Blogs

Effective Regulation Designed to Address key Challenges in Cyber security

Dora & NIS2 Directive

Growing cyber threats throws a great challenge both for government’s of different countries and this is forcing business leaders to align with global cybersecurity regulations to safe guard their data.

Global organizations who are in business that surpass more the 200 countries have to comply with regulations of different countries and this is a challenge in itself. The financial sector often comes under challenge due to rising cyber incidents and poses a threat due to digitalization, technologies many geopolitical incidents. Adopting regulatory frameworks will assist in building a genuine culture of resilience and security in organization to foster growth and profitability.

Digital regulations foster better innovation and if regulations are in place, mounting cyber risks reduces as cyber fraud on any sector be in financial or manufacturing, impacts the global GDP along with issues related to data integrity.

The year 2024 witnessed rising cyber attacks on both macro and micro financial institutions as per a report released by International Monetary Fund (IMF) that can shake the pillars of financial wellbeing for finance based organizations.

Cybersecurity is now a priority and business that are navigating through compliance face challenges more then before. As per the report 47% countries who got surveyed formulated a national and financial sector-focused cyber-security strategy.

Why regulations are required?

Having good processes for developing, implementing and reviewing regulation is vital to ensuring regulatory policies achieve policy goals that maximize benefits and minimize costs for organisations and Government.

The Cyber security threat landscape has change over the years and now mostly these attacks are more sophisticated, targeted, widespread and undetected. The pandemic gave us glimpse of the grim situation where preparing for having strong regulations was utmost important

The pandemic has confirmed the importance of preparing tough regulations for the digital decade. This will continually improve cyber-resilience, particularly for those operating under essential services such as healthcare and energy.

  • The European parliament came together and passed the Digital Operational Resilience Act (DORA) on 17th Jan 2025. The DORA act was essential as the Act places additional resilience compliance requirements on the European financial sector that can be logged in one place making it centralized log management helping them for effective management.
  • Similarly NIS2 Directive i.e. Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cyber security across the Member States was passed on 2016.

While it increased the Member States’ cyber security capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market.

To respond to the growing threats posed with digitalisation and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonised sanctions across the EU.

DORA regulatory framework

DORA regulation ensures that companies operating within Europe fall within a framework that is consistence in supporting Europe’s aim economic benefit with diligence to national legislative procedures and act in a compliant manner.

Organizations headquartered outside Europe may still be subject to PSD2 compliance requirements if they have customers or users in the region.

DORA Objective

  • Objective of DORA regulation is to establish a comprehensive ICT risk management practices for the financial sector that will include standards set for risk assessments, incident reporting, and resilience testing.
  • The second is reduce compliance challenges for financial entities operating in multiple EU countries and  Dora regulation will be directly applicable in all EU member states without the need for national proposition  and  being compatible with ICT risk management regulations. This will ensure that dependencies on over-reliance on a single or limited group of suppliers are reduced.
  • DORA ACT will apply mainly over 22,000 financial institutions and ICT services providers working within the and the entire financial ecosystem that include Banks, Insurance companies, Investment firms, Payment processors, Stock exchanges, Market infrastructure, Credit rating agencies, Crypto-asset service providers.
  • To comply with DORA, organizations are required to demonstrate that they are conducting an appropriate set of security testing on “critical” systems and applications. This includes adhere to range of assessment & test every year that includes penetration testing every 3yrs.
  • It is required to appoint a responsible party for ICT risk management who can oversee to ensure accountability, governance one of the major objectives of DORA act. This include Incident management and reporting as central aspects of DORA.
  • When the ACT is legally implemented financial institutions need to set up systems to track and categorize ICT-related incidents. Under Article 15, organizations must submit: initial report within a defined time frame interim report if the incident’s status significantly changes, final report after completing analysis.

NIS2 Directive

  • NIS2 directive on the other hand is aimed specifically at companies and an organisation that operates in critical sectors having great importance in economic value and safety. The scope of the directive requires updating and expanding to meet current risks and future challenges, one such challenge being to ensure that 5G technology is secure.
  • NIS2 applies to organizations operating in the EU that are defined as either “essential entities” or “important entities.” Essential entities include companies that are categorized as large enterprises and provide essential services to customers.

NIS2 covers a total of 18 sectors and include energy, transport, healthcare, water supply and digital infrastructures. These sectors have a significant contribution to public safety, order and economic stability.

Objective of NIS2

  • The objective of NIS2 is improving cyber resilience and cyber posture in these vulnerable sectors which are often target of cyber-attacks and contribute to  
  • These targeted applications is intended secured, ensuring cyber security is strengthened with legal measures to boost the overall level of cyber security in the EU by ensuring member states’ preparedness.
  • To strengthen overall security & incident reporting requirements that include reporting within 72 hrs & final report within 1 month and managing cyber risk with updated measures.
  • NIS2 mandates that essential service providers implement comprehensive risk management processes, identifying and addressing vulnerabilities in the software development lifecycle and integrate security by design to minimize the risk of cyber threats from the start.

IntruceptLabs is actively working to help organisation achieve regulations requirement in an unified platform to manage compliance.

Intrucept  help organisations stay alert and follow key compliance requirements that include cyber analytics, BISO, mirage cloak technology and apsec ops( sast dast sca) combined and mirage cloak.

Our products are AI-driven and as a security platform help organizations navigate ICT and cyber security risks. We also ensure business continuity is maintained while and compliance assessment of DORA and NIS2 is followed.

  • Offerings from Intrucept

1.Static Application Security Testing (SAST) 

NIS2 Requirements: 

NIS2 mandates that essential service providers implement comprehensive risk management processes, which include identifying and addressing vulnerabilities in the software development lifecycle. Specifically, organizations must integrate security by design to minimize the risk of cyber threats from the start and  is being offered as a service. 

DORA Requirements: 

DORA requires financial institutions to ensure that their ICT systems, including applications, are secure and resilient. Regular vulnerability assessments and secure coding practices are crucial to avoid disruptions caused by security flaws. 

INTRUCEPT’s SAST Tool: helps developers find security vulnerabilities in the source code before an application is deployed. By scanning for issues like SQL injection, cross-site scripting (XSS), and buffer overflows, the tool enables organizations to address vulnerabilities early in the development process.

This ensures that the software is secure by design, helping meet the risk management requirements of NIS2 and ensuring compliance with DORA’s focus on secure ICT systems. 

The INTRUCEPT SAST tool supports organizations by identifying vulnerabilities early in the development process, reducing the risk of security breaches.

2. Software Composition Analysis (SCA) 

NIS2 Requirements: 

Under NIS2, organizations must manage the risks associated with third-party software components, including open-source libraries. These components can introduce vulnerabilities if not properly monitored. 

DORA Requirements: 

For financial institutions subject to DORA, it’s essential to assess the risks associated with third-party ICT service providers, including software libraries and open-source components. 

INTRUCEPT’s SCA Tool: 

Our INTRUCEPT SCA tool scans software for vulnerabilities within third-party libraries and open-source components. It checks for outdated libraries, licensing issues, and known security vulnerabilities, helping teams maintain a secure software environment. 

The INTRUCEPT SCA tool ensures that organizations comply with NIS2’s requirements for managing third-party risks. For DORA, it provides financial institutions with visibility into the security of their third-party software.

3. Dynamic Application Security Testing (DAST) 

NIS2 Requirements: 

NIS2 requires organizations to continuously monitor their systems and respond to security incidents. Identifying vulnerabilities in live applications is a critical part of this process. 

DORA Requirements: 

DORA stresses the importance of regularly testing live systems for vulnerabilities to ensure they remain resilient against cyber attacks and operational disruptions. 

INTRUCEPT’s DAST Tool: 

Our INTRUCEPT DAST tool simulates real-world attacks on running applications, testing for vulnerabilities like XSS, SQL injection. This tool helps organizations detect vulnerabilities in production environments before they can be exploited. 

The INTRUCEPT DAST tool is essential for meeting NIS2’s requirement for incident detection and vulnerability mitigation. For DORA, it supports resilience testing by continuously assessing the security of live applications.

4. Security Information and Event Management (SIEM) 

NIS2 Requirements: 

NIS2 mandates that organizations implement continuous monitoring of their network and information systems to detect and respond to security incidents promptly. 

DORA Requirements: 

Financial institutions under DORA must have real-time monitoring of their ICT systems, enabling them to quickly detect and mitigate disruptions. 

INTRUCEPT’s SIEM Tool: 

Our INTRUCEPT SIEM solution aggregates and analyses security events from across the organization’s entire IT infrastructure in real time.

The INTRUCEPT SIEM tool helps organizations comply with NIS2’s requirements for continuous monitoring and incident detection. For DORA, it provides financial institutions with the real-time visibility needed to quickly detect and respond to cyber security incidents, ensuring operational resilience. 

5. Governance, Risk, and Compliance (GRC) 

NIS2 Requirements: 

NIS2 requires organizations to establish a comprehensive risk management framework. DORA Requirements: 

DORA calls for robust operational resilience governance in financial institutions. This includes managing ICT-related risks and ensuring that compliance with resilience standards is maintained. 

INTRUCEPT’s GRC Tool: 

Our INTRUCEPT GRC platform enables organizations to define and manage their cyber security policies, track compliance with regulations, and perform continuous risk assessments. The tool helps streamline governance and risk management, ensuring that cybersecurity policies are effectively implemented and monitored. 

The INTRUCEPT GRC tool aligns with both NIS2 and DORA by providing a centralized platform for risk management, compliance tracking and ensures that organizations meet the cyber security governance requirements of NIS2 and the operational resilience mandates of DORA. 

6. Deception Technology 

NIS2 Requirements: 

NIS2 stresses the need for organizations to detect and prevent sophisticated cyberattacks.

DORA Requirements: 

For financial institutions, DORA emphasizes proactive defense measures against cyber threats, including the use of innovative technologies to detect attacks early.

INTRUCEPT’s Deception Technology: 

Our INTRUCEPT Deception Technology creates decoys and fake assets within the network to mislead attackers and detect malicious activity before it causes damage.

This tool provides early detection of advanced threats and lateral movements within the network. 

The INTRUCEPT Deception Technology tool enhances an organization’s ability to detect and respond to advanced persistent threats (APTs). For NIS2, this supports incident detection and prevention. For DORA, it bolsters operational resilience by providing an additional layer of defence against sophisticated attacks. 

References:

The NIS2 Directive

Codefinger Ransomware attack encrypts Amazon S3 buckets

  • Ransomware crew dubbed Codefinger targets AWS S3 buckets
  • Sets data-destruct timer for 7 days
  • Threat actors demand for Ransom payment made for the symmetric AES-256 keys required to decrypt it

Amazon S3 buckets encrypted using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) and somehow the threat actors knew details of the keys. And this made them demand ransoms to demand the decryption key.

The campaign was discovered by Halcyon , and according to them the threat actors after exploiting the compromised keys, they called the “x-amz-server-side-encryption-customer-algorithm” header and use a locally stored AES-256 encryption key they generate to lock up the victims’ files. There is great chance that more cyber criminal groups can adopt the tactic and use.

The threat actor looks for keys with permissions to write and read S3 objects (s3:GetObject and s3:PutObject requests), and then launches the encryption process by calling the SSE-C algorithm, utilizing a locally generated and stored AES-256 encryption key.

“It is important to note that this attack does not require the exploitation of any AWS vulnerability but instead relies on the threat actor first obtaining an AWS customer’s account credentials,” Halcyon notes.

According to Halcyon, because the attack relies on AWS’s infrastructure for encryption, it is impossible to recover the encrypted data without the symmetric AES-256 keys required to decrypt it. Halcyon reported its findings to Amazon, and the cloud services provider told them that they do their best to promptly notify customers who have had their keys exposed so they can take immediate action.

In recent month hackers and cyber criminal have gained traction In recent months and have begun targeting their product gateways and find ways to extort customers using it. 

Unlike traditional ransomware that encrypts files locally, this attack operates directly within the AWS environment, exploiting the inherent security of SSE-C to render data irretrievable without the attacker’s decryption keys says Halcyon team.

Ransomware capabilities gain new tactics where the threat actor first obtains an AWS customer’s account credentials and there is no know method that data can be recovered without paying the ransom.

As per AWS they encourage customers to utilize their security tools, such as IAM roles, Identity Center and Secrets Manager, to minimize credential exposure and improve defense postures.

Sources:

https://www.theregister.com/2025/01/13/ransomware_crew_abuses_compromised_aws/

www.Bleeping computers.com

Cybersecurity Trends for 2025; Responsible AI to gain Importance

Cyber security trends as per research and data available shows that responsible AI will gain importance with more public scrutiny of risks growing along with remediation practices. Organizations will now require to balance taking risks with AI and having rapid remediation strategies available. 

As per experts the areas that will get attention will be cloud security and data location. In 2025, new laws may require that sensitive data stay within national borders, affecting how companies manage and store data across regions. As businesses and critical services become increasingly dependent on cloud services, some countries may prioritize cloud availability in national emergency plans, recognizing that stable cloud access is mandatory for crisis management. This shift could lead towards the establishment of a new program like Cloud Service Priority (CSP), treating cloud infrastructure as important as utilities like electricity and telecoms.

How organization need to prepare themselves as big and small businesses and brands will see dramatically increased risks, as bad actors using AI will launch convincing impersonation attacks. This will make it easier with higher accuracy than ever to fool customers and clients. 

Key Cyber Security Trends of 2025

  • As organization navigate through 2025 we will witness that threat actors will increasingly use AI for sophisticated phishing, vishing, and social engineering attacks.

Gen-AI

  • Generative AI is driving an unprecedented surge in cyber fraud, with nearly 47% of organisations identifying adversarial AI-powered attacks as their primary concern, according to the World Economic Forum’s Global Cybersecurity Outlook 2025.
  • Due to technological advancements the Cyberspace is growing more complex due to technological advancements as they are interconnected to supply chains. Collaboration between public and private sectors is essential to secure the benefits of digitalization at all levels.

Digitalization

  • 76% of cybersecurity leaders report difficulties navigating a patchwork of global policies and 66% of organizations expect AI to transform cybersecurity, only 37% have implemented safeguards to secure these tools before deployment.

IoT Devices Vulnerable

  • Hackers will grow attacks on IoT devices as per research by Analytics insights report 2025 as over 30 billion devices across the globe will be connected through the Internet of Things. IoT enhance productivity offering convenience but due to their low-security backgrounds hackers may utilize opportunity to obtain sensitive information, or form massive botnets to execute Distributed Denial-of-Service (DDoS) attacks. (Analytics insight)

Ransomware

  • Attackers have resorted to different methods of extortion, involving ransom demands along with DDoS attacks. Encryption and fileless ransomware are being developed in an attempt to evade detection. RaaS makes it increasingly easy for non-technical users to carry out advanced attacks and the trend is growing. Experts predict that, by 2025, ransomware attacks will occur globally every two seconds prime targets remain in the healthcare, education, and government sectors.

AI /ML

  • To survive in highly competitive environment hackers will continue using AI so as organization will continue with previous theme of 2024 application of artificial intelligence and this will expand along with machine learning (ML) as these tools are the game changer in in a cybersecurity strategy.

Quantum Computing

  • The year 2025 will witness the rise and development of Quantum Computing and computers.An exciting technological development; however, it also generates grave challenges for cybersecurity. Quantum computers solve complex problems much faster than classical computers, making traditional cryptography algorithms vulnerable to quantum attacks is equally necessary to be proactive, with an immediate focus on quantum-safe encryption that would last to provide safety to the digital security systems in the years to follow. McKinsey poll says, 72% of tech executives, investors and quantum computing academics believe that “a fully fault-tolerant quantum computer” will be here by 2035, while 28% think this won’t happen until at least 2040. With Quantum computing business can protect their data and stay ahead of quantum threats with the right tools and strategies in place.

Regulations

  • Regulatory changes and compliance will evolve in 2025 as government across the European countries are gearing up with regulation being prepared to protect against surge of ransomware attacks, introducing stringent measures to combat the growing menace of cyber extortion. The EU emerged as a frontrunner in cybersecurity regulation, with the Network and Information Security (NIS2) Directive coming into full force.
  • BISO Analytics: In 2025 we will witness rise of virtual CISO (vCISO) or CSO consultant roles over full-time in-house roles. Also Shifting CISO responsibilities have brought about an increasing role for BISOs. The cybersecurity team has a lot to handle as companies face more cyber threats, compliance requirements, growing remote workforces, and rapid adoption of new cloud-based technologies. With such a large scope of duty, the CISO is often over stretched and in this complex cybersecurity environment having a BISO will bring in support to entire cyber security strategy.
  • BISO ‘s may also be called upon to interact with marketing and corporate communications, bringing their research into potential attack vectors, typical points of vulnerability, and unique understanding of the hackers mindset  and guide organizations that are increasingly battening cybersecurity strategy to deal with various attack vectors.

  • Intrucept offers BISO Analytics as a services. BISOs are crucial for strategies requiring technical cybersecurity and strategic business input.

Organizations need bespoke solutions to defend against attacks across email, social, and other channels as we witness evolving nature of attacks demands continuous weekly innovation to stay ahead. The use of Multifactor authentication reduces the danger in identity and access management EDR solutions with feeds of threat intelligence will gain prominenceIntrucept is dedicated in  helping organizations to run fast and be secure. We will always find that being easy and slowing down is a tendency but we as organization try to enable our customers to maintain speed (and even accelerate).

 References:

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

Researchers have uncovered the first UEFI bootkit designed specifically for Linux systems, named Bootkitty.

Continue Reading

Social login flaws put billions of users at risk of account takeover

Flaws in social login mechanisms are leaving thousands of websites and a billion of their users vulnerable to account takeovers, API security company Salt Security warns. The latest research by Salt Security identified flaws in the access token verification step of the social sign-in process, part of the OAuth implementation on these websites.

Continue Reading

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor

Cisco has identified a critical security issue affecting its IOS XE software, specifically a zero-day vulnerability tracked as CVE-2023-20273 with a CVSS score of 7.2. This flaw is actively exploited by unknown threat actors to deploy a malicious Lua-based implant on vulnerable devices. Additionally, this zero-day was utilized in conjunction with CVE-2023-20198 (CVSS score: 10.0) to create an exploit chain.

Continue Reading

Urgent Security Alert: Indian Government Warns iPhone and iPad Users to Update Immediately

In today’s digital age, our smartphones have become an essential part of our lives. They store sensitive information, offer access to personal accounts, and play a vital role in communication. As a result, it is crucial to stay updated on the latest security advisories, especially for mobile devices.

Continue Reading

New WordPress Backdoor Threatens Website Security: A Closer Look

The world of cybersecurity is constantly evolving, and so are the threats to websites and online platforms. In a recent discovery, a dangerous new malware has emerged, camouflaging itself as a legitimate caching plugin, specifically targeting WordPress websites. This insidious backdoor has the potential to wreak havoc by creating rogue administrators, taking control of websites, and undermining both user privacy and SEO rankings. This blog post will delve into the details of this new threat, its disguise, and its capabilities.

Continue Reading

Critical Government Alert: Protecting Android 13 and Older Devices – Risks, Affected Devices, and Security Measures

In a world where our smartphones have become an essential part of our lives, it is crucial to ensure their security. Recently, the Indian government issued a critical warning for Android users, particularly those using Android versions 13 and older. This warning is significant, given the large number of Android users in India.

Continue Reading
Scroll to top