X-Industry

During the dark days of COVID-19, the transfer from office to remote working cybersecurity was often neglected so that businesses could just “stay in business.”  Even after a couple years, common sense tells us that companies would have caught up with cybersecurity.  There are three business scenarios: those that have been attacked, those that do not know they have been attacked, and those that are going to be attacked. 

The risks are high with research showing the average cost of an IT security

The German IT service provider BITMARCK announced on 30 April it had taken all its systems offline due to a cyberattack.  The incident impacted statutory health insurance companies that have their IT operated by BITMARCK.  The company immediately reported the incident to the responsible authorities.[1]

The company did not disclose details about the attack, it launched an investigation into the incident with the help of external cybersecurity experts.

“BITMARCK has identified a cyber-attack.  Our

UNIZA Ransomware - Researchers recently came across a new ransomware variant called UNIZA.  Like other ransomware variants, it encrypts files on victims’ machines to extort money.  

It uses the Command Prompt (cmd.exe) window to display its ransom message, and interestingly, it does not append the filename of the files it encrypts, making it more difficult to determine which files have been impacted.[1]

Infection Vector - Information on the infection vector used by the UNIZA ransomware threat ac

South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team.  "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execute their malicious attacks," the AhnLab Security Emergency Response Center (ASEC) said in a report published this week.

Tonto Team, active since at least 2009, has a track record of targeting various se

The recent attention paid to the chatbot AI program known as ChatGPT, from OpenAI, and its successor technology, GPT-4, the programs are, at the end of the day, just software applications.  And like all applications, they have technical limitations that can make their performance sub-optimal.

See:  https://redskyalliance.org/xindustry/chatgpt-review

In a paper published in March 2023, artificial intelligence (AI) scientists at Stanford University and Canada's MILA Institute for AI proposed a tec

The Five Eyes agencies recently issued cybersecurity guidance and best practices for smart cities.  The document describes potential risks and provides recommendations for addressing them.   Those readers who do not follow the novels Tom Clancy and John le Carre may not be familiar with The Five Eyes.  The Five Eyes are the intelligence agencies of the US, Canada, Britain, Australia, and New Zealand that share intelligence.[1]

Smart cities integrate Information and Communication Technologies (IC

Our friends from SentinelOne shared some great AI insights from last week’s RSAC 2023.  RSAC yet again provided plenty of cutting-edge information as vendors across the cybersecurity space made announcements and revealed new features, services, and products designed to help defenders keep their enterprises safe.[1]

Among these, SentinelOne’s Purple AI is set to be a game-changer as it brings LLM-powered conversational AI to the Singularity platform, allowing threat hunters to replace complex, st

Ransomware, which was a novelty just a few years ago, is now endemic.  We will have to learn to live with the malicious file-encrypting code, even as we all struggle to limit it.  Why this matters: Ransomware attacks, which take an organization's data hostage and shut down its systems until the hackers receive payment, have exacted an escalating price on law enforcement, policymaking and financial resources around the world.

Ransomware remains the top cyber threat on the minds of cyber defenders

“There is nothing wrong with your television set.  Do not attempt to adjust the picture. We are controlling transmission.  If we wish to make it louder, we will bring up the volume.  If we wish to make it softer, we will tune it to a whisper.  We will control the horizontal. We will control the vertical.  We can roll the image, make it flutter.  We can change the focus to a soft blur, or sharpen it to crystal clarity.  For the next hour, sit quietly and we will control all that you see and hear.

A new "All-in-One" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed to other threat actors to steal data and files from Windows systems.  It includes several modules that all work via an FTP service.  The new stealer also contains environment checking and Anti-VM functions. Its primary purpose seems to be to steal browser data and information from compromised endpoints and then upload it to the attacker's FTP server."

The researchers said they observed a surge

The nasty Iranian nation-state APT group known as Charming Kitten is actively targeting multiple victims in the US, Europe, the Middle East, and India with a new malware named BellaCiao, adding to its ever-expanding list of custom tools.  Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that is capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server.  The attackers appear to customize their attacks for eac

Hacking has gone through several eras over the years, each with its own unique characteristics and motivations. Understanding the history of computer hacking is important for understanding its impact on technology and society, the current state of cybersecurity, and for developing effective strategies for protecting against cyber threats.  Debbie Hooper of Security Boulevard explores the history of computer hacking and cybersecurity threats from the 1950s to present day.[1] In our next post, we

Americans do not have a lot of faith in cryptocurrency.  Around 75% of those familiar with crypto say they are not confident that the current ways to invest in, trade or use cryptocurrency are reliable and safe, according to Pew Research Center’s April 2023 survey of 10,071 people ages 18 and older living in the US.  The survey found that about 18% say they are somewhat confident, but just 6% feel extremely or very confident.  Confidence varies by age as well. The survey found that about 66% of

Online scams can be extremely damaging to an individual's finances and steal sensitive information that can be a nightmare to fix.  In general, phishing scams will appear as innocent requests from online hackers, but if you follow their requests or hand over your Social Security information, then you should immediately contact your bank to ensure they do not open new accounts.  These scammers tend to target senior citizens and can be difficult to avoid daily while using the Internet.

How to prot

Companies in Finland are increasingly the target of cyber-attacks, Finnish authorities said last week.  Firms are reporting an uptick in cyber-attacks, the Finnish Transport and Communications Agency (Traficom[1]) and the Finnish Security and Intelligence Service (SUPO[2]) said in a joint press conference.  But despite the greater frequency of corporate cyber-attacks, the agencies said an event that could paralyze systems in Finland was highly unlikely.

The SUPO chief reported that Russia is inc

EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service.  It was developed by Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer.

Based on our traffic source data to the host, evilextractor[.]com, malicious activity increased si

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to nefarious use by the now-defunct Conti ransomware gang members, indicating collaboration between the two crews.  The malware, named Domino, is primarily designed to facilitate follow-on exploitation of compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021.

Former TrickBot/Conti syndicate me

Cryptography refers to the practice of creating and using codes and ciphers to secure communication and information [2]. The encryption algorithm is a cryptographic algorithm that takes as input a plaintext and an encryption key, and outputs a ciphertext. The decryption algorithm is a cryptographic algorithm that takes as input a ciphertext and a decryption key, and outputs a plaintext [1].

The encryption key is a value known to the sender while the decryption key is a value known to the receive

It is a worrying fact that, while digital technology is transforming both our personal lives and our interactions with companies and government, it is also making us increasingly susceptible to fraud and other crimes.  According to the US Cybersecurity and Infrastructure Security Defense Agency, 47% of American adults have had their information exposed online from cyber criminals.  There is no reason to suspect that the picture is much different elsewhere.  Even those organizations that might be

Musk’s TruthGPT - Formerly named Twitter, now X Corp owner Elon Musk is warning on the dangers of artificial intelligence to humanity and claiming that a popular Chatbot has a liberal bias that he plans to counter with his own AI creation.  Musk stated in a recent interview that he plans to create an alternative to the popular AI Chatbot ChatGPT that he is calling “TruthGPT,” which will be a “maximum truth-seeking AI that tries to understand the nature of the universe.”

Remember in May 2022, whe