Cyber Breaches Disrupt Business Continuity; & Speak more about Balance Sheet
Cyber Breaches Disrupts Business Continuity Impacting the Balance sheet
Continue ReadingCyber attack
Organizational Preparedness will Help Protect Against Unorthodox Cyber Attack
Type of AI based attack vectors & organizational preparedness to Threat mitigation in 2026
AI based attacks is already there and what’s more, now organizations need to protect themselves against any unorthodox attack vector’s i.e AI based. Organizational readiness to thwart any unorthodox attack vectors like AI will determine organizational security from cyber threats are.
Any preparedness by organizations to protect and combat AI powered cyber Attacks will take lot of precession as AI based attack occur at scale and speed both. In backdrop of any cyber attack that is not common how do organization’s prepare and what does statistics from 2025 reveal.
Most of AI powered attacks are not conventional in nature and traditional cybersecurity tools often struggle to respond effectively to these threat.
AI-enabled attack that organizations need to prepare for in 2026
For organizations dealing with an attack vector which are unorthodox or AI in nature require man power or skilled cyber force and tools that are automated to detect and thwart the attack before they advance towards the institutions in advance.
AI’s has capacity to process and learn vast amounts of data and in cybersecurity this is termed as powerful and presents unique challenges as well as risks. Present attack scenario we have witnessed how AI take to automate and optimize malicious activity.
For defenders AI is boon and can detect, predict and mitigate threats in real time. However, the increasing sophistication of AI-powered threats is outpacing traditional defense mechanisms.
What are the types of AI powered Attack
Hacking which is Automated and AI algorithms based, can identify and exploit vulnerabilities faster than human capabilities.
Next in line is AI- Phishing and Cybercriminals use AI to create personal and convincing phishing emails. What AI does here is to analyze data from other sources to generate highly customized messages capable of influencing.
Deepfakes are growing in form of realistic fake videos or audio impersonating public figures in order to spread misinformation, manipulate public opinion, or conduct social engineering attacks.
Corrupting AI Models via data fed into AI systems to manipulate outcomes and is particularly concerning in critical systems. This showcases the dangerous potential of AI-powered cyber attacks.
Key findings by Organizations – AI based cyber security findings.
The evolving nature of AI means that new attack vectors are constantly being developed, making detection difficult for organizations. These are below mentioned take aways from 2025 regarding AI driven cyber threats.
- 51% of European IT and cybersecurity professionals feared AI-driven cyber threats and deepfakes will keep them up at night in 2026
- Only 14% feel their organizations are ‘very prepared’ to manage the risks associated with generative AI
- Other concerns for the year ahead include regulatory complexity, ransomware attacks, and the failure to detect and respond to a breach, causing irreparable harm to the business
- Less than half of organizations plan to hire more talent to manage and mitigate these concerns
- In the Cisco 2025 Cybersecurity Readiness Index: 86% of business leaders with cyber responsibilities reported at least one AI-related incident over the past 12 months.
- IBM reports that 51% of enterprises now use security AI or automation, and those organizations experience $1.8 million lower average breach costs than those without it.
- Trend Micro’s mid-2025 scans revealed over 200 unprotected Chroma servers and 3,000+ AI components publicly exposed online, allowing data theft or model poisoning.
What do cyber security leadership require most in 2026 is having clear actionable path regarding AI based attack and threat mitigation.
A mindset change is required by CEOs, CISO’s and CXOs where focus should be to start building resilience against intelligent AI attacks.
Cybersecurity has become integral part of lives and especially 2025 was the year of cybercrimes and data breaches across verticals. As the new year commences, starting the year on a positive note with cyber-security resolutions such as
– Prioritize employee training on evolving AI based threats
– Enhance endpoint protection
– Secure data & ways to scarping
– Securing PII data during data lifecycle
– Fortify your incident response and business continuity plans
– Extend more focus on third-party security assessments
– Ensure robust cloud security is aligned with data privacy regulations
– Embrace multi-factor authentication (MFA)
– Safeguarding against AI-driven cybercrimes.
– Engaging often with board and leadership
Sources: https://www.isaca.org/about-us/newsroom/press-releases/2025/ai-driven-cyber-threats-are-the-biggest-concern-for-professionals-finds-new-isaca-research
Cyber Threats in Maritime Domain; National Security in Focus at Delhi Seminar
Seminar Titled ‘Impact of Cyber Attacks on Maritime Sector and its Effects on National Security and International Relations’
The event in Delhi organized by Indian Navy and address cyber threat on the Maritime domain and how the threats are aligned to national security and their impact.
The event organized at a time when geo -politics is evolving and the seminar aims to deepen understanding of cyber threats in the maritime domain and foster collaboration amongst key stakeholders to enhance cybersecurity and strengthen the national cybersecurity posture.
Cyber threats evolving and looming above the maritime sector as the Maritime industry steps into the world of cyber risk. The cyber risk is vast and includes array of ransomware capable of shutting down port operations to GPS, halting steering vessels as hackers are get more creative.
Any cyberthreat on maritime sector also involves national security and is not isolated and target of cyber criminals. Maritime security involves trade, global logistics, oil and gas, defense which are major reasons to map maritime cyber threat to national security.
With an aim to deepen understanding of cyber threats in the maritime domain, the Indian Navy is organized the seminar.
The seminar, titled ‘Impact of Cyber Attacks on Maritime Sector and Its Effects on National Security and International Relations’, aims to foster collaboration among key stakeholders to enhance cybersecurity and strengthen the national cybersecurity posture.
Minister of State for IT Ministry, Jitin Prasada, deliver the keynote address during the inaugural session. The seminar will feature panel discussions each led by distinguished experts from the ministries and organizations.
The seminar aims to advance Hon’ble PM’s vision of MAHASAGAR (Mutual and Holistic Advancement for Security and Growth Across the Regions) by reinforcing a safe, secure cyberspace, and echoes the call for ‘Aatmanirbhar Bharat’ through indigenous, secure-by-design digital systems and robust public-private partnership.
Aligned with Maritime India Vision 2030 and the Amrit Kaal Vision 2047, the seminar positions cybersecurity as a core enabler of port-led growth, smart logistics, offshore energy security, and mission critical naval operations.
These include the Ministry of Ports, Shipping and Waterways, the Ministry of Petroleum and Natural Gas (MoPNG), the National Security Council Secretariat (NSCS), the Gas Authority of India Limited (GAIL), the Directorate General of Hydrocarbons (DGH), the Indian Computer Emergency Response Team (CERT-In), the National Critical Information Infrastructure Protection Centre (NCIIPC), and the National Maritime Foundation (NMF) as well as leaders from private organisations.
The topics for panel discussions are ‘Global Cyber Threats to Maritime Infrastructure,’ ‘Civil and Military Partnership,’ and ‘Maritime Sector as Critical Information Infrastructure’.
Third Party System Disruption Coordinated for Cyber attack on Major European Airlines
A third-party passenger system disruption at Heathrow may caused delays in the check-in process at Heathrow Airport and major European Airlines signaled as cyber attack. Third Party System Disruption Coordinated for Cyber attack on Major European Airlines.
The cyber attack targeted at third party vendor Collin Aerospace ,providing check-in and boarding systems for several airlines across multiple airports globally, experienced technical issue leading to flight disruption.
Heathrow Airport warned departing passengers of probable delays and urged them to monitor their flight status closely during the disruption.
Similarly Brussels Airport confirmed that automated check-in and boarding services were inoperable, forcing staff to use manual processes to handle departing passengers.
Berlin Airport also communicated the situation via a banner on its website, stating: “Due to a technical issue at a system provider operating across Europe, there are longer waiting times at check-in. We are working on a quick solution,” Berlin Airport said in a banner on its website.
As per reports the impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations,” RTX, which owns Collins Aerospace, reportedly said in a statement, adding that it had become aware of a ‘cyber-related disruption’ to its software at selected airports, without naming them. It added that it was working to fix the issue as quickly as possible.
A Highly coordinated attack by Hackers on Aviation Sector – What do we know
“The aviation industry has become an increasingly attractive target for cybercriminals because of its heavy reliance on shared digital systems,” Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, told Euronews Next.
“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once. When one vendor is compromised, the ripple effect can be immediate and far-reaching, causing widespread disruption across borders,” she added.
Weaklink targeted in connected the ecosystem
The attack on third party ecosystem indicates that cyber security needs to be treated on high priority as IT is related and its high time airlines and aviation take cybersecurity seriously
According to a recent SecurityScorecard study, at least 29% of all breaches were attributable to a third-party attack vector, meaning the core risk originated outside of the organization.
Of these, 75% involved software or other technology products and services, with the remaining 25% stemming from non-technical products or services. These statistics highlight the digital interconnectivity across the supply chain — and the risks inherent within those relationships.
Reducing Third party cyber risk related loss
In this competitive market and aggression of cyber criminals towards vendors and third party service providers, utmost necessity and guard is required while choosing critical product and service providers. The entire ecosystem is relying for their service and this includes, where possible, identifying the critical vendors and suppliers the providers use, otherwise known as fourth-party vendors.
Verifying that third parties who have adequate cyber insurance to meet the requirements of the first-party organization. This demonstrates cyber risk management hygiene is maintained and certain controls are in place.
A strong incident response plan is maintained well ahead before any incident occurs.
(Sources: https://www.euronews.com/next/2025/09/21/what-do-we-know-about-the-cyberattacks-that-hit-europes-airports)
MediaTek Patches Critical Modem Vulnerabilities
Security Advisory: MediaTek disclosed critical vulnerabilities along with remediation for its modem and system components. Since the vulnerabilities affected thousands of devices, amounting to both multiple high- and medium vulnerabilities that affected, 60 chipsets used in smartphones, routers and IoT devices.
| OEM | MediaTek |
| Severity | High |
| CVSS Score | 8.3 (NOA) |
| CVEs | CVE-2025-20708, CVE-2025-20703, CVE-2025-20704, CVE-2025-20705, CVE-2025-20706, CVE-2025-20707 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
MediaTek issued a critical security update in September 2025 and key issues include modem-related flaws such as remote code execution, denial of service via rogue base stations and local privilege escalation.
Other vulnerabilities include WLAN buffer overflows, bootloader logic flaws and keymaster information leaks impacting Android devices and OpenWRT/Yocto platforms. There has been no active exploitation noticed and MediaTek began distributing patches to OEMs from July 2025 and urges immediate firmware updates to mitigate the issues.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Out-of-bounds write in Modem | CVE-2025-20708 | Affected chipsets – 60 chipsets Modem NR15,16,17,17R software versions. | High |
| Out-of-bounds read in Modem | CVE-2025-20703 | Affected chipsets – 57 chipsets Modem NR15,16,17,17R software versions. | High |
| Out-of-bounds write in Modem | CVE-2025-20704 | Affected chipsets – 14 chipsets Modem NR17,17R software versions. | High |
| Use after free in monitor_hang | CVE-2025-20705 | Affected chipsets – 39 chipsets Android 13 – 16, openWRT 19.07, 21.02 / Yocto 2.6 software versions. | Medium |
| Use after free in mbrain | CVE-2025-20706 | Affected chipsets – 5 chipsets Android 14 – 15 software versions. | Medium |
| Use after free in geniezone | CVE-2025-20707 | Affected chipsets – 60 chipsets Android 13 – 15 software versions. | Medium |
Technical Summary
These vulnerabilities primarily include out-of-bounds read and write errors (CWE-125, CWE-787) and use-after-free issues (CWE-416), resulting from improper bounds checking and memory management flaws.
An attacker controlling a rogue base station can exploit these flaws remotely without requiring user interaction, potentially causing remote denial of service, unauthorized privilege escalation, or local privilege escalation if system privileges are already obtained. The exploitation of these vulnerabilities could compromise device stability, security and confidentiality by corrupting memory or executing arbitrary code. Affected devices use modem firmware versions NR15 through NR17R, and a wide spectrum of chipsets, highlighting the broad attack surface.
| CVE ID | Vulnerability Details | Impact |
| CVE-2025-20708 | An out-of-bounds write flaw exists in the Modem due to incorrect bounds checking. This vulnerability allows remote escalation of privilege when a UE connects to a rogue base station, without requiring additional execution privileges or user interaction. | Unauthorized access, data interception, disruption of cellular services |
| CVE-2025-20703 | The Modem is affected by an out-of-bounds read issue caused by improper bounds validation. This can result in remote denial of service if connected to a malicious base station, and exploitation requires no user interaction or extra privileges. | Denial of Service (DoS), modem or device crash, freeze, unresponsiveness |
| CVE-2025-20704 | Due to a missing bounds check, the Modem is vulnerable to an out-of-bounds write. Exploiting this flaw can lead to remote escalation of privilege when connected to a rogue base station, though user interaction is necessary. | Remote privilege escalation, unauthorized elevated access |
| CVE-2025-20705 | A use-after-free condition in the monitor_hang module can cause memory corruption, potentially leading to local escalation of privilege if the attacker already has System-level access. Exploitation does not require user interaction. | Local privilege escalation, memory corruption |
| CVE-2025-20706 | The mbrain component suffers from a use-after-free vulnerability that can result in memory corruption. This may allow local privilege escalation for an attacker with System privileges, without needing user interaction. | Local privilege escalation, memory corruption |
| CVE-2025-20707 | In the geniezone module, a use-after-free vulnerability can cause memory corruption and permit local privilege escalation if the attacker has System privileges, with no user interaction needed. | Local privilege escalation, memory corruption |
Recommendations:
Here are some recommendations below
- Once OEM updates are available, make sure to update your device promptly to apply the latest security patches addressing these vulnerabilities.
- Avoid connecting to unknown networks to reduce the risk of remote exploitation.
- Keep your device’s operating system and apps updated to the latest version.
Conclusion:
MediaTek’s recent security update addresses critical vulnerabilities, especially in modem firmware, that could allow remote attacks without user interaction. Although no active exploits have been found, the severity and scope of these flaws make it vital for manufacturers and users to promptly apply patches to protect devices and data.
The company reassures end users that proactive notification and remediation precede public disclosure, underscoring MediaTek’s commitment to chipset and product security.
References:
Fake ChatGPT Desktop App used to deliver PipeMagic Malware
Microsoft finds that a fake ChatGPT Desktop App Delivering PipeMagic Backdoor,a part of sophisticated malware framework. The PipeMagic campaign represents a dangerous evolution in the global cybercrime landscape. The malicious campaign, powered by a new backdoor called PipeMagic, targets multiple industries including IT, finance, and real estate. The PipeMagic attack is centered around CVE-2025-29824, a critical Windows Common Log File System (CLFS) vulnerability
The PipeMagic campaign a malware to technical threat exploiting trust globally
As per Microsoft cybercriminals are disguising malware as widely popular ChatGPT Desktop Application to launch ransomware attacks across the globe.
PipeMagic’s evolution from malware to technical threat exploiting trust globally
The malware allows hackers to escalate privileges once inside a system, by leveraging the immense popularity of ChatGPT, attackers have successfully weaponized user trust.
Microsoft has linked the operation to Storm-2460, a financially motivated cybercrime group known for deploying ransomware through stealthy backdoors.
PipeMagic is a malware first detected in December 2022 while investigating a malicious campaign involving RansomExx. The victims were industrial companies in Southeast Asia. To penetrate the infrastructure, the attackers exploited the CVE-2017-0144 vulnerability.
The backdoor’s loader was a trojanized version of Rufus, a utility for formatting USB drives. PipeMagic supported two modes of operation – as a full-fledged backdoor providing remote access, and as a network gateway – and enabled the execution of a wide range of commands.
Pipemagic’s technique of attack
PipeMagic also reflects a growing trend where attackers combine fileless malware techniques with modular frameworks.
By running directly in memory, it avoids detection from traditional signature-based tools. The modular design means it can expand its functionality much like commercial software — essentially transforming cybercrime into a scalable business model.
Another key point is the use of cloud infrastructure for command-and-control. By hosting their servers on Azure, the hackers blend into normal enterprise traffic, making malicious communications far less suspicious. This tactic underscores the need for behavioral monitoring instead of relying solely on blacklists.
Microsoft attributes PipeMagic to a financially motivated group known as Storm-2460. This is a warning sign for future attacks in the broader cybersecurity landscape.
PipeMagic’s modus operandi could be an inspiration for future malware families and its modular framework could fuel a wave of ransomware-as-a-service operations. That possibility raises the stakes not just for enterprises but also for small businesses and even government institutions.
The first stage of the PipeMagic infection execution begins with a malicious in-memory dropper disguised as the open-source for chat GPT application project. The threat actor uses a modified version of the GitHub project that includes malicious code to decrypt and launch an embedded payload in memory.
The embedded payload is the PipeMagic malware, a modular backdoor that communicates with its C2 server over TCP. Once active, PipeMagic receives payload modules through a named pipe and its C2 server.
The malware self-updates by storing these modules in memory using a series of doubly linked lists.
These lists serve distinct purposes for staging, execution, and communication, enabling the threat actor to interact and manage capabilities of backdoor throughout its lifecycle.
By offloading network communication and backdoor tasks to discrete modules, PipeMagic maintains a modular, stealthy, and highly extensible architecture, making detection and analysis significantly challenging.
Microsoft Threat Intelligence encountered PipeMagic as part of research on an attack chain involving the exploitation of CVE-2025-29824, an elevation of privilege vulnerability in Windows Common Log File System (CLFS).
Increased Funding on Cyber Offensive operation against Cyber Defense budget cut by Trump Admin; How wise a decision? Lets explore
Major new legislation commits over $1billion to US cyber offensives. Defining Cyber-offensive operations will include exploiting flaws in software or hack devices or deploy spyware.
This also include collecting internet traffic data and may involve targeted cyberattacks using zero-day exploits. Organizations often build the necessary infrastructure for such activities or gathers Intelligence as a part of these activates.
Trump administration, through the Department of Defense, has announced plans to spend $1 billion over four years on “offensive cyber operations.”
Along side recently the Trump regime announced that cyber offensive operation against Russia will be paused, highlighting that US govt now focuses mainly on China, moving away from eastern Europe.
It’s not clear what tools or software would qualify, but the legislation notes that the funds would go towards enhancing and improving the capabilities of the US Indo-Pacific Command, potentially focusing on the US’s biggest geopolitical rival, China.
The ongoing trade war with China is one of the main reason for Trump regime to shift focus from Russia , and in recent months security researchers have seen Chinese state hackers linked to People’s Liberation Army and the Ministry of State Security target companies in the fields of robotics, artificial intelligence, cloud computing and high-end medical device manufacturing.
The legislation does not provide detailed information on what “offensive cyber operations” entail or which tools and software will be funded. The investment comes at a time when the U.S. has simultaneously reduced its cybersecurity defense budget by $1 billion. Few months back we witnessed how the US Cybersecurity and Infrastructure Security Agency (CISA) reaffirmed its commitment to defending against all cyberthreats after budget cuts was announced.
Over 1,000 CISA staff have departed since early 2025 through a combination of layoffs, buyouts, and voluntary resignations. What remains is a hollowed-out workforce facing rising cyber threats with fewer tools and teammates.
CISA maintained although the continued efforts to undermine and weaken cybersecurity teams capabilities, however counter-productive that may be in protecting US infrastructure.
Senator Ron Wyden has concerns. “Vastly expanding U.S. government hacking is going to invite retaliation — not just against federal agencies, but also rural hospitals, local governments and private companies who don’t stand a chance against nation-state hackers,” Wyden told the news site.
The US administration simultaneously enacted cuts to the nation’s cybersecurity defense allocations, by slashing $1 billion from the U.S. cyber defense budget. The cuts pose a significant risk as the country faces increasing cyber threats, particularly from Chinese adversaries.
However, the move to a more offensive cyber stance has been critiqued by Democratic Senator and Senate intelligence committee member Ron Wyden, who said that the offensive strategy, combined with Trump and DOGE’s massive cuts to defensive cyber operations such as slashing the budget and the termination of staff from the US Cybersecurity and Infrastructure Security Agency (CISA), only invites retaliation from the US’ largest geopolitical rival.
“The Trump administration has slashed funding for cyber security and government technology and left our country wide open to attack by foreign hackers,” Wyden told TechCrunch.
How wise decision it is to cut cyber defense budget while increasing Cyber offensive spending?
The layoffs at CISA have led to concerns the U.S. is less well protected against cyber threats from the likes of China, Russia and Iran.
Obviously there will be reduction in capacity to defend against cyberattacks, especially large-scale coordinated campaigns. The federal government has inadvertently provided adversaries with a map of its blind spots by scaling back critical cybersecurity programs.
This increase in budget for Cyber offensive operation is seen as an aggressive push and might provoke retaliatory attacks on vulnerable targets, such as local governments and healthcare entities. According to the report, the bill does not specify what the “offensive cyber operations” are or what software would qualify for funding.
At the same time The Trump administration has halted US offensive cyber operations against Russia, sparking concerns over national security and potential Russian cyber threats.
The Trump administration is well aware of the nation state attack and advance techniques cyber adversaries adopt to, a national threat to infrastructure security that cannot be compromised.
Every year there has been increase in cyber security budget if we take a look at from 2017 to 2024. The US government civilian agencies spent more on cybersecurity in each successive year than they did the prior year.
(Source: https://techcrunch.com)
Soucrce: Trump seeks unprecedented $1.23 billion cut to federal cyber budget | CSO Online
Cyber-Breach on Qantas Airliner re-echo’s Cyber Risk associated with Third Party
Third-party vendors are critical to and business or industry – but they confirm to significant amount of cyber risk. Qanatas airline confirmed of cyber attack where nearly six million customers data may have been compromised. The airliner issued statement that said credit card details, financial information, and passport details were not part of the breach.
Qantas said in a statement: “We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”
The alarming aspect of a third-party data breach is the sheer scale of impact. Hackers have the potential to attack thousands of organizations in one fell swoop.
KPMG, study showed how 73% of organizations have experienced at least one significant disruption from a third-party cyber incident within the last three years.
Qantas Group chief executive Vanessa Hudson said the company was working closely with the National Cyber Security Coordinator and the Australian Cyber Security Centre.
We sincerely apologies to our customers and we recognize the uncertainty this will cause. Our customers trust us with their personal information, and we take that responsibility seriously,” she said.
In the breach that affected Qantas airliner which is one of the oldest, did not point to any hackers group. This data breach is one of Australia’s biggest breach in years which caused major setback and reputation damage to an airliner.
Last week, FBI said Scattered Spider group was targeting airlines and that Hawaiian Airlines (HAII.UL) and Canada’s WestJet had already reported breaches. Read more on our blogs:
Key pointer of the Qantas Breach
The Cyber hacker broke into a database containing the personal information of millions of customer.
The breach was executed by hackers who targeted a call center and gained access to a third-party customer service platform containing six million names, email addresses, phone numbers, birth dates and frequent flyer numbers.
Third party risk management is complex but neglecting can be fatal for organizations whose data volume is huge such as airliners.
The airline is emailing affected customers and has set up a dedicated support line at 1800 971 541 (or +61 2 8028 0534 from overseas).
If we observe in recent past 2020, the solar Winds attack that happened where Solar winds confirmed that its network had been penetrated by a malicious actor and a complex malware program inserted into software updates of its technology platform – SolarWinds OrionⓇ.
Such is the magnitude of the attack that the malware program comprised a multistage process, scanning downstream customer networks to detect security tools it could avoid or disable, and stealthily connecting to the attacker’s command and control servers. The malware persisted for months before initial detection.
The solar winds attack cost to the company amounted to significant loss with Incident response and forensic services cost companies 11% of their annual revenue (an average of $12 million).
How to make sure your vendor don’t create unnecessary risk that pose challenge for organization at large
First ensure your third party vendor’s meet the required robust security posture
Vendor risk assessment must be done holistically by streamlining due diligence
Upon discovery of any vulnerabilities, it is important that customizing and updating security requirements of the newly discovered threats and patch.
As a part of better threat mitigation strategy it is important that to automate vendors onboarding this will provide agility.
Managing Third party risk with Intru360
A research with KPMG found that found 61% of businesses underestimate third party risk management and often also struggle to have a healthy operation model and scale it same time.
KPMG research further found that Third-party/nth-party risk management that covers all third-party relationships over the entire life cycle; subjects vendors that support critical activities or are heavily relied upon to more comprehensive and rigorous oversight; and considers transition, contingency, recovery, and duplicity alternatives.
With most of the technology investments fail to provide visibility into third-party risk, we at Intercept help you to expand the scope and cover third parties related risk areas by identifying.
Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
In vendor security and management here are some of the features we offer to make sure cyber health of each and every supplier is checked and alerts are placed to get notification.
Prebuilt playbooks and automated response capabilities.
Over 400 third-party and cloud integrations.
More than 1,100 preconfigured correlation rules.
Ready-to-use threat analytics, threat intelligence service feeds, and prioritization based on risk.
Sources: https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know
Scattered Spider Group Target Aviation Sector; Third Party Providers to Vendors at Risk. Solutions to Improve Security Posture
Recently the Scattered Spider Hacker group or cybercriminals are targeting the airline industry at large and keen interest on aviation sector.
The Scattered Spider group relies mostly on social engineering techniques that can impersonate employees or contractors to deceive IT help desks into granting access” and frequently involves methods to bypass multifactor authentication (MFA), as per observation by FBI.
Earlier the group breached at least two major US airlines in June, bypassed security protocols by exploiting remote access tools and manipulating support staff as reported by CNN .
There is a growing cyber risk on aviation sector and how the air traffic control is managed during attack which makes subsequent aviation systems vulnerable to cyberattacks due to outdated technology in many cases.
And cyber criminals are resorting to advanced techniques by which they can halt operations via cyberattacks that have the ability to take over or invade technology systems which in turn disrupt information flow from the aircraft to pilots to the airlines’ operations center resulting in chaos and delay in flight operations.
Every operation and service delivered by airlines is supported by technology and once that is not responding ,subsequent operations are halted i.e. flight management software, air traffic control communications, baggage handling systems and in-flight entertainment platforms will fail inevitability.
Recently the Scattered Spider group was behind a big data breach potentially exposing Social Security numbers, insurance claims and health information of tens of millions of customers.
Repercussions of Data Breaches Impacting Third parties
Cybercriminals often take advantage of fragile cyber security posture linked to smaller third parties that provide services to larger, well-established enterprises or industry. In-fact many vendors dont have cybersecurity protection and proper cybersecurity awareness in place to mitigate against attacks.
Cyber attacks have evolved to become increasingly complex, making vendor risk management critical. With rise in digital transformation, cloud services and AI technology has given cyber criminals greater potential to penetrate unsecured networks and systems more then ever.
Address the Threat Landscape with Best Practices
Data breaches that originate from third-party vendors cause big fines and legal consequences are huge and affect primary organization. Along with these challenges, organizations often rely on third parties for critical services and cyber criminals take advantage of these vulnerability.
Organizations can still take steps to mitigate and defend against these attacks even as they onboard new vendors or service providers.
Let us see the emerging threats across third-party vendors:
- Supply chain attacks by cybercriminals often target companies that supply services to many different companies (e.g. MSPs, IT) they cause great impact as IoT and other hardware devices manufactured by third parties can be infected malicious firmware .These malware can steal sensitive data.
- Ransomware-as-a-Service (RaaS)The dark web often sells kits (RaaS) and now it is combined with generative AI making attractive for cyber criminals to launch attacks. RaaS can disrupt critical services of organizations.
- Threat from third parties Unintentional human error occur where providers misconfigure not so accurate data or data deletion happens or poor cybersecurity practices of easy passwords circulating among users. There could also be vendors with financial motives who don’t go through the same security process known as insider threat and don’t pass security test laid for regular employees.
- Software supply chain attacks As we witnessed outsourcing third-party SaaS services and cloud technology makes it easy to target vulnerabilities in software code. This impacting hundreds of well-established organizations using the same software and same chain of malware flows.
- Cloud vulnerabilities The provider or cloud service is responsible for securing the cloud infrastructure while the customer or vendor is responsible for securing their data and applications. A lack of proper security measures by the customer or third party can result in data breaches, data loss or supply chain attacks. Since cloud service or data center is all outsources so security lapse may happen
- Advanced Persistent Threats (APTs) is linked to State-sponsored attacks who generally target third parties to penetrate into systems over an extended period of time. For example, they might compromise a third-party network to gain lateral access to the main organization’s IT infrastructure, making it difficult to detect in time.
- Deepfake and social engineering attacks. Emerging AI-technology can manipulate employee or C-level executives to trick users into divulging information to execute identity fraud, phishing attacks, sign fraudulent contracts, or gain unauthorized access to restricted systems and networks.
- Zero-day exploits exploited by cyber criminals before they are identified by developers and third-party providers and patched. At times if patch is slow process attackers launch attacks during this delay.
Solutions that will improve Security Posture with Intru360 from Intruceptlabs
The new business environment demands IT support for a wider range of monitoring, security and compliance requirements. This creates significant burdens on network performance and network security as more appliances need access to incoming data.
Intrucept platform (Intru360) cover overall risk, detection, prevention, correlation, investigation, and response across endpoints, users, networks, and SaaS applications, offering end-to-end visibility.
Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.
Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst.
Sources: https://www.darkreading.com/cyberattacks-data-breaches/scattered-spider-hacking-spree-airline-sector
Iran & Israel war shaping cyber warfare; Hacktivism a tool used widely for Proxy Warfare
Iran & Israel war shaping cyber warfare; Hacktivism a tool used widely for Proxy Warfare
The latest in geo -politics is Israeli air strikes on Iran that triggered Hacktivist to attack and they chose social media platform to announce their activities ‘The Telegram platform’. Now cyber war fare is taking a different path and has no borders and enemy is not visible. One shot of attack is enough to bring down and cripple and entire system starting from banking systems to power grids.
Hacktivist group often uses Telegram as first approach to share about their cyber-attacks and victims list. The hacktivist group DieNet claimed that they will attack Israeli radio stations and announced it in Telegram.
Israeli cyber officials expect more spear-phishing, malware and similar patterns of attack attempts in the days ahead. Iran is currently engaged in a cyber-conflict with Israel and uses major two hacktivist groups that helps conduct destructive cyber-attacks, linked to Iran’s Ministry of Intelligence and Security (MOIS).
According to NSFOCUS Fuying Lab, hacker groups targeting Israel and Iran have been active since 2025. Up to now, there are about 170 hacker groups attacking Israel, with about 1,345 cyber attacks on Israel, including about 447 cyber attacks launched against Israel after the conflict broke out. (The Hacktivist Cyber Attacks in the Iran-Israel Conflict – Security Boulevard)
In the past Russia has used “hacktivism” as a tool for proxy warfare for various forms of cyber activities to create fear and uncertainty on their opponent.
The Iranian Cyber Units or forces are mostly linked to MOIS and IRGC the hackers group who use fake identities or front groups to hide their state connections.
Surge in Disruptive Cyber Operations
According to Radware, a global cybersecurity provider, Israel has faced an average of 30 DDoS attacks per day since the conflict’s onset. These attacks primarily target government and public institutions (27%), manufacturing (20%), telecommunications (12%), and media platforms (9%).
DDoS operations overload online services, rendering them inaccessible and often accompany website defacements and data leaks to maximise disruption during crises.
The pro-Iranian hacker group’s attacks on Israel peaked on June 16, the day after the Israeli military’s “massive strike” against multiple Iranian weapons production sites, including surface-to-surface missile production sites, detection radar bases and surface-to-air missile launchers in Tehran.
The targets of attack were mainly concentrated on Israeli government and public sector, national defense, aerospace, education and other industries.
The War in disguise-fought with malicious coding
Now along with tanks and war machineries, another kind of war is being simultaneous wagged i.e. cyber warfare. Here it is unconventional warfare no border no clear enemy. Everything is in disguise to create more sensation and install fear. This is being conducted by either by various state sponsored espionage or individual groups who are posing challenge for nation security.
And sometimes this kind of cyber-attack is fatal as malicious code on any application software can damage the system. Imagine doctors not able to open the required files in their system to check patient history on time, due to swarm of malicious code being pushed in their system and is life threatening for the patient as there is a delay to start treatment.
Again malicious code threats are hidden in software and mask their presence to evade detection by traditional security technologies.
Once any encrypted coding being pushed by threat actors inside organizations network, they can enter network and mail, overload with email messages, steal data like passwords and even reformat hard drives.
Hacktivist are now more empowered and Cyber warfare is now fought in disguise to exert influence and destabilize adversaries. Many methods used by Iran in destructive cyber attacks mirror those used by large ransomware groups, such as abusing vulnerabilities in VPN applications to gain entrance.
Emergence of New Axis in Cyber warfare
Those countries who lack in having a resilient cyber security infrastructure or organizations particularly fragile are soft targets becomes unintended battlegrounds in the global cyber war.
They make the easy victims either via hacking; data theft, cyber extortion and sometimes major cyber-attack that can sabotage their government systems.
If your capability suffers and able to provide effective defense then remaining vulnerable is an option slowly loosing creditability.
Either as a organization or country this growing disparity in cyber defense capacity has emerged as a new axis of global inequality and thriving grounds for threat actors.
The wave of cyber activity in this present state of Iran and Israel war, highlights how modern conflicts extend beyond physical battlegrounds. Attacks on infrastructure highlights the strategic importance of digital resilience.
Iranian state-sponsored hackers, particularly the APT35 group (also known as Charming Kitten), reportedly used AI to enhance their cyberattacks.
According to Check Point, these operations targeted Israeli cybersecurity experts, computer scientists, and tech executives with sophisticated phishing attempts. The attackers used fake messages and emails designed to trick people into sharing sensitive information, along with realistic decoys and fake login pages mimicking Google’s.
Here are recommendations to secure your networks against cyber-attacks, happening in disguise. How to improve organizational resilience.
- First have clear visibility across your network as traffic flows, without visibility it is not possible to stop attack. You can’t defend if your enemy is not visible. Once you have visibility, you can see across the threat landscape in your network and gather intelligence.
- Now with insights one gathers it’s time to turn insights into action and understand the tactics employed by threat actors. These insights are keys to set up proactive defense.
- Bring Intrucept as a part of your Security team. We are here to assist you as you need a deeper understanding of evolving threats and ways to mitigate them. Our next gen SIEM is a comprehensive solution for Security Information. It gathers information and then interprets, centralizing all security data for organizations.
For visibility Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack.
- Simply your workflows with Intru360, which automatically handles alerts, allow faster detection of both known and unknown threats.
- When it is question of cyber security and threats most organizations face, one need’s to have confidence in the threat intelligence one uses
- Once you are able to identify latest threats and you will not have to purchase, implement and oversee several solutions and even manage a team security analyst, it is easier. You get to save time and reduce complexity while researching for threats.
At the end we can say its not only responsibility for Government to respond or remain alert to cyber attacks and hackers foul play.
The present decade will witness more cyber war that is parallel along side when two nations go at war with each other deploying different AI-driven tools in their attacks. It is high time to stay alert and practice safe cyber security measures at individual level and enterprise level.
Sources: Reflections of the Israel-Iran Conflict on the Cyber World – SOCRadar® Cyber Intelligence Inc.
Recent Comments