Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyberwarfare. Show all posts
Pakistan
Cyberattack Cybersecurity Cyberwarfare Data Breach DDoS defacement Hacktivists India Pakistan

Cyber War Escalates Between Indian and Pakistani Hacktivists After Pahalgam Attack

 

kAs tensions continue to rise in the wake of the Pahalgam terror attack and India's subsequent launch of Operation Sindoor, a fierce cyber confrontation has simultaneously unfolded in the digital realm. Hacktivist groups aligned with both India and Pakistan have been engaged in a sustained virtual clash.

A cyber threat intelligence assessment by Kochi-based cybersecurity firm Technisanct highlights how pro-Pakistan and Bangladeshi hacktivist groups have launched a wave of cyberattacks on Indian institutions. While not all incidents were listed in the public report, Technisanct noted key Indian targets including BSNL, the Income Tax Department, Hindustan Aeronautics Ltd, various state government websites, and Indian Railways. In retaliation, pro-India hacktivists focused their attacks on Pakistani establishments such as the Pakistan Air Force, Punjab Emergency Service Department, the Bank of Punjab, Ministry of Finance, and Jinnah International Airport.

The report identifies more than 200 cyber incidents between April 22—the day of the Pahalgam attack—and May 8, just after Operation Sindoor was launched. This data, compiled using threat intelligence sources like falconfeeds.io, Technisanct’s monitoring tools, public disclosures, and threat actor communications across Telegram and X, signals the heightened scale of this cyber offensive.

Among the reported incidents, 111 were DDoS (Distributed Denial of Service) attacks, which aim to overwhelm target servers and disrupt online services. DDoS attacks made up 55.5% of the total. Other forms of attacks included website defacements (35.5%), general cyber alerts (11%), data breaches (7.5%), unauthorized access attempts (2%), and data leaks (1.5%). For context, there were only 147 DDoS attacks in India between February and April, while 112 DDoS cases were recorded from May 1 to 9 alone.

Government and public sector entities bore the brunt of the offensive, accounting for 52% of incidents (104 cases). Educational institutions followed with 43 attacks (21.5%), and technology or IT service firms recorded 13 attacks (6.5%). The focus on essential public sectors and IT infrastructure signals a calculated effort to disrupt public services and potentially compromise broader networks.

"The targeting of technology & IT services organisations could indicate an attempt to leverage these entities for further attacks or to compromise supply chains," the report noted.

Technisanct identified 36 pro-Pakistan hacktivist groups responsible for the digital assaults, with 14 Indian groups retaliating. Leading the offensive from the Pakistani side were:
  • Nation of Saviors (34 incidents)
  • Keymous+ (26)
  • Electronic Army Special Forces (25)
  • KAL EGY 319 (16)
  • GARUDA ERROR SYSTEM (15)
  • AnonSec (14)
  • Sylhet Gang-SG (13)
  • Mr Hamza (11)
  • Dark Cyber Gang (9)
  • INDOHAXSEC (8)
"These groups have aggressively pursued ideologically motivated cyber operations targeting Indian government domains, military assets, and financial platforms. Their tactics largely revolve around DDoS attacks, defacement campaigns, and selective data leaks, often coordinated through Telegram, X and other encrypted channels. The prominence of these actors underscores an organised and sustained campaign against Indian interests in cyberspace, leveraging real-world conflicts to justify digital aggression," the report states.

Technisanct CEO Nandakishore Harikumar told Onmanorama,

"The physical war is highly proportional to digital war. When a single missile is launched in the physical space, thousands of missiles can be launched in the cyber space. The intention is to hit services directly. I believe that, gradually, maybe in the next 50 years, 50 per cent of the war will be fought in the digital space. Even the flood of fake news and misinformation we see is kind of a warfare. We started seeing a huge pattern of this during the Ukraine-Russian crisis, followed by the Israel-Palestine clash."

The report concluded that the cyber activities post-Pahalgam represent a major and evolving national threat.

“The high volume of incidents, the increasing number of participating threat actors, the focus on critical sectors, and the escalating daily activity underscore the urgent need for a robust and comprehensive national cybersecurity strategy that explicitly addresses both cyberattacks and related disinformation, while also considering the dynamics of cyber conflict escalation.”
Read more »
Software Companies
Cyber Attacks Cyberattakcs cybercriminals Cybersecurity Cyberwarfare Digital Services Microsoft Software Companies

Microsoft Source Code Heist: Russian Hackers Escalate Cyberwarfare

 


There was an update on the hacking attempts by hackers linked to Russian foreign intelligence on Friday. They used data stolen from corporate emails in January to gain access to Microsoft's systems again, which were used by the foreign intelligence services to gain access to the tech giant's products, which are widely used in the national security establishment in the United States. 

Analysts were alarmed by the disclosure as they expressed concerns about whether the U.S. government could use Microsoft's digital services and infrastructure safely. Microsoft is one of the world's largest software companies which provides systems and services to the government, including cloud computing. 

It has been alleged that the hackers have in recent weeks gained access to Microsoft's internal systems and source code repositories using information stolen from the company's corporate email system. The tech firm said that the hackers had used this information to access the company's corporate email systems. It is the nuts and bolts of a software program which make it work. 

Therefore, source code is of great importance to corporations - as well as spies trying to penetrate it. With access to the source code, hackers may be able to carry out follow-on attacks against other systems if they have access. During the first days of January, Microsoft announced that its cloud-based email system had been breached by the same hackers, days before another big tech company, Hewlett Packard Enterprise, announced that its cloud-based email system was breached. 

Although the full scope and purpose of the hacking activity is unclear, experts say the group responsible for the hack has a history of conducting extensive intelligence-gathering campaigns for the Kremlin. According to Redmond, which is examining the extent of the breach, the Russian state-sponsored threat actor may be trying to take advantage of the different types of secrets that it found in its investigation, including emails that were shared between Microsoft and its customers. 

Even though they have contacted the affected customers directly, the company didn't reveal what the secrets were nor what the extent of the compromise was. It is unclear what source code was accessed in this case. According to Microsoft, as well as stating that it has increased its security investments, the adversary ramped up its password spray attacks more than tenfold in February, in comparison to the "amount of activity" that was observed earlier in the year. 

Several analysts who track Midnight Blizzard report that they target governments, diplomatic agencies, non-governmental organizations, and other non-governmental organizations. Because of Microsoft's extensive research into Midnight Blizzard's operations, the company believes the hacker group might have targeted it in its January statement. 

Ever since at least 2021, when the group was found to have been behind a series of cyberattacks that compromised a wide range of U.S. government agencies, Microsoft's threat intelligence team has been conducting research on Nobleium and sharing it with the public. According to Microsoft, persistent attempts to breach the company are a sign that the threat actor has committed significant resources, coordination, and focus to the breach effort. 

As part of their espionage campaigns, Russian hackers have continued to hack into widely used tech companies in the years since the 2020 hack. US officials and private experts agree that this is indicative of their persistent, significant commitments to the breach. An official blog post that accompanied the SEC filing on Friday said that the hackers may have gathered an inventory of potential targets and are now planning to attack them, and may have enhanced their ability to do so by using the information they stole from Microsoft. 

Several high-profile cyberattacks have occurred against Microsoft due to its lax cybersecurity operations, including the compromise of Microsoft 365 (M365) cloud environment by Chinese threat actors Storm-0558, as well as a series of PrintNightmare vulnerabilities, ProxyShell bugs, two zero-day exchange server vulnerabilities known as ProxyNotShell that have been reported as well. 

Microsoft released the February Patch Tuesday update which addressed the admin-to-kernel exploit in the AppLocker driver that was disclosed by Avast six months after Microsoft accepted Avast's report about the exploit. The North Korean adversary Lazarus Group, which is known for exploiting the Windows kernel's read/write primitive to establish a read/write primitive on the operating system, used the vulnerability to install a rootkit on the system. The company replaced its long-time chief information security officer, Bret Arsenault, with Igor Tsyganskiy in December 2023 to alleviate security concerns.
Read more »
ICRC
Cyber Security Cyberwarfare Hacktivism Humanitarian law ICRC

ICRC issues new rules for hacktivists in war zones: What you need to know


How to be a responsible hacktivist in times of war

Hacktivism, the use of hacking skills for political or social causes, has become a common phenomenon in the digital age. Hacktivists can launch cyberattacks against governments, corporations, or other entities that they perceive as oppressive, corrupt, or unjust. However, hacktivism can also have unintended consequences, especially when it involves civilian hackers participating in armed conflicts.

The risks of patriotic hacking

Patriotic hacking is a form of hacktivism that aims to support one's country or group in a conflict. Patriotic hackers can target the enemy's websites, networks, or infrastructure, or they can leak sensitive information, spread propaganda, or disrupt communications. Patriotic hacking can be seen as a form of cyber warfare, but it is often done without the authorization or coordination of the official military or government.

This can pose serious risks for both the hackers and the victims. Hackers can expose themselves to legal prosecution, retaliation, or espionage from the enemy. They can also cause collateral damage to innocent bystanders, such as civilians, journalists, humanitarian workers, or neutral parties. Moreover, they can escalate the conflict or undermine the peace efforts by provoking the enemy or violating international law.

The rules of engagement for hacktivists

To address these risks and to protect civilians in cyberspace, the International Committee of the Red Cross (ICRC) has published a new set of rules of engagement for hacktivists involved in conflicts. The rules are based on the existing principles of humanitarian law, such as distinction, proportionality, necessity, and precaution. The rules aim to provide guidance and advice for hacktivists on how to conduct their activities in a responsible and ethical manner.

Some of the main rules are:

- Hacktivists should not target civilians or civilian objects, such as hospitals, schools, or media outlets.

- Hacktivists should not cause excessive harm or suffering to the enemy or to the environment.

- Hacktivists should respect the sovereignty and neutrality of other states and avoid interfering with their affairs.

- Hacktivists should not use malicious software or techniques that can spread uncontrollably or unpredictably.

- Hacktivists should not conceal their identity or impersonate others.

- Hacktivists should not cooperate with armed groups or state actors that violate humanitarian law.

The reactions of hacking groups

The ICRC's initiative has received mixed reactions from different hacking groups. Some groups have welcomed the rules and expressed their willingness to comply with them. They have recognized the importance of respecting human rights and international law in cyberspace. They have also appreciated the ICRC's recognition of hacktivism as a legitimate form of expression and activism.

However, some groups have rejected the rules and questioned their legitimacy and applicability. They have argued that the rules are unrealistic, impractical, or biased. They have also claimed that the rules are an attempt to restrict their freedom and autonomy. They have asserted that they will continue to hack according to their own principles and objectives.



Read more »
Ransomware
cyber attack Cyber Attacks Cyberwarfare Nation-State Attack NCSC NHS Ransomware

Russians Hackers May Have Breached NHS Trust With 2.5 Million Patients

 

Intelligence authorities are currently engaged in an investigation into a suspected cyber attack targeting a prominent NHS trust, which serves a vast patient population of 2.5 million individuals. This incident involves a notorious group specializing in ransomware attacks, who have asserted that they possess significant volumes of sensitive data extracted from Barts Health NHS Trust. 

The attackers have issued a deadline of Monday, after which they intend to publicly disclose the pilfered information. On Friday, a group known as BlackCat or ALPHV made a statement asserting that they have successfully breached the security of the targeted organization, gaining unauthorized access to sensitive employee information such as CVs and financial data, including credit card details. 

Additionally, they claimed to have obtained confidential documents pertaining to individuals' identities. The exact nature of the information involved in the incident remains uncertain, including whether it includes patient data or if the hacking group has effectively infiltrated the trust's systems. 

Nevertheless, the situation introduces the possibility that private data belonging to the extensive patient population of approximately 2.5 million individuals served by Barts Health NHS Trust may be exposed on the dark web. In response to these developments, the trust, which encompasses six hospitals and ten clinics in East London, expressed its immediate commitment to conducting a thorough investigation into the claims. 

BlackCat emerged onto the radar in 2021 and has gained a reputation as one of the most advanced malware operations to date. According to reports, the group responsible for BlackCat managed to infiltrate approximately 200 organizations during the period spanning November 2021 to September 2022. 

The gang's modus operandi involves employing various extortion techniques against their victims. These tactics include issuing individualized ransom demands, which encompass requests for decryption keys to unlock infected files, threats of publishing stolen data, and warnings of launching denial of service attacks. 

According to sources at The Telegraph, The National Cyber Security Centre (NCSC), which operates under the purview of GCHQ, is actively involved in the ongoing investigation. Ransomware attacks employ specialized software to either extract sensitive data from the victim or restrict their access to it. 

In certain instances, the attackers employ encryption techniques to lock the targeted files, subsequently demanding a ransom in exchange for providing the decryption key. In 2017, the NHS experienced a significant and widespread impact from the global "Wannacry" ransomware attack, resulting in a temporary halt of operations within the healthcare system. 

The severity of the situation necessitated the urgent transfer of critical patients from affected hospitals to alternative facilities. Notably, the hacking group did not make any mention of an encryption key in their communication. 

Experts in the field have put forward a hypothesis that this omission could potentially indicate that the gang has not encrypted the pilfered information. Instead, they might be employing a strategy commonly seen in such cases, aiming for a swift payment from the targeted organization. This tactic has become increasingly prevalent in recent times.
Read more »
Russia
cyber attack Cyber Attacks cyber potential threats Cyber-Intelligence Cyberwarfare NTC Vulkan Russia

Cyberwarfare Leaks Reveal Russia's Sweeping Efforts and Potential Targets

NTC Vulkan is a cybersecurity consultancy firm based in Moscow, which appears to offer ordinary cybersecurity services on the surface. However, a recent leak of confidential documents has revealed that the company's engineers are also involved in the development of advanced hacking and disinformation tools for the Russian military.
 
The leaked documents indicate that NTC Vulkan has been working with several Russian military and intelligence agencies including the FSB, GOU, GRU, and SVR to support cyber operations. 

In addition to this, one of the company's cyber-attack tools, Scan-V, has been linked to the notorious Sandworm hacking group. The tool searches for internet vulnerabilities and saves them for future use in cyber-attacks. 

Another system developed by NTC Vulkan, known as Amezit, is a comprehensive framework for controlling and monitoring the internet in regions under Russia's command. This system enables the spread of disinformation through the use of fake social media profiles, in addition to surveillance and monitoring of the internet. 

The third system developed by NTC Vulkan, Crystal-2V, is a training program for cyber operatives in the methods required to bring down rail, air, and sea infrastructure. The information processed and stored by the Crystal-2V system is deemed "Top Secret." 

It is a very unusual or rare incident, thousands of pages of secret documents dated from 2016 to 2021, have been revealed by an anonymous source, however, he approached the German newspaper Süddeutsche Zeitung just days after the Russian invasion of Ukraine began. The unknown source expressed anger over the Russian government's actions in Ukraine and the role played by NTC Vulkan in supporting those actions. 

 According to him, the GRU and FSB, two of Russia's most prominent intelligence agencies, were "hiding behind" NTC Vulkan. The individual also expressed a desire to make the information contained in the leaked documents public to raise awareness about the dangers posed by the company's activities and the Russian government's actions. 

The authenticity of the Vulkan files has been confirmed by five western intelligence agencies, while both the company and the Kremlin have remained silent on the matter. The leaked documents reveal emails, internal documents, project plans, budgets, and contracts that shed light on Russia's cyber warfare efforts in the midst of a violent conflict with Ukraine. 

It is unclear if the tools developed by Vulkan have been used for real-world attacks. However, it is known that Russian hackers have targeted Ukrainian computer networks repeatedly. The documents also suggest potential targets, including the USA and Switzerland. 

Nevertheless, advanced hacking and disinformation tools are being used by the Russian military and intelligence agencies. This raises significant concerns about the nature and scope of Russia's cyberwarfare capabilities.
Read more »
User Security
Chinese App Ban Cyber Security Cyberwarfare Data Privacy US Citizens User Security

Chinese-Designed Apps Pose Greater Privacy Risks to Americans

 

As the US Congress considers a ban on the Chinese social media app TikTok over security concerns, millions of Americans continue to download Chinese-designed apps that pose even greater privacy risks. Despite this, there has been no outcry from lawmakers or regulators about these apps.

Chinese apps have been growing in popularity in the US, with many of them collecting vast amounts of user data. Unlike TikTok, which has faced scrutiny over its data privacy practices, these apps have largely flown under the radar. 

One such app is WeChat, a messaging app that has become a popular way for Chinese-Americans to stay in touch with friends and family in China. WeChat has been accused of monitoring users’ conversations and sharing data with the Chinese government. 

Another app that has raised concerns is Zoom, a video-conferencing app that has seen a surge in popularity due to the COVID-19 pandemic. Zoom has been criticized for its lax security practices and for sharing user data with third-party companies. 

Despite these concerns, many Americans continue to use these apps without fully understanding the risks involved. This is partly due to a lack of awareness about the potential dangers of Chinese-designed apps, as well as a lack of viable alternatives.

While the US government has taken steps to restrict the use of Chinese technology in certain industries, such as telecommunications, it has yet to take action against Chinese-designed apps. This has left Americans vulnerable to potential privacy breaches and other security risks. 

In conclusion, the debate over TikTok has brought attention to the potential privacy risks posed by Chinese-designed apps. However, it is important for lawmakers and regulators to also consider the risks posed by other apps, and to take steps to protect American consumers from these risks.
Read more »
XDR Tools
AI tools Cyber Security Cyberwarfare IT Security XDR Tools

How ChatGPT May Act as a Copilot for Security Experts

 

Security teams have been left to make assumptions about how generative AI will affect the threat landscape since ChatGPT-4 was released this week. Although it is now widely known that GPT-3 may be used to create malware and ransomware code, GPT-4 is 571X more potent, which could result in a large increase in threats. 

While the long-term effects of generative AI are yet unknown, a new study presented today by cybersecurity company Sophos reveals that GPT-3 can be used by security teams to thwart cyberattacks. 

Younghoo Lee, the principal data scientist for Sophos AI, and other Sophos researchers used the large language models from GPT-3 to create a natural language query interface for looking for malicious activity across the telemetry of the XDR security tool, detecting spam emails, and examining potential covert "living off the land" binary command lines. 

In general, Sophos' research suggests that generative AI has a crucial role to play in processing security events in the SOC, allowing defenders to better manage their workloads and identify threats more quickly. 

Detecting illegal activity 

The statement comes as security teams increasingly struggle to handle the volume of warnings generated by tools throughout the network, with 70% of SOC teams indicating that their work managing IT threat alerts is emotionally affecting their personal lives. 

According to Sean Gallagher, senior threat researcher at Sophos, one of the rising issues within security operation centres is the sheer amount of 'noise' streaming in. Many businesses are dealing with scarce resources, and there are just too many notifications and detections to look through. Using tools like GPT-3, we've demonstrated that it's possible to streamline some labor-intensive proxies and give defenders back vital time. 

Utilising ChatGPT as a cybersecurity co-pilot 

In the study, researchers used a natural language query interface where a security analyst may screen the data gathered by security technologies for harmful activities by typing queries in plain text English. 

For instance, the user may input a command like "show me all processes that were named powershelgl.exe and run by the root user" and produce XDR-SQL queries from them without having to be aware of the underlying database structure. 

This method gives defenders the ability to filter data without the usage of programming languages like SQL and offers a "co-pilot" to ease the effort of manually looking for threat data.

“We are already working on incorporating some of the prototypes into our products, and we’ve made the results of our efforts available on our GitHub for those interested in testing GPT-3 in their own analysis environments,” Gallagher stated. “In the future, we believe that GPT-3 may very well become a standard co-pilot for security experts.” 

It's important to note that researchers also discovered GPT-3 to filter threat data to be significantly more effective than utilising other substitute machine learning models. This would probably be faster with the upcoming version of generative AI given the availability of GPT-4 and its greater processing capabilities. Although these pilots are still in their early stages, Sophos has published the findings of the spam filtering and command line analysis experiments on the SophosAI GitHub website for other businesses to adapt.
Read more »
User Security
AI AI Chatbot Cyber Security Cyberwarfare IoT devices Threat Intelligence User Security

Attacks are Being Outmanoeuvred by AI Cybersecurity in Novel Ways

 

These days, chatbots that use artificial intelligence (AI) are the hot topic. Yet, AI cybersecurity is one of the software program's most rapidly expanding functions. That's because real-time detection and defence against cyberattacks saves money for businesses, governments, and people alike. 

According to MarketsandMarkets Research, the global AI cybersecurity market is worth $22.2 billion this year. However by 2028, it's projected to grow to $60.6 billion. A 21.9 percent compound annual growth rate applies to that. 

An increase in cyberattacks 

Cybercrime affects 97 people or businesses every hour, the report by SurfShark reads. Due to this, 2,328 successful cyberattacks will be launched on the day you read this, causing millions of dollars in losses. 

According to Cybersecurity Ventures, those losses should rise by 15% annually. By 2028, it is anticipated that yearly losses will amount to $10.5 trillion. 

“If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China,” stated Steve Morgan, founder of Cybersecurity Ventures. 

Expanding AI cybersecurity response 

AI and its partner machine learning are the officers on the beat to stop this growing cybercrime wave (ML).

“AI is big data,” explains Mansour Khatib, CEO of GBT Technologies, Inc., Santa Monica, CA. “AI manages massive amounts of data to detect something that’s suspicious. It can stop an attack and, based on the data it has gathered, it can know the attack’s next move.” 

Global cyberattack data is continuously gathered by AI. ML can comprehend industrial and worldwide risks to thwart an attack using the knowledge gathered by AI. 

Flexibility in AI cybersecurity 

In theory, humans are capable of doing the same tasks as AI cybersecurity. People don't notice a system is under attack for a very long time, though. There have been numerous successful attacks on systems run by AI that went unnoticed for days. Cybersecurity in the past has its limitations. After malware is discovered, it is blacklisted and information is analysed on it. This approach might thwart attacks from that particular malware, but it cannot identify brand-new, original threats. 

In addition to being faster and more powerful, AI is also more adaptable than conventional cybersecurity techniques. An AI cybersecurity system uses ML to identify new attacks and attackers based on similarities to past ones, learn patterns, and identify correlations between patterns. In other words, AI may change as needed. 

Cybersecurity's future with IoT And AI

The use of physical devices that send and receive information via the internet is enabling an increase in global connectivity. The Internet of Things is therefore used to describe that. Cell phones, automobiles, thermostats, and even refrigerators are among examples.

Today's refrigerators can alert you when you run low on something or are out of it so you may replenish it, claims Khatib. The fridge can communicate with your smartphone or home assistant, such as Google Assist or Amazon, by sending messages via Wi-Fi. Cyber criminals have new ways to steal your financial and personal information as more objects are connected to the internet. 

It's possible that you own a smart bulb, Khatik speculates. This lightbulb transmits data to you via your router. By accessing the light bulb, someone may take control of your router. They might then access your computer and obtain a variety of information from there. 

Such attacks might be thwarted using AI cybersecurity. Can you afford it, though? Khatib responds, "Definitely. Protection for your house and personal devices is getting more affordable in today's society. An inexpensive PC with fingerprint recognition is available right now." 

According to CujoAl's analysis of 1.7 billion connected devices in North America between April 2021 and April 2022, almost half of them are unable to operate antivirus software. To secure all of the devices connected to a network, AI cybersecurity can be included into a router.
Read more »
Subscribe to: Posts (Atom)