Connect with us

Cyber Security

Cybersecure Holidays: Here’s How to Keep Your Business Protected During the Holiday Rush

Published

on

The last working days before the winter holidays are the perfect time to finish all urgent tasks, take stock of achievements, and plan for the next year. During this period, it is also very important to pay additional attention to cyber security, not to miss important steps that would protect your company from attacks increasingly targeting small and medium businesses and allow you to start the next year without a headache. Use these few simple and effective cybersecurity measures to greatly minimize the risks of being hacked.

Backup important data
An unexpected loss of important files can be caused either by trivial reasons such as a hard drive breakdown or by a cyberattack. For example, ransomware, malicious software, encrypts an entire operating system or individual files, and a ransom demand for the decryption. What makes it even worse is even if a company pays a ransom, there are no guarantees that criminals will restore sensitive documents. Regular offline backups will allow you to get access to crucial data in case of an emergency. You also can use a security solution with a function that enables automatic backup copy creation.

Update your devices and software
Legacy software is a gap in security and provides attackers with a great opportunity to get into the corporate infrastructure. Before the long holidays, don’t forget to check and install fresh patches on all key applications. This process can be simplified by security solutions with a built-in patch management system.

Renew your passwords
Brute force, a method that involves guessing a password by trying all possible combinations of characters, is still among the most common methods attackers use to penetrate an organization’s network. The likelihood that this mode of attack will succeed increases when the password they guess is weak and has already been leaked.  The first recommendation to mitigate the likelihood that your data will be stolen is to implement a strong password policy, requiring a standard user account password to have at least eight letters, a number, uppercase and lowercase letters, and a special character.

Check access to corporate data and systems
The end of the year is ideal for getting up your access policy in order. A recent survey tells that only half of business leaders are confident that their former employees don’t still have access to corporate accounts or data. Since this negligence can lead to serious data breaches, it’s better to deal with this issue before it’s too late. First, make a list of employees who left the company this year and check if access has been revoked. Also, diminish the number of people with access to important corporate data and reduce the amount of data available to all employees.  Breaches are more likely to occur in organizations where too many employees work with confidential valuable information that can be of interest to third parties.

Remember holiday scams
Adversaries don’t hesitate to take advantage of the holiday season by massively sending special New Year offers, subscription renewals, and gift cards to steal your personal information or money. The pre-holiday bustle is a huge distraction so you or your employees may easily miss a trick, walking into a trap without realizing the potential dangers. Remember and remind your colleagues about the basic signs of phishing emails. Among them are a dramatic subject line, mistakes and typos, inconsistent sender addresses, and suspicious links.  Also, always check the format of any attachments before opening them and the accuracy of a link before clicking. This can be achieved by hovering your mouse over these elements – make sure the address looks authentic and the attached files are not in an executable format.

Cyber Security

ESET Research Uncovers Iran-Aligned BladedFeline Spying on Iraqi, Kurdish Officials

Published

on

The Iran-aligned threat group BladedFeline has targeted Kurdish and Iraqi government officials in a recent cyber-espionage campaign, according to ESET researchers. The group deployed a range of malicious tools discovered within the compromised systems, indicating a continued effort to maintain and expand access to high-ranking officials and government organizations in Iraq and the Kurdish region. The latest campaign highlights BladedFeline’s evolving capabilities, featuring two tunneling tools (Laret and Pinar), various supplementary tools, and, most notably, a custom backdoor Whisper and a malicious Internet Information Services (IIS) module PrimeCache, both identified and named by ESET.

Whisper logs into a compromised webmail account on a Microsoft Exchange server and uses it to communicate with the attackers via email attachments. PrimeCache also serves as a backdoor: it is a malicious IIS module. PrimeCache also bears similarities to the RDAT backdoor used by OilRig Advanced Persistent Threat (APT) group.

Based on these code similarities, as well as on further evidence presented in this blogpost, ESET assesses that BladedFeline is a very likely subgroup of OilRig, an Iran-aligned APT group going after governments and businesses in the Middle East. The initial implants in the latest campaign can be traced back to OilRig. These tools reflect the group’s strategic focus on persistence and stealth within targeted networks.

BladedFeline has consistently worked to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq.

ESET Research assesses that BladedFeline is targeting the Kurdish and Iraqi governments for cyberespionage purposes, with an eye toward maintaining strategic access to the computers of high-ranking officials in both governmental entities. The Kurdish diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate. In Iraq, these threat actors are most probably trying to counter the influence of Western governments following the US invasion and occupation of the country.

In 2023, ESET Research discovered that BladedFeline targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports. The group has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government, but is not the only subgroup of OilRig that ESET Research is monitoring. ESET has been tracking Lyceum, also known as HEXANE or Storm-0133, as another OilRig subgroup. Lyceum focuses on targeting various Israeli organizations, including governmental and local governmental entities and organizations in healthcare.

ESET expects that BladedFeline will persist with implant development in order to maintain and expand access within its compromised victim set for cyberespionage.

Continue Reading

Cloud

SentinelOne Simplifies Secure Cloud Migrations on AWS

Published

on

SentinelOne today announced its participation in the Amazon Web Services (AWS) Independent Software Vendor (ISV) Workload Migration Program. This initiative supports AWS Partner Network (APN) members with SaaS offerings on AWS to accelerate and streamline workload migrations.

Through the program, SentinelOne will provide AWS customers with accelerated, secure cloud migration support, leveraging modern AI-powered CNAPP capabilities to ensure rapid and protected transitions. With access to AWS funding, technical resources, and go-to-market support, SentinelOne will help organizations reduce migration timelines and costs while maintaining robust security.

SentinelOne’s Singularity Cloud Security delivers real-time visibility and protection throughout the migration journey—whether from on-premises or another cloud—enabling a secure, seamless transition to AWS.

“Through our participation in the AWS ISV Workload Migration Program, SentinelOne is helping customers accelerate secure cloud migrations with end-to-end protection and visibility,” said Ric Smith, President of Product, Technology, and Operations at SentinelOne. “Whether moving from on-prem or another cloud to AWS, organizations can count on us to deliver the security they need throughout their journey—realizing the performance, speed, agility, and cost benefits of the cloud.”

Singularity Cloud Security combines agentless and agent-based protection for deep visibility, continuous posture management, and real-time threat detection across hybrid and multi-cloud environments. By collaborating with AWS and ecosystem partners, SentinelOne ensures seamless integration into migration projects, helping customers move faster, reduce risk, and scale confidently in the cloud.

Availability: SentinelOne’s solutions are available globally.

Continue Reading

Cyber Security

Beyond Blocklists: How Behavioural Intent Analysis Can Safeguard Middle East Businesses from Rising AI-Driven Bot Threats

Published

on

The Middle East is facing an unprecedented surge in AI-driven bot attacks, with malicious automation now outpacing traditional defenses. Mohammad Ismail, Vice President for EMEA at Cequence Security, warns that legacy tools like IP blocklists and rate limiting are no match for today’s sophisticated threats (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.