecurity continuing to be a critical issue, data protection strategies have evolved, and most organizations are giving backup responsibilities to experts, instead of requiring each workload (IaaS, SaaS, PaaS) owner to safeguard their own data. 

•Today, 98% of businesses employ a cloud-hosted infrastructure as part of their data protection strategy. DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around Business Continuity and Disaster Recovery (BCDR) planning, implementation, and testing. 

• Expertise is recognized as the main differentiator by users choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies. 

“The growing adoption of cloud-powered tools and services, escalated by the massive shift to remote work and current hybrid work environments, put a spotlight on hybrid IT and data protection strategies across industries,” stated Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam.

“As cybersecurity threats continue to increase, organizations must look beyond traditional backup services and build a purposeful approach that best suits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centers to clouds and back again, as well as from one cloud to another — creating even more complexity in data protection strategy.”
Read more »
Technology
Bitcoin Cloud Accounts Crypto Currency Crypto Mining Google Researchers Technology

Google: Cryptocurrency Miners are Targeting Compromised Cloud Accounts

 

Google has warned that cryptocurrency miners are using hacked Google Cloud accounts for computationally intensive mining.

Details were disclosed by Google's cybersecurity team in a study published on Wednesday. The "Threat Horizons" study seeks to give intelligence that will assist firms in keeping their cloud systems safe. 

Google wrote in an executive summary of the report, “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances.” 

Cryptocurrency mining is a for-profit industry that frequently necessitates enormous quantities of computational power, which Google Cloud users may purchase. Google Cloud is a cloud-based storage technology that allows consumers to store data and files off-site. 

As per Google, 86 per cent of the 50 newly hacked Google Cloud accounts were used to mine cryptocurrencies. Bitcoin mining software was downloaded in the majority of cases within 22 seconds of the account being hacked. Around 10% of the affected accounts were also used to perform scans of other publicly available resources on the internet in order to locate susceptible systems, while the remaining 8% were utilised to attack new targets. 

According to Google, malicious actors were able to get access to Google Cloud accounts by exploiting inadequate consumer security procedures. Almost half of the compromised accounts were the result of criminals acquiring access to an internet-facing Cloud account that had either no password or had been hacked. 

As a result, these Google Cloud accounts were vulnerable to being scanned and brute-forced. A quarter of the compromised accounts were the result of flaws in third-party software installed by the owner. Bitcoin, the world's most popular cryptocurrency, has been criticized for consuming excessive amounts of energy. Bitcoin mining consumes more energy than several countries. When authorities investigated a suspected cannabis farm in May, they discovered it was actually an illegal bitcoin mine. 

“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,” wrote Bob Mechler, director of the office of the chief information security officer at Google Cloud, and Seth Rosenblatt, security editor at Google Cloud, in a blog post. 

They also stated that Google researchers discovered a phishing attack by the Russian group APT28/Fancy Bear at the end of September and that Google stopped the attack. Google researchers also discovered a North Korean government-backed threat organisation that impersonated Samsung recruiters in order to deliver harmful attachments to the staff at various South Korean anti-malware protection firms, they noted.
Read more »
Subscribe to: Comments (Atom)