Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Threat Landscape. Show all posts
UK Retailer
American Stores Business Security Cyber Attacks Threat Landscape UK Retailer

Google Claims Attackers That Hit UK Firms Now Targeting American Stores

 

Hackers responsible for a series of destructive, financially driven assaults on some of the United Kingdom's leading retailers are now targeting major American firms, Google noted earlier this week. 

“Major American retailers have already been targeted,” John Hultquist, the chief analyst for Google’s Threat Intelligence Group, told NBC News.

In recent weeks, cyberattacks have targeted at least three major British retailers. Marks & Spencer had to pause online orders for several weeks. Hackers contacted the BBC and presented evidence of "huge amounts of customer and employee data" stolen from the Co-op Group. The third, Harrods, blocked certain internet access at store locations, although the spokesperson told NBC News that there is no proof that consumer data was stolen.

Hultquist declined to identify specific American retailers the hackers may be targeting. The National Retail Federation, which represents thousands of firms such as Walmart and Target, acknowledged the threat. 

"U.S.-based retailers are aware of the threats posed by cybercriminal groups that have recently attacked several major retailers in the United Kingdom, and many companies have taken steps to harden themselves against these criminal groups’ tactics over the past two years,” Christian Beckner, the NRF's vice president of retail technology and cybersecurity stated. 

Google, one of the world's top tech firms, supplies cloud storage, networking, and security measures to some of the world's largest retailers, providing it significant insight into how hackers operate. It's unclear whether the hackers targeted retail organisations for technical reasons, such as a vulnerability in a standard industry software program.

In recent years, for-profit hackers have demonstrated their ability to get access to major firms' computer systems and profit by holding data and entire networks for ransom. The hacking effort in the United Kingdom is strikingly similar to the one that caused parts of some Las Vegas casinos to close in 2023.

As a result, MGM Resorts, the owners of the Bellagio and Mandalay Bay, closed some casino floors, preventing customers from accessing their rooms via keycards. The same hackers broke into Caesars Entertainment, but unlike MGM, Caesars paid the hackers immediately and did not endure extensive service disruptions.

That hacking campaign was noteworthy as it was the first time a Russian-speaking cyber crime cell and a group of young, mostly English-speaking hackers had worked together to effectively access high-level corporate accounts. According to Hultquist, the same loosely related group that initially granted access to the British businesses is now targeting those in the United States. It appears to have largely avoided high-profile targets in the interim. 

The casinos, as well as the Co-op Group and Marks & Spencer, were infected with ransomware, which is a type of malicious software that hackers use to lock down critical systems and steal sensitive data. They then demand money for either not using the information or for assistance in making the computer systems usable again.
Read more »
WormGPT
Cyber Security Evil AI RSA Conference Threat Landscape WormGPT

Threat Analysts Reveal How "Evil AI" is Changing Hacking Dynamics

 

A new wave of AI tools developed with no ethical restrictions is allowing hackers to detect and exploit software vulnerabilities faster than ever before. As these "evil AI" platforms advance quickly, cybersecurity experts fear that traditional defences will fail to keep up.

Earlier this week at the annual RSA Conference in San Francisco, a crowded room at Moscone Centre assembled for what was touted as a technical investigation of artificial intelligence's involvement in contemporary hacking.

The event, conducted by Sherri Davidoff and Matt Durrin of LMG Security, promised more than just theory; it would include a rare, live demonstration of so-called "evil AI" in operation, a topic that has quickly progressed from cyberpunk fiction to real-world concerns.

The CEO and founder of LMG Security, Davidoff, opened with a sobering reminder of the constant threat posed by software flaws. According to PCWorld senior editor Alaina Yee, Durrin, the company's Director of Training and Research, swiftly changed the tone. He popularised the idea of "evil AI"—artificial intelligence tools created without moral boundaries that can spot and take advantage of software vulnerabilities before defences can respond.

"What if hackers utilise their malevolent AI tools, which lack safeguards, to detect vulnerabilities before we have the opportunity to address them?" Durrin asked the audience, previewing the unsettling demonstrations to come. 

The team's attempts to acquire one of these rogue AIs, such as GhostGPT and DevilGPT, frequently resulted in irritation or discomfort. Finally, their persistence paid off when they discovered WormGPT, a tool mentioned in a Brian Krebs piece, for $50 via Telegram channels.

As Durrin explained, WormGPT is effectively ChatGPT without the ethical constraints. It will respond to every question, regardless of how harmful or illegal the request. However, the presenters emphasised that the main concern is not the tool's presence, but rather its capabilities. 

The LMG Security team began by running an older version of WormGPT through DotProject, an open-source project management platform. The AI accurately discovered a SQL vulnerability and offered a simple exploit, but it failed to construct a viable assault, most likely due to its inability to parse the entire codebase.

A revised version of WormGPT was then entrusted with investigating the famed Log4j issue. This time, the AI not only discovered the issue, but also gave enough information that, as Davidoff noted, "an intermediate hacker" could utilise it to craft an exploit. 

The true surprise came with the most recent iteration: WormGPT provided step-by-step instructions, complete with code specific to the test server, and those instructions worked beautifully.

To test the restrictions further, the team created a susceptible Magento e-commerce platform. WormGPT discovered a complicated two-part exploit that was undetected by popular security products such as SonarQube and ChatGPT itself. During the live demonstration, the rogue AI provided a full hacking guide unprompted and with alarming speed. As the discussion came to a close, Davidoff remarked on the rapid progress of malicious AI tools.
Read more »
Threat Landscape
AI bots Cyber Attacks Malicious Bots Online Traffic Threat Landscape

AI Bots Fuel 57% of Holiday Shopping Traffic, Study Finds

 

Radware's 2025 E-commerce Bot Threat Report reveals that automated bots generated 57% of online shopping website traffic during the 2024 holiday season, rather than human buyers. According to Radware's analytics, this is the first time non-DDoS generating bots have outperformed human shoppers in driving traffic to e-commerce websites. The company claims that this represents substantial shifts in the cybersecurity landscape for e-commerce providers and online retailers.

"Bad bots are no longer just based on simple scripts—they're sophisticated, AI-enhanced agents capable of outsmarting traditional defences. E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round," stated Ron Meyran, Vice President of Cyber Threat Intelligence at Radware. 

The report describes numerous important bot attack trends and real-world data collected during the 2024 online holiday shopping season. It also looks at the dispersed and multi-vector threats that e-commerce enterprises should be prepared to face in the coming year. According to the findings, AI-generated bots with human-like characteristics are becoming more common. Bad bots accounted for 31% of all internet traffic during the 2024 holiday season. 

Nearly 60% of this malicious traffic employed novel strategies to avoid traditional, signature-based detection systems. Tactics discovered include IP address and identity rotation, distributed attack patterns, the exploitation of CAPTCHA farm services, and other sophisticated anomalies. According to the study, addressing these risks requires reliable, AI-powered detection systems that prevent false positives while recognising attack trends. 

The report also highlights that attacks against mobile platforms have increased. The holiday seasons of 2023 and 2024 saw a 160% spike in malicious bot traffic directed at mobile devices. According to the study, this change in attacker focus necessitates security measures that are especially suited for mobile systems. These days, attackers use headless browsers with mobile user-agent strings, mobile emulators, and mobile-centric proxy services. 

Attacks against distributed network infrastructures and residential proxy networks have also increased. Between 2023 and 2024, the share of holiday assault traffic originating and blending with ISP networks climbed by 32%. This rise reflects attackers' increased use of residential proxy services to circumvent rate-limiting, geo-based, and IP-based blocking methods. According to Radware, this trend creates new mitigation challenges for security teams who lack comprehensive and multilayered defences.
Read more »
Threat Landscape
Critical Infrastructure Cyber Attacks Iran Nation-State Attack Threat Landscape

Iran Claims it Thwarted Sophisticated Cyberattack on its Infrastructure

 

Iran thwarted a “widespread and complex” cyberattack on Sunday that targeted the nation’s infrastructure, a senior official told Tasnim News Agency, which is affiliated with the Islamic Revolutionary Guard Corps. 

Behzad Akbari, the head of the government's Telecommunications Infrastructure Company (TIC), revealed the occurrence, which was not explained in detail. "One of the most widespread and complex cyber attacks against the country's infrastructure was identified and preventive measures were taken," Akbari noted. 

The cyber incident occurred a day after a huge explosion at Shahid Rajaei, the country's busiest commercial port, which killed at least 28 people and injured 800 more, according to police. The cause has not been determined. There is no indication that it was related to any cyber activity. 

Ambrey Intelligence, a maritime risk consultant, claims the explosion was caused by "improper handling of a shipment of solid fuel intended for use in Iranian ballistic missiles" imported from China, while Iran's defence ministry denies this. 

It comes amid ongoing talks between Iran and the United States over the Islamic Republic's contentious nuclear program, amid concerns that the nation will aim to enrich uranium to the point where it could build a nuclear bomb. Iran has had many noteworthy cyberattacks in recent years, including those against the country's fuel system in 2021 and a steel mill in June 2022, both claimed by a group calling itself Predatory Sparrow, which stated that its attacks were "carried out carefully to protect innocent individuals.” 

While the Predatory Sparrow group claims to be made up of dissidents, the attack on the steel mill appeared to be carried out with sophisticated operational planning to avoid casualties, raising the possibility that it was sponsored by a foreign state agency with a risk management process. Iranian officials blamed the United States and Israel for the 2021 cyberattack on Iran's gasoline systems, but provided no evidence. 

At the time, Gholamreza Jalali, the country's civil defence chief, told state television: "We are still unable to say forensically, but analytically, I believe it was carried out by the Zionist Regime, the Americans, and their agents.” 

Jalili claimed that the United States and Israel were responsible for a cyberattack on the Shahid Rajaei port authority's technological infrastructure in 2020, but he did not provide any evidence. The United States and Israel are thought to have worked on the Stuxnet worm, which was discovered in 2010 and was aimed to destroy Iran's nuclear program.
Read more »
US Citizens
Business Safety Cyber Security Online Security Threat Landscape US Citizens

Digital Danger Zone: America's Rising Cybersecurity Threats

 

A major firm being hacked, facing a cyber threat, or having critical digital data leaked seems to make headlines every day. Cyberattacks increased dramatically worldwide in the first quarter of 2025, with an average of 1,925 attacks per organisation per week. Compared to the same period in 2024, that is an astounding 47% increase. 

The personal information of hundreds of thousands of Americans has been made public by high-profile hacks at organisations like Ticketmaster, AT&T, and UnitedHealth. These kinds of attacks have turned cybersecurity from a technical issue to a national security and economic one. 

New cybercrime front lines 

With cyberattacks expected to skyrocket in 2025, many Americans are investigating what's driving this digital crime wave. One significant factor is our increasing reliance on the internet. As more people and organisations share personal and financial information online, fraudsters' targets have grown in size and profitability. 

The transition to remote employment has also provided new opportunities for attackers. Employees working from home, coffee shops, or communal spaces frequently use unprotected networks and personal devices that lack the security of a corporate IT system. 

Adding to the difficulty, fraudsters are increasingly using artificial intelligence to make their attacks faster, smarter, and more challenging to detect. AI-powered tools enable hackers to automate phishing emails, impersonate reputable websites, and even crack passwords at breakneck speed. As a result, traditional cybersecurity defences are unable to keep pace.

Infrastructure flaws

Cyberattacks are endangering not only private businesses, but also the systems that keep the government functioning. The US Department of Homeland Security has identified sixteen critical infrastructure sectors as crucial to national security, public health, and economic stability. These include energy, healthcare, water systems, financial services, and transportation, among others. 

A successful cyberattack on any of them might result in widespread disruptions, ranging from power outages to delayed emergency services. Ransomware assaults have recently targeted hospitals, oil pipelines, and even public transportation systems, indicating that these sectors are becoming increasingly vulnerable to both cybercriminals and state actors. 

One of the most high-profile incidents occurred in 2021, when a ransomware group targeted the Colonial Pipeline. The attack forced a temporary stoppage of the pipeline, resulting in fuel shortages and price increases across the Southeastern United States. Colonial later paid the hackers $4.4 million in cryptocurrencies to restore its servers. That attack, and others like it, have raised fears that essential utilities and infrastructure are still vulnerable to foreign intrusion. As cyberthreats advance, many experts fear that future attacks may have far larger and more severe consequences.

Remain cautious 

With AI making hacks easier than ever, it is critical to keep ahead of the curve. New legislation, such as updated data privacy laws and tougher cybersecurity regulations, can help safeguard both businesses and citizens from these emerging threats. Beyond legislation, public awareness is crucial. 

Americans should be aware of the most prevalent cybercrime strategies, such as phishing emails, deep fakes, and social engineering frauds. As AI-generated material gets more convincing, fraudulent actors have an easier time impersonating trusted sources or manipulating digital identities. 

Cybersecurity experts emphasise the importance of integrating digital literacy into ordinary education. Small efforts, such as multi-factor authentication and safe browsing practices, can help to reduce risk significantly. Staying vigilant in the age of AI-enhanced cybercrime is not just sensible, but also critical.
Read more »
Threat Landscape
AI Business Security Cyber Security Ransomware attack Threat Landscape

Explaining AI's Impact on Ransomware Attacks and Businesses Security

 

Ransomware has always been an evolving menace, as criminal outfits experiment with new techniques to terrorise their victims and gain maximum leverage while making extortion demands. Weaponized AI is the most recent addition to the armoury, allowing high-level groups to launch more sophisticated attacks but also opening the door for rookie hackers. The NCSC has cautioned that AI is fuelling the global threat posed by ransomware, and there has been a significant rise in AI-powered phishing attacks. 

Organisations are increasingly facing increasing threats from sophisticated assaults, such as polymorphic malware, which can mutate in real time to avoid detection, allowing organisations to strike with more precision and frequency. As AI continues to rewrite the rules of ransomware attacks, businesses that still rely on traditional defences are more vulnerable to the next generation of cyber attack. 

Ransomware accessible via AI 

Online criminals, like legal businesses, are discovering new methods to use AI tools, which makes ransomware attacks more accessible and scalable. By automating crucial attack procedures, fraudsters may launch faster, more sophisticated operations with less human intervention. 

Established and experienced criminal gangs gain from the ability to expand their operations. At the same time, because AI is lowering entrance barriers, folks with less technical expertise can now utilise ransomware as a service (RaaS) to undertake advanced attacks that would ordinarily be outside their pay grade. 

OpenAI, the company behind ChatGPT, stated that it has detected and blocked more than 20 fraudulent operations with its famous generative AI tool. This ranged from creating copy for targeted phishing operations to physically coding and debugging malware. 

FunkSec, a RaaS supplier, is a current example of how these tools are enhancing criminal groups' capabilities. The gang is reported to have only a few members, and its human-created code is rather simple, with a very low level of English. However, since its inception in late 2024, FunkSec has recorded over 80 victims in a single month, thanks to a variety of AI techniques that allow them to punch much beyond their weight. 

Investigations have revealed evidence of AI-generated code in the gang's ransomware, as well as web and ransom text that was obviously created by a Large Language Model (LLM). The team also developed a chatbot to assist with their operations using Miniapps, a generative AI platform. 

Mitigation tips against AI-driven ransomware 

With AI fuelling ransomware groups, organisations must evolve their defences to stay safe. Traditional security measures are no longer sufficient, and organisations must match their fast-moving attackers with their own adaptive, AI-driven methods to stay competitive. 

One critical step is to investigate how to combat AI with AI. Advanced AI-driven detection and response systems may analyse behavioural patterns in real time, identifying anomalies that traditional signature-based techniques may overlook. This is critical for fighting strategies like polymorphism, which have been expressly designed to circumvent standard detection technologies. Continuous network monitoring provides an additional layer of defence, detecting suspicious activity before ransomware can activate and propagate. 

Beyond detection, AI-powered solutions are critical for avoiding data exfiltration, as modern ransomware gangs almost always use data theft to squeeze their victims. According to our research, 94% of reported ransomware attacks in 2024 involved exfiltration, highlighting the importance of Anti Data Exfiltration (ADX) solutions as part of a layered security approach. Organisations can prevent extortion efforts by restricting unauthorised data transfers, leaving attackers with no choice but to move on.
Read more »
US Tariffs
Chinese Hacker Cyber Security Threat Landscape Trade War US Tariffs

US Tariffs May Lead to Chinese Cyberattacks in Retaliation, Experts Warn

 

As the trade battle between the United States and China heats up, some cybersecurity and policy experts fear Beijing could retaliate in cyberspace. Shortly after the US raised its tax on imported Chinese goods to 104 percent on Wednesday last week, China raised its duty on American imports to 84 percent.

"China urges the US to immediately correct its wrong practices, cancel all unilateral tariff measures against China, and properly resolve differences with China through equal dialogue on the basis of mutual respect," the Office of the Tariff Commission of the State Council noted in a statement. 

Citing a "lack of respect" from Beijing, US President Trump raised the China tariff yet again, this time by 125 percent. The government later "paused" punitive tariffs on numerous other countries, but maintained the 125 percent tax on China. White House press secretary Karoline Leavitt told reporters, "President Trump will strike back harder when you strike at the United States of America.” 

There is growing concern that President Xi Jinping may use his army of cyber-spies to support the People's Republic, even though this back and forth has the potential to ruin trade between the two countries, drive up consumer costs, or cut off supply completely. 

"China will retaliate with systemic cyber attacks as tensions simmer over," cybersecurity advisor Tom Kellermann stated. "The typhoon campaigns have given them a robust foothold within critical infrastructure that will be used to launch destructive attacks. Trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice.” 

The "typhoon campaigns" refer to a sequence of digital incursions supported by the Chinese government that were revealed last year. Among them are Volt Typhoon, which has been infiltrating America's vital infrastructure since at least 2023 and plotting destructive cyberattacks against those targets, and Salt Typhoon, an espionage team that gained access to at least nine US government and telecom networks. 

"To the extent that China is holding back on conducting certain types of cyberattacks, it may feel less restrained now," noted Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies.

"The intelligence community has assessed that China has conducted operational preparation of the battlefield to disrupt US critical infrastructure and cause societal panic, impede US government decision making, and degrade our ability to mobilize forces," Fixler added. 

In addition to spying, which is always going on, it is unclear what, if anything, Beijing-backed goons intend to do online to protest Trump's tariffs. However, financially motivated cybercriminals have already discovered ways to take advantage of people's misunderstanding of the constantly changing trade regulations.
Read more »
Threat Landscape
Cyber Warfare Online Security Russia-Ukraine War Technology Threat Landscape

The Rise of Cyber Warfare and Its Global Implications

 

In Western society, the likelihood of cyberattacks is arguably higher now than it has ever been. The National Cyber Security Centre (NCSC) advised UK organisations to strengthen their cyber security when Russia launched its attack on Ukraine in early 2022. In a similar vein, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about increased risks to US companies. 

There is no doubt that during times of global transition and turmoil, cyber security becomes a battlefield in its own right, with both state and non-state actors increasingly turning to cyber-attacks to gain an advantage in combat. Furthermore, as technology advances and an increasing number of devices connect to the internet, the scope and sophistication of cyber-attacks has grown significantly. 

Cyber warfare can take numerous forms, such as breaking into enemy state computer systems, spreading malware, and executing denial-of-service assaults. If a cyber threat infiltrates the right systems, entire towns and cities may be shut off from information, services, and infrastructure that have become fundamental to our way of life, such as electricity, online banking systems, and the internet. 

The European Union Agency for Network and Information Security (ENISA) believes that cyber warfare poses a substantial and growing threat to vital infrastructure. Its research on the "Threat Landscape for Foreign Information Manipulation Interference (FIMI)" states that key infrastructure, such as electricity and healthcare, is especially vulnerable to cyber-attacks during times of conflict or political tension.

In addition, cyber-attacks can disrupt banking systems, inflicting immediate economic loss and affecting individuals. According to the report, residents were a secondary target in more than half of the incidents analysed. Cyber-attacks are especially effective at manipulating public perceptions through, at the most basic level, inconvenience, to the most serious level, which could result in the loss of life. 

Risk to businesses 

War and military conflicts can foster a business environment susceptible to cyber-attacks, since enemies may seek to target firms or sectors deemed critical to a country's economy or infrastructure. They may also choose symbolic targets, like media outlets or high-profile businesses connected with a country. 

Furthermore, the use of cyber-attacks in war can produce a broad sense of instability and uncertainty, which can be exploited to exploit vulnerabilities in firms' cyber defences.

Cyber-attacks on a company's computer systems, networks, and servers can cause delays and shutdowns, resulting in direct loss of productivity and money. However, they can also harm reputation, prompt regulatory action (including the imposition of fines), and result in consumer loss. 

Prevention tips

To mitigate these risks, firms can take proactive actions to increase their cyber defences, such as self-critical auditing and third-party testing. Employees should also be trained to identify and respond to cyber risks. Furthermore, firms should conduct frequent security assessments to detect vulnerabilities and adopt mitigation techniques.
Read more »
Subscribe to: Posts (Atom)