Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Threat Landscape. Show all posts
Threat Landscape
AI bots Cyber Attacks Malicious Bots Online Traffic Threat Landscape

AI Bots Fuel 57% of Holiday Shopping Traffic, Study Finds

 

Radware's 2025 E-commerce Bot Threat Report reveals that automated bots generated 57% of online shopping website traffic during the 2024 holiday season, rather than human buyers. According to Radware's analytics, this is the first time non-DDoS generating bots have outperformed human shoppers in driving traffic to e-commerce websites. The company claims that this represents substantial shifts in the cybersecurity landscape for e-commerce providers and online retailers.

"Bad bots are no longer just based on simple scripts—they're sophisticated, AI-enhanced agents capable of outsmarting traditional defences. E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round," stated Ron Meyran, Vice President of Cyber Threat Intelligence at Radware. 

The report describes numerous important bot attack trends and real-world data collected during the 2024 online holiday shopping season. It also looks at the dispersed and multi-vector threats that e-commerce enterprises should be prepared to face in the coming year. According to the findings, AI-generated bots with human-like characteristics are becoming more common. Bad bots accounted for 31% of all internet traffic during the 2024 holiday season. 

Nearly 60% of this malicious traffic employed novel strategies to avoid traditional, signature-based detection systems. Tactics discovered include IP address and identity rotation, distributed attack patterns, the exploitation of CAPTCHA farm services, and other sophisticated anomalies. According to the study, addressing these risks requires reliable, AI-powered detection systems that prevent false positives while recognising attack trends. 

The report also highlights that attacks against mobile platforms have increased. The holiday seasons of 2023 and 2024 saw a 160% spike in malicious bot traffic directed at mobile devices. According to the study, this change in attacker focus necessitates security measures that are especially suited for mobile systems. These days, attackers use headless browsers with mobile user-agent strings, mobile emulators, and mobile-centric proxy services. 

Attacks against distributed network infrastructures and residential proxy networks have also increased. Between 2023 and 2024, the share of holiday assault traffic originating and blending with ISP networks climbed by 32%. This rise reflects attackers' increased use of residential proxy services to circumvent rate-limiting, geo-based, and IP-based blocking methods. According to Radware, this trend creates new mitigation challenges for security teams who lack comprehensive and multilayered defences.
Read more »
Threat Landscape
Critical Infrastructure Cyber Attacks Iran Nation-State Attack Threat Landscape

Iran Claims it Thwarted Sophisticated Cyberattack on its Infrastructure

 

Iran thwarted a “widespread and complex” cyberattack on Sunday that targeted the nation’s infrastructure, a senior official told Tasnim News Agency, which is affiliated with the Islamic Revolutionary Guard Corps. 

Behzad Akbari, the head of the government's Telecommunications Infrastructure Company (TIC), revealed the occurrence, which was not explained in detail. "One of the most widespread and complex cyber attacks against the country's infrastructure was identified and preventive measures were taken," Akbari noted. 

The cyber incident occurred a day after a huge explosion at Shahid Rajaei, the country's busiest commercial port, which killed at least 28 people and injured 800 more, according to police. The cause has not been determined. There is no indication that it was related to any cyber activity. 

Ambrey Intelligence, a maritime risk consultant, claims the explosion was caused by "improper handling of a shipment of solid fuel intended for use in Iranian ballistic missiles" imported from China, while Iran's defence ministry denies this. 

It comes amid ongoing talks between Iran and the United States over the Islamic Republic's contentious nuclear program, amid concerns that the nation will aim to enrich uranium to the point where it could build a nuclear bomb. Iran has had many noteworthy cyberattacks in recent years, including those against the country's fuel system in 2021 and a steel mill in June 2022, both claimed by a group calling itself Predatory Sparrow, which stated that its attacks were "carried out carefully to protect innocent individuals.” 

While the Predatory Sparrow group claims to be made up of dissidents, the attack on the steel mill appeared to be carried out with sophisticated operational planning to avoid casualties, raising the possibility that it was sponsored by a foreign state agency with a risk management process. Iranian officials blamed the United States and Israel for the 2021 cyberattack on Iran's gasoline systems, but provided no evidence. 

At the time, Gholamreza Jalali, the country's civil defence chief, told state television: "We are still unable to say forensically, but analytically, I believe it was carried out by the Zionist Regime, the Americans, and their agents.” 

Jalili claimed that the United States and Israel were responsible for a cyberattack on the Shahid Rajaei port authority's technological infrastructure in 2020, but he did not provide any evidence. The United States and Israel are thought to have worked on the Stuxnet worm, which was discovered in 2010 and was aimed to destroy Iran's nuclear program.
Read more »
US Citizens
Business Safety Cyber Security Online Security Threat Landscape US Citizens

Digital Danger Zone: America's Rising Cybersecurity Threats

 

A major firm being hacked, facing a cyber threat, or having critical digital data leaked seems to make headlines every day. Cyberattacks increased dramatically worldwide in the first quarter of 2025, with an average of 1,925 attacks per organisation per week. Compared to the same period in 2024, that is an astounding 47% increase. 

The personal information of hundreds of thousands of Americans has been made public by high-profile hacks at organisations like Ticketmaster, AT&T, and UnitedHealth. These kinds of attacks have turned cybersecurity from a technical issue to a national security and economic one. 

New cybercrime front lines 

With cyberattacks expected to skyrocket in 2025, many Americans are investigating what's driving this digital crime wave. One significant factor is our increasing reliance on the internet. As more people and organisations share personal and financial information online, fraudsters' targets have grown in size and profitability. 

The transition to remote employment has also provided new opportunities for attackers. Employees working from home, coffee shops, or communal spaces frequently use unprotected networks and personal devices that lack the security of a corporate IT system. 

Adding to the difficulty, fraudsters are increasingly using artificial intelligence to make their attacks faster, smarter, and more challenging to detect. AI-powered tools enable hackers to automate phishing emails, impersonate reputable websites, and even crack passwords at breakneck speed. As a result, traditional cybersecurity defences are unable to keep pace.

Infrastructure flaws

Cyberattacks are endangering not only private businesses, but also the systems that keep the government functioning. The US Department of Homeland Security has identified sixteen critical infrastructure sectors as crucial to national security, public health, and economic stability. These include energy, healthcare, water systems, financial services, and transportation, among others. 

A successful cyberattack on any of them might result in widespread disruptions, ranging from power outages to delayed emergency services. Ransomware assaults have recently targeted hospitals, oil pipelines, and even public transportation systems, indicating that these sectors are becoming increasingly vulnerable to both cybercriminals and state actors. 

One of the most high-profile incidents occurred in 2021, when a ransomware group targeted the Colonial Pipeline. The attack forced a temporary stoppage of the pipeline, resulting in fuel shortages and price increases across the Southeastern United States. Colonial later paid the hackers $4.4 million in cryptocurrencies to restore its servers. That attack, and others like it, have raised fears that essential utilities and infrastructure are still vulnerable to foreign intrusion. As cyberthreats advance, many experts fear that future attacks may have far larger and more severe consequences.

Remain cautious 

With AI making hacks easier than ever, it is critical to keep ahead of the curve. New legislation, such as updated data privacy laws and tougher cybersecurity regulations, can help safeguard both businesses and citizens from these emerging threats. Beyond legislation, public awareness is crucial. 

Americans should be aware of the most prevalent cybercrime strategies, such as phishing emails, deep fakes, and social engineering frauds. As AI-generated material gets more convincing, fraudulent actors have an easier time impersonating trusted sources or manipulating digital identities. 

Cybersecurity experts emphasise the importance of integrating digital literacy into ordinary education. Small efforts, such as multi-factor authentication and safe browsing practices, can help to reduce risk significantly. Staying vigilant in the age of AI-enhanced cybercrime is not just sensible, but also critical.
Read more »
Threat Landscape
AI Business Security Cyber Security Ransomware attack Threat Landscape

Explaining AI's Impact on Ransomware Attacks and Businesses Security

 

Ransomware has always been an evolving menace, as criminal outfits experiment with new techniques to terrorise their victims and gain maximum leverage while making extortion demands. Weaponized AI is the most recent addition to the armoury, allowing high-level groups to launch more sophisticated attacks but also opening the door for rookie hackers. The NCSC has cautioned that AI is fuelling the global threat posed by ransomware, and there has been a significant rise in AI-powered phishing attacks. 

Organisations are increasingly facing increasing threats from sophisticated assaults, such as polymorphic malware, which can mutate in real time to avoid detection, allowing organisations to strike with more precision and frequency. As AI continues to rewrite the rules of ransomware attacks, businesses that still rely on traditional defences are more vulnerable to the next generation of cyber attack. 

Ransomware accessible via AI 

Online criminals, like legal businesses, are discovering new methods to use AI tools, which makes ransomware attacks more accessible and scalable. By automating crucial attack procedures, fraudsters may launch faster, more sophisticated operations with less human intervention. 

Established and experienced criminal gangs gain from the ability to expand their operations. At the same time, because AI is lowering entrance barriers, folks with less technical expertise can now utilise ransomware as a service (RaaS) to undertake advanced attacks that would ordinarily be outside their pay grade. 

OpenAI, the company behind ChatGPT, stated that it has detected and blocked more than 20 fraudulent operations with its famous generative AI tool. This ranged from creating copy for targeted phishing operations to physically coding and debugging malware. 

FunkSec, a RaaS supplier, is a current example of how these tools are enhancing criminal groups' capabilities. The gang is reported to have only a few members, and its human-created code is rather simple, with a very low level of English. However, since its inception in late 2024, FunkSec has recorded over 80 victims in a single month, thanks to a variety of AI techniques that allow them to punch much beyond their weight. 

Investigations have revealed evidence of AI-generated code in the gang's ransomware, as well as web and ransom text that was obviously created by a Large Language Model (LLM). The team also developed a chatbot to assist with their operations using Miniapps, a generative AI platform. 

Mitigation tips against AI-driven ransomware 

With AI fuelling ransomware groups, organisations must evolve their defences to stay safe. Traditional security measures are no longer sufficient, and organisations must match their fast-moving attackers with their own adaptive, AI-driven methods to stay competitive. 

One critical step is to investigate how to combat AI with AI. Advanced AI-driven detection and response systems may analyse behavioural patterns in real time, identifying anomalies that traditional signature-based techniques may overlook. This is critical for fighting strategies like polymorphism, which have been expressly designed to circumvent standard detection technologies. Continuous network monitoring provides an additional layer of defence, detecting suspicious activity before ransomware can activate and propagate. 

Beyond detection, AI-powered solutions are critical for avoiding data exfiltration, as modern ransomware gangs almost always use data theft to squeeze their victims. According to our research, 94% of reported ransomware attacks in 2024 involved exfiltration, highlighting the importance of Anti Data Exfiltration (ADX) solutions as part of a layered security approach. Organisations can prevent extortion efforts by restricting unauthorised data transfers, leaving attackers with no choice but to move on.
Read more »
US Tariffs
Chinese Hacker Cyber Security Threat Landscape Trade War US Tariffs

US Tariffs May Lead to Chinese Cyberattacks in Retaliation, Experts Warn

 

As the trade battle between the United States and China heats up, some cybersecurity and policy experts fear Beijing could retaliate in cyberspace. Shortly after the US raised its tax on imported Chinese goods to 104 percent on Wednesday last week, China raised its duty on American imports to 84 percent.

"China urges the US to immediately correct its wrong practices, cancel all unilateral tariff measures against China, and properly resolve differences with China through equal dialogue on the basis of mutual respect," the Office of the Tariff Commission of the State Council noted in a statement. 

Citing a "lack of respect" from Beijing, US President Trump raised the China tariff yet again, this time by 125 percent. The government later "paused" punitive tariffs on numerous other countries, but maintained the 125 percent tax on China. White House press secretary Karoline Leavitt told reporters, "President Trump will strike back harder when you strike at the United States of America.” 

There is growing concern that President Xi Jinping may use his army of cyber-spies to support the People's Republic, even though this back and forth has the potential to ruin trade between the two countries, drive up consumer costs, or cut off supply completely. 

"China will retaliate with systemic cyber attacks as tensions simmer over," cybersecurity advisor Tom Kellermann stated. "The typhoon campaigns have given them a robust foothold within critical infrastructure that will be used to launch destructive attacks. Trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice.” 

The "typhoon campaigns" refer to a sequence of digital incursions supported by the Chinese government that were revealed last year. Among them are Volt Typhoon, which has been infiltrating America's vital infrastructure since at least 2023 and plotting destructive cyberattacks against those targets, and Salt Typhoon, an espionage team that gained access to at least nine US government and telecom networks. 

"To the extent that China is holding back on conducting certain types of cyberattacks, it may feel less restrained now," noted Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies.

"The intelligence community has assessed that China has conducted operational preparation of the battlefield to disrupt US critical infrastructure and cause societal panic, impede US government decision making, and degrade our ability to mobilize forces," Fixler added. 

In addition to spying, which is always going on, it is unclear what, if anything, Beijing-backed goons intend to do online to protest Trump's tariffs. However, financially motivated cybercriminals have already discovered ways to take advantage of people's misunderstanding of the constantly changing trade regulations.
Read more »
Threat Landscape
Cyber Warfare Online Security Russia-Ukraine War Technology Threat Landscape

The Rise of Cyber Warfare and Its Global Implications

 

In Western society, the likelihood of cyberattacks is arguably higher now than it has ever been. The National Cyber Security Centre (NCSC) advised UK organisations to strengthen their cyber security when Russia launched its attack on Ukraine in early 2022. In a similar vein, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about increased risks to US companies. 

There is no doubt that during times of global transition and turmoil, cyber security becomes a battlefield in its own right, with both state and non-state actors increasingly turning to cyber-attacks to gain an advantage in combat. Furthermore, as technology advances and an increasing number of devices connect to the internet, the scope and sophistication of cyber-attacks has grown significantly. 

Cyber warfare can take numerous forms, such as breaking into enemy state computer systems, spreading malware, and executing denial-of-service assaults. If a cyber threat infiltrates the right systems, entire towns and cities may be shut off from information, services, and infrastructure that have become fundamental to our way of life, such as electricity, online banking systems, and the internet. 

The European Union Agency for Network and Information Security (ENISA) believes that cyber warfare poses a substantial and growing threat to vital infrastructure. Its research on the "Threat Landscape for Foreign Information Manipulation Interference (FIMI)" states that key infrastructure, such as electricity and healthcare, is especially vulnerable to cyber-attacks during times of conflict or political tension.

In addition, cyber-attacks can disrupt banking systems, inflicting immediate economic loss and affecting individuals. According to the report, residents were a secondary target in more than half of the incidents analysed. Cyber-attacks are especially effective at manipulating public perceptions through, at the most basic level, inconvenience, to the most serious level, which could result in the loss of life. 

Risk to businesses 

War and military conflicts can foster a business environment susceptible to cyber-attacks, since enemies may seek to target firms or sectors deemed critical to a country's economy or infrastructure. They may also choose symbolic targets, like media outlets or high-profile businesses connected with a country. 

Furthermore, the use of cyber-attacks in war can produce a broad sense of instability and uncertainty, which can be exploited to exploit vulnerabilities in firms' cyber defences.

Cyber-attacks on a company's computer systems, networks, and servers can cause delays and shutdowns, resulting in direct loss of productivity and money. However, they can also harm reputation, prompt regulatory action (including the imposition of fines), and result in consumer loss. 

Prevention tips

To mitigate these risks, firms can take proactive actions to increase their cyber defences, such as self-critical auditing and third-party testing. Employees should also be trained to identify and respond to cyber risks. Furthermore, firms should conduct frequent security assessments to detect vulnerabilities and adopt mitigation techniques.
Read more »
Threat Landscape
Cyber Warfare Drone malware Russia-Ukraine War Threat Landscape

Russians Seize Malware-Infected Ukrainian Drones

 

Ukrainian forces are installing malware into their drones as a new tactic in their ongoing war with Russia. This development adds a cyber warfare layer to a battlefield that has already been impacted by drone technology, Forbes reported. 

Russian forces identified Ukrainian drones carrying malware, as evidenced by a video uploaded on social media. According to a Reddit thread that includes the video, this malware performs a variety of disruptive functions, including "burning out the USB port, preventing reflashing, or hijacking the repurposed FPV and revealing the operator location.” 

“This tactic highlights how Ukraine is leveraging its strong pre-war information technology sector to counter Russia’s advanced military technologies and strong defense industrial base,” states defense expert Vikram Mittal in his analysis. 

The malware serves several strategic objectives. It hinders Russian troops from analyzing seized Ukrainian drones to create countermeasures, prohibits them from repurposing captured technology, and may allow Ukrainian forces to track the whereabouts of Russian drone operators attempting to use captured devices.

“By embedding malware into their drones, Ukrainian developers have found a way to disrupt Russian counter-drone efforts without requiring additional physical resources, a critical advantage given Ukraine’s logistical constraints. This innovation could have broader implications for the war. If successful, Ukraine may begin integrating malware into other electronic systems to limit Russia’s ability to study or reuse them,” Mittal explains.

As drone warfare tactics continue to evolve, the report suggests that this trend would likely lead to a new technological competition between Russia and Ukraine. Ukraine's use of malware is expected to spark a new technological competition, similar to what is already happening with Ukrainian and Russian drone technology. 

In response, Russia is likely to deploy similar spyware on its drones and equipment, while both sides respond by establishing safety protocols and developing anti-virus software to combat the malware. In response, scientists on both sides will create increasingly powerful malware to circumvent these protections. This continuous cycle of assault and defence will add a new dimension to the fight for drone supremacy.
Read more »
Zero-day Flaw
Malicious Files nation-state hackers Threat Landscape Vulnerabilities and Exploits Zero-day Flaw

Windows Shortcut Vulnerability Exploited by 11 State-Sponsored Outfits

 

Since 2017, at least 11 state-sponsored threat groups have actively exploited a Microsoft zero-day issue that allows for abuse of Windows shortcut files to steal data and commit cyber espionage against organisations across multiple industries. 

Threat analysts from Trend Micro's Trend Zero Day Initiative (ZDI) discovered roughly 1,000 malicious.lnk files that exploited the flaw, known as ZDI-CAN-25373, which allowed cyber criminals to execute concealed malicious commands on a victim's PC via customised shortcut files.

“By exploiting this vulnerability, an attacker can prepare a malicious .lnk file for delivery to a victim,” researchers at Trend Micro noted. “Upon examining the file using the Windows-provided user interface, the victim will not be able to tell that the file contains any malicious content.”

The malicious files delivered by cybercriminals include a variety of payloads, including the Lumma infostealer and the Remcos remote access Trojan (RAT), which expose organisations to data theft and cyber espionage. 

State-sponsored outfits from North Korea, Iran, Russia, and China, as well as non-state actors, are among those behind the flaw attacks, which have affected organisations in the government, financial, telecommunications, military, and energy sectors across North America, Europe, Asia, South America, and Australia. 

Additionally, 45% of attacks were carried out by North Korean players, with Iran, Russia, and China each accounting for approximately 18%. Some of the groups listed as attackers are Evil Corp, Kimsuky, Bitter, and Mustang Panda, among others.

According to Trend Micro, Microsoft has not fixed the flaw despite receiving a proof-of-concept exploit through Trend ZDI's bug bounty program. Trend Micro did not react to a follow-up request for comment on their flaw detection and submission timeline.

Microsoft's position remains that it will not be fixing the vulnerability described by Trend Micro at this time because it "does not meet the bar for immediate servicing under our severity classification guidelines," though the company "will consider addressing it in a future feature release," according to an email from a Microsoft spokesperson.

Meanwhile, Microsoft Defender can detect and block threat behaviour, as detailed by Trend Micro, and Microsoft's Windows Smart App Control prevents malicious files from being downloaded from the internet. Furthermore, Windows recognises shortcut (.lnk) files as potentially malicious file types, and the system will automatically display a warning if a user attempts to download one.
Read more »
Subscribe to: Posts (Atom)