Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label organisations. Show all posts
Technology
Asia Cloud Services Cybersecurity Data protection data sovereignty Europe Geopolitical Cyber Risk Government organisations Technology

Geopolitical Conflict Is Increasing the Risk of Cyber Disruption




Cybersecurity is increasingly shaped by global politics. Armed conflicts, economic sanctions, trade restrictions, and competition over advanced technologies are pushing countries to use digital operations as tools of state power. Cyber activity allows governments to disrupt rivals quietly, without deploying traditional military force, making it an attractive option during periods of heightened tension.

This development has raised serious concerns about infrastructure safety. A large share of technology leaders fear that advanced cyber capabilities developed by governments could escalate into wider cyber conflict. If that happens, systems that support everyday life, such as electricity, water supply, and transport networks, are expected to face the greatest exposure.

Recent events have shown how damaging infrastructure failures can be. A widespread power outage across parts of the Iberian Peninsula was not caused by a cyber incident, but it demonstrated how quickly modern societies are affected when essential services fail. Similar disruptions caused deliberately through cyber means could have even more severe consequences.

There have also been rare public references to cyber tools being used during political or military operations. In one instance, U.S. leadership suggested that cyber capabilities were involved in disrupting electricity in Caracas during an operation targeting Venezuela’s leadership. Such actions raise concerns because disabling utilities affects civilians as much as strategic targets.

Across Europe, multiple incidents have reinforced these fears. Security agencies have reported attempts to interfere with energy infrastructure, including dams and national power grids. In one case, unauthorized control of a water facility allowed water to flow unchecked for several hours before detection. In another, a country narrowly avoided a major blackout after suspicious activity targeted its electricity network. Analysts often view these incidents against the backdrop of Europe’s political and military support for Ukraine, which has been followed by increased tension with Moscow and a rise in hybrid tactics, including cyber activity and disinformation.

Experts remain uncertain about the readiness of smart infrastructure to withstand complex cyber operations. Past attacks on power grids, particularly in Eastern Europe, are frequently cited as warnings. Those incidents showed how coordinated intrusions could interrupt electricity for millions of people within a short period.

Beyond physical systems, the information space has also become a battleground. Disinformation campaigns are evolving rapidly, with artificial intelligence enabling the fast creation of convincing false images and videos. During politically sensitive moments, misleading content can spread online within hours, shaping public perception before facts are confirmed.

Such tactics are used by states, political groups, and other actors to influence opinion, create confusion, and deepen social divisions. From Eastern Europe to East Asia, information manipulation has become a routine feature of modern conflict.

In Iran, ongoing protests have been accompanied by tighter control over internet access. Authorities have restricted connectivity and filtered traffic, limiting access to independent information. While official channels remain active, these measures create conditions where manipulated narratives can circulate more easily. Reports of satellite internet shutdowns were later contradicted by evidence that some services remained available.

Different countries engage in cyber activity in distinct ways. Russia is frequently associated with ransomware ecosystems, though direct state involvement is difficult to prove. Iran has used cyber operations alongside political pressure, targeting institutions and infrastructure. North Korea combines cyber espionage with financially motivated attacks, including cryptocurrency theft. China is most often linked to long-term intelligence gathering and access to sensitive data rather than immediate disruption.

As these threats manifest into serious matters of concern, cybersecurity is increasingly viewed as an issue of national control. Governments and organizations are reassessing reliance on foreign technology and cloud services due to legal, data protection, and supply chain concerns. This shift is already influencing infrastructure decisions and is expected to play a central role in security planning as global instability continues into 2026.

Read more »
organisations
Atroposia DNS Hijacking Hacking malware Malware Trojan organisations

Atroposia Malware Offers Attackers Built-In Tools to Spy, Steal, and Scan Systems

 




Cybersecurity researchers have recently discovered a new malware platform known as Atroposia, which is being promoted on dark web forums as a subscription-based hacking toolkit. The platform offers cybercriminals a remote access trojan (RAT) that can secretly control computers, steal sensitive data, and even scan the infected system for security flaws, all for a monthly payment.

Researchers from Varonis, a data protection firm, explained that Atroposia is the latest example of a growing trend where ready-to-use malware services make advanced hacking tools affordable and accessible, even to attackers with little technical expertise.


How Atroposia Works

Atroposia operates as a modular program, meaning its users can turn individual features on or off depending on what they want to achieve. Once installed on a device, it connects back to the attacker’s command-and-control (C2) server using encrypted communication, making it difficult for defenders to detect its activity.

The malware can also bypass User Account Control (UAC), a security layer in Windows designed to prevent unauthorized changes, allowing it to gain full system privileges and remain active in the background.

Those who purchase access, reportedly priced at around $200 per month unlock a wide set of tools. These include the ability to open a hidden remote desktop, steal files, exfiltrate data, capture copied text, harvest credentials, and even interfere with internet settings through DNS hijacking.

One of the most distinctive parts of Atroposia is its HRDP Connect module, which secretly creates a secondary desktop session. Through this, attackers can explore a victim’s computer, read emails, open apps, or view documents without the user noticing anything unusual. Because the interaction happens invisibly, traditional monitoring systems often fail to recognize it as remote access.

The malware also provides an Explorer-style file manager, which lets attackers browse, copy, or delete files remotely. It includes a “grabber” feature that can search for specific file types or keywords, automatically compress the selected items into password-protected ZIP archives, and transmit them directly from memory leaving little trace on the device.


Theft and Manipulation Features

Atroposia’s data-theft tools are extensive. Its stealer module targets saved logins from browsers, chat records, and even cryptocurrency wallets. A clipboard monitor records everything a user copies, such as passwords, private keys, or wallet addresses, storing them in an easily accessible list for the attacker.

The RAT also uses DNS hijacking at the local machine level. This technique silently redirects web traffic to malicious sites controlled by the attacker, making it possible to trick victims into entering credentials on fake websites, download malware updates, or expose their data through man-in-the-middle attacks.


A Built-In Vulnerability Scanner

Unlike typical RATs, Atroposia comes with a local vulnerability scanner that automatically checks the system for weak spots, such as missing security patches, outdated software, or unsafe configurations. It generates a score to show which issues are easiest to exploit.

Researchers have warned that this function poses a major threat to corporate networks, since it can reveal unpatched VPN clients or privilege escalation flaws that allow attackers to deepen their access or spread across connected systems.

Security experts view Atroposia as part of a larger movement in the cybercrime ecosystem. Services like SpamGPT and MatrixPDF have already shown how subscription-based hacking tools lower the technical barrier for attackers. Atroposia extends that trend by bundling reconnaissance, exploitation, and data theft into one easy-to-use toolkit.


How Users Can Stay Protected

Analysts recommend taking preventive steps to reduce exposure to such threats.

Users should:

• Keep all software and operating systems updated.

• Download programs only from verified and official sources.

• Avoid pirated or torrent-based software.

• Be cautious of unfamiliar commands or links found online.

Companies are also urged to monitor for signs such as hidden desktop sessions, unusual DNS modifications, and data being sent directly from memory, as these can indicate the presence of sophisticated RATs like Atroposia.

Atroposia’s discovery highlights the growing ease with which advanced hacking tools are becoming available. What once required high-level expertise can now be rented online, posing a serious challenge to both individual users and large organizations trying to protect their digital environments.



Read more »
Software
Businesses Cyber Attacks Finance Healthcare Online Safety organisations Software

Don’t Wait for a Cyberattack to Find Out You’re Not Ready

 



In today’s digital age, any company that uses the internet is at risk of being targeted by cybercriminals. While outdated software and unpatched systems are often blamed for these risks, a less obvious but equally serious problem is the false belief that buying security tools automatically means a company is well-protected.

Many businesses think they’re cyber resilient simply because they’ve invested in security tools or passed an audit. But overconfidence without real testing can create blind spots leaving companies exposed to attacks that could lead to data loss, financial damage, or reputational harm.


Confidence vs. Reality

Recent years have seen a rise in cyberattacks, especially in sectors like finance, healthcare, and manufacturing. These industries are prime targets because they handle valuable and sensitive information. A report by Bain & Company found that while 43% of business leaders felt confident in their cybersecurity efforts, only 24% were actually following industry best practices.

Why this mismatch? It often comes down to outdated evaluation methods, overreliance on tools, poor communication between technical teams and leadership, and a natural human tendency to feel “safe” once something has been checked off a list.


Warning Signs of Overconfidence

Here are five red flags that a company may be overestimating its cybersecurity readiness:

1. No Real-World Testing - If an organization has never run a simulated attack, like a red team exercise or breach test, it may not know where its weaknesses are.

2. Rare or Outdated Risk Reviews - Cyber risks change constantly. Companies that rely on yearly or outdated assessments may be missing new threats.

3. Mistaking Compliance for Security - Following regulations is important, but it doesn’t mean a system is secure. Compliance is only a baseline.

4. No Stress Test for Recovery Plans - Businesses need to test their recovery strategies under pressure. If these plans haven’t been tested, they may fail when it matters most.

5. Thinking Cybersecurity Is Only an IT Job - True resilience requires coordination across departments. If only IT is involved, the response to an incident will likely be incomplete.


Building Stronger Defenses

To improve cyber resilience, companies should:

• Test and monitor security systems regularly, not just once.

• Train employees to recognize threats like phishing, which remains a common cause of breaches.

• Link cybersecurity to overall business planning, so that recovery strategies are realistic and fast.

• Work with outside experts when needed to identify hidden vulnerabilities and improve defenses.


If a company hasn’t tested its cybersecurity defenses in the past six months, it likely isn’t as prepared as it thinks. Confidence alone won’t stop a cyberattack but real testing and ongoing improvement can.

Read more »
RansomHub
cyber attack Data Halliburton organisations RansomHub

Halliburton Hit by Cyberattack, Data Stolen


 

Halliburton, one of the world’s largest energy companies, has confirmed that it was the victim of a cyberattack. Hackers infiltrated the company’s systems and stole sensitive information. The attack occurred last week, and Halliburton is still determining the extent of the data that was taken.

In a recent filing with government regulators, Halliburton acknowledged the breach but has yet to disclose the full details of what was stolen. The company is currently investigating the incident and deciding what legal notifications are required. In response to the attack, Halliburton took certain systems offline as a precaution and is working to restore normal operations, especially for its oil and fracking businesses. 

When approached for additional comments, company spokesperson Amina Rivera declined to elaborate further, stating that Halliburton would not provide more information beyond what was mentioned in its official filing.

Although Halliburton has not officially confirmed it, there are signs that the cyberattack may have been part of a ransomware campaign. TechCrunch obtained a ransom note related to the incident, which claims that hackers encrypted Halliburton’s files and stole sensitive data. A group known as RansomHub is believed to be behind the attack. This gang is notorious for carrying out similar cyberattacks, using stolen data as leverage to demand ransom payments. 

RansomHub typically publishes stolen files on its dark web platform when victims refuse to pay. So far, Halliburton has not been listed as one of RansomHub’s victims, but this could change if negotiations fail. RansomHub has been responsible for over 210 attacks since its rise to prominence earlier this year, and it has targeted other large organisations, including Change Healthcare.

Halliburton, with around 48,000 employees spread across various countries, is a major player in the global energy industry. In the past, the company gained notoriety due to its role in the Deepwater Horizon oil spill disaster in 2010, for which it paid over $1 billion in fines.

The recent cyberattack is expected to have financial repercussions for the company, though the exact costs are yet to be determined. In 2023, Halliburton reported $23 billion in revenue, with CEO Jeff Miller earning $19 million in total compensation. Halliburton has noted that it will continue to bear costs related to the cyberattack as they work on restoring systems and resolving the situation.

As the investigation unfolds, much of Halliburton’s online services remain down, and the company is assessing the full impact of the breach. Halliburton has been tight-lipped about its cybersecurity efforts, declining to provide information on who is currently overseeing their response.

This attack is a reminder of how large corporations remain vulnerable to cyber threats. Halliburton's situation underscores the importance of investing in strong cybersecurity measures to safeguard sensitive data and avoid disruptions in critical operations. The company will likely provide more updates as it works to recover from this breach.


Read more »
Subscribe to: Comments (Atom)