Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Security. Show all posts
Network Security
AI cybersecurity AI cybersecurity tools AI technology AI tools Cloud Security Cyber Defenses Cyber Security Endpoint IAM Machine learning Network Security

AI in Cybersecurity Market Sees Rapid Growth as Network Security Leads 2024 Expansion

 

The integration of artificial intelligence into cybersecurity solutions has accelerated dramatically, driving the global market to an estimated value of $32.5 billion in 2024. This surge—an annual growth rate of 23%—reflects organizations’ urgent need to defend against increasingly sophisticated cyber threats. Traditional, signature-based defenses are no longer sufficient; today’s adversaries employ polymorphic malware, fileless attacks, and automated intrusion tools that can evade static rule sets. AI’s ability to learn patterns, detect anomalies in real time, and respond autonomously has become indispensable. 

Among AI-driven cybersecurity segments, network security saw the most significant expansion last year, accounting for nearly 40% of total AI security revenues. AI-enhanced intrusion prevention systems and next-generation firewalls leverage machine learning models to inspect vast streams of traffic, distinguishing malicious behavior from legitimate activity. These solutions can automatically quarantine suspicious connections, adapt to novel malware variants, and provide security teams with prioritized alerts—reducing mean time to detection from days to mere minutes. As more enterprises adopt zero-trust architectures, AI’s role in continuously verifying device and user behavior on the network has become a cornerstone of modern defensive strategies. 

Endpoint security followed closely, representing roughly 25% of the AI cybersecurity market in 2024. AI-powered endpoint detection and response (EDR) platforms monitor processes, memory activity, and system calls on workstations and servers. By correlating telemetry across thousands of devices, these platforms can identify subtle indicators of compromise—such as unusual parent‑child process relationships or command‑line flags—before attackers achieve persistence. The rise of remote work has only heightened demand: with employees connecting from diverse locations and personal devices, AI’s context-aware threat hunting capabilities help maintain comprehensive visibility across decentralized environments. 

Identity and access management (IAM) solutions incorporating AI now capture about 20% of the market. Behavioral analytics engines analyze login patterns, device characteristics, and geolocation data to detect risky authentication attempts. Rather than relying solely on static multi‑factor prompts, adaptive authentication methods adjust challenge levels based on real‑time risk scores, blocking illicit logins while minimizing friction for legitimate users. This dynamic approach addresses credential stuffing and account takeover attacks, which accounted for over 30% of cyber incidents in 2024. Cloud security, covering roughly 15% of the AI cybersecurity spend, is another high‑growth area. 

With workloads distributed across public, private, and hybrid clouds, AI-driven cloud security posture management (CSPM) tools continuously scan configurations and user activities for misconfigurations, vulnerable APIs, and data‑exfiltration attempts. Automated remediation workflows can instantly correct risky settings, enforce encryption policies, and isolate compromised workloads—ensuring compliance with evolving regulations such as GDPR and CCPA. 

Looking ahead, analysts predict the AI in cybersecurity market will exceed $60 billion by 2028, as vendors integrate generative AI for automated playbook creation and incident response orchestration. Organizations that invest in AI‑powered defenses will gain a competitive edge, enabling proactive threat hunting and resilient operations against a backdrop of escalating cyber‑threat complexity.
Read more »
Sensitive data
Cloud Security Cyber Attacks Data Theft Employee Training enterprise cybersecurity fake ads Malicious Ads ransomware attacks Ransomwares Sensitive data

Employee Monitoring Tool Kickidler Targeted in Ransomware Attacks

 

Cybersecurity researchers have discovered that cybercriminals are misusing a legitimate employee monitoring tool called Kickidler to execute targeted ransomware attacks. Originally developed to help businesses track productivity and ensure compliance, Kickidler offers features like real-time screen monitoring, keystroke logging, and activity tracking—functionalities that have now become attractive tools for threat actors. Security firms Varonis and Synacktiv have reported observing these attacks actively taking place. 

The attack campaign begins with malicious advertisements placed on the Google Ads network. These ads are cleverly designed to trick users searching for a legitimate utility called RVTools—a free Windows application used to connect to VMware vCenter or ESXi environments. Victims are lured into downloading a trojanized version of RVTools, which secretly installs a backdoor named SMOKEDHAM. Once SMOKEDHAM gains access to the system, attackers use it to deploy Kickidler, with a focus on targeting enterprise administrators. 

By infiltrating admin machines, the attackers can monitor keystrokes and capture sensitive data, such as credentials for off-site backups or cloud platforms. This method allows them to bypass more secure authentication systems that are often separated from Windows domains, a common defense strategy in many organizations. According to the researchers, the ransomware groups Qilin and Hunters International have been leveraging this approach to expand their reach within enterprise networks. 

These groups appear to be focusing on cloud backup systems and VMware ESXi infrastructure. Hunters International, in particular, was observed using VMware PowerCLI and WinSCP Automation tools to enable SSH access, deploy ransomware, and execute it on ESXi servers. Their payloads encrypted VMDK virtual hard disks, disrupting operations and access to virtual environments. 

One of the most concerning aspects of this campaign is how stealthily it operates. By capturing data directly from administrators’ screens and inputs, the attackers avoid using higher-risk tactics like memory dumps or privilege escalation, which are more likely to be flagged by security systems. The misuse of Kickidler demonstrates a growing trend of cybercriminals weaponizing legitimate enterprise tools to bypass traditional defenses and maintain stealth within targeted networks. 

These attacks highlight the need for increased vigilance around software downloads, especially from third-party sources, and reinforce the importance of strong endpoint protection, regular software audits, and employee awareness training. 

As cyberattacks grow more sophisticated, defenders must adapt by tightening controls, decoupling critical system access from everyday credentials, and monitoring for unusual activity—even from tools considered safe.
Read more »
Technology
Cloud Security Cryptojacking Cybersecurity Threats Google Cloud MFA Raccoon Stealer Ransomware Technology

TRIPLESTRENGTH Targets Cloud for Cryptojacking, On-Premises Systems for Ransomware Attacks

 

Google unveiled a financially driven threat actor, TRIPLESTRENGTH, targeting cloud environments for cryptojacking and on-premise ransomware operations.

"This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," Google Cloud noted in its 11th Threat Horizons Report.

TRIPLESTRENGTH employs a three-pronged attack strategy: unauthorized cryptocurrency mining, ransomware deployment, and offering cloud platform access—spanning services like Google Cloud, AWS, Azure, Linode, OVHCloud, and Digital Ocean—to other attackers. The group's primary entry methods involve stolen credentials and cookies, often sourced from Raccoon Stealer logs. Compromised environments are used to create compute resources for mining cryptocurrency using tools like the unMiner application and the unMineable mining pool, optimized for both CPU and GPU algorithms.

Interestingly, TRIPLESTRENGTH has concentrated its ransomware efforts on on-premises systems, deploying lockers such as Phobos, RCRU64, and LokiLocker.

"In Telegram channels focused on hacking, actors linked to TRIPLESTRENGTH have posted advertisements for RCRU64 ransomware-as-a-service and also solicited partners to collaborate in ransomware and blackmail operations," Google Cloud disclosed.

One notable incident in May 2024 involved initial access through Remote Desktop Protocol (RDP), followed by lateral movement and antivirus evasion to execute ransomware across several systems. TRIPLESTRENGTH also regularly advertises access to compromised servers on Telegram, targeting hosting providers and cloud platforms.

To counteract such threats, Google has introduced multi-factor authentication (MFA) and improved logging for detecting sensitive billing actions.

"A single stolen credential can initiate a chain reaction, granting attackers access to applications and data, both on-premises and in the cloud," Google warned. 

"This access can be further exploited to compromise infrastructure through remote access services, manipulate MFA, and establish a trusted presence for subsequent social engineering attacks."
Read more »
Threat actors
beIN Sports Cloud Security Cyber Attacks data analysis FFmpeg Hackers Jupyter Notebooks live streaming sports piracy stream ripping Threat actors

Hackers Exploit Jupyter Notebooks for Sports Piracy Through Stream Ripping Tools

 

Malicious hackers are taking advantage of misconfigured JupyterLab and Jupyter Notebooks to facilitate sports piracy through live stream capture tools, according to a report by Aqua Security shared with The Hacker News.

The attack involves hijacking unauthenticated Jupyter Notebooks to gain initial access and execute a series of steps aimed at illegally streaming sports events. This activity was uncovered during an investigation into attacks on Aqua's honeypots.

"First, the attacker updated the server, then downloaded the tool FFmpeg," explained Assaf Morag, director of threat intelligence at Aqua Security. "This action alone is not a strong enough indicator for security tools to flag malicious activity."

Morag noted that the attackers then executed FFmpeg to capture live sports streams, redirecting them to their server. The campaign’s ultimate objective is to download FFmpeg from MediaFire, capture live feeds from Qatari network beIN Sports, and rebroadcast the content illegally via ustream[.]tv. This tactic allows the attackers to misuse compromised Jupyter Notebook servers as intermediaries while profiting from advertising revenues linked to the unauthorized streams.

Although the identity of the hackers remains unclear, one of the IP addresses used (41.200.191[.]23) suggests they may originate from an Arabic-speaking region.

"However, it's crucial to remember that the attackers gained access to a server intended for data analysis, which could have serious consequences for any organization's operations," Morag added.

He warned that the risks extend beyond piracy, potentially leading to denial-of-service attacks, data manipulation, theft, corruption of AI and ML processes, lateral movement within critical systems, and severe financial and reputational harm.
Read more »
PwC
Cloud Security Cyber Security Cyber Security Threats Cyberattacks CyberCrime Cyberhackers CyberThreat Firewalls PwC

Cloud Security Challenges Catch Executives Off Guard

 


It is no secret that cloud computing is efficient and scalable, however, they do come with a price tag. Many top executives are concerned about specific security threats faced by cloud environments, and these are also the ones they are least prepared to deal with, as these are the risk areas that top executives are most concerned about. 

A new report by PwC, released today, indicates that cloud threats are the highest security concern for the majority of business leaders surveyed (42 per cent) said they feel threatened by cloud threats. In response to the PwC survey, a total of 4,020 respondents were surveyed. Of those surveyed, 38 per cent cited hacking and leak operations, 35 per cent named third-party breaches, 33 per cent cited attacks on connected products, and 27 per cent cited ransomware. 

There is an extensive array of policies, technologies, applications, and controls that are part of cloud computing security and are designed to safeguard applications, services, and the underlying cloud infrastructure when using cloud computing.  In the cloud, a system's security is only as strong as its weakest link, which means that to ensure data and applications are protected from all angles, multiple technologies need to work together to offer an effective system of protection.

In such instances, firewalls, identity management, network segmentation, and encryption are all common solutions that are included as part of this process. It is predicted that businesses will face a security issue as a bigger threat in 2024 and that cybercriminals will not operate selectively with their targets. In the absence of any precautionary measures, the following threats are the most likely to cause harm to users' organization, making them the most important threat to avoid or mitigate.

As it might come as a surprise, all of the threats listed in executives' top five most concerning reasons are also among the threats organizations believe are least prepared to address, though not exactly in the order in which they would like them to be addressed. The number of cloud-based attacks is the highest, and people are least prepared for them (42/34 per cent), whereas attacks on connected products are ranked second (31 per cent) in terms of defence preparedness with regards to cloud-based attacks.

It is a little surprising that third-party breaches followed just behind (28 per cent), while executives felt equally unprepared to deal with hacks-and-leak operations, as well as ransomware, which ranked 25 per cent of the time as the least prepared. "Although the cybersecurity landscape continues to evolve, organizations are still grappling with increasing instability and ambiguity when it comes to threats." reads the report, which was released before publication, but was previously available as a preview. 

"The increasing reliance on cloud, artificial intelligence, connected devices, and third parties means that enterprises must be agile and take a comprehensive approach to resilience. To maintain security and continuity of business, organizations need to align their priorities and readiness." There was a surprising finding by PwC in terms of business leaders who have a regulatory or legal requirement to improve security, and they do so in fact. 

Indeed, 96 per cent of organizations reported that regulations prompted them to improve their security, while 78 per cent of those organizations reported that the same regulations prompted them to change how they managed their security. With the advent of new regulations such as the Data Protection Act, the Cyber Resilience Act, and the NIS2 Directive - whose compliance deadline is in a few weeks in the process - organizations will have to meet more obligations when it comes to cybersecurity in addition to existing regulations such as GDPR. 

As a result, organizations that adopt regulations tend to have stronger security frameworks and will be better positioned to deal with emerging threats, according to a new PwC report. Unlike most compliance programs, compliance isn't just about checking boxes, but about building long-term resilience and trust with stakeholders rather than about spending time ticking them off." In addition to the new regulations, these regulations have also led to an increase in cybersecurity investments. In terms of cyber investments, roughly a third (32 per cent) of companies reported a "large" increase in the past 12 months compared to the year before. 

The percentage of people who said investment increased to a "moderate extent" was much greater than the percentage of people who said the investment increased significantly. A report published by the American Institute of CIOs notes that as regulations continue to modify the cybersecurity landscape, executives across the entire C-suite need to be aware of compliance issues and take advantage of regulations as a catalyst for innovation.  

As a result, integrity management teams, risk functions, and executive management teams must coordinate their efforts to advance compliance readiness and drive strategic improvements. As a cloud computing device, cloud computing will maintain its x-factor when it comes to affordability, scalability, and flexibility over the years, no matter what industry the person is in.  

There is no doubt that cloud computing will continue to grow in popularity, but it introduces new obstacles to security in the future.  Several methods are recommended to ensure users' cloud's security, including multi-factor authentication (MFA), end-to-end encryption, strong passwords, application controls, malware prevention, continuous monitoring, and testing. Sprinto is a company that specializes in solving problems like these.

In Sprinto, there is an integrated GRC software that can be used along with any cloud service users already have in place to give them a complete GRC solution. Sprinto is a company that is strong on safety, which is one of the reasons that it believes continuous compliance is closely related to security. The company's multi-cloud security features provide proof that Sprinto holds this belief to be true. 

It is their job to keep an eye on users' technology stacks around the clock to protect them against cyber threats, whether that be if they manage a complex cloud setup or just one cloud environment in the cloud. It is Sprinto's continuous monitoring and automated checks that enable users to manage security risks most efficiently and effectively, thereby always protecting their business data and applications.
Read more »
Misconfiguration
API security cloud compliance Cloud Computing Cloud Migration Cloud Security Cyber Security Cybersecurity data security IAM Misconfiguration

Cloud Security Report Highlights Misconfiguration and IAM as Top Threats

Traditional cloud security issues once associated with service providers are declining in significance, as per the Cloud Security Alliance's 2024 Top Threats report,  However, new challenges persist.


Misconfigurations, weak identity and access management (IAM), and insecure application programming interfaces (APIs) continue to pose the most significant risks to cloud environments. These issues have held top rankings for several years, indicating their persistent nature and the industry's ongoing focus on addressing them.

Other critical concerns include inadequate cloud security strategies, vulnerabilities in third-party resources and software development, accidental data leaks, and system weaknesses. While threats like denial of service and shared technology vulnerabilities have diminished in impact, the report highlights the growing sophistication of attacks, including the use of artificial intelligence.

The cloud security landscape is also influenced by increasing supply chain risks, evolving regulations, and the rise of ransomware-as-a-service (RaaS). Organizations must adapt their security practices to address these challenges and protect their cloud environments.

The report's findings are based on a comprehensive survey of cybersecurity professionals, emphasizing the importance of these issues within the industry.
 
Key Takeaways:
* Misconfigurations, IAM, and API security remain top cloud security concerns.
* Attacks are becoming more sophisticated, requiring proactive security measures.
* Supply chain risks, regulatory changes, and ransomware pose additional threats.
* Organizations must prioritize cloud security to mitigate financial and reputational risks. 

Read more »
Vulnerabilities and Exploits
artificial intelligence (AI) and machine learning (ML) Cloud Security Cloud technology Data Security Vulnerabilities and Exploits

Cloud Security Challenges Extend Beyond Technology


 

As cloud technologies become integral to business operations, organisations face not only opportunities but also pertaining challenges. The widespread use of cloud services has created a complex environment involving multiple providers and regions, each with its own regulations and standards. This complexity has led to various security issues, including fragmented environments, access control challenges, API vulnerabilities, interoperability issues, and difficult monitoring practices. These challenges can result in gaps in security and inconsistencies in data protection, which have caused numerous IT security incidents over the years.

Case Study: Multi-Cloud and Hybrid Cloud Strategies

In observed situations, transitioning to cloud environments can reveal these vulnerabilities. One such case involved a multinational financial services company that adopted multi-cloud and hybrid cloud strategies. They used a public cloud for advanced risk modelling and a private on-premises cloud for storing sensitive financial data to meet regulatory requirements. However, this approach led to inconsistent security measures due to the differing technologies and security services in use. During an audit, we discovered that sensitive financial data had been exposed because of access control misconfigurations on the public cloud.

Several factors contributed to the breach. The diverse and complex cloud environment allowed extensive access through API calls and other technologies. Additionally, the organisation lacked the specialised skills needed to maintain high-level security across all environments. The breach questioned the integrity of the risk model and posed a severe reputational risk to the company.

To address these challenges, organisations should consider using specific toolsets that provide visibility across diverse cloud deployments. Managed Detection and Response (MDR) solutions, along with a 24x7 Security Operations Centre (SOC), can centralise data from various sources and technologies. This centralization helps improve response times, reduce alert fatigue, and improve the organisation’s visibility and understanding of its environment.

The Importance of Security Culture

Optimising tools and skills is not enough; a proper security culture within the organisation is crucial. Management must prioritise security and risk as key drivers of organisational culture, influencing decisions and processes. Effective governance structures for data, security, compliance, and risk management should be established and integrated into everyday practices. Basic systems like incident response and resilience programs should be well-communicated, and identity and access management practices must be rigorously maintained.

As cloud environments grow more complex with advancements in AI and machine learning, the security challenges will intensify. The dynamic nature of cloud environments, characterised by continuous resource changes, requires advanced security solutions capable of adapting to these shifts. Ensuring consistent security policies across diverse cloud platforms is a humongous challenge that necessitates robust and flexible security strategies.

By addressing these challenges, organisations can improve their security posture, reduce the complexity of technology implementations, and mitigate associated risks. This approach not only enhances security but also supports the achievement of primary business goals, making cloud environments a reliable and secure foundation for business operations.


Read more »
Phishing Attacks
Amazon Cloud Security Cyber Security Google Phishing Attacks

Beware: Cybercriminals Exploit Cloud Storage for SMS Phishing Attacks

Beware: Cybercriminals Exploit Cloud Storage for SMS Phishing Attacks

Security researchers discovered several illicit campaigns that use cloud storage systems like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. Unnamed threat actors are behind these attacks, which try to divert customers to malicious websites to steal their information via SMS messages.

Campaign details

The campaigns involve exploiting cloud storage platforms such as Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. Unnamed threat actors are behind these campaigns. Their primary goal is to redirect users to malicious websites using SMS messages.

Attack objectives

Bypassing Network Firewalls: First, they want to ensure that scam text messages reach mobile handsets without being detected by network firewalls. Second, they attempt to persuade end users that the communications or links they receive are legitimate. 

Building Trust: They aim to convince end users that the messages or links they receive are trustworthy. By using cloud storage systems to host static websites with embedded spam URLs, attackers can make their messages appear authentic while avoiding typical security safeguards.

Cloud storage services enable enterprises to store and manage files and host static websites by storing website components in storage buckets. Cybercriminals have used this capacity to inject spam URLs into static websites hosted on these platforms. 

Technique

They send URLs referring to these cloud storage sites by SMS, which frequently avoids firewall limitations due to the apparent authenticity of well-known cloud domains. Users who click on these links are unknowingly sent to dangerous websites.

Execution

For example, attackers utilized the Google Cloud Storage domain "storage.googleapis.com" to generate URLs that lead to spam sites. The static webpage housed in a Google Cloud bucket uses HTML meta-refresh techniques to route readers to fraud sites right away. This strategy enables fraudsters to lead customers to fraudulent websites that frequently replicate real offerings, such as gift card promotions, to obtain personal and financial information.

Enea has also detected similar approaches with other cloud storage platforms like Amazon Web (AWS) and IBM Cloud, in which URLs in SMS messages redirect to static websites hosting spam.

Defense recommendations

To protect against such risks, Enea advised monitoring traffic activity, checking URLs, and being cautious of unexpected communications including links.

Read more »
Subscribe to: Posts (Atom)