AI

Blogs

Ways to combat Cyber Threats; Strengthen your SOC’s readiness involves 3 key strategies

Cyber threats are no longer limited to human attackers, with AI-driven “bad bot” attacks now accounting for 1/3 as per research. These attacks can be automated, allowing attackers to launch more extensive and efficient campaigns

Organizations are now exposed new risks, providing cybercriminals with more entry points and potential “surface areas” to exploit as they go digital and adopt to innovations and wider use of digital technologies.

Some of the types of bad bots are DDoS bots, which disrupt a website or online service by overwhelming it with traffic from multiple sources.

Cybercriminals are using Gen-AI tools to improve the efficiency and yield of their campaigns – with Check Point Research’s recent AI Security Report 2025 flagging the use of the technology for malicious activities like AI-enhanced impersonation and social engineering.

Account takeover bots, which use stolen credentials to access users’ online accounts; web content scraping bots, which copy and reuse website content without permission; and social media bots, which spread fake news and propaganda on social media platforms.

The purpose of Bad Bot is expose critical flaws and vulnerabilities within the security frameworks that IT leaders have established in their architectures and operations.

Unfortunately, traditional security operations centers (SOCs) are built to detect threats based on predefined rules and human-driven logic or characteristics.

 AI-powered bots use automation and adaptive methods to execute more sophisticated and dynamic attacks that can bypass these existing defences.

Vulnerabilities are evolving so SOC team have more responsibilities then before as BOTs are AI powered.

Here we outlined three strategies to strengthen your SOC readiness

1.SOC team an essential or important component of business are in Fatigue Zone:

SOCs continuously monitor your organization’s network, systems, and applications to identify potential vulnerabilities and detect any signs of malicious activity.

SOC team quickly takes action to contain the threat and minimize damage, ultimately reducing the overall impact on your business.

Ponemon institute research say SOC teams are fatigued and one research pointed that 65% has fatigue and burn out issues.

That means Cyber security need to support the SOC teams and research found highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout.

Threat hunting teams have a difficult time identifying threats because they have too many IOCs to track, too much internal traffic to compare against IOCs.

Sometimes organizations have lack internal resources and expertise and too many false positives. 

Bringing out SOC team from fatigue issue is as important as investing on training, upskilling on cyber skills and development to keep your team’s spirit high.

Establish Key Performance Indicators (KPIs) to measure the effectiveness of your SOC. Monitor these KPIs closely and use them to identify areas for improvement.

2. How do Organization harness Nex-gen technology to combat cyber Threats

Staying abreast of industry trends and best practices to ensure your SOC teams remains at the forefront of cyber security or ahead of the curve with Nex-gen technologies.

So that SOC teams can detect and respond to threats more quickly and efficiently, get holistic view of organizations security posture, AI and ML can augment the SOC team by automating routine task.

Many organizations are adopting hybrid cloud infrastructure and SaaS applications for productivity and cost efficiency reasons. But organizations face difficulty of managing and securing the data on those platforms, which is again leading to higher breach costs.

Darktrace report says 78% of the more than 1,500 security executives responding to a recent survey said that AI-powered threats are having a significant impact on their organizations – with many admitting they lack the knowledge, skills, and personnel to successfully defend against those threats.

Many organizations are already leveraging AI as a cyber-security tool.

Now more IT leaders say they are integrating AI into their cloud strategies for use in advanced security and threat detection.

Organizations can encounter several challenges when integrating AI into their cloud strategies.

Along with SOC team who seamlessly integrate across the organization, same is for AI. Seamless integrations of AI will make it easier for AI-assisted threat detection, notification, enrichment and remediation.

The purpose is AI should focus on tuning models that is organization specific environment. Once done AI will integrate threat intelligence and filtering will be done based on specific context.  This will help reinforcing trust with customers and stakeholders.

3. Investing in Predictive Threat Modelling priority  for Nex-gen SOC Teams

In this era where AI is being leveraged by organisation to derive accuracy, SOC teams who are evolving will prefer investing in intelligence predictive threat models that are proactive in nature to anticipate risks and refine their response strategies.

When organizations have a Threat Intelligence-Driven SOC  it is easier to transform security operations from reactive to proactive defence. Most of the organization builds and operates its own SOC. That is done by employing a dedicated team of cyber security professionals who offers to take complete control over security operations but can be resource-intensive.

AI makes the process easier, as having AI-driven analytics will assist detect anomalous behaviours and zero-day threats.

Further with implementing predictive threat modelling to anticipate emerging attack patterns and leveraging the right frameworks, tools and best practices will help organizations build an intelligence-driven SOC. And with an intelligence-driven SOC team, anticipating any cyber threats can be dealt with efficiency.

IntruceptLabs now offers Mirage Cloak and to summarise Mirage Cloak offers various deception methods to detect and stop threats before they cause damage.

These methods include adding decoys to the network, deploying breadcrumbs on current enterprise assets, using baits as tripwires on endpoints.

 This is executed by setting up lures with intentionally misconfigured or vulnerable services or applications.

The flexible framework also lets customers add new deception methods as needed.

Conclusion: Organizations can better protect their digital assets and ensure business continuity by understanding the key components and best practices for building a successful SOC.

At the end  we must accept that to defend against any sort of AI attack, SOC teams must evolve with right collaborations and effective communication between partners seamlessly to evaluate information to stay ahead of attackers.

Sources: What is SOC (Security Operations Center)?

Security Advisory

Linux Kernel Exploitation in ksmbd (CVE-2025-37899) Discovered with AI Assistance

Summary: A high-severity use-after-free vulnerability (CVE-2025-37899) has been discovered in the ksmbd component of the Linux kernel, which implements the SMB3 protocol for file sharing.

OEMLinux
SeverityHigh
CVSS ScoreN/A
CVEsCVE-2025-37899
Actively ExploitedNo
Exploited in WildNo
Advisory Version1.0

Overview

The vulnerability, confirmed on May 20, 2025 which was uncovered through AI-assisted code analysis using OpenAI’s o3 model. It affects multiple versions of the Linux kernel and may lead to arbitrary code execution with kernel privileges. As of now, no official fix is available, but Linux distributions including SUSE team are actively working on patches.

Vulnerability NameCVE IDProduct AffectedSeverity
​ksmbd use-after-free vulnerability  CVE-2025-37899Linux kernel  High

Technical Summary

The vulnerability lies in the ksmbd kernel server component responsible for SMB3 protocol handling.

A use-after-free bug occurs when one thread processes a logoff command and frees the sess->user object, while another thread bound to the same session attempts to access the same object simultaneously. This results in a race condition that can lead to memory corruption and potentially enable attackers to execute arbitrary code with kernel privileges.

CVE IDSystem AffectedVulnerability DetailsImpact
    CVE-2025-37899  Linux kernel (ksmbd)A race condition during handling of SMB2 LOGOFF commands. sess->user is freed in one thread while still being accessed in another, leading to a classic use-after-free vulnerability. The absence of synchronization around sess->user allows attackers to exploit the freed memory during concurrent SMB operations.  Kernel memory corruption, privilege escalation, remote code execution

Remediation:

  • Fix status: As of now, an official fix has not been released. Linux distributions, including SUSE, are actively developing and testing patches.

General Recommendations

  • Monitor your distribution’s security advisories and apply patches as soon as they are available.
  • Consider disabling or restricting ksmbd (in-kernel SMB3 server) if not explicitly required.
  • Use firewall rules to restrict access to SMB services to trusted networks.
  • Employ kernel hardening options (e.g. memory protections, SELinux/AppArmor policies).
  • Audit SMB traffic for signs of abnormal session setup and teardown behavior.

Conclusion:
CVE-2025-37899 highlights the increasing role of AI in modern vulnerability discovery and the complex nature of concurrency bugs in kernel components. While no fix is yet available, administrators should apply defense-in-depth strategies and watch for updates from their Linux vendors.

The discovery underscores the importance of rigorous code audits, especially in components exposed to network traffic and multithreaded processing.

References:

Blogs

Convergence of IT & OT in Manufacturing witness Increased Cyber Attacks

Increasing cyberattacks on Industry 4.0

Continue Reading
Blogs

CTI & SOC Team’s Compliment Holistic Threat Hunting

SOC & CTI Compliment each other in threat Hunting

Continue Reading
Blogs

The Baltic Sea Ship Accident & not Sabotage; Highlights Ship Downtime Issues

Recently the undersea Fibre optic cable between Latvia and Sweden was damaged and reports said it was result of external influence which prompted NATO to deploy patrol ships to the area and triggering a sabotage investigation by Swedish authorities. Also the cargo ship Vezhen was  seized as part of the probe by Sweden’s Security Service.

The incident took place on Jan. 26 and was one of several in recent months, triggered a hunt for vessels suspected of involvement.

The prosecutor said the Vezhen’s anchor severed the cable but that the incident was related to a combination of bad weather, equipment deficiencies and poor seamanship. Images shared by Swedish media showed that the ship appeared to have a damaged anchor.

The cable belongs to Latvia’s state broadcaster, LVRTC, which said in a statement there had been “disruptions in data transmission services”, but that end users would be mostly unaffected.

A second vessel, the Silver Dania, a Norwegian cargo ship with an all-Russian crew, was seized in Norway at the request of Latvian authorities but was cleared of wrongdoing and released. Baltic Sea region is on high alert after a string of power cable, telecom link, and gas pipeline outages since Russia invaded Ukraine in 2022.

We cannot deny the scope of Hybrid attack in the Baltic region that targeted critical undersea infrastructure (CUI), particularly fiber-optic cables, in the Baltic and Arctic regions since 2021. Mostly the prime suspect was Russia, but in this case the Vezhen ship was suspected to have incurred an accident and not sabotage, a Swedish prosecutor said on Monday, adding that the Maltese-flagged vessel had been released.

Ship downtime a major issue the marine industry faces

What is ship downtime and how does it affect?

Any breakdown in service during operation or runtime amounts to downtime in maritime industry.

Sometimes downtimes are unpredictable and unplanned which makes it harder as it incurs expenses to deal with. Repairs, emergency parts, and dry-docking fees can add up fast.

Importance of Data analytics:

This is where predictive maintenance and data analytics come into picture making it possible to provide an overview on what is pending task regarding maintenance of ship or other issues that needs immediate inspection. This can also be cyber security related issue or hybrid attacks targeting critical undersea infrastructure (CUI), particularly fiber-optic cables, have surged in the Baltic and Arctic regions.

The Baltic sea ship broke down due to combination of bad weather and and deficiencies in equipment and seamanship contributed to the cable break,” as per reports by investigators

Whether it’s an engine breakdown, a port delay, or a sudden maintenance issue, every hour of downtime costs money. And there are times when this hurts the most because you don’t see it coming and affecting profitability, delivery and supply chain disruptions.

Crew Issues – Fatigue-related mistakes or medical emergencies that delay voyages.

Mechanical Failures – Think engine breakdowns, generator issues, and propulsion failures.

Electrical Problems – A failed control system or communication outage.

Other problems falls under planned downtime

  • Routine Maintenance – Regular engine inspections, oil changes, and system checks.
  • Mandatory Surveys – Required ship inspections and certifications from regulatory authorities (like IMO).
  • Retrofits & Upgrades – Adding fuel-saving devices, ballast water treatment systems, or new tech.

Rise of Hybrid Attack on undersea cables in Baltic Sea and artic region

Since 2021 Russian hybrid attacks targeting critical undersea infrastructure (CUI), particularly fiber-optic cables, have surged in the Baltic and Arctic regions since 2021 causing disruptions threatening essential communication channels, exposing vulnerabilities of Northern Europe’s infrastructure.

More incidents were noticed in 2023 and 2024 involving Chinese vessels damaging Baltic subsea cables raise concerns over possible Russian-Chinese hybrid warfare collaboration despite no direct evidence confirming this, complicating Western deterrence efforts. (https://jamestown.org/program/hybrid-attacks-rise-on-undersea-cables-in-baltic-and-arctic-regions/)

Financial Implications

Any disruption of events that causes downtime in shipping such as piracy, bad weather and accidents blocking major shipping lanes causes major financial losses on global economy. Attacks such as cyber-attacks are growing with each passing day and quite predominant on risk landscape like the maritime industry, forcing organizations account of in its operations and work on legacy technologies replacing them with advanced technology systems to counter any attacks or sabotage or foul play.

Companies that have proven their ability to manage these risks and remain agile for recovery are more likely to secure favorable finance options.

Innovations in Maritime industry

Maritime transport is seen key player in global trade and the intricacies of networks of shipping
routes, ports, forced globalization to strengthened their operation strategies for the world economy to grow surpassing numerous challenges. Innovations is high on demand for safety systems form part of the ongoing development where digital based systems are part of ships in current scenario. E.g. the Intelligent awareness (IA) systems will be nex- gen of digital technologies to provide safety net for smooth operation of ships on transit that include utilizing sensors, high-resolution displays, and intelligent software.

Maritime chokepoints are critical points in shipping routes.as they facilitate substantial trade volumes and connect the world. Due to disruptions and very limited routes that are valid for ship passages there are negative impacts on supply chains, leading to systemic consequences, affecting food security, energy supply and whole of the global economy.

Sources: https://www.reuters.com/world/europe/baltic-undersea-cable-damaged-by-external-influence-sunday-latvian-broadcaster-2025-01-26/

www.shipuniverse.com

Blogs

Complexities Compounding in Cyber Landscape; WEF Global Cybersecurity Outlook 2025 Analysis

WEF Global Cybersecurity Outlook 2025

Continue Reading
Blogs

Cybersecurity Trends for 2025; Responsible AI to gain Importance

Cyber security trends as per research and data available shows that responsible AI will gain importance with more public scrutiny of risks growing along with remediation practices. Organizations will now require to balance taking risks with AI and having rapid remediation strategies available. 

As per experts the areas that will get attention will be cloud security and data location. In 2025, new laws may require that sensitive data stay within national borders, affecting how companies manage and store data across regions. As businesses and critical services become increasingly dependent on cloud services, some countries may prioritize cloud availability in national emergency plans, recognizing that stable cloud access is mandatory for crisis management. This shift could lead towards the establishment of a new program like Cloud Service Priority (CSP), treating cloud infrastructure as important as utilities like electricity and telecoms.

How organization need to prepare themselves as big and small businesses and brands will see dramatically increased risks, as bad actors using AI will launch convincing impersonation attacks. This will make it easier with higher accuracy than ever to fool customers and clients. 

Key Cyber Security Trends of 2025

  • As organization navigate through 2025 we will witness that threat actors will increasingly use AI for sophisticated phishing, vishing, and social engineering attacks.

Gen-AI

  • Generative AI is driving an unprecedented surge in cyber fraud, with nearly 47% of organisations identifying adversarial AI-powered attacks as their primary concern, according to the World Economic Forum’s Global Cybersecurity Outlook 2025.
  • Due to technological advancements the Cyberspace is growing more complex due to technological advancements as they are interconnected to supply chains. Collaboration between public and private sectors is essential to secure the benefits of digitalization at all levels.

Digitalization

  • 76% of cybersecurity leaders report difficulties navigating a patchwork of global policies and 66% of organizations expect AI to transform cybersecurity, only 37% have implemented safeguards to secure these tools before deployment.

IoT Devices Vulnerable

  • Hackers will grow attacks on IoT devices as per research by Analytics insights report 2025 as over 30 billion devices across the globe will be connected through the Internet of Things. IoT enhance productivity offering convenience but due to their low-security backgrounds hackers may utilize opportunity to obtain sensitive information, or form massive botnets to execute Distributed Denial-of-Service (DDoS) attacks. (Analytics insight)

Ransomware

  • Attackers have resorted to different methods of extortion, involving ransom demands along with DDoS attacks. Encryption and fileless ransomware are being developed in an attempt to evade detection. RaaS makes it increasingly easy for non-technical users to carry out advanced attacks and the trend is growing. Experts predict that, by 2025, ransomware attacks will occur globally every two seconds prime targets remain in the healthcare, education, and government sectors.

AI /ML

  • To survive in highly competitive environment hackers will continue using AI so as organization will continue with previous theme of 2024 application of artificial intelligence and this will expand along with machine learning (ML) as these tools are the game changer in in a cybersecurity strategy.

Quantum Computing

  • The year 2025 will witness the rise and development of Quantum Computing and computers.An exciting technological development; however, it also generates grave challenges for cybersecurity. Quantum computers solve complex problems much faster than classical computers, making traditional cryptography algorithms vulnerable to quantum attacks is equally necessary to be proactive, with an immediate focus on quantum-safe encryption that would last to provide safety to the digital security systems in the years to follow. McKinsey poll says, 72% of tech executives, investors and quantum computing academics believe that “a fully fault-tolerant quantum computer” will be here by 2035, while 28% think this won’t happen until at least 2040. With Quantum computing business can protect their data and stay ahead of quantum threats with the right tools and strategies in place.

Regulations

  • Regulatory changes and compliance will evolve in 2025 as government across the European countries are gearing up with regulation being prepared to protect against surge of ransomware attacks, introducing stringent measures to combat the growing menace of cyber extortion. The EU emerged as a frontrunner in cybersecurity regulation, with the Network and Information Security (NIS2) Directive coming into full force.
  • BISO Analytics: In 2025 we will witness rise of virtual CISO (vCISO) or CSO consultant roles over full-time in-house roles. Also Shifting CISO responsibilities have brought about an increasing role for BISOs. The cybersecurity team has a lot to handle as companies face more cyber threats, compliance requirements, growing remote workforces, and rapid adoption of new cloud-based technologies. With such a large scope of duty, the CISO is often over stretched and in this complex cybersecurity environment having a BISO will bring in support to entire cyber security strategy.
  • BISO ‘s may also be called upon to interact with marketing and corporate communications, bringing their research into potential attack vectors, typical points of vulnerability, and unique understanding of the hackers mindset  and guide organizations that are increasingly battening cybersecurity strategy to deal with various attack vectors.

  • Intrucept offers BISO Analytics as a services. BISOs are crucial for strategies requiring technical cybersecurity and strategic business input.

Organizations need bespoke solutions to defend against attacks across email, social, and other channels as we witness evolving nature of attacks demands continuous weekly innovation to stay ahead. The use of Multifactor authentication reduces the danger in identity and access management EDR solutions with feeds of threat intelligence will gain prominenceIntrucept is dedicated in  helping organizations to run fast and be secure. We will always find that being easy and slowing down is a tendency but we as organization try to enable our customers to maintain speed (and even accelerate).

 References:

Scroll to top