Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud systems. Show all posts
India
AI AI tools API Cloud systems Cyber Security data security Digital Platform India

India’s Cybersecurity Workforce Struggles to Keep Pace as AI and Cloud Systems Expand

 



India’s fast-growing digital economy is creating an urgent demand for cybersecurity professionals, but companies across the country are finding it increasingly difficult to hire people with the technical expertise required to secure modern systems.

A new study released by the Data Security Council of India and SANS Institute found that businesses are facing a serious shortage of skilled cybersecurity workers as technologies such as artificial intelligence, cloud computing, and API-driven infrastructure become more deeply integrated into daily operations.

According to the Indian Cyber Security Skilling Landscape Report 2025–26, nearly 73 per cent of enterprises and 68 per cent of service providers said there is a limited supply of qualified cybersecurity professionals in the country. The report suggests that organisations are struggling to build teams capable of handling increasingly advanced cyber risks at a time when companies are rapidly digitising services, storing more information online, and adopting AI-powered tools.

The hiring process itself is also becoming slower. Around 84 per cent of organisations surveyed said cybersecurity positions often remain vacant for one to six months before suitable candidates are found. This delay reflects a growing mismatch between industry expectations and the skills available in the job market.

Researchers noted that many applicants entering the cybersecurity workforce lack practical exposure to real-world security environments. Around 63 per cent of enterprises and 59 per cent of service providers said candidates often do not possess sufficient hands-on technical experience. Employers are no longer only looking for basic security knowledge. Companies increasingly require professionals who understand multiple areas at once, including cloud infrastructure, application security, digital identity systems, and access management technologies. Nearly 58 per cent of enterprises and 60 per cent of providers admitted they are struggling to find candidates with this type of cross-functional expertise.

The report connects this shortage to the changing structure of enterprise technology systems. Many organisations are moving away from traditional on-premise setups and shifting toward cloud-native environments, interconnected APIs, and AI-supported operations. As businesses automate more routine tasks, demand is gradually moving away from entry-level operational positions and toward specialised cybersecurity roles that require analytical thinking, threat detection capabilities, and advanced technical decision-making.

Artificial intelligence is now becoming one of the largest drivers of cybersecurity hiring demand. Around 83 per cent of organisations surveyed described AI and generative AI security skills as essential for future operations, while 78 per cent reported strong demand for AI security engineers. The findings also show that nearly 62 per cent of enterprises are already running active AI or generative AI projects, which experts say can create additional security risks if systems are not properly monitored and protected.

As companies deploy AI systems, the attack surface for cybercriminals also expands. Security teams are now expected to defend AI models, protect sensitive datasets, monitor automated systems for manipulation, and secure APIs connecting multiple digital services. Industry experts have repeatedly warned that many organisations are adopting AI tools faster than they are building security frameworks around them.

Some cybersecurity positions remain especially difficult to fill. The report found that almost half of service providers and nearly 40 per cent of enterprises are struggling to recruit security architects, professionals responsible for designing secure digital infrastructure and long-term defence strategies. Demand is also increasing for specialists in operational technology and industrial control system security, commonly known as OT/ICS security. These professionals help protect critical infrastructure such as manufacturing facilities, power systems, transportation networks, and industrial operations from cyberattacks.

At the same time, companies are facing growing retention problems. Around 70 per cent of service providers and 42 per cent of enterprises said employees are frequently leaving for competitors offering better salaries and career opportunities. Limited access to advanced training and upskilling programs is also contributing to workforce attrition across the sector.

The findings point to a larger issue facing the cybersecurity industry globally: technology is evolving faster than workforce development. Experts believe companies, educational institutions, and training organisations may need to work more closely together to create industry-focused learning pathways that prepare professionals for modern cyber threats instead of relying heavily on theoretical instruction alone.

With India continuing to expand digital public infrastructure, cloud adoption, fintech services, AI development, and connected industrial systems, cybersecurity professionals are expected to play a central role in protecting sensitive information, maintaining operational stability, and preserving trust in digital platforms.

Read more »
Vishing
Cloud systems Credentials Stolen Cyber Attacks Extortion Fake Login phishing saaS Vishing

Hackers Target Cloud Apps Using Phone Scams and Login Tricks



Cybersecurity researchers have identified two threat groups that are executing fast-moving attacks almost entirely within software-as-a-service environments, allowing them to operate with very little visible trace of intrusion.

The groups, tracked as Cordial Spider and Snarky Spider, are also known by multiple alternate identifiers across different security vendors. Investigations show that both groups are involved in high-speed data theft followed by extortion attempts, and their methods show a strong overlap in how operations are carried out. Analysts assess that these groups have been active since at least October 2025. One of them is believed to be composed of native English speakers and is linked to a cybercrime network widely referred to as “The Com.”

According to findings from CrowdStrike, these attackers primarily rely on voice phishing, also known as vishing, to initiate their intrusions. In these cases, individuals are contacted and guided toward fraudulent login pages that are designed to imitate single sign-on systems. These pages act as adversary-in-the-middle setups, meaning they intercept and capture authentication data, including login credentials and session details, as the victim enters them. Once this information is obtained, attackers immediately use it to access SaaS applications that are connected through single sign-on integrations.

Researchers explain that the attackers deliberately operate within trusted SaaS platforms to avoid raising suspicion. Because their activity takes place inside legitimate services already used by organizations, their presence generates fewer detectable signals. This allows them to move quickly from initial compromise to data access. The combination of speed, targeted execution, and reliance on SaaS-only environments makes it harder for defenders to monitor and respond effectively.

Earlier research published in January 2026 by Mandiant revealed that these attack patterns represent a continuation of tactics seen in extortion-focused campaigns linked to the ShinyHunters group. These operations involve impersonating IT staff during phone calls to build trust with victims, then directing them to phishing pages in order to collect both login credentials and multi-factor authentication codes.

More recent analysis from Palo Alto Networks Unit 42 and the Retail & Hospitality ISAC indicates, with moderate confidence, that one of the identified clusters is associated with The Com network. These attacks rely heavily on living-off-the-land techniques, where attackers use legitimate system tools instead of introducing malware. They also make use of residential proxy networks to mask their real geographic location and to evade basic IP-based security filtering systems.

Since February 2026, activity linked to one of these clusters has been directed toward organizations in the retail and hospitality sectors. The attackers combine vishing calls, often impersonating IT help desk personnel, with phishing websites designed to capture employee credentials.

Once access is established, the attackers take steps to maintain long-term control. They register a new device within the compromised account to ensure continued access, and in many cases remove previously registered devices. After doing so, they modify email settings by creating inbox rules that automatically delete notifications related to new device logins or suspicious activity, preventing the legitimate user from being alerted.

Following initial access, the attackers shift their focus toward accounts with higher privileges. They collect internal information, such as employee directories, to identify individuals with elevated access and then use further social engineering techniques to compromise those accounts as well. With increased privileges, they move across SaaS platforms including Google Workspace, HubSpot, Microsoft SharePoint, and Salesforce, searching for sensitive documents and business-critical data. Any valuable information is then exfiltrated to infrastructure controlled by the attackers.

Researchers note that in many observed cases, the stolen credentials provide access to the organization’s identity provider, which acts as a central authentication system. This creates a single entry point into multiple SaaS applications. By exploiting the trust relationships between the identity provider and connected services, attackers are able to move across the organization’s cloud ecosystem without needing to compromise each application separately. This allows them to access multiple systems using a single authenticated session.


Read more »
malware
Aisuru botnet API Chaos Malware Cloud systems Docker malware

New Chaos Malware Variant Expands to Cloud Targets, Introduces Proxy Capability

 



A newly observed version of the Chaos malware is now targeting poorly secured cloud environments, indicating a defining shift in how this threat is being deployed and scaled.

According to analysis by Darktrace, the malware is increasingly exploiting misconfigured cloud systems, moving beyond its earlier focus on routers and edge devices. This change suggests that attackers are adapting to the growing reliance on cloud infrastructure, where configuration errors can expose critical services.

Chaos was first identified in September 2022 by Lumen Black Lotus Labs. At the time, it was described as a cross-platform threat capable of infecting both Windows and Linux machines. Its functionality included executing remote shell commands, deploying additional malicious modules, spreading across systems by brute-forcing SSH credentials, mining cryptocurrency, and launching distributed denial-of-service attacks using protocols such as HTTP, TLS, TCP, UDP, and WebSocket.

Researchers believe Chaos developed from an earlier DDoS-focused malware strain known as Kaiji, which specifically targeted exposed Docker instances. While the exact operators behind Chaos remain unidentified, the presence of Chinese-language elements in the code and the use of infrastructure linked to China suggest a possible connection to threat actors from that region.

Darktrace detected the latest variant within its honeypot network, specifically on a deliberately misconfigured Hadoop deployment that allowed remote code execution. The attack began with an HTTP request sent to the Hadoop service to initiate the creation of a new application.

That application contained a sequence of shell commands designed to download a Chaos binary from an attacker-controlled domain, identified as “pan.tenire[.]com.” The commands then modified the file’s permissions using “chmod 777,” allowing full access to all users, before executing the binary and deleting it from the system to reduce forensic evidence.

Notably, the same domain had previously been linked to a phishing operation conducted by the cybercrime group Silver Fox. That campaign, referred to as Operation Silk Lure by Seqrite Labs in October 2025, was used to distribute decoy documents and ValleyRAT malware, suggesting infrastructure reuse across campaigns.

The newly identified sample is a 64-bit ELF binary that has been reworked and updated. While it retains much of its original functionality, several features have been removed. In particular, capabilities for spreading via SSH and exploiting router vulnerabilities are no longer present.

In their place, the malware now incorporates a SOCKS proxy feature. This allows compromised systems to relay network traffic, effectively masking the origin of malicious activity and making detection and mitigation more difficult for defenders.

Darktrace also noted that components previously associated with Kaiji have been modified, indicating that the malware has likely been rewritten or significantly refactored rather than simply reused.

The addition of proxy functionality points to a broader monetization strategy. Beyond cryptocurrency mining and DDoS-for-hire operations, attackers may now leverage infected systems to provide anonymized traffic routing or other illicit services, reflecting increasing competition within cybercriminal ecosystems.

This shift aligns with a wider trend observed in other botnets, such as AISURU, where proxy services are becoming a central feature. As a result, the threat infrastructure is expanding beyond traditional service disruption to include more complex abuse scenarios.

Security experts emphasize that misconfigured cloud services, including platforms like Hadoop and Docker, remain a critical risk factor. Without proper access controls, attackers can exploit these systems to gain initial entry and deploy malware with minimal resistance.

The continued evolution of Chaos underlines how threat actors are persistently enhancing their tools to expand botnet capabilities. It also reinforces the need for continuous security monitoring, as changes in how APIs and services function may not always appear as direct vulnerabilities but can exponentially increase exposure.

Organizations are advised to regularly audit configurations, restrict unnecessary access, and monitor for unusual behavior to mitigate the risks posed by increasingly adaptive malware threats.

Read more »
Technology
automotive technology Cloud systems Data Data Governance Digital Infrastructure IT system Technology

How Connected Vehicles Are Turning Into Enterprise Systems

 



The technological foundation behind connected vehicles is undergoing a monumental shift. What was once limited to in-vehicle engineering is now expanding into a complex ecosystem that closely resembles enterprise-level digital infrastructure. This transition is forcing automakers to rethink how they manage scalability, security, and data, while also elevating the strategic importance of digital platforms in shaping future revenue streams.

For many years, automotive innovation focused primarily on the physical vehicle, including mechanical systems, embedded electronics, and onboard software. That model is changing. The systems supporting connected vehicles now extend far beyond the car itself and increasingly resemble large, integrated digital platforms similar to those used by major technology-driven enterprises.

As automakers roll out connected features across entire fleets, the supporting technology stack is growing exponentially. Today’s connected vehicle ecosystem typically includes cloud environments designed to handle millions of simultaneous connections, mobile applications that allow users to control and monitor their vehicles, infrastructure for delivering over-the-air software updates, and large-scale data systems that process continuous streams of vehicle-generated information.

This architecture aligns closely with enterprise IT platforms, although the scale and operational complexity are even greater. Connected vehicles can generate as much as 25 gigabytes of data per hour, depending on their sensors and capabilities. Research from International Data Corporation indicates that data generated by connected and autonomous vehicles could reach multiple zettabytes annually by the end of this decade. This rapid growth is compelling automakers to redesign how they structure, manage, and secure their digital environments.

Traditionally, initiatives related to connected vehicles were handled by engineering and research teams focused on embedded systems. However, as deployment expands across regions and vehicle models, the challenges now mirror those seen in enterprise IT. These include scaling platforms efficiently, managing identity and access controls, governing vast datasets, coordinating multiple vendors, and ensuring security throughout the entire system lifecycle.

This transformation is also reshaping leadership roles within automotive companies. Chief Information Officers are becoming increasingly central as the supporting infrastructure around vehicles begins to resemble enterprise IT ecosystems. While engineering teams still lead vehicle software development, the broader digital environment, including cloud systems and data platforms, is now a critical area of responsibility for IT leadership. Many automakers are shifting toward platform-based strategies, treating the connected vehicle backend as a long-term digital asset rather than a feature tied to a single vehicle model.

At the same time, the ecosystem of technology providers involved in connected vehicles is expanding rapidly. These platforms often rely on a combination of telematics services, cloud providers, mobile development frameworks, cybersecurity solutions, analytics platforms, and OTA update systems. Managing such a diverse network requires structured governance and integration approaches similar to those used in large enterprise environments.

Cybersecurity has become a central pillar of this transformation. Regulatory frameworks such as ISO/SAE 21434 and UNECE WP.29 R155 now require manufacturers to implement continuous cybersecurity management across both vehicles and their supporting digital systems. These regulations extend beyond the vehicle itself, covering cloud services, mobile applications, and software update mechanisms.

The financial implications of this course are substantial. According to McKinsey & Company, software-enabled services and digital features could contribute up to 30 percent of total automotive revenue by 2030. This highlights how critical digital platforms are becoming to the industry’s long-term business model.

Industry experts emphasize that connected vehicles are no longer standalone products but part of a broader technological ecosystem. Vikash Chaudhary, Founder and CEO of HackersEra, explains that connected vehicles are effectively turning into distributed technology platforms. He notes that companies adopting strong platform architectures, robust data governance, and integrated cybersecurity measures will be better positioned to scale operations and drive innovation.

As vehicles continue to tranform into software-defined systems, the competitive landscape is shifting. The key battleground is no longer limited to the vehicle itself but is increasingly centered on the enterprise-grade platforms that enable connected mobility at scale.

Read more »
Subscribe to: Posts (Atom)