Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Ransomwares
acronis AI cyberattacks AI technology Cyber Defenses Cyber Security Cybersecurity Threats Indian Cyber Security Malwares Phishing Attacks Ransomwares

India Most Targeted by Malware as AI Drives Surge in Ransomware and Phishing Attacks

 

India has become the world’s most-targeted nation for malware, according to the latest report by cybersecurity firm Acronis, which highlights how artificial intelligence is fueling a sharp increase in ransomware and phishing activity. The findings come from the company’s biannual threat landscape analysis, compiled by the Acronis Threat Research Unit (TRU) and its global network of sensors tracking over one million Windows endpoints between January and June 2025. 

The report indicates that India accounted for 12.4 percent of all monitored attacks, placing it ahead of every other nation. Analysts attribute this trend to the rising sophistication of AI-powered cyberattacks, particularly phishing campaigns and impersonation attempts that are increasingly difficult to detect. With Windows systems still dominating business environments compared to macOS or Linux, the operating system remained the primary target for threat actors. 

Ransomware continues to be the most damaging threat to medium and large businesses worldwide, with newer criminal groups adopting AI to automate attacks and enhance efficiency. Phishing was found to be a leading driver of compromise, making up 25 percent of all detected threats and over 52 percent of those aimed at managed service providers, marking a 22 percent increase compared to the first half of 2024. 

Commenting on the findings, Rajesh Chhabra, General Manager for India and South Asia at Acronis, noted that India’s rapidly expanding digital economy has widened its attack surface significantly. He emphasized that as attackers leverage AI to scale operations, Indian enterprises—especially those in manufacturing and infrastructure—must prioritize AI-ready cybersecurity frameworks. He further explained that organizations need to move away from reactive security approaches and embrace behavior-driven models that can anticipate and adapt to evolving threats. 

The report also points to collaboration platforms as a growing entry point for attackers. Phishing attempts on services like Microsoft Teams and Slack spiked dramatically, rising from nine percent to 30.5 percent in the first half of 2025. Similarly, advanced email-based threats such as spoofed messages and payload-less attacks increased from nine percent to 24.5 percent, underscoring the urgent requirement for adaptive defenses. 

Acronis recommends that businesses adopt a multi-layered protection strategy to counter these risks. This includes deploying behavior-based threat detection systems, conducting regular audits of third-party applications, enhancing cloud and email security solutions, and reinforcing employee awareness through continuous training on social engineering and phishing tactics. 

The findings make clear that India’s digital growth is running parallel to escalating cyber risks. As artificial intelligence accelerates the capabilities of malicious actors, enterprises will need to proactively invest in advanced defenses to safeguard critical systems and sensitive data.
Read more »
phishing cyber attack
.desktop file abuse Advanced Persistent Threat APT36 hackers cyber espionage India Linux malware phishing cyber attack

APT36 Exploits Linux .desktop Files for Espionage Malware in Ongoing Cyber Attacks

 


The Pakistani threat group APT36 has launched new cyber-espionage attacks targeting India’s government and defense sectors by abusing Linux .desktop files to deploy malware.

According to recent reports from CYFIRMA and CloudSEK, the campaign—first detected on August 1, 2025—is still active. Researchers highlight that this activity focuses on data theft, long-term surveillance, and persistent backdoor access. Notably, APT36 has a history of using .desktop files in espionage operations across South Asia.
Abuse of Linux Desktop Files

Victims receive phishing emails containing ZIP archives with a disguised .desktop file masquerading as a PDF. Once opened, the file triggers a hidden bash command that fetches a hex-encoded payload from an attacker-controlled server or Google Drive, writes it into /tmp/, makes it executable with chmod +x, and launches it in the background.

To avoid suspicion, the malware also opens Firefox to display a decoy PDF hosted online. Attackers manipulated fields like Terminal=false to hide terminal windows and X-GNOME-Autostart-enabled=true for persistence at every login.

While .desktop files are typically harmless text-based launchers defining icons and commands, APT36 weaponized them as malware droppers and persistence mechanisms—a method similar to how Windows LNK shortcuts are exploited.

The dropped malware is a Go-based ELF executable with espionage capabilities. Despite obfuscation, researchers confirmed it can:
  • Remain hidden,
  • Achieve persistence via cron jobs and systemd services,
  • Establish C2 communication through a bi-directional WebSocket channel for remote command execution and data exfiltration.
Both cybersecurity firms conclude that APT36 is evolving its tactics, becoming increasingly evasive, stealthy, and sophisticated, making detection on Linux environments difficult since .desktop abuse is rarely monitored by security tools.
Read more »
Vulnerabilities and Exploits
Business Security Dell ControlVault RevaUlt SOC Platform Vulnerabilities and Exploits

ReVault Flaws Expose Dell ControlVault3 Hardware to Persistent Attacks

 

RevaUlt, a company marketing itself on advanced endpoint protection and next-generation SOC capabilities, recently suffered a severe security breach. The attackers penetrated its internal environment, exploiting vulnerabilities in the architecture used for their supposed secure SOC platform. 

The compromise was discovered after suspicious activity was detected both within the RevaUlt corporate network and among several client deployments, suggesting a supply chain dimension to the attack as well. 

Attack mechanics

The attackers leveraged persistence techniques and privilege escalation to move laterally through RevaUlt's infrastructure, ultimately acquiring administrative access to sensitive SOC data. The breach included the exfiltration of client logs, incident reports, and in some cases, authentication secrets used by RevaUlt for remote management of client environments.

Attackers used sophisticated anti-forensic measures to delay detection, making full remediation more challenging and indicating a high level of attacker maturity. 

Impact on clients and the industry 

This compromise not only undermined RevaUlt’s internal systems but also exposed multiple organizations relying on its SOC services to potential intrusion and sensitive data leakage. As a result, clients had to initiate emergency incident response procedures, rotate credentials, and validate the integrity of their log data and detection mechanisms. 

The breach underscores the inherent risks of outsourcing critical security operations to third-party SOC providers, especially when those providers lack sufficient internal controls or operational transparency. 

Lessons and industry response 

The incident has prompted a wave of scrutiny regarding trust in managed SOC platforms and the challenges of ensuring supply chain security within cybersecurity itself. 

Experts urge organizations to tighten their vendor evaluation processes, demand greater transparency, and implement layered monitoring—even on services provided by so-called “secure” vendors. The breach serves as a cautionary tale that no security solution is immune to compromise and that shared vigilance and robust incident response remain paramount for cyber resilience. 

Additionally, recommended mitigations include applying Dell’s firmware and driver fixes, disabling ControlVault services and peripherals (fingerprint, smart card, NFC) if unused, and turning off fingerprint login in high-risk scenarios to shrink the attack surface pending updates. 

RevaUlt’s situation is now a key reference point in ongoing discussions about SOC resilience, supply chain vulnerabilities, and the evolving sophistication of attackers targeting high-value security infrastructure.
Read more »
images
Adversarial attacks AI tools algorithms Data Breach Data Theft images

How Image Resizing Could Expose AI Systems to Attacks



Security experts have identified a new kind of cyber attack that hides instructions inside ordinary pictures. These commands do not appear in the full image but become visible only when the photo is automatically resized by artificial intelligence (AI) systems.

The attack works by adjusting specific pixels in a large picture. To the human eye, the image looks normal. But once an AI platform scales it down, those tiny adjustments blend together into readable text. If the system interprets that text as a command, it may carry out harmful actions without the user’s consent.

Researchers tested this method on several AI tools, including interfaces that connect with services like calendars and emails. In one demonstration, a seemingly harmless image was uploaded to an AI command-line tool. Because the tool automatically approved external requests, the hidden message forced it to send calendar data to an attacker’s email account.

The root of the problem lies in how computers shrink images. When reducing a picture, algorithms merge many pixels into fewer ones. Popular methods include nearest neighbor, bilinear, and bicubic interpolation. Each creates different patterns when compressing images. Attackers can take advantage of these predictable patterns by designing images that reveal commands only after scaling.

To prove this, the researchers released Anamorpher, an open-source tool that generates such images. The tool can tailor pictures for different scaling methods and software libraries like TensorFlow, OpenCV, PyTorch, or Pillow. By hiding adjustments in dark parts of an image, attackers can make subtle brightness shifts that only show up when downscaled, turning backgrounds into letters or symbols.

Mobile phones and edge devices are at particular risk. These systems often force images into fixed sizes and rely on compression to save processing power. That makes them more likely to expose hidden content.

The researchers also built a way to identify which scaling method a system uses. They uploaded test images with patterns like checkerboards, circles, and stripes. The artifacts such as blurring, ringing, or color shifts revealed which algorithm was at play.

This discovery also connects to core ideas in signal processing, particularly the Nyquist-Shannon sampling theorem. When data is compressed below a certain threshold, distortions called aliasing appear. Attackers use this effect to create new patterns that were not visible in the original photo.

According to the researchers, simply switching scaling methods is not a fix. Instead, they suggest avoiding automatic resizing altogether by setting strict upload limits. Where resizing is necessary, platforms should show users a preview of what the AI system will actually process. They also advise requiring explicit user confirmation before any text detected inside an image can trigger sensitive operations.

This new attack builds on past research into adversarial images and prompt injection. While earlier studies focused on fooling image-recognition models, today’s risks are greater because modern AI systems are connected to real-world tools and services. Without stronger safeguards, even an innocent-looking photo could become a gateway for data theft.


Read more »
Verizon Family Line
Digital Connectivity Household Technology Mobile Privacy Parental Controls Safe Communication Technology Telecom Security Verizon Family Line

Verizon Reimagines the Household Phone Number with Family Line for the Digital Era


Verizon has faced challenges in recent months. They have faced mounting criticism for a number of controversial decisions that have left many of their long-time subscribers wondering why they still belong to Verizon. 


When Verizon eliminated customer loyalty discounts and increased prices on select plans, a strong backlash ensued, with some users even choosing to cut their ties with the carrier altogether. There has been a lot of criticism on Verizon's side over the past few years. But Verizon is trying its best to re-establish trust by offering new services that reinforce its value proposition. 

Verizon Family Plus is a subscription package offered by Verizon that includes a forward-looking feature known as Family Line as part of its premium package. As a result, a familiar concept was revived from an earlier era when households relied on a single phone number that could be used by all members of the family. 

A voice-over-IP service has been introduced through the Verizon Family app instead of the traditional copper-based landline service that has been reimagined for today's mobile-first environment. The Verizon Family app allows users to share a single number with up to five family members across all of their smartphones.

Each connected device rings when a call is made to the number, allowing everyone in the home to be able to pick up the call or join the call at a time of their choosing. There is a huge difference between setting up multiparty calls manually on an iOS or Android dialer, and this feature provides effortless group participation while maintaining a shared call history and voicemail inbox. 

Providing the ability to connect up to three people at the same time, Family Line provides an easy-to-use solution that blends convenience with practical everyday use scenarios, whether users are scheduling a doctor’s appointment for the family or coordinating with relatives in one place. Rather than simply offering shared communication as part of its Family Plus package, Verizon's Family Plus package incorporates a suite of features which allow for a comprehensive family utility rather than a simple phone perk. 

With this subscription, users will be able to monitor their location via GPS and receive unlimited alerts, and the Safe Walk option is an option that lets children verify their safety, and parental control options allow guardians to limit screen time, filter online activity, or block unwanted calls and texts through parental controls. A driver's insights tool, which tracks sudden braking, sharp accelerations, or crash alerts, is an excellent tool that families with teenage drivers can use. 

To offer a broader level of protection, Verizon has also implemented 24-hour assistance, which connects users with live agents in case of medical concerns or unsafe conditions. Additionally, Verizon includes fraud monitoring for aging parents and roadside assistance in case of an emergency such as a flat tire or a breakdown of a vehicle, along with roadside assistance. 

The cost of access has also been designed to be flexible. Family is a Verizon service that is available free of charge and provides essential tools like single location alerts, Safe Walks, call reviews, and simple driving insights, along with many others. Family Plus is an advanced package that costs $15 on top of any existing plan, or $10 for MyPlan customers who are eligible for Unlimited.

A household that values collective safety and connectivity will find the upgraded plan attractive since it unlocks all features, including Family Line. Family Line has the same technical requirements as before, allowing it to operate with Android 7 (2016) and iOS 15 (2022) mobile operating systems. There is, however, one notable limitation to the service, namely that subscribers cannot port a number from another carrier to the service. 

If a family wishes to maintain its long-standing landline number, it will have to adopt a new one, though Verizon has stated that it will try to assign a new number within the same area code as the customer's existing number, where possible. The situation might not always be the same in areas with exhausted area codes, like Washington D.C.'s 202 or New York's 917, where these codes are exhausted. It is important to note that Verizon allows the users' Family Line number to be ported out to another wireless provider, VoIP platform or internet-based services like Google Voice. 

Industry data highlights the importance of such an offering, suggesting Verizon should be able to offer it. Despite the dominance of mobile networks, a 2023 survey by the U.S. In a report released by theCentresr for Disease Control, it was found that 24 per cent of Americans still lived with a landline. Verizon's move acknowledges that although landlines are going out of style, it is still important to share a household number with others. 

Family Line provides that continuity in a way that aligns with modern expectations—flexible, app-driven, and with features designed to ensure children's safety as well as older adults' safety. The Family Line service is more than just a nostalgic reflection of the past for Verizon. It reflects Verizon's efforts to develop a range of services whose focus goes beyond bandwidth and entertainment bundles, emphasising security, convenience, and inclusiveness. 

In a world where digital parenting, elder care, or simply managing the logistics of a busy family life can be complicated, Family Line provides households with a bridge that allows individuals to communicate with one another. With the continued development of telecommunications, this innovation suggests there is a growing trend toward solutions that place family well-being and safety at their centre. Family members who embrace this concept may be able to find more than just a modernised landline, but also a renewed sense of togetherness in a world increasingly fragmented.
Read more »
protect user privacy
Chrome Extensions customer data privacy data security Data Theft Free VPN free VPN risks online privacy concerns Privacy protect user privacy

FreeVPN.One Chrome Extension Caught Secretly Spying on Users With Unauthorized Screenshots

 

Security researchers are warning users against relying on free VPN services after uncovering alarming surveillance practices linked to a popular Chrome extension. The extension in question, FreeVPN.One, has been downloaded over 100,000 times from the Chrome Web Store and even carried a “featured” badge, which typically indicates compliance with recommended standards. Despite this appearance of legitimacy, the tool was found to be secretly spying on its users.  

FreeVPN.One was taking screenshots just over a second after a webpage loaded and sending them to a remote server. These screenshots also included the page URL, tab ID, and a unique identifier for each user, effectively allowing the developers to monitor browsing activity in detail. While the extension’s privacy policy referenced an AI threat detection feature that could upload specific data, Koi’s analysis revealed that the extension was capturing screenshots indiscriminately, regardless of user activity or security scanning. 

The situation became even more concerning when the researchers found that FreeVPN.One was also collecting geolocation and device information along with the screenshots. Recent updates to the extension introduced AES-256-GCM encryption with RSA key wrapping, making the transmission of this data significantly more difficult to detect. Koi’s findings suggest that this surveillance behavior began in April following an update that allowed the extension to access every website a user visited. By July 17, the silent screenshot feature and location tracking had become fully operational. 

When contacted, the developer initially denied the allegations, claiming the screenshots were part of a background feature intended to scan suspicious domains. However, Koi researchers reported that screenshots were taken even on trusted sites such as Google Sheets and Google Photos. Requests for additional proof of legitimacy, such as company credentials or developer profiles, went unanswered. The only trace left behind was a basic Wix website, raising further questions about the extension’s credibility. 

Despite the evidence, FreeVPN.One remains available on the Chrome Web Store with an average rating of 3.7 stars, though its reviews are now filled with complaints from users who learned of the findings. The fact that the extension continues to carry a “featured” label is troubling, as it may mislead more users into installing it.  

The case serves as a stark reminder that free VPN tools often come with hidden risks, particularly when offered through browser extensions. While some may be tempted by the promise of free online protection, the reality is that such tools can expose sensitive data and compromise user privacy. As the FreeVPN.One controversy shows, paying for a reputable VPN service remains the safer choice.
Read more »
Shamos
ClickFix Attacks Cookie Spider Infostealer Mac Users malware Shamos

New Shamos Malware Targets Mac Users Through Fake Tech Support Sites

 

Cybersecurity researchers have unearthed a new Mac-targeting malware called Shamos that deceives users through fake troubleshooting guides and repair solutions. This information-stealing malware, developed by the cybercriminal organization "COOKIE SPIDER," represents a variant of the previously known Atomic macOS Stealer (AMOS).

Modus operandi

The malware spreads through ClickFix attacks, which utilize malicious advertisements and counterfeit GitHub repositories to trick victims. Attackers create deceptive websites such as mac-safer[.]com and rescue-mac[.]com that appear to offer legitimate macOS problem-solving assistance. These sites instruct users to copy and paste Terminal commands that supposedly fix common system issues. 

However, these commands actually decode Base64-encoded URLs and retrieve malicious Bash scripts from remote servers. The scripts capture user passwords, download the Shamos executable, and use system tools like 'xattr' and 'chmod' to bypass Apple's Gatekeeper security feature. 

Data theft capabilities

Once installed, Shamos performs comprehensive data collection targeting multiple sensitive areas. The malware searches for cryptocurrency wallet files, Keychain credentials, Apple Notes content, and browser-stored information. It employs anti-virtual machine commands to avoid detection in security sandboxes and uses AppleScript for system reconnaissance.

All stolen data gets compressed into an archive file named 'out.zip' before transmission to the attackers via curl commands. When operating with administrator privileges, Shamos establishes persistence by creating a Plist file in the LaunchDaemons directory, ensuring automatic execution during system startup. 

CrowdStrike's monitoring has detected Shamos attempting infections across more than 300 environments globally since June 2025. The security firm has also observed instances where attackers deployed additional malicious components, including fake Ledger Live cryptocurrency applications and botnet modules. 

Safety measures

Security experts strongly advise Mac users to avoid executing any online commands they don't fully understand. Users should be particularly cautious with GitHub repositories, as the platform hosts numerous malicious projects designed to infect unsuspecting individuals.

For legitimate macOS assistance, users should bypass sponsored search results and instead consult Apple Community forums or the built-in Help system (Cmd + Space → "Help"). ClickFix attacks have proven highly effective across various platforms, appearing in TikTok videos, fake captchas, and bogus Google Meet error messages, making user awareness crucial for prevention.
Read more »
Ransomware
Cache CBI Data Breach Nissan Qilin Ransomware

Nissan Confirms Data Leak After Ransomware Attack on Design Unit





Nissan’s Tokyo-based design subsidiary, Creative Box Inc. (CBI), has launched an investigation into a cyberattack after a ransomware group claimed to have stolen a large cache of internal files. The company confirmed that some design data has been compromised but said the breach affects only Nissan itself, as CBI’s work is exclusively for the automaker.

CBI is a specialized design studio established in 1987 as part of Nissan’s global creative network. Unlike mainstream production teams, the unit is often described as a “think tank” where designers experiment with bold and futuristic concepts. This makes the data stored on its systems particularly valuable, as early sketches, 3D models, and conceptual ideas can reveal strategic directions for future vehicles.

The ransomware group behind the attack alleges it copied more than 400,000 files, amounting to around four terabytes of information. According to their claims, the stolen material includes design files, reports, photos, videos, and other documents connected to Nissan’s projects. While the attackers say they have not released the full dataset yet, they have threatened to make it public if their demands are ignored.

Nissan, in its official statement, confirmed the unauthorized access and the leakage of some design material. “A detailed investigation is underway, and it has been confirmed that some design data has been leaked. Nissan and CBI will continue the investigation and take appropriate measures as needed,” the company said. Importantly, Nissan clarified that the stolen information does not affect external clients, contractors, or other organizations, as CBI serves Nissan alone.

The incident illustrates the growing use of ransomware against global companies. Ransomware is a type of malicious software that enables attackers to lock or steal sensitive data and then demand payment in exchange for restoring access or withholding its public release. Beyond financial loss, the exposure of confidential design material carries strategic risks: competitors, counterfeiters, or malicious actors could exploit these files, potentially weakening Nissan’s competitive edge.

The group behind this incident, known as Qilin, has been active in targeting organizations across different sectors. In recent years, security researchers have observed the gang exploiting vulnerabilities in widely used software tools and network devices to gain unauthorized entry. Once inside, they exfiltrate data before applying pressure with public leak threats. This tactic, known as “double extortion,” has become common in the ransomware infrastructure.

Cybersecurity experts stress that incidents like this serve as reminders for companies to remain vigilant. Timely patching of known software vulnerabilities, close monitoring of employee access tools, and strong data backup practices are among the key defenses against ransomware.

For Nissan, the priority now is understanding the full scope of the breach and ensuring no further leaks occur. As investigations continue, the company has pledged to take corrective steps and reinforce its systems against similar threats in the future.


Read more »
Ransomware
AI AI-Healthcare system Cyber Hygiene CyberCrime Cybersecurity Da Vita Data Breach Digital threats Healthcare Security patient privacy Ransomware

Millions of Patient Records Compromised After Ransomware Strike on DaVita


 Healthcare Faces Growing Cyber Threats

A ransomware attack that affected nearly 2.7 million patients has been confirmed by kidney care giant DaVita, revealing that one of the most significant cyberattacks of the year has taken place. There are over 2,600 outpatient dialysis centres across the United States operated by the company, which stated that the breach was first detected on April 12, 2025, when the security team found unauthorised activity within the company's computer systems. In the aftermath of this attack, Interlock was revealed to have been responsible, marking another high-profile attack on the healthcare industry. 

Although DaVita stressed the uninterrupted delivery of patient care throughout the incident, and that all major systems have since been fully restored - according to an official notice issued on August 1 - a broad range of sensitive personal and clinical information was still exposed through the compromise. An attacker was able to gain access to a variety of information, such as name, address, date of birth, Social Security number, insurance data, clinical histories, dialysis treatment details, and laboratory results, among others. 

It represents a deep invasion of privacy for millions of patients who depend on kidney care for life-sustaining purposes and raises new concerns about the security of healthcare systems in general. 

Healthcare Becomes A Cyber Battlefield 

The hospital and healthcare industry, which has traditionally been seen as a place of healing, is becoming increasingly at the centre of digital warfare. Patient records are packed with rich financial and medical information, which can be extremely valuable on dark web markets, as compared to credit card information. 

While hospitals are under a tremendous amount of pressure to maintain uninterrupted access to their systems, any downtime in the system could threaten patients' lives, which makes them prime targets for ransomware attacks. 

Over the past few months, millions of patients worldwide have been affected by breaches that have ranged from the theft of medical records to ransomware-driven disruptions of services. As well as compromising privacy, these attacks have also disrupted treatment, shaken public trust, and increased financial burdens on healthcare organisations already stressed out by increasing demand. 

A troubling trend is emerging with the DaVita case: in the last few years, cybercriminals have progressively increased both the scale and sophistication of their campaigns, threatening patient safety and health. DaVita’s Ransomware Ordeal.  It was reported that DaVita had confirmed the breach in detail on August 21, 2025, and that it filed disclosures with the Office for Civil Rights of the U.S. Department of Health and Human Services. 

Intruders started attacking DaVita's facility on March 24, 2025, but were only removed by April 12 after DaVita's internal response teams contained the attack. Several reports indicate that Interlock, the ransomware gang that was responsible for the theft of the data, released portions of the data online after failing to negotiate with the firm. Although the critical dialysis services continued uninterrupted, as is a priority given the fact that dialysis is an essential treatment, the attack did temporarily disrupt laboratory systems. There was an exceptionally significant financial cost involved. 

According to DaVita's report for the second quarter of 2025, the breach had already incurred a total of $13.5 million in costs associated with it. Among these $1 million, $1 million has been allocated to patient care costs relating to the incident, while $12.5 million has been allocated to administrative recovery, system restoration, and cybersecurity services provided by professional third-party service providers. 

Expansion of the Investigation 

According to DaVita's Securities and Exchange Commission filings in April 2025, it first acknowledged that there had been a security incident, but it said that the scope of the data stolen had not yet been determined. During the months that followed, forensic analysis and investigations expanded. State Attorneys General were notified, and the extent of the problem began to be revealed: it was estimated that at least one million patients were affected by the virus. As more information came to light, the figures grew, with OCR's breach portal later confirming 2,688,826 victims. 

DaVita, based on internal assessments, believed that the actual number of victims may be slightly lower, closer to 2.4 million, and the agency intends to update its portal in accordance with those findings. Although the company is struggling with operational strains, it has assured its patients that it will continue providing dialysis services through its 3,000 outpatient centres and home-based programs worldwide – a sign of stability in the face of crisis, given that kidney failure patients require life-saving treatment that cannot be avoided. 

Even so, the attack underscored just how severe financial and reputational damage such incidents can have. This will mean that the cost of restoring systems, engaging cybersecurity experts and providing patients with resources such as credit monitoring and data protection will likely continue to climb in the coming months. 

Data Theft And Interlock’s Role 

It appears that Interlock has become one of the most aggressive ransomware groups out there since it appeared in 2024. In the DaVita case, it is said that the gang stole nearly 1.5 terabytes of data, including approximately 700,000 files. In addition to the patient records, the stolen files were also suspected to contain insurance documents, user credentials, and financial information as well. 

A failed negotiation with DaVita caused Interlock to publish parts of the data on its dark web portal, after which parts of the data were published. On June 18, DaVita confirmed that some of the files were genuine, tracing them back to the dialysis laboratory systems they use. As part of its public statement, the company stated that it had acknowledged that the lab's database had been accessed by unauthorised persons and that it would notify both current and former patients. 

Additionally, DaVita has begun to provide complimentary credit monitoring services as part of its efforts to reduce risks. Interlock's services go well beyond DaVita as well. Several universities in the United Kingdom have been attacked by a remote access trojan referred to as NodeSnake, which was deployed by the group in recent campaigns. 

Recent reports indicate that the gang has also claimed responsibility for various attacks on major U.S. healthcare providers, including a major organisation with more than 120 outpatient facilities and 15,000 employees, known as Kettering Health. Cyberattacks on healthcare have already proven to be a sobering reminder of how varied and destructive they can be. Each major breach has its own particular lessons that need to be taken into account:

The Ascension case shows how a small mistake made by a single employee can escalate into a huge problem that affects every employee. The Yale New Haven Health System shows that institutions that have well-prepared strategies are vulnerable to persistent adversaries despite their best efforts. It was revealed by Episource that third-party and supply chain vulnerabilities can result in significant damage to a network, showing how the impact of a single vendor breach may ripple outward. 

Putting one example on display, DaVita shows how the disruption caused by ransomware is different from other disruptions, as it involves both data theft and operational paralysis. There have been incidents when hackers have accessed sensitive healthcare records at scale, but there have also been incidents where simple data configuration issues have led to these breaches.

In view of these incidents, it is clear that compliance-based checklists and standard security frameworks may not be sufficient for the industry anymore. Instead, the industry must be more proactive and utilise intelligence-driven defences that anticipate threats rather than merely reacting to them as they occur. 

The Road Ahead For Healthcare Security 

The DaVita breach is an example of a growing consensus among healthcare providers that their cybersecurity strategies must be strengthened to match the sophistication of modern attackers. 

Cybercriminals value patient records as one of their most valuable assets, and every time this happens, patients' trust in their providers is undermined directly. Additionally, the operational stakes are higher than in most industries, as any disruption can put patients' lives at risk, which is why every disruption can be extremely dangerous. 

Healthcare organisations in emerging countries, as well as hospitals in India, need to invest in layered defences, integrate threat intelligence platforms, and strengthen supply chain monitoring, according to security experts. Increasingly, proactive approaches are viewed as a necessity rather than an option for managing attack surfaces, prioritising vulnerabilities, and continually monitoring the dark web. Consequently, the DaVita case is more than just an example of how a single company suffered from ransomware. 

It's also a part of a wider pattern shaping what the future of healthcare will look like. There is no doubt that in this digital age, where a breach of any record can lead to death or injury, it is imperative to have foresight, invest in cybersecurity, and recognise that it is on an equal footing with patient care. It has become evident that healthcare cybersecurity needs to evolve beyond reactive measures and fragmented defences as a result of these developments. 

In today's world, digital security cannot simply be treated as a side concern, but rather must be integrated into the very core of a patient care strategy, which is why the industry must pay close attention to it. Taking a forward-looking approach to cyber hygiene should prioritise investments in continuous cyber hygiene, workforce awareness in cybersecurity, and leveraging new technologies such as zero-trust frameworks, advanced threat intelligence platforms, and artificial intelligence (AI)-driven anomaly detection systems. 

The importance of cross-industry collaboration cannot be overstated: it requires shared standards to be established and the exchange of real-time intelligence to be achieved, so hospitals, vendors, regulators, and cybersecurity providers can collectively resist adversaries who operate no matter what borders or industries are involved.

By reducing risks, such measures will also allow people to build patient trust, reduce recovery costs, and ensure uninterrupted delivery of essential care, as well as create long-term value. In the healthcare sector that is becoming increasingly digitalised and interdependent, the organisations that proactively adopt layered defences and transparent communication practices will not only be able to mitigate threats but also position themselves as leaders in a hostile cyber environment that is ripe with cyber threats. 

Clearly, if the patients' lives are to be protected in the future, the protection of their data must equally be paramount.
Read more »
Technology
behavioral tracking Data Brokers depression detection digital surveillance mental health data smartphone privacy Technology

Your Smartphone Can Detect Depression—And That Data Is Being Sold

 

 

Smartphones are quietly monitoring your sleep patterns, movements, and even typing behavior to detect signs of depression with an accuracy rate of 73–88%, according to peer-reviewed studies in Frontiers in Psychiatry and JMIR Research. 

What’s more concerning is that this sensitive mental health data is being packaged and sold to advertisers—and potentially insurers—without your explicit consent.

How Your Phone Tracks Depression

Your device is not just a communication tool—it’s effectively a mood sensor. Through machine learning, it analyzes:

1. Sleep cycles by tracking inactivity periods
Social withdrawal through reduced call frequency
“Location entropy” to determine whether you’re isolated at home or socially active

2. Typing speed and app engagement as behavioral health indicators
Multiple digital health studies confirm these patterns strongly correlate with depressive symptoms—making smartphones a more advanced mental health monitor than most people realize.

Behavioral data has become a goldmine in today’s surveillance economy. Data brokers purchase and resell emotional insights, enabling advertisers to target individuals during vulnerable moments. For example, someone flagged as depressed might see payday loan ads or junk food promotions. Privacy researchers warn that insurers and employers could one day exploit such mental health profiling for risk assessment, even if widespread cases of discrimination haven’t yet been documented.

How to Protect Yourself

Safeguarding your emotional privacy requires active steps:
  • Audit permissions: Revoke background activity and location access for unnecessary apps
  • Switch to encrypted platforms like Signal, which collect minimal user data
  • Delete intrusive apps that harvest behavioral patterns
  • Consider VPNs and privacy-focused tools for an added layer of protection
  • While these steps may sacrifice convenience, they significantly reduce your exposure to corporate psychological profiling.
Unlike therapists, who must protect patient confidentiality, app developers and data brokers face no strict legal boundaries when handling sensitive emotional data.

Although regions like the EU and California are advancing privacy protections, most countries remain unregulated, leaving your mood as just another commodity in the data marketplace. Until laws catch up with technology, individuals must proactively defend their digital and emotional privacy.
Read more »
Ransomwares
Colt ransomware attack Colt WarLock hackers Customer Data Cyber Attacks Dark Web data stealing Ransom Demand ransomware attacks Ransomware group Ransomwares

Colt Technology Services Confirms Customer Data Theft After Warlock Ransomware Attack



UK-based telecommunications provider Colt Technology Services has confirmed that sensitive customer-related documentation was stolen in a recent ransomware incident. The company initially disclosed on August 12 that it had suffered a cyberattack, but this marks the first confirmation that data exfiltration took place. In its updated advisory, Colt revealed that a criminal group accessed specific files from its systems that may contain customer information and subsequently posted the filenames on dark web forums. 

To assist affected clients, Colt has set up a dedicated call center where customers can request the list of exposed filenames. “We understand that this is concerning for you,” the company stated in its advisory. Notably, Colt also implemented a no-index HTML meta tag on the advisory webpage, ensuring the content would not appear in search engine results. 

The development follows claims from the Warlock ransomware gang, also known as Storm-2603, that they are auctioning one million stolen Colt documents for $200,000 on the Ramp cybercrime marketplace. The group alleges the files contain financial data, customer records, and details of network architecture. 
Cybersecurity experts verified that the Tox ID used in the forum listing matches identifiers seen in the gang’s earlier ransom notes, strengthening the link to Colt’s breach. The Warlock Group, attributed to Chinese threat actors, emerged in March 2025 and initially leveraged leaked LockBit Windows and Babuk VMware ESXi encryptors to launch attacks. Early operations used LockBit-style ransom notes modified with unique Tox IDs to manage negotiations. 

By June, the group rebranded under the name “Warlock Group,” establishing its own negotiation platforms and leak sites to facilitate extortion. Recent intelligence reports, including one from Microsoft, have indicated that the group has been exploiting vulnerabilities in Microsoft SharePoint to gain unauthorized access to corporate networks. Once inside, they deploy ransomware to encrypt data and steal sensitive files for leverage. 

The group’s ransom demands vary significantly, ranging from $450,000 to several million dollars, depending on the target organization and data involved. Colt’s disclosure highlights ongoing challenges faced by enterprises in safeguarding critical infrastructure against sophisticated ransomware actors. Telecommunications companies, which manage vast volumes of sensitive customer and network data, remain particularly attractive targets. 

As threat actors refine their tactics and increasingly combine encryption with data theft, the risks to both organizations and their clients continue to escalate. While Colt has not confirmed whether it plans to engage with the ransomware operators, the company emphasized its focus on mitigating the impact for customers. 

For now, the stolen documents remain for sale on the dark web, and the situation underscores the broader need for enterprises to strengthen resilience against the evolving ransomware landscape.
Read more »
Subscribe to: Comments (Atom)