Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Nation-State Attacks. Show all posts
Nation-State Attacks
CISOs Cyber Attacks Cyber Awareness cyber resilience Cyber Threats Cybersecurity CyberWar Digital Defense Identity Security Nation-State Attacks

The Silent Guardians Powering the Frontlines of Cybersecurity

 


There is no doubt that a world increasingly defined by invisible battles and silent warriors has led to a shift from trenches to terminals on which modern warfare is now being waged. As a result, cyberwarfare is no longer a distant, abstract threat; now it is a tangible, relentless struggle with real-world consequences.

Power grids fail, hospitals go dark, and global markets tremble as a result of unseen attacks. It is at this point that a unique breed of defenders stands at the centre of this new conflict: cyber professionals who safeguard the fragile line between digital order and chaos. The official trailer for Semperis Midnight in the War Room, an upcoming documentary about the hidden costs of cyber conflict, has been released, bringing this hidden war to sharp focus. 

Semperis is a provider of AI-powered identity security and cyber resilience. It has an extraordinary lineup of voices – including Chris Inglis, the first U.S. National Cyber Director; General (Ret.) David Petraeus, the former Director of the CIA; Jen Easterly, former Director of the CISA; Marcus Hutchins, one of the WannaCry heroes; and Professor Mary Aiken, a globally recognised cyber psychologist – all of whom are highly respected for their expertise in cybersecurity. 

The film examines the high-stakes battle between attackers, defenders, and reformed hackers who have now taken the risk of exploiting for themselves. As part of this documentary, leading figures from the fields of cybersecurity and national defence gather together in order to present an unprecedented view of the digital battlefield. 

Using their insights into cyber conflicts, Midnight in the War Room explores the increasing threat that cybercrime poses to international relations as well as corporate survival today. A film that sheds light on the crucial role of chief information security officers (CISOs), which consists of who serve as the frontlines of protecting critical infrastructure - from power grids to financial networks - against state-sponsored and criminal cyber threats, is a must-see. 

It is the work of more than fifty international experts, including cyber journalists, intelligence veterans, and reformed hackers, who provide perspectives which demonstrate the ingenuity and exhaustion that those fighting constant digital attacks have in the face. Even though the biggest threat lies not only with the sophistication of adversaries but with complacency itself, Chris Inglis argues that global resilience is an urgent issue at the moment. 

It has been reported that Semperis' Chief Marketing Officer and Executive Producer, Thomas LeDuc, views the project as one of the first of its kind to capture the courage and pressure experienced by defenders. The film is richly enriched by contributions from Professor Mary Aiken, Heath Adams, Marene Allison, Kirsta Arndt, Grace Cassy and several former chief information security officers, such as Anne Coulombe and Simon Hodgkinson, and it provides a sweeping and deeply human perspective on modern cyber warfare. 

With its powerful narrative, Midnight in the War Room explores the human side of cyberwarfare—a struggle that is rarely acknowledged but is marked by courage, resilience and sacrifice in a way that is rarely depicted. A film about those defending the world's most vital systems is a look at the psychological and emotional toll they endure, in which trust is continually at risk and a moment of complacency can trigger devastating consequences. 

The film explores the psychological and emotional tolls endured by those defending those systems. During his remarks at Semperis, Vice President for Asia Pacific and Japan, Mr Sillars, points out that cyber threats do not recognise any borders, and the Asia Pacific region is at the forefront of this digital conflict as a result of cyber threats. 

During the presentation, he emphasises that the documentary seeks to highlight the common challenges cybersecurity professionals face worldwide, as well as to foster collaboration within critical sectors to build identity-driven resilience. As the Chief Marketing Officer at Semperis and Executive Producer, LeDuc describes the project as one of the most ambitious in cybersecurity history—bringing together top intelligence leaders, chief information security officers, journalists, victims and reformed hackers as part of a rare collaborative narrative.

In the film, Cyber Defenders' lives are portrayed through their own experiences as well as the relentless pressure and unwavering resolve they face every day. Among the prominent experts interviewed for the documentary are Marene Allison, former Chief Information Security Officer of Johnson & Johnson; Grace Cassy, co-founder of CyLon; Heather M. Costa, Director of Technology Resilience at the Mayo Clinic; Simon Hodgkinson, former Chief Information Security Officer of BHP; and David Schwed, former Chief Information Security Officer of Robinhood. 

Among those on the panel are Richard Staunton, Founder of IT-Harvest, BBC Cyber Correspondent Joe Tidy, as well as Jesse McGraw, a former hacktivist who has turned his expertise towards safeguarding the internet, known as Ghost Exodus. As Jen Easterly, former Chief Information Security Officer of the U.S. Department of Homeland Security (CISA), points out, defeating malicious cyberattacks requires more than advanced technology—it demands the human mind's ingenuity and curiosity to overcome them. 

A global collaboration was exemplified through the production of this documentary, which was filmed in North America and Europe by cybersecurity and professional organisations, including the CyberRisk Alliance, Cyber Future Foundation, Institute for Critical Infrastructure Technology, (ISC)2 Eastern Massachusetts Chapter, Michigan Council of Women in Technology, and Women in CyberSecurity (WiCyS) Delaware Valley Chapter. 

As part of these partnerships, private screenings, expert discussions, and public outreach will be conducted in order to increase public awareness and cooperation regarding building digital resilience. By providing an insight into the human narratives that underpin cybersecurity, Midnight in the War Room hopes to give a deeper understanding of the modern battlefield and to inspire a collective awareness in the safeguarding of society's systems. 

There is something special about Midnight in the War Room, both as a wake-up call and as a tribute - a cinematic reflection of those who stand up to the threats people face in today's digital age. The film focuses on cyber conflict and invites governments, organisations, and individuals to recognise the importance of cybersecurity not just as a technical problem, but as a responsibility that people all share. 

In light of the continuous evolution of threats, people need stronger international collaborations, investments in identity security, and the development of psychological resilience among those on the front lines to help combat these threats. Semperis' initiative illustrates the power of storytelling to bridge the gap between awareness and action, transforming technical discourse into a powerful narrative that inspires vigilance, empathy, and unity among the community.

Providing a critical insight into the human aspect behind the machines, Midnight in the War Room reinforces a fundamental truth: that is, cybersecurity is not just about defending data, but also about protecting the people, systems, and values that make modern society what it is today.
Read more »
Ransomware
AI threats Cyber defense Cybersecurity Microsoft report Nation-State Attacks public-private cooperation Ransomware

Microsoft Warns of 600 Million Daily Cyberattacks and Sophisticated Nation-State Tactics

 

A new security report from Microsoft reveals a complex and evolving cyber landscape where cutting-edge technologies, state-sponsored activities, and organized crime are converging, posing unprecedented challenges. To combat these threats, a united global effort is more critical than ever.

According to Microsoft's 2024 Digital Defense Report, over 600 million cyberattacks by criminals and nation-states take place daily, targeting individuals, businesses, and governments worldwide.

A key finding of the 110-page report is the increasing sophistication of cyber threats. Both criminal organizations and state-sponsored actors are leveraging advanced technologies, including generative AI, to enhance their attacks. This technological evolution has made cyber defenses more difficult to maintain.

One of the report’s most concerning observations is the growing collaboration between cybercrime syndicates and nation-state groups. These partnerships are leading to the sharing of tools and techniques, further blurring the lines between criminal and government-backed cyber operations and creating more diverse and effective attack methods.

State-sponsored actors, particularly, are ramping up their cyber activities, motivated by goals ranging from financial gain to intelligence collection, with a strong focus on military targets. For example, Russian threat actors have outsourced parts of their cyber-espionage campaigns to criminal groups, targeting at least 50 Ukrainian military devices with malware. Meanwhile, Iranian actors have combined ransomware attacks with influence operations, and North Korean groups are developing new ransomware variants like FakePenny, aimed at aerospace and defense industries. Chinese cyber efforts remain consistent, continuing to target Taiwan and Southeast Asia.

With the U.S. presidential election approaching, the report raises concerns about foreign interference. Although the public conversation around this issue has quieted since 2020, Russia, Iran, and China are exploiting geopolitical tensions to undermine trust in democratic systems. Other hotspots for cyber activity include countries involved in military conflicts or regional disputes, such as Israel, Ukraine, the UAE, and Taiwan.

Microsoft stresses that addressing these growing threats requires collaboration between the public and private sectors, as well as advancements in policy and cybersecurity practices. Enhanced multi-factor authentication, attack surface reduction, and stronger protections for cloud infrastructure are increasingly essential as the cyber threat landscape continues to evolve.
Read more »
threat report
cyber espionage Cyber Security Cyber Warfare Nation-State Attacks threat report

Microsoft Warns of Rise in Global Cyberespionage Operations

 

Government-sponsored cyberespionage campaigns and data operations are on the rise, and not just as a result of hacker spies deployed by typical suspects Russia and China.

So warns Microsoft in its annual Digital Defence Report, which evaluates nation-state and criminal behaviour recorded from July 2022 to June 2023. 

Ransomware attacks naturally draw attention due to their visible and immediate impact, but governments are doubling down on stealthy cyberespionage operations behind the scenes. 

"Nation states are becoming increasingly sophisticated and aggressive in their cyberespionage efforts, led by highly capable Chinese actors focused on the Asia-Pacific region in particular," Tom Burt, Microsoft's corporate vice president for customer security and trust, stated in an introduction to the report. 

Based on Microsoft's report, the US was the subject of the most cyberattacks last year, followed by Israel and Ukraine. It witnessed an increase in activity last spring that targeted Western organisations, of which 46% were based in NATO states, particularly the U.S., the United Kingdom, and Poland. 

The United States' intelligence agencies have frequently warned that Russia, China, Iran, and North Korea pose the greatest internet risks to national security and allies. According to Microsoft, the scale and sophistication of activities linked to each of those countries continues to improve, and their efforts to steal information and alter narratives target both adversaries and allies. 

"Russian intelligence agencies have refocused their cyberattacks on espionage activity in support of their war against Ukraine, while continuing destructive cyberattacks in Ukraine and broader espionage efforts," Burt wrote in a blog post. 

China is still a significant player, concentrating particularly on gathering intelligence - particularly from U.S. defence and vital sectors, as well as Taiwan and even its own partners - and conducting influence operations, Microsoft reported.

Beijing additionally "deploys a vast network of coordinated accounts across dozens of platforms to spread covert propaganda" that targets Chinese speakers worldwide and occasionally spreads anti-American narratives, the report further reads. The nation's influence operations also emphasise "promoting a positive image of China through hundreds of multilingual lifestyle influencers."

There is ample evidence that Russia is using cyberespionage more frequently. Western intelligence authorities continue to issue warnings that the real scope of such operations is still unknown because they are intended to be stealthy and at times highly targeted. Long-term attacks might not be seen right away. 

The White House blamed the Russian Foreign Intelligence Service, or SVR, for the SolarWinds supply chain attack, which involved the injection of a Trojan into the Orion software updater. It's possible that the effort started in September 2019, but it wasn't discovered until December 2020, giving the SVR months to secure covert access to a number of extremely sensitive systems. 

Microsoft reports that nominal allies attack one another while conducting cyber operations and acquiring intelligence. Despite the meeting between Russian President Vladimir Putin and North Korean hereditary dictator Kim Jong Un last month, Pyongyang continues to carry out Moscow-centered espionage activities, with a particular emphasis on "nuclear energy, defence, and government policy intelligence collection." 

The threat from criminal groups continues to rise in addition to the risk from nation-state organisations. "Ransomware‐as‐ a-service and phishing-as-a-service are key threats to businesses, and cybercriminals have conducted business email compromise and other cybercrimes, largely undeterred by the increasing commitment of global law enforcement resources," Burt added.
Read more »
Nation-State Attacks
AI Attacks business risks Cyber Security Machine learning Nation-State Attacks

How to Shield Businesses from State-Sponsored AI Attacks

 

In cybersecurity, artificial intelligence is becoming more and more significant, both for good and bad. The most recent AI-based tools can help organizations better identify threats and safeguard their systems and data resources. However, hackers can also employ the technology to carry out more complex attacks. 

Hackers have a big advantage over most businesses because they can innovate more quickly than even the most productive enterprise, they can hire talent to develop new malware and test attack techniques, and they can use AI to change attack strategies in real time. 

The market for AI-based security products has also helped malicious hackers to target businesses frequently. According to a report published in July 2022 by Acumen Research and Consulting, the global market had a value of $14.9 billion in 2021 and was expected to grow to $133.8 billion by 2030.

Nation-states and hackers: A lethal combination 

Weaponized AI attacks are inevitable, according to 88% of CISOs and security executives, and for good reason. A recent Gartner survey showed that only 24% of cybersecurity teams are fully equipped to handle an AI-related attack. Nation-states and hackers are aware that many businesses are understaffed and lack the knowledge and resources necessary to defend against such attacks in the form of AI and machine learning. Only 1% of 53,760 cybersecurity applicants in Q3 2022 had AI skills. 

Major corporations are aware of the cybersecurity skills shortage and are working to address it. Microsoft, for example, is currently running a campaign to assist community colleges in expanding the industry's workforce. 

The ability of businesses to recruit and keep cybersecurity experts with AI and ML skills contrasts sharply with how quickly nation-state actors and cybercriminal gangs are expanding their AI and ML teams. According to the New York Times, the Department 121 cyberwarfare unit of the elite Reconnaissance General Bureau of the North Korean Army has about 6,800 members total, including 1,700 hackers spread across seven different units and 5,100 technical support staff. 

According to South Korea's spy agency, North Korea's elite team stole an estimated $1.2 billion in cryptocurrency and other virtual assets over the last five years, with more than half of it stolen this year alone. Since June 2022, North Korea has also weaponized open-source software in its social engineering campaigns aimed at businesses all over the world. 

North Korea's active AI and ML recruitment and training programs aim to develop new techniques and technologies that weaponize AI and ML in order to fund the country's nuclear weapons programs. 

In a recent Economist Intelligence Unit (EIU) survey, nearly half of respondents (48.9%) named AI and machine learning as emerging technologies that would be most effective in countering nation-state cyberattacks on private organizations. 

Cybercriminal gangs pursue their enterprise targets with the same zeal as the North Korean Army's Department 121. Automated phishing email campaigns, malware distribution, AI-powered bots that continuously scan an enterprise's endpoints for vulnerabilities and unprotected servers, credit card fraud, insurance fraud, and generating deepfake identities are all current tools, techniques, and technologies in cybercriminal gangs' AI and ML arsenals. 

Hackers and nation-states are increasingly using this tactic to target the flaws in AI and ML models built to detect and prevent breach attempts. One of the methods used to lessen the effectiveness of AI models created to predict and prevent data exfiltration, malware delivery, and other things is data poisoning. 

How to safeguard your AI 

What can the company do to safeguard itself? The three essential actions to take right away, in the opinion of Great Learning's Akriti Galav and SEO expert Saket Gupta, are: 

  • Maintain the most stringent security procedures possible throughout the entire data environment. 
  • Make sure an audit trail is created with a log of every record related to every AI operation. 
  • Implement reliable authentication and access control. 

Additionally, businesses should pursue longer-term strategic objectives, such as creating a data protection policy specifically for AI training, educating their staff about the dangers of AI and how to spot flawed results, and continuing to operate a dynamic, forward-looking risk assessment mechanism.

No digital system, no matter how intelligent, can be 100% secure. The enterprise needs to update its security policies to reflect this new reality now rather than waiting until the damage is done because the risks associated with compromised AI are more subtle but no less serious than those associated with traditional platforms.
Read more »
trojan ShadowPad
China China Cyber Security Cyber Attacks Cyber Threats India Nation-State Attacks State Sponsored Hackers trojan ShadowPad

Chinese Hackers Targeted Indian State Power Grid

 

Chinese state-sponsored malicious actors launched “probing cyberattacks” on Indian electricity distribution centers near Ladakh thrice since December 2021. On Wednesday a report by private intelligence firm Recorded Future confirmed the attack. 

The hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area contested by the two nuclear neighbors, the report added. This attack came to light while the military standoff between the two countries in the region had already deteriorated the relationship. However, the government sources affirmed that the attacks were not successful. 

''In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh," the group said. 

The hackers employed the trojan ShadowPad, which the experts claimed has been developed by contractors for China's Ministry of State Security, thereby concluding  that it was a state-sponsored hacking effort. 

"In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group," Recorded Future said.
Read more »
United Kingdom
Cyber Attacks IT system Nation-State Attacks United Kingdom

Attack on UK's Defence Academy Compelled a Rebuild of the IT System

 

According to a former senior officer, a probable nation-state attack on the UK's primary defense training facility last year compelled the academy to replace its IT infrastructure. Air Marshal Edward Stringer recently retired as the director-general of joint force development and the UK Defence Academy. 

Every year, the academy teaches roughly 30,000 UK armed forces personnel, as well as civil officials and military personnel from foreign countries. However, it was caught off guard by a cyber-attack in March of last year, which had "significant" operational ramifications, according to Stringer. 

IT team had to find backup ways to use regular internet, etc, to keep the courses running, which they did - but not as smoothly as before, to be fair, added Stringer.

He claimed he didn't know whether the hackers were criminals or a hostile state, but his main concern was whether the hackers sought to use the Defence Academy as a "backdoor" into much more secret portions of the MOD's IT systems. When asked if the cyberspies were effective, Air Marshal Stringer replied, "No, I was quite confident, that there hadn't been any other breaches beyond the Defence Academy." 

Despite the fact that no important information is believed to have been stolen, teaching was disrupted when courses were shifted online owing to the pandemic. “It doesn’t look like a violent attack, but there were costs. There were costs to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” Stringer said. “What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are no bodies in the streets, but there’s still been some damage done.” 

The MOD's digital branch launched an inquiry into the cyber-attack, but no findings - such as who was behind it - have been made public. The incident was also reported to the National Cyber Security Centre, a part of GCHQ. 

That rebuilding looks to be ongoing, with a note on the present Defence Academy website stating: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.” 

Serco, an outsourcing contractor, is purportedly in charge of the academy's IT systems, including website maintenance. While China, Russia, and other adversaries would surely have been motivated to undertake an attack, Stringer stopped short of attributing it to state-sponsored operatives.
Read more »
User Security
Breach Notification Data Breach Exploits Nation-State Attacks User Data User Privacy User Security

Republican Governors Association Targeted in Microsoft Exchange Server Attacks

 

The Republican Governors Association was one of many U.S. organizations attacked in March when a nation-state group exploited vulnerabilities in Microsoft Exchange email servers, according to a breach notification letter filed with the Maine attorney general's office this week.  

For companies worldwide, the situation became a cause of concern; nearly 500 persons linked with the RGA's personal information might have been exposed due to the assault. According to the organization's attorney, personal information includes social security numbers. 

The RGA was notified of the breach on March 10, eight days after Microsoft made the campaign public. At this time, it's highly uncertain who is to blame for the breach and what happened to the data compromised. 

Microsoft exchange server attack’s fallout: 

This incident is the latest fallout to arise from the massive breach of the Microsoft Exchange Server earlier this year. The breach was connected to hacker organizations supported by the Chinese government. A computer exploit made the vulnerabilities public, allowing opportunistic fraudsters to launch a large-scale attack. 

According to the RGA, on February 28, hackers hacked into “a small portion of [its] email work environment". It went on to say that it only discovered the hacking campaign on March 10, eight days after Microsoft made a public announcement about it. 

The RGA's spokesman declined to elaborate on specifics of the breach, such as about the offenders and the damage. It further said it was “unable to determine what personal information, if any, was impacted as a result of the incident.”

The US skeptical of China's role in the Microsoft hack

After the cyberattack, the RGA stated it upgraded its Microsoft software. China was blamed by the US government for its participation in the Microsoft Exchange attack in July. As a response, the United Kingdom and the European Union-backed the United States' condemnation of China. 

Four Chinese nationals were also charged with criminal charges by the US Department of Justice. 

As per security experts, tens of thousands of US state and local companies were using vulnerable software at the height of the Exchange Server attack. However, many companies were able to safeguard themselves by installing a software update. 

The US National Security Council has gathered numerous times since the event, urging corporations to amp up their cyber defenses. Businesses in countries other than the United States were also affected by the attack. This includes Europe, where the European Union's financial authority, the Norwegian parliament, and two German government bodies have all been attacked. 

In accordance with the country's cybersecurity body, it also affected a considerable number of companies in Australia.

Precautionary Measures: 

The Republican Governors Association states that since the assault was identified in March, it has implemented the Microsoft updates for the vulnerable versions of its on-premises Exchange server. According to the letter, law enforcement and other organizations have also been alerted. 

The credit monitoring services are also being given to the approximately 500 persons impacted by the assault. 

"Out of an abundance of caution, RGA is also offering you two years of complimentary credit monitoring and identity restoration services with Experian." 

"RGA has also notified the Federal Bureau of Investigation, certain state regulators, and the consumer reporting agencies of this incident as required."
Read more »
Subscribe to: Comments (Atom)