Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cybersecurity. Show all posts
Security Focused Tools
Cloud Security Cybersecurity Data Privacy Digital Security Encrypted Email Online Safety Privacy ransomware protection Secure Collaboration Security Focused Tools

The Spectrum of Google Product Alternatives


 

It is becoming increasingly evident that as digital technologies are woven deeper into our everyday lives, questions about how personal data is collected, used, and protected are increasingly at the forefront of public discussion. 

There is no greater symbol of this tension than the vast ecosystem of Google products, whose products have become nearly inseparable from the entire online world. It's important to understand that, despite the convenience of this service, the business model that lies behind it is fundamentally based on collecting user data and monetising attention with targeted advertising. 

In the past year alone, this model has generated over $230 billion in advertising revenue – a model that has driven extraordinary profits — but it has also heightened the debate over what is the right balance between privacy and utility.'

In recent years, Google users have begun to reconsider their dependence on Google and instead turn to platforms that pledge to prioritise user privacy and minimise data exploitation rather than relying solely on Google's services. Over the last few decades, Google has built a business empire based on data collection, using Google's search engine, Android operating system, Play Store, Chrome browser, Gmail, Google Maps, and YouTube, among others, to collect vast amounts of personal information. 

Even though tools such as virtual private networks (VPNs) can offer some protection by encrypting online activity, they do not address the root cause of the problem: these platforms require accounts to be accessible, so they ultimately feed more information into Google's ecosystem for use there. 

As users become increasingly concerned about protecting their privacy, choosing alternatives developed by companies that are committed to minimising surveillance and respecting personal information is a more sustainable approach to protecting their privacy. In the past few years, it has been the case that an ever-growing market of privacy-focused competitors has emerged, offering users comparable functionality while not compromising their trust in these companies. 

 As an example, let's take the example of Google Chrome, which is a browser that is extremely popular worldwide, but often criticised for its aggressive data collection practices, which are highly controversial. According to a 2019 investigation published by The Washington Post, Chrome has been characterised as "spy software," as it has been able to install thousands of tracking cookies each week on devices. This has only fueled the demand for alternatives, and privacy-centric browsers are now positioning themselves as viable alternatives that combine performance with stronger privacy protection.

In the past decade, Google has become an integral part of the digital world for many internet users, providing tools such as search, email, video streaming, cloud storage, mobile operating systems, and web browsing that have become indispensable to them as the default gateways to the Internet. 

It has been a strategy that has seen the company dominate multiple sectors at the same time - a strategy that has been described as building a protective moat of services around their core business of search, data, and advertising. However, this dominance has included a cost. 

The company has created a system that monetises virtually every aspect of online behaviour by collecting and interfacing massive amounts of personal usage data across all its platforms, generating billions of dollars in advertising revenue while causing growing concern about the abuse of user privacy in the process. 

There is a growing awareness that, despite the convenience of Google's ecosystem, there are risks associated with it that are encouraging individuals and organisations to seek alternatives that better respect digital rights. For instance, Purism, a privacy-focused company that offers services designed to help users take control of their own information, tries to challenge this imbalance. However, experts warn that protecting the data requires a more proactive approach as a whole. 

The maintenance of secure offline backups is a crucial step that organisations should take, especially in the event of cyberattacks. Offline backups provide a reliable safeguard, unlike online backups, which are compromised by ransomware, allowing organisations to restore systems from clean data with minimal disruption and providing a reliable safeguard against malicious software and attacks. 

There is a growing tendency for users to shift away from default reliance on Google and other Big Tech companies, in favour of more secure, transparent, and user-centric solutions based on these strategies. Users are becoming increasingly concerned about privacy concerns, and they prefer platforms that prioritise security and transparency over Google's core services. 

As an alternative to Gmail, DuckDuckGo provides privacy-focused search results without tracking or profiling, whereas ProtonMail is a secure alternative to Gmail with end-to-end encrypted email. When it comes to encrypted event management, Proton Calendar replaces Google Calendar, and browsers such as Brave and LibreWolf minimise tracking and telemetry when compared to Chrome. 

It has been widely reported that the majority of apps are distributed by F-Droid, which offers free and open-source apps that do not rely on tracking, while note-taking and file storage are mainly handled by Simple Notes and Proton Drive, which protect the user's data. There are functional alternatives such as Todoist and HERE WeGo, which provide functionality without sacrificing privacy. 

There has even been a shift in video consumption, in which users use YouTube anonymously or subscribe to streaming platforms such as Netflix and Prime Video. Overall, these shifts highlight a trend toward digital tools that emphasise user control, data protection, and trust over convenience. As digital privacy and data security issues gain more and more attention, people and organisations are reevaluating their reliance on Google's extensive productivity and collaboration tools, as well as their dependency on the service. 

In spite of the immense convenience that these platforms offer, their pervasive data collection practices have raised serious questions about privacy and user autonomy. Consequently, alternatives to these platforms have evolved and were developed to maintain comparable functionality—including messaging, file sharing, project management, and task management—while emphasizing enhanced privacy, security, and operational control while maintaining comparable functionality. 

Continuing with the above theme, it is worthwhile to briefly examine some of the leading platforms that provide robust, privacy-conscious alternatives to Google's dominant ecosystem, as described in this analysis. Microsoft Teams.  In addition to Google's collaboration suite, Microsoft Teams is also a well-established alternative. 

It is a cloud-based platform that integrates seamlessly with Microsoft 365 applications such as Microsoft Word, Excel, PowerPoint, and SharePoint, among others. As a central hub for enterprise collaboration, it offers instant messaging, video conferencing, file sharing, and workflow management, which makes it an ideal alternative to Google's suite of tools. 

Several advanced features, such as APIs, assistant bots, conversation search, multi-factor authentication, and open APIs, further enhance its utility. There are, however, some downsides to Teams as well, such as the steep learning curve and the absence of a pre-call audio test option, which can cause interruptions during meetings, unlike some competitors. 

Zoho Workplace

A new tool from Zoho called Workplace is being positioned as a cost-effective and comprehensive digital workspace offering tools such as Zoho Mail, Cliq, WorkDrive, Writer, Sheet, and Meeting, which are integrated into one dashboard. 

The AI-assisted assistant, Zia, provides users with the ability to easily find files and information, while the mobile app ensures connectivity at all times. However, it has a relatively low price point, making it attractive for smaller businesses, although the customer support may be slow, and Zoho Meeting offers limited customisation options that may not satisfy users who need more advanced features. 

Bitrix24 

Among the many services provided by Bitrix24, there are project management, CRM, telephony, analytics, and video calls that are combined in an online unified workspace that simplifies collaboration. Designed to integrate multiple workflows seamlessly, the platform is accessible from a desktop, laptop, or mobile device. 

While it is used by businesses to simplify accountability and task assignment, users have reported some glitches and delays with customer support, which can hinder the smooth running of operations, causing organisations to look for other solutions. 

 Slack 

With its ability to offer flexible communication tools such as public channels, private groups, and direct messaging, Slack has become one of the most popular collaboration tools across industries because of its easy integration with social media and the ability to share files efficiently. 

Slack has all of the benefits associated with real-time communication, with notifications being sent in real-time, and thematic channels providing participants with the ability to have focused discussions. However, due to its limited storage capacity and complex interface, Slack can be challenging for new users, especially those who are managing large amounts of data. 

ClickUp 

This software helps simplify the management of projects and tasks with its drag-and-drop capabilities, collaborative document creation, and visual workflows. With ClickUp, you'll be able to customise the workflow using drag-and-drop functionality.

Incorporating tools like Zapier or Make into the processes enhances automation, while their flexibility makes it possible for people's business to tailor their processes precisely to their requirements. Even so, ClickUp's extensive feature set involves a steep learning curve. The software may slow down their productivity occasionally due to performance lags, but that does not affect its appeal. 

Zoom 

With Zoom, a global leader in video conferencing, remote communication becomes easier than ever before. It enables large-scale meetings, webinars, and breakout sessions, while providing features such as call recording, screen sharing, and attendance tracking, making it ideal for remote work. 

It is a popular choice because of its reliability and ease of use for both businesses and educational institutions, but also because its free version limits meetings to around 40 minutes, and its extensive capabilities can be a bit confusing for those who have never used it before. As digital tools with a strong focus on privacy are becoming increasingly popular, they are also part of a wider reevaluation of how data is managed in a modern digital ecosystem, both personally and professionally. 

By switching from default reliance on Google's services, not only are people reducing their exposure to extensive data collection, but they are also encouraging people to adopt platforms that emphasise security, transparency, and user autonomy. Individuals can greatly reduce the risks associated with online tracking, targeted advertising, and potential data breaches by implementing alternatives such as encrypted e-mail, secure calendars, and privacy-oriented browsers. 

Among the collaboration and productivity solutions that organisations can incorporate are Microsoft Teams, Zoho Workplace, ClickUp, and Slack. These products can enhance workflow efficiency and allow them to maintain a greater level of control over sensitive information while reducing the risk of security breaches.

In addition to offline backups and encrypted cloud storage, complementary measures, such as ensuring app permissions are audited carefully, strengthen data resilience and continuity in the face of cyber threats. In addition to providing greater levels of security, these alternative software solutions are typically more flexible, interoperable, and user-centred, making them more effective for teams to streamline communication and project management. 

With digital dependence continuing to grow, deciding to choose privacy-first solutions is more than simply a precaution; rather, it is a strategic choice that safeguards both an individual's digital assets as well as an organisation's in order to cultivate a more secure, responsible, and informed online presence as a whole.
Read more »
Sensitive Information
AI Chatbots Corporate Trust Cybersecurity Data Loss Prevention Data protection GDPR compliance Hybrid Work Security Privacy Privacy Risks Sensitive Information

Protecting Sensitive Data When Employees Use AI Chatbots


 

In today's digitised world, where artificial intelligence tools are rapidly reshaping the way people work, communicate, and work together, it's important to be aware that a quiet but pressing risk has emerged-that what individuals choose to share with chatbots may not remain entirely private for everyone involved.

A patient can use ChatGPT to receive health advice about an embarrassing health condition, or an employee can upload sensitive corporate documents into Google's Gemini system to generate a summary of them, but the information they disclose will ultimately play a part in the algorithms that power these systems. 

It has come to the attention of a lot of experts that AI models, built on large datasets collected from all across the internet, such as blogs and news articles, as well as from social media posts, are often trained without user consent, resulting in not only copyright problems but also significant privacy concerns. 

In light of the opaque nature of machine learning processes, experts warn that once data has been ingested into a model's training pool, it will be almost impossible to remove it. In this world we live in, individuals and businesses alike are forced to ask themselves what level of trust we can place in tools that, while extremely powerful, may also expose us to unseen risks. 

Considering that we are living in a hybrid age, where artificial intelligence tools such as ChatGPT are rapidly becoming a new frontier for data breaches, this is particularly true in the age of hybrid work. While these platforms offer businesses a number of valuable features, including the ability to draft content and troubleshoot software, they also carry inherent risks. 

Experts warn that poor management of them can result in leakage of training data, violations of privacy, and accidental disclosure of sensitive company data. The latest Fortinet Work From Anywhere study highlights the magnitude of the problem: nearly 62% of organisations have reported experiencing data breaches as a result of switching to remote working. 

Analysts believe some of these incidents could have been prevented if employees had stayed on-premises with company-managed devices and applications and had not experienced the same issues. Nevertheless, security experts claim that the solution is not to return to the office again, but rather to create a robust framework for data loss prevention (DLP) in a decentralised work environment to safeguard the information.

To prevent sensitive information from being lost, stolen, or leaked across networks, storage systems, endpoints, and cloud environments, a robust DLP strategy combines tools, technologies, and best practices. A successful framework focuses on data at rest, in motion, and in use and ensures that they are continuously monitored and protected. 

Experts outline four essential components that a framework must have to succeed: Make sure the company data is classified and assigned security levels across the network, and that the network is secure. Maintain strict adherence to compliance when storing, deleting, and retaining user information. Make sure staff are educated regarding clear policies that prevent accidental sharing of information or unauthorised access to information. 

Embrace protection tools that can detect phishing, ransomware, insider threats, and unintentional exposures in order to protect the organisation's data. It is not enough to use technology alone to protect organisations; it is also essential to have clear policies in place. With DLP implemented correctly, organisations are not only less likely to suffer from leaks, but they are also more likely to comply with industry standards, government regulations, and the like. 

The balance between innovation and responsibility in the digital age, particularly in the era of digital transformation, is crucial for businesses that adopt hybrid work and AI-based tools. According to the UK General Data Protection Regulation (UK GDPR), businesses that utilise AI platforms, such as ChatGPT, must adhere to a set of strict obligations designed to protect personal information from unauthorised access.

In terms of data protection, any data that could identify the individual - such as an employee file, customer contact details, or client database - falls within the regulations' scope, and ultimately, business owners are responsible for protecting that data, even when it is handled by third parties. In order to cope with this scenario, companies will need to carefully evaluate how external platforms process, store, and protect their data. 

They often do so through legally binding Data Processing Agreements that specify confidentiality standards, privacy controls, and data deletion requirements for the platforms. It is equally important to ensure that organisations communicate with individuals when their information is incorporated into artificial intelligence tools and, if necessary, obtain explicit consent from them.

As part of the law, firms are also required to implement “appropriate technical and organisational measures.” These measures include checking whether AI vendors are storing their data overseas, ensuring that it is kept in order to prevent misuse, and determining what safeguards are in place. Besides the risks of financial penalties or fines that are imposed for failing to comply, there is also the risk of eroding employee and customer trust, which can be more difficult to repair than the financial penalties themselves. 

When it comes to ensuring safe data practices in the age of artificial intelligence, businesses are increasingly turning to Data Loss Prevention (DLP) solutions as a way of automating the otherwise unmanageable task of monitoring vast networks of users, devices, and applications, which can be a daunting task. The state and flow of information have determined the four primary categories of DLP software that have emerged. 

Often, DLP tools utilise artificial intelligence and machine learning to identify suspicious traffic within and outside a company's system — whether by downloading, transferring, or through mobile connections — by tracking data movement within and outside a company's systems. In addition to preventing unauthorised activities at the source, endpoint DLP is also installed directly on users' computers, which monitors memory, cached data, and files being accessed or transferred as they occur. 

In general, cloud DLP solutions are intended to safeguard information stored in online environments such as backups, archives, and databases. They are characterised by encryption, scanning, and access controls that are used for securing corporate assets. While Email DLP is largely responsible for keeping sensitive details from being leaked through internal and external correspondence, it is also designed to prevent these sensitive details from getting shared accidentally, maliciously or through a compromised mailbox as well. 

Despite some businesses' concerns about whether Extended Detection and Response (XDR) platforms are adequate, experts think that DLP serves a different purpose than XDR: XDR provides broad threat detection and incident response, while DLP focuses on protecting sensitive data, categorising information, reducing breach risks, and ultimately maintaining company reputations.

A number of major technology companies have adopted varying approaches to dealing with the data their AI chatbots have collected from their users, often raising concerns about transparency and control. Google, for example, maintains conversations with its Gemini chatbot by default for 18 months, but the setting can be modified if users desire. Although activity tracking can be disabled, these chats remain in storage for at least 72 hours even if they are not reviewed by human moderators in order to refine the system. 

However, Google warns users that sharing confidential information is not advisable and that any conversations that have already been flagged for human review cannot be erased. As part of Meta's artificial intelligence assistant, which can be found on Facebook, WhatsApp, and Instagram, it is trained to understand public posts, photos, captions, and data scraped from around the web. However, the application cannot handle private messages. 

There is no doubt that citizens of the European Union and the United Kingdom have the right to object to the use of their information for training under stricter privacy laws. However, those living in countries without such protections, such as the United States, have fewer options than their citizens in other countries. The opt-out process for Meta is quite complicated, and it is available only where it is available; users must submit evidence of their interactions with the chatbot as evidence of the opt-out. 

It is worth noting that Microsoft's Copilot does not provide an opt-out mechanism for personal accounts; users are only limited in their ability to delete their interaction history through their account settings, and there is no option to prevent future data retention. These practices demonstrate how AI privacy controls can be patchy, with users' choices often being more influenced by the laws and regulations of their jurisdiction, rather than corporate policy. 

The responsibility organisations as they navigate this evolving landscape relates not only to complying with regulations or implementing technical safeguards, but also to cultivating a culture of digital responsibility in their organisations. Employees need to be taught how important it is to understand and respect the value of their information, and how important it is to exercise caution when using AI-powered applications. 

By taking proactive measures such as implementing clear guidelines on chatbot usage, conducting regular risk assessments, and ensuring that vendors are compliant with stringent data protection standards, an organisation can significantly reduce the threat exposure they are exposed to. 

The businesses that implement a strong governance framework, at the same time, are not only protected but are also able to take advantage of AI's advantages with confidence, enhancing productivity, streamlining workflows, and maintaining competitiveness in an era of data-driven economies. Thus, it is essential to embrace AI responsibly, balancing innovation and vigilance, so that it isn't avoided, but rather embraced responsibly. 

A company's use of AI can be transformed from a potential liability to a strategic asset by combining regulatory compliance, advanced DLP solutions, and transparent communication with staff and stakeholders. It is important to remember that trust is currency in a marketplace where security is king, and companies that protect sensitive data will not only prevent costly breaches from occurring but also strengthen their reputation in the long run.
Read more »
Simulation
Cyber Security Cybersecurity data security Digital Twins IT threat landscape Simulation

Digital Twins: Benefits and the Cybersecurity Risks They Bring

 

Digital twins—virtual digital counterparts of physical objects, people, or processes—are rapidly being adopted by organizations as tools for simulation, testing, and decision-making. The concept traces its roots to NASA’s physical replicas of spacecraft in the 1960s, but today’s digital twins have evolved into sophisticated frameworks that bridge physical and digital systems, offering the power to predict real-world outcomes and inform business strategy. 

David Shaw, Intuitus Corp. CEO and Digital Twin Consortium (DTC) working group co-chair, notes that these systems now do much more than simply mirror physical systems; they actively link both worlds, enabling predictive analytics at scale. 

Greg Porter, Principal Solutions Architect at Sev1Tech, describes digital twin technology as still emerging, but increasingly central to business innovation. Their key advantage lies in the ability to simulate future scenarios and outcomes without disrupting the actual physical assets, allowing companies to test changes, interventions, or potential failures in a risk-free environment.

Industry applications are diverse: in healthcare, digital twins can model the effects of new medications or surgical procedures before implementation, while other organizations use digital twins to map employee interactions with physical assets, providing insights into cybersecurity attack surfaces and operational efficiencies. The cost to implement these systems varies widely, from a few hundred dollars for basic models to multi-million-dollar deployments for complex, mission-critical infrastructures. 

However, while digital twins unlock new capabilities in prototyping, testing, and risk management, they also introduce significant cybersecurity risks. Porter warns that, particularly in “full-loop” digital twin environments—where data flows both from the physical system into the digital twin and back again—organizations open a new attack vector from the digital realm directly into physical assets. If the digital twin infrastructure is insecure, threat actors could manipulate data in ways that affect real-world systems, potentially leading to loss of control or catastrophic outcomes. 

Kayne McGladrey, CISO in residence at Hyperproof, highlights that intellectual property theft is another rising threat; access to a digital twin could allow attackers to reverse-engineer sensitive business processes or product designs, providing competitors or nation-state actors with a strategic advantage. In sectors such as aerospace, defense, and critical infrastructure, the consequences of such breaches could be both severe and far-reaching. 

Mitigation tips 

To secure digital twins, organizations must implement robust data controls, segmenting and monitoring digital twin environments to prevent lateral movement by attackers. McGladrey recommends adopting “classic cybersecurity” measures with some enhancements: deploying phishing-resistant multi-factor authentication, tightly controlling user access, and maintaining comprehensive activity logs to support forensic investigation if an incident occurs. These steps, he notes, are not overly complex but do require deliberate planning to ensure that the security of both digital and physical assets is maintained. 

As digital twin adoption accelerates, organizations must weigh their operational benefits against the new risks they introduce. By understanding the full scope of both opportunities and threats, and by embedding strong cybersecurity principles from the outset, businesses can harness digital twins’ transformative potential without exposing themselves to undue risk.
Read more »
State-Sponsored Espionage
AI Misuse Cybersecurity Data Theft Deepfake Attacks Generative AI Kimsuky malware North Korean Hackers Phishing Campaigns State-Sponsored Espionage

North Korean Threat Actors Leverage ChatGPT in Deepfake Identity Scheme


North Korean hackers Kimsuky are using ChatGPT to create convincing deepfake South Korean military identification cards in a troubling instance of how artificial intelligence can be weaponised in state-backed cyber warfare, indicating that artificial intelligence is becoming increasingly useful in cyber warfare. 

As part of their cyber-espionage campaign, the group used falsified documents embedded in phishing emails targeting defence institutions and individuals, adding an additional layer of credibility to their espionage activities. 

A series of attacks aimed at deceiving recipients, delivering malicious software, and exfiltrating sensitive data were made more effective by the use of AI-generated IDs. Security monitors have categorised this incident as an AI-related hazard, indicating that by using ChatGPT for the wrong purpose, the breach of confidential information and the violation of personal rights directly caused harm. 

Using generative AI is becoming increasingly common in sophisticated state-sponsored operations. The case highlights the growing concerns about the use of generative AI in sophisticated operations. As a result of the combination of deepfake technology and phishing tactics, these attacks are harder to detect and much more damaging. 

Palo Alto Networks' Unit 42 has observed a disturbing increase in the use of real-time deepfakes for job interviews, in which candidates disguise their true identities from potential employers using this technology. In their view, the deepfake tactic is alarmingly accessible because it can be done in a matter of hours, with just minimal technical know-how, and with inexpensive consumer-grade hardware, so it is alarmingly accessible and easy to implement. 

The investigation was prompted by a report that was published in the Pragmatic Engineer newsletter that described how two fake applicants who were almost hired by a Polish artificial intelligence company raised suspicions that the candidates were being controlled by the same individual as deepfake personas. 

As a result of Unit 42’s analysis, these practices represent a logical progression from a long-standing North Korean cyber threat scheme, one in which North Korean IT operatives attempt to infiltrate organisations under false pretences, a strategy well documented in previous cyber threat reports. 

It has been repeatedly alleged that the hacking group known as Kimsuky, which operated under the direction of the North Korean state, was involved in espionage operations against South Korean targets for many years. In a 2020 advisory issued by the U.S. Department of Homeland Security, it was suggested that this group might be responsible for obtaining global intelligence on Pyongyang's behalf. 

Recent research from a South Korean security firm called Genians illustrates how artificial intelligence is increasingly augmented into such operations. There was a report published in July about North Korean actors manipulating ChatGPT to create fake ID cards, while further experiments revealed that simple prompt adjustments could be made to override the platform's built-in limitations by North Korean actors. 

 It follows a pattern that a lot of people have experienced in the past: Anthropic disclosed in August that its Claude Code software was misused by North Korean operatives to create sophisticated fake personas, pass coding assessments, and secure remote positions at multinational companies. 

In February, OpenAI confirmed that it had suspended accounts tied to North Korea for generating fraudulent resumes, cover letters, and social media content intended to assist with recruitment efforts. These activities, according to Genians director Mun Chong-hyun, highlight the growing role AI has in the development and execution of cyber operations at many stages, from the creation of attack scenarios, the development of malware, as well as the impersonation of recruiters and targets. 

A phishing campaign impersonating an official South Korean military account (.mil.kr) has been launched in an attempt to compromise journalists, researchers, and human rights activists within this latest campaign. To date, it has been unclear how extensive the breach was or to what extent the hackers prevented it. 

Officially, the United States assert that such cyber activities are a part of a larger North Korea strategy, along with cryptocurrency theft and IT contracting schemes, that seeks to provide intelligence as well as generate revenue to circumvent sanctions and fund the nuclear weapons program of the country. 

According to Washington and its allies, Kimsuky, also known as APT43, a North Korean state-backed cyber unit that is suspected of being responsible for the July campaign, was already sanctioned by Washington and its allies for its role in promoting Pyongyang's foreign policy and sanction evasion. 

It was reported by researchers at South Korean cybersecurity firm Genians that the group used ChatGPT to create samples of government and military identification cards, which they then incorporated into phishing emails disguised as official correspondence from a South Korean defense agency that managed ID services, which was then used as phishing emails. 

Besides delivering a fraudulent ID card with these messages, they also delivered malware designed to steal data as well as allow remote access to compromised systems. It has been confirmed by data analysis that these counterfeit IDs were created using ChatGPT, despite the tool's safeguards against replicating government documents, indicating that the attackers misinterpreted the prompts by presenting them as mock-up designs. 

There is no doubt that Kimsuky has introduced deepfake technology into its operations in such a way that this is a clear indication that this is a significant step toward making convincing forgeries easier by using generative AI, which significantly lowers the barrier to creating them. 

It is known that Kimsuky has been active since at least 2012, with a focus on government officials, academics, think tanks, journalists, and activists in South Korea, Japan, the United States, Europe, and Russia, as well as those affected by North Korea's policy and human rights issues. 

As research has shown, the regime is highly reliant on artificial intelligence to create fake summaries and online personas. This enables North Korean IT operatives to secure overseas employment as well as perform technical tasks once they are embedded. There is no doubt that such operatives are using a variety of deceptive practices to obscure their origins and evade detection, including artificial intelligence-powered identity fabrication and collaboration with foreign intermediaries. 

The South Korean foreign ministry has endorsed that claim. It is becoming more and more evident that generative AI is increasingly being used in cyber-espionage, which poses a major challenge for global cybersecurity frameworks: assisting citizens in identifying and protecting themselves against threats not solely based on technical sophistication but based on trust. 

Although platforms like ChatGPT and other large language models may have guardrails in place to protect them from attacks, experts warn that adversaries will continue to seek out weaknesses in the systems and adapt their tactics through prompt manipulation, social engineering, and deepfake augmentation in an effort to defeat the system. 

Kimsuky is an excellent example of how disruptive technologies such as artificial intelligence and cybercrime erode traditional detection methods, as counterfeit identities, forged credentials, and distorted personas blur the line between legitimate interaction and malicious deception, as a result of artificial intelligence and cybercrime. 

The security experts are urging the public to take action by using a multi-layered approach that combines AI-driven detection tools, robust digital identity verification, cross-border intelligence sharing, and better awareness within targeted sectors such as defence, academia, and human rights industries. 

Developing AI technologies together with governments and private enterprises will be critical to ensuring they are harnessed responsibly while minimising misuse of these technologies. It is clear from this campaign that as adversaries continue to use artificial intelligence to sharpen their attacks, defenders must adapt just as fast to maintain trust, privacy, and global security as they do against adversaries.
Read more »
National Security
Access Controls Cybersecurity Data Breach DHS Information Security Intelligence Sharing National Security

Sensitive Intelligence Exposed in DHS Data Hub Security Lapse


 

There has been a serious concern about the integrity of federal data security in the wake of a critical vulnerability in a central data hub of the Department of Homeland Security (DHS). This vulnerability is thought to have exposed highly sensitive data to a broad range of unauthorized users, raising serious questions about the integrity of federal data security. 

An investigation by Wired revealed that a compromised system, intended to serve as a secure repository to consolidate intelligence and law enforcement data from multiple agencies, was compromised because access controls were incorrect. Instead of restricting access to classified material to properly cleared personnel, the flaw provided unauthorized entities, including adversarial actors, with an open door into classified data. 

Not only does the incident undermine the core purpose of the hub, which was designed to streamline and safeguard the intelligence-sharing process, but it also highlights the increasing risks and vulnerabilities that arise from the growing reliance of the federal government on vast, interconnected computer networks. 

Currently, it is estimated that 5,000 unauthorized individuals may have been able to access restricted data in some form or another. Despite this, officials at DHS have tried to minimize concerns by stressing that only a small number of interactions were flagged as potentially malicious after internal audits. 

However, given the scope of the exposure, the entire national security community is very concerned about the implications, especially since the compromised files contained operational intelligence which had been linked to ongoing investigations. There are many instances where such lapses have occurred before, including the breach that occurred in 2018 in which over 247,000 records pertaining to DHS employees were stolen from a secure database, and the phishing attack that occurred on Oregon DHS in 2019 that exposed 350,000 protected health information. 

Nevertheless, investigators in this case emphasize that the risk does not lie in stolen identities, but in the inadvertent visibility of intelligence information that adversaries might exploit to disrupt or undermine the government's operations, as happened here. The DHS Cyber Safety Review Board, along with federal investigators, have been investigating the incident since the incident. 

In their investigation, federal investigators cited systemic weaknesses within the department's IT infrastructure, particularly the reliance on outdated systems that are not integrated with modern cloud technology. An investigation revealed that the breach had been caused by an identity and access management (IAM) flaw in the DHS data hub framework. 

As a result, the platform used by the DHS data hub relied on a third-party vendor platform that went unpatched for over a year prior to the breach. By exploiting weak session tokens, unauthorized users were able to circumvent authentication protocols and gain read-only access to sensitive information. 

In light of these findings, there has been renewed criticism regarding vendor accountability and the persistent disconnect between federal cybersecurity policies and how they are being implemented on the ground. It has been determined that a DHS internal memorandum, which Wired obtained via a Freedom of Information Act (FOIA) request, indicates that the exposure continued from March to May 2023. 

While this was going on, the Office of Intelligence and Analysis (I&A) at the Department of Homeland Security (DHS) was incorrectly configured of an online platform that was intended to facilitate restricted information exchange as well as investigation leads by DHS. It was found that the system that serves as part of the Homeland Security Information Network’s intelligence section, called HSIN-Intel, was incorrectly configured to allow access to “everyone” rather than just authorized members of the intelligence community. 

Due to this, hundreds of thousands of people with HSIN accounts across the country, including some without a connection to intelligence or law enforcement, were inadvertently granted access to restricted information, even if they were not connected to intelligence or law enforcement. There were unintentional accesses of federal employees who were working in unrelated fields like disaster response, private contractors, and even foreign government representatives who were allowed to use the HSIN platform for other purposes. 

In light of the revelations, civil liberties advocates have been sharply critical, with Spencer Reynolds, a lawyer at the Brennan Center for Justice, who obtained the internal memo through a Freedom of Information Act request and shared it with Wired, stating that it raises serious concerns over the department’s commitment to safeguarding the department’s most confidential information. According to Reynolds, DHS advertises HSIN as secure and claims the information it contains is highly sensitive, crucial to national security. 

However, this incident raises serious concerns about the company's dedication to information security. Thousands and thousands of users have had access to information that they weren't supposed to receive. In addition to the trove of classified documents that were compromised, HSIN-Intel's holdings include investigative leads and investigative tips that range from reports on foreign hacking campaigns, disinformation operations, and analyses of domestic protest movements as well as snippets of articles from international publications.

A media report related to demonstrations against the Atlanta Public Safety Training Center, commonly referred to as the "Stop Cop City" protests, cited one example in which media coverage was positive toward confrontational police tactics. In addition to the 1,525 improper access to 439 intelligence products, the DHS inquiry also found that 518 people from the private sector and 46 foreigners had improperly accessed the products. 

There were nearly 40 percent of compromised materials that were associated with cybersecurity threats such as state-sponsored hacking groups targeting government IT infrastructure and cyber security threats. According to officials, some of the unauthorized US users who viewed the data had qualified for access through formal channels but never got the proper approval. In light of the incident, technology professionals in both government and industry should take heed of the warnings that precede rapid digital transformation when safeguards are often lagging behind in keeping up with the process. 

It has already been stated that there are similarities between this incident and the Johnson Controls malware attack of 2023, which, it is reported by SecurityAffairs, may have exposed DHS data through supply-chain vulnerabilities, highlighting similar systemic weaknesses as the misconfigurations that have been at the core of this incident. 

DHS has responded to this problem by engaging external cybersecurity firms to audit its platforms in an effort to make sure that a comprehensive review is being conducted. In addition, the DHS has been monitoring its platforms continuously in order to detect irregular access patterns in real time. In spite of this, Wired noted that long-term consequences may not be visible for years to come, underscoring the delicate balance federal agencies must strike between allowing data access for operational efficiency while safeguarding intelligence vital to national security at the same time. 

It is not only a single security lapse that has been committed by the Department of Homeland Security, but it is a reflection of a broader issue confronting modern governance as it becomes increasingly dependent on technology. The growing dependence on interconnected networks among federal agencies to coordinate intelligence operations and streamline operations has made even minor oversights in configurations or vendor management more likely to create national security vulnerabilities as the interconnected world continues to expand. 

There has been a consensus that to address such risks, more than just technological solutions, such as stronger encryption, automated monitoring and patch management, but cultural shifts within federal agencies will also be required, which should make cybersecurity a priority rather than just a compliance issue within the organization. 

In order to strengthen resilience and rebuild public trust in systems designed to safeguard national interests, better disclosure of breach information, tighter oversight of third-party vendors, and improved training for federal employees could all help strengthen public confidence and build resilience. At the same time, governments, companies, and international partners should collaborate more closely, as adversaries increasingly exploit cross-border digital ecosystems with greater sophistication as they work together to combat future threats. 

As the ten-year anniversary of the DHS breach draws closer, it may be seen as one of those moments of historical significance-an occasion when we should remember that secure information-sharing is a frontline defense for democratic institutions, not simply an administrative function.
Read more »
Remote Access Trojan
Cyber Security Cybersecurity Endpoint security Evasion Techniques malware MostereRAT phishing Remote Access Trojan

MostereRAT Malware Leverages Evasion Tactics to Foil Defenders

 


Despite the fact that cybercrime has become increasingly sophisticated over the years, security researchers have uncovered a stealthy phishing campaign in which a powerful malware strain called MostereRAT was deployed. This remote access trojan allows attackers to take full control of infected systems in the same way they would normally operate them, as though they were physically a part of them. 

It has recently been revealed that the campaign is being carried out by Fortinet's FortiGuard Labs using an array of advanced evasion techniques to bypass traditional defenses and remain undetected for extended periods of time. This operation was characterized by the unconventional use of Easy Programming Language (EPL) as a visual programming tool in China that is seldom used to carry out such operations. 

Through its use, staged payloads were constructed, malicious activity was obscured, and security systems were systematically disabled. Researchers report that these phishing emails, which are primarily targeted at Japanese users with business related lures, have been shown to lead victims to booby-trapped documents embedded within ZIP archives, and this ultimately allowed the deployment of MostereRAT to be possible. 

A malware campaign designed to siphon sensitive information from a computer is incredibly sophisticated, as it extends its reach by installing secondary plugins, secures its communication with mutual TLS (mTLS), and even installs additional remote access utilities once inside a computer, highlighting the campaign's calculated design and danger of adaptability once it enters the system. 

As FortiGuard Labs identified the threat, it is believed that the campaign distinguishes itself by its layered approach to advanced evasion techniques that can make it very difficult for it to be detected. It is noteworthy that the code is written in a language called Easy Programming Language (EPL) — a simplified Chinese based programming language that is rarely used in cyberattacks — allowing attackers to conceal the malicious activity by staging the payload in multiple steps. 

With MostereRAT, a command-and-control system can be installed on an enterprise network, and it demonstrates that when deployed, it can disable security tools, block antivirus traffic, and establish encrypted communications with the C2 infrastructure, all of which are accomplished through mutual TLS (mTLS). Infection chains are initiated by phishing emails that are crafted to appear legitimate business inquiries, with a particular emphasis on Japanese users. 

In these messages, unsuspecting recipients are directed to download a Microsoft Word file that contains a hidden ZIP archive, which in turn executes a hidden payload in the form of a hidden file. Decrypting the executable's components, installing them in the system directory, and setting up persistence mechanisms, some of which operate at SYSTEM-level privileges, so that control can be maximized. 

Moreover, the malware displays a deceptive message in Simplified Chinese claiming that the file is incompatible in order to further disguise its presence. This tactic serves as a means of deflecting suspicion while encouraging recipients to try to access the file in a more secure manner. As well as these findings, researchers noted that the attack flows and associated C2 domains have been traced to infrastructure first reported by a security researcher in 2020, as part of a banking trojan. 

However, as the threat has evolved, it has evolved into a fully-fledged remote access program called MostereRAT. 

Yurren Wan, the researcher at FortiGuard Labs, emphasized that the campaign was of a high severity, primarily because it integrated multiple advanced techniques in order to allow adversaries to stay undetected while in control of compromised systems, while maintaining complete control of the system at the same time. 

Using legitimate remote access tools to disguise their activity, attackers are able to operate in plain sight by enabling security defenses and disguising activity. It was noted by Wan that one of the most distinctive aspects of this campaign is its use of unconventional methods. For example, it is coded in Easy Programming Language (EPL), intercepts and blocks antivirus traffic at the network level, and can even escalate privileges to the level of Trusted Installer—capabilities that are rarely found in standard malware attacks. 

A MostereRAT exploit can be used to record keystrokes, exfiltrate sensitive data, create hidden administrator accounts, and make use of tools such as AnyDesk and TightVNC in order to maintain persistence over the long term over a target system once it becomes active. According to Wan, defense against such intrusions requires a layered approach that combines advanced technical safeguards with sustained user awareness. 

Additionally, he said that companies should ensure that their FortiGate, FortiClient, and FortiMail deployments are protected by the latest FortiGuard security patches, while channel partners can do the same by providing guidance to customers on how to implement a managed detection and response strategy (MDR) as well as encouraging them to take advantage of training courses such as the free Fortinet Certified Fundamentals (FCF) course in order to strengthen defenses further. 

At Deepwatch, Lauren Rucker, senior cyber threat intelligence analyst, emphasized that browser security is a crucial line of defense against phishing emails that are at the heart of the campaign. In the meantime, the risk of escalation to SYSTEM or TrustedInstaller can be reduced significantly if automatic downloads are restricted and user privilege controls are tightened. As soon as MostereRAT has been installed, it utilizes multiple techniques to undermine computer security. 

As a result of mostereRAT, Microsoft Updates have been disabled, antivirus processes have been terminated, and security software cannot communicate with their servers. By impersonating the highly privileged TrustedInstaller account, the malware escalates privileges, allowing attackers to take over the system almost completely. 

James Maude, the acting chief technology officer at BeyondTrust, explained that the campaign relies on exploiting overprivileged users and endpoints that don't have strong application control as a result of combining obscure scripting languages with trusted remote access tools. 

ManyereRAT is known for maintaining extensive lists of targeted security products, such as 360 Safe, Kingsoft Antivirus, Tencent PC Manager, Windows Defender, ESET, Avira, Avast, and Malwarebytes, among others. This application utilizes Windows Filtering Platform (WFP) filters in order to block network traffic from these tools, effectively preventing them from reaching their vendors' servers to send detection alerts or telemetry. 

In addition, researchers found that another of the malware's core modules, elsedll.db, enabled robust remote access to remote computers by utilizing mutual TLS (mTLS) authentication, and supported 37 distinct commands ranging from file manipulation and payload delivery to screen capture and user identification. It is very concerning that the malware is deliberately installing and configuring legitimate software tools like AnyDesk, TightVNC, and RDP Wrapper to create hidden backdoors for long-term usage. 

To maintain exclusive control over these utilities, attackers stealthily modify the registry, conceal themselves as much as possible, and remain invisible to system users. The experts warn that the campaign represents an important evolution in remote access trojans in that it combined advanced evasion techniques with social engineering as well as legitimate tool abuse to achieve persistent compromise, highlighting the importance of maintaining a high level of security, enforcing strict endpoint controls, and providing ongoing user awareness training in order to avoid persistent compromise. 

There has been a significant evolution in cybercriminal operations, with many campaigns combining technical innovation with thoughtful planning, since the discovery of MostereRAT underscores the fact that cybercriminals have stepped beyond rudimentary malware to create sophisticated campaigns. As a company, the real challenge will be to not only deploy updated security products, but also adopt a layered, forward-looking defense strategy that anticipates such threats before they become a problem. 

A number of measures, such as tightening user privilege policies, improving browser security, as well as increasing endpoint visibility, can help minimize exposure, however, regular awareness programs remain crucial in order to reduce the success rate of phishing lures and prevent them from achieving maximum success. 

Furthermore, by partnering with managed security providers, organizations can gain access to expertise in detection, response, and continuous monitoring that are difficult to maintain in-house by most organizations. It is clear that adversaries will continue to exploit overlooked vulnerabilities and legitimate tools to their advantage in the future, which is why threats like MostereRAT are on the rise. 

In this environment, resilient defenses and cyber capabilities require more than reactive fixes; they require a culture of preparedness, disciplining operational practices, and a commitment to stay one step ahead within the context of a threat landscape that continues to grow rapidly.
Read more »
VoidProxy
Adversary In The Middle CloudFlare Cyber Attacks Cybersecurity identity management MFA Multi Factor Authentication phishing Session Hijacking VoidProxy

VoidProxy Phishing Platform Emerges as Threat Capable of Bypassing MFA


 

Researchers in the field of cybersecurity are warning that a sophisticated phishing-as-a-service (PhaaS) platform known as VoidProxy is being used by criminal groups for the purpose of evading widespread security controls and is demonstrating just how far this technology has advanced in criminal groups' ability to circumvent widely deployed security controls. 

In the form of a specialised tool developed by cybercriminals to target high-value accounts neutralising the defences of multi-factor authentication (MFA), VoidProxy is specifically designed and marketed for cybercriminals. There is no question that VoidProxy, developed by researchers at Okta, the identity and access management company, is different from any other phishing kit out there. 

Rather than relying on advanced infrastructures and evasion techniques, it combines these attributes with commoditised accessibility to make it both effective and dangerous even for relatively low-skilled attackers. In particular, VoidProxy makes a great deal of sense because it relies heavily on adversary-in-the-middle (AiTM) phishing, a method of intercepting authentication flows in real time, which makes it particularly alarming. 

Using this method, cybercriminals are not only able to capture credentials, but they can also take possession of multi-factor authentication codes and session tokens generated during legitimate sign-in transactions. By bypassing these common authentication methods, VoidProxy can bypass the security measures offered by SMS-based codes and one-time passwords from authenticator apps, which are typically relied upon by organisations and individuals as a last resort. 

When it comes to VoidProxy's infrastructure, it demonstrates a combination of sophistication and cost-effectiveness that is second to none. This phishing site is hosted by its operators using low-cost top-level domains like .icu, .sbs, .cfd, .xyz, .top, and .home, making it easy to use and easily trackable. It is also important to note that the phishing content, delivered through Cloudflare's reverse proxy services, further obscures the phishing site's actual infrastructure. 

It is a layering of concealment that ensures researchers and defenders cannot determine the true IP address. The combination of this layering of concealment, in combination with its highly deceptive email campaigns, makes VoidProxy one of the most troubling emergences in the phishing service industry. In spite of the fact that the operation has never been reported until now, it demonstrates a level of maturity that is not often found in other phishing kits. 

Researchers at OKTA found that VoidProxy is capable of scaling attacks against large groups of victims, targeting enterprise users, who represent an invaluable entry point for fraud and data theft. In order to intercept authentication traffic, the service inserts itself between the victim and the authenticating service, thereby intercepting authentication traffic. As soon as credentials and multi-factor authentication data are captured, attackers can gain persistent access to a victim’s account, bypassing any protections that would otherwise make it difficult for them to access their account. 

It was only after Okta’s FastPass technology, a passwordless authentication service, identified and blocked a suspicious sign-in attempt via VoidProxy’s proxy network that a discovery of this kind was made. Researchers were able to unravel a much larger ecosystem of campaigns as a result of that single discovery, revealing a set of administrative panels and dashboards that cybercriminals were renting access to the service through the use of this service.

In recent days, the senior vice president of threat intelligence at Okta, Brett Winterford, described VoidProxy as “an example of phishing infrastructure that has been observed in recent years.” Both its ability to bypass the multi-factor authentication and its elaborate anti-analysis mechanisms have been criticised by Winterford. 

The VoidProxy phishing kit offers many layers of obfuscation, which differs from traditional phishing kits that can often be dismantled by tracking servers and blocking malicious domains. Phishing lures are sent through compromised email accounts, multiple redirect chains that make analysis a challenge, Cloudflare CAPTCHA, Workers that inspect and filter incoming traffic, and dynamic DNS that ensures the infrastructure is fast-moving. 

Using these techniques, the operation remained a secret until Okta discovered the operation, but the sophistication of the kit extended far beyond its technical defences. There are many ways attackers can distribute VoidProxy campaigns. The first is by sending phishing emails from compromised accounts linked to legitimate marketing and communication systems, such as Constant Contact, Active Campaign, and Notify Visitors, that are connected to VoidProxy campaigns. 

It is based on the reputation of established service providers that these lures will have a higher probability of escaping spam filters, allowing them to reach the inboxes of targeted users as soon as they click through, providing credentials. VoidProxy's response depends on what authentication the victim has configured.

Users who authenticate through single sign-on (SSO) are forwarded to phishing websites that are designed to harvest additional information from users, while non-federated users are directed directly to legitimate Microsoft and Google servers, while the phishing sites are designed to harvest additional information from users. In the end, affiliates deployed VoidProxy to harvest cookies through the AiTM proxy, which is hosted on an ephemeral infrastructure supported by dynamic DNS, thereby completing the final stage of the attack. 

By hijacking authenticated sessions through session cookies, attackers are able to gain access to the same level of functionality as legitimate users without the need to submit credentials repeatedly. Therefore, attackers can operate undetected until security teams detect unusual behaviour, resulting in the attacker inheriting trusted access. 

In addition to its accessibility, VoidProxy offers an administrative panel that enables paying affiliates to monitor the progress of their campaigns, as well as victim data. Due to the ease with which advanced phishing campaigns are conducted, a broader set of actors—from organised cybercrime groups to less sophisticated attackers- can engage in them as they become more familiar with the technology. 

Despite the fact that VoidProxy is a new and dangerous entrant into the phishing landscape, researchers emphasise the fact that not all defences against it are ineffective. Authenticators which are phishing-resistant, such as hardware security keys, passkeys, and smart cards, are proven to be able to block attackers from hijacking credentials or signing in through proxy infrastructure by preventing the attack. 

As a result of the research conducted by OKTA, it has been demonstrated that users equipped with these advanced authentication systems are less likely to be hacked or to be compromised via VoidProxy, but most organisations continue to rely on weaker methods of multi-factor authentication, such as SMS codes, which leaves them vulnerable to data interception. 

It has been Okta's intention to inform Google and Microsoft of VoidProxy's operations, to share intelligence with its SaaS partners, as well as to issue a customer advisory in response to the discovery. In addition to adopting phishing-resistant authentication, the company recommended that enterprises also take a broad set of security measures. 

There are several ways to do this, including limiting access to devices and networks based on trust, monitoring sign-in behaviour for anomalies, and providing users with streamlined mechanisms for reporting suspicious emails or log-in attempts. Additionally, it is crucial to cultivate a culture of cybersecurity awareness at the company. 

Employees should be trained on how to recognise phishing emails, suspicious login prompts, and common social engineering techniques, which can often lead to compromise in the organisation. Additionally, VoidProxy's rise also demonstrates a wider industry problem that the industry faces today: the proliferation of platform-based PHaaS that commoditises advanced attack techniques into a commodity. 

Other kits, such as EvilProxy, which was first reported in 2022, and Salty2FA, which was discovered earlier this year, have also demonstrated similar capabilities to bypass multi-factor authentication and hijack sessions in the past few years. In each successive platform, the stakes are raised for defenders, as techniques that were once reserved for highly skilled adversaries have become widely accessible to anyone willing to pay for access, which has raised the stakes for defenders. 

By lowering the technical barrier, these services are increasing the pool of attackers, resulting in an increase in phishing campaigns that are more effective than ever before, harder to detect, and more persistent in nature, and have a greater impact. With the emergence of VoidProxy, a critical change has been wrought in the cyber threat landscape that calls for a new approach to enterprise security. 

Legacy defences that depend solely on passwords or basic multiple-factor authentication methods will not suffice in the face of such adaptive adversaries. As a result of these threats, organisations need to create layers of security strategies, which are combined with proactive resilience, in order to protect themselves. 

Authenticators that can resist phishing attacks are essential for protecting the network from cyber threats, but in addition to them, businesses must be able to detect anomalies continuously, implement rapid incident response capabilities, and train their employees adequately. Collaboration across the cybersecurity ecosystem is also crucial. 

There is nothing more important than the importance of intelligence-sharing between vendors, enterprises, and researchers, as early detection of emerging threats and coordinated action can significantly reduce the damage caused by them. 

In today's rapidly evolving PhaaS platforms, enterprises have to change their approach from reactive defence to proactive adaptation, ensuring they are not just prepared to withstand today's attacks, but also prepared to anticipate tomorrow's attacks. Getting the most out of security is crucial in a digital world where trust itself has become one of the main targets. To be secure, one must be able to maintain agility and resilience.
Read more »
U.S. Schools
Cyber Security Cybersecurity Education phishing Threat Landscape U.S. Schools

Beyond Firewalls: How U.S. Schools Are Building a Culture of Cyber Safety

 

U.S. district schools are facing a surge in sophisticated cyberattacks, but districts are pushing back by combining strong fundamentals, people-centered training, state partnerships, and community resilience planning to build cyber safety into everyday culture . 

Rising threat landscape 

An Arizona district’s 2024 near-miss shows how fast attacks unfold and why incident response planning and EDR matter; swift VPN cutoff and state-provided CrowdStrike support helped prevent damage during a live intrusion window of mere hours . 

Broader data from the 2025 CIS MS-ISAC K-12 report underscores the scale: 82% of reporting schools experienced cyber impacts between July 2023 and December 2024, with more than 9,300 confirmed incidents, reflecting increased adversary sophistication and strategic timing against educational operations . Districts hold sensitive student and family data, making identity theft, fraud, and extortion high-risk outcomes from breaches . 

AI-boosted phishing and the human firewall 

Technology leaders report that generative AI has made phishing emails far more convincing, even fooling seasoned staff, shifting emphasis to continuous, culture-wide awareness training . 

Districts are reframing users as the first line of defense, deploying role-based training through platforms like KnowBe4 and CyberNut, and reinforcing desired behaviors with incentives that make reporting suspicious emails a source of pride rather than punishment . 

This people-first approach aligns with expert guidance that “cybersecurity is really cybersafety,” requiring leadership beyond IT to model and champion safe digital practices . 

Tools, partnerships, and equity

Well-resourced or larger districts layer EDR/MDR/NDR, AI email filtering, vendor monitoring, and regular penetration testing, demonstrating rapid detection and response in live red-team exercises . 

Smaller systems rely critically on state-backed programs—such as Arizona’s Statewide Cyber Readiness Program or Indiana’s university-led assessments—that supply licenses, training, and risk guidance otherwise out of reach . 

Nationally, MS-ISAC provides no-cost incident response, advisory services, and threat intelligence, with assessments like the NCSR linked to measurable maturity gains, reinforcing the value of shared services for K-12 . 

Back to basics and resilience

Experts stress fundamentals—timely patching, account audits, strong passwords, and MFA—block a large share of intrusions, with mismanaged legacy accounts and unpatched systems frequently exploited . 

Recovery costs swing widely, but preparation and in-house response can dramatically reduce impact, while sector-wide averages show high breach costs and constrained cyber budgets that heighten the need for prioritization . 

Looking forward, districts are institutionalizing tabletop exercises, mutual aid pacts, and statewide collaboration so no school faces an incident alone, operationalizing community resilience as a strategic defense layer .
Read more »
Public Key Cryptography
Cybersecurity Data protection Digital Authentication FIDO Alliance Online Identity Passwordless Security Privacy Public Key Cryptography

Understanding Passkeys and Their Everyday Use

 


There has been a longstanding reliance on traditional passwords for digital security; however, these days, more advanced methods of authentication are challenging traditional passwords. As there are billions of compromised login credentials circulating on the dark web, Digital Shadows researchers have recently identified over 6.7 billion unique username and password combinations - consumers face a mounting risk of password reuse and account theft.

Microsoft, Google, and Apple, all technological giants, are recognising these vulnerabilities, which is why they are actively transitioning towards passwordless authentication, a model aimed at eliminating the inherent weaknesses of conventional log-in mechanisms. It is important to remember that FIDO (Fast IDentity Online) Alliance is a leading international organisation that works towards developing open standards and encouraging collaboration among industry leaders in order to create secure, user-friendly alternatives to passwords. 

With the growing popularity and growth of this movement, passwordless authentication is not just an abstract concept anymore, but rather an emerging reality that will shape the future of trust and online safety in the digital age. A variety of solutions have been developed over the years to solve the problems with passwords, but no one has managed to fully resolve them.

Password managers, for instance, provide a practical solution for generating strong credentials, storing them securely, and automating the entry of those credentials into legitimate websites, all at the same time. There is some benefit to this approach; however, it also creates a new dependency on the password manager itself, which makes it a centralised point of failure. 

The two-factor authentication system (2FA) has strengthened security by adding additional requirements, such as biometric verification or one-time codes, to strengthen defences. As long as users and service providers continue to transmit sensitive credentials between them, these methods still expose them to vulnerabilities, including interception and man-in-the-middle attacks, which have the potential to compromise the security of the service. 

Passkeys are emerging as a viable alternative to these limitations, with the support of influential organisations such as FIDO Alliance and the World Wide Web Consortium (W3C) promoting the use of passkeys. A passkey differs from traditional login methods in that it is based on advanced cryptographic principles that provide seamless authentication that is not susceptible to phishing and credential reuse, in contrast to traditional login methods. 

In addition to reducing the burden of password management, their design aligns with the broader transition toward a digital economy based on a secure, internet-native financial infrastructure. A passkey system, as well as the cryptographic mechanisms underpinning the Bitcoin network, are so similar that those who are familiar with digital keys in cryptocurrency are able to understand how it works intuitively because of the similarity between those two mechanisms. 

It is important to understand that passkeys represent a significant departure from complex passwords that are traditionally reliant on complicated passwords. It provides a more convenient and safer way of identifying a user. Passkeys are not designed to require users to memorise or share sensitive credentials, but rather rely on cryptographic technology that ensures that users are authenticated through trusted devices, like smartphones, rather than requiring them to memorise and share their credentials. 

Consequently, logging into services such as Google accounts can be done using a current phone without having to enter a password or username, since you simply need to approve access. A passkey, according to Andrew Shikiar, CEO of the FIDO Alliance, is a security solution that will replace both traditional passwords and outdated two-factor authentication methods. 

Passkeys are a rare advancement in cybersecurity in that they improve usability while simultaneously raising security standards, making this a rare advancement in cybersecurity. In terms of security, passkeys have a significant advantage over traditional passwords as their structure allows them to function as “shared secrets,” since information is stored on a server and sent across networks—a situation that attackers tend to exploit regularly. 

Passkeys avoid this risk by utilising public key cryptography, which ensures the private element of the password remains within the user's device. There are two keys generated for each user account when enabled with passkeys: one is public, which is stored on the service, and the other is private, which is stored in the user's authenticator, which may be a smartphone or password manager. Access is granted without having to exchange secrets, which minimises the risk of intrusion. 


As the WebAuthn API is now widely supported across all modern browsers and operating systems, passkeys make the process of granting access easy, as a user needs only to verify their identity with a fingerprint, face scan, or device PIN. It is also possible to use passkeys on a device, store them on hardware like YubiKeys, or sync them across multiple devices using password managers, offering users both security and convenience. 

Although passkey adoption is accelerating, there has been an uneven transition to passkeys. It is a fact that many tech giants like Microsoft, Google, Apple, Amazon, and Adobe have implemented support for Passkeys; however, many websites and applications still lag behind. While several directories attempt to collect information regarding passkeys, such as those from 1Password, Hanko, and OwnID, they remain incomplete in this regard.

In addition, a more reliable resource is the nonprofit 2factorauth, which is based in Sweden, hosted on Github and managed by its community, which updates and categorizes all kinds of resources regularly, but experts warn that full adoption will be a slow process, as it takes global coordination across devices, operating systems, and platforms to move beyond a decades-old password system. In spite of this, there is clearly a strong movement towards integrating passkeys into critical services. 

Specialists recommend that, at the very least, you enable passkeys for those accounts that serve as digital gateways - such as Google or Facebook sign-ons - while remembering that no solution is completely impervious. Even though passkeys “secure the front door,” Shikiar notes that organisations must enhance their overall identity journeys, from onboarding and recovery to session management, to provide a comprehensive level of protection. 

The digital ecosystem is moving in the direction of passwordless authentication, and passkeys seem to be one of the most promising developments in the effort to improve online security and simplify user experiences while simultaneously strengthening online security. It is only through consistent adoption and user awareness, however, that this technology can reach its full potential. This shift presents individuals with the opportunity to take proactive action toward their own security: enabling passkeys on essential accounts, staying on top of the latest software and keeping the devices up-to-date, and knowing how authenticators work are all crucial to taking proactive measures. 

In order to ensure successful adoption, organisations must build resilient identity frameworks, maintain transparent communication, and implement robust account recovery strategies in addition to providing enabling support. It is clear, if scaled, that the benefits go well beyond convenience: reducing the dependence on centralised databases, limiting the theft of credentials, and setting up a foundation of digital trust to help businesses innovate into the future. 

 Passkeys are simply a way of safeguarding your login credentials, but they also serve as an overarching security model that reflects the realities of a connected, data-driven world in which the protection of one's identity cannot be taken for granted, but is considered a necessity rather than an option.
Read more »
Subscribe to: Posts (Atom)