FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, February 28, 2025

Belgian Intelligence Agency emails leaked by Barracuda Vulnerability

In recent times, we’ve seen a surge of news stories detailing cyberattacks on various companies, ranging from DDoS attacks to data breaches. However, a new report sheds light on a significant breach involving a Chinese hacking group infiltrating the network of Belgium’s Intelligence and Security Agency (VSSE). The attackers exploited a vulnerability in the firewalls and email security software provided by Barracuda Networks.

The State Security Service (VSSE) provided some insight into the incident in a statement to Le Soir, where a spokesperson confirmed that a Chinese hacking group (whose name remains undisclosed) had gained unauthorized access to the VSSE’s external email servers between 2021 and 2023. The breach was discovered in November 2023, prompting an investigation, which revealed that the hackers exploited a flaw in Barracuda Networks’ software to steal data.

Following a thorough investigation, the VSSE identified that the fault lay with the security system. As a result, in February 2024, the agency severed ties with Barracuda Networks and enlisted a new security software provider to address their security needs moving forward.

In response to the news, Lesley Sullivan, a spokesperson for Barracuda Networks, clarified that the company was not responsible for the breach. Sullivan emphasized that it was the VSSE’s responsibility to secure its assets, and Barracuda’s role was limited to providing the necessary tools for the agency to safeguard its network.

From Barracuda’s perspective, the company had taken action to resolve the critical flaw in its Email Security Gateway (ESG) software in May 2023, well before the breach was discovered. The flaw had likely been overlooked by the agency’s administrators. The ESG software is designed to monitor the flow of inbound and outbound emails while filtering out malicious content.

Cybersecurity insiders report that the breach, attributed to China-backed threat actors, resulted in unauthorized access to over 10% of the VSSE’s email traffic. While no classified information was compromised, much of the stolen data was related to internal communications between employees.

The post Belgian Intelligence Agency emails leaked by Barracuda Vulnerability appeared first on Cybersecurity Insiders.


February 28, 2025 at 09:01PM

Thursday, February 27, 2025

Cyber Attack news headlines trending on Google

Nearly 2 Million Android TVs Infected with Malware, Triggering Cybercrime Campaigns

Cybersecurity firm Xlab has recently reported that nearly 1.59 million Android-based smart TVs have been compromised by Vo1d malware, leading to the formation of a large botnet. This botnet poses a serious risk of triggering a wide-reaching cybercrime campaign in the near future.

Xlab’s security experts have stated that the malware’s spread is global, potentially affecting devices in 226 countries. The infection, which initially began with around 50,000 botnets in November 2024, has rapidly expanded, with estimates suggesting that over 800,000 bots are now active by January 2025. This growing threat could soon evolve into a much larger cyberattack.

The majority of the infected Android TVs are concentrated in countries such as Brazil, Indonesia, South Africa, Argentina, Thailand, and China, with little to no infection detected in Western regions—according to the latest figures.

DragonForce Ransomware Strikes Saudi Real Estate Firm, Leaks 6TB of Data

The notorious DragonForce ransomware has recently targeted a real estate and construction company based in Riyadh, Saudi Arabia, resulting in significant data theft and encryption. After the firm refused to pay the demanded ransom, cybercriminals released a portion of the stolen 6TB of data on a specialized leak site for financial gain.

US-based cybersecurity firm Resecurity was the first to confirm the attack, revealing that a ransomware-as-a-service group was behind the incident. The attack took place just days before the start of Ramadan, a sacred period for the global Muslim community, adding an extra layer of complexity to the cyberattack.

Over 3 Billion Passwords Stolen by Infostealer Malware

In another alarming cybersecurity breach, KELA, a threat intelligence firm, has reported that infostealer malware has successfully stolen over 3.9 billion password credentials. These stolen credentials, which are extracted from millions of infected devices, have raised significant concerns due to the high potential for phishing and brute-force attacks in the future.

Infostealer malware is a type of surveillance tool that secretly infiltrates devices and collects sensitive data, including login credentials, financial information, personal messages, photos, videos, and more. This bulk data exfiltration makes infostealers particularly dangerous, as they can evade security measures and compromise vast amounts of information quickly.

To protect against such threats, experts recommend deploying endpoint detection and response tools and utilizing multi-factor authentication, which can significantly reduce the risk of cyberattacks.

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.


February 28, 2025 at 11:18AM

How Kyocera’s CISO tackles the threat of cyber risk during AI adoption

Kyocera CISO Andrew Smith explains how he’s responded to the cyber risks associated with AI and how businesses can start implementing it.

Ever since AI’s meteoric rise to prominence following the release of ChatGPT in November 2022, the technology has been at the centre of international debate. For every application in healthcare, education, and workplace efficiency, reports of abuse by cybercriminals for phishing campaigns, automating attacks, and ransomware have made mainstream news.

Regardless of whether individuals and businesses like it, AI isn’t going anywhere. That’s why, in my view, it’s time to start getting real about the use cases for the technology, even if it might lead to potential cyber risks. Companies that refuse to adapt are risking being left behind in the same manner that stubborn businesses were when they refused to adjust during the early days of the Dot-com boom.

When it comes to early adoption, everyone wants to be Apple; nobody wants to be Pan-Am. So, how do businesses adapt to the new world of AI and tackle the associated risks?

Step 1: Understand the legal boundaries of AI and identify if it’s right for your business

Despite the risks, the mass commercialization of AI is a positive development as it means legal conditions are in place to help govern its use. AI has been around for a lot longer than ChatGPT; it’s just that we’re only now starting to set guidelines on how to implement and use it.

Regulations are constantly changing given the rapid evolution of AI, so it’s essential that businesses are aware of the rules which apply to their sector. Consultation with legal professionals is as crucial as any step of the process; you don’t want to commit a large amount of capital towards a project which falls foul of the law.

Once you’ve got the all-clear to proceed – hopefully with some additional understanding of the legal parameters – it’s down to you to identify if and where AI can add value to your business and how it could affect your approach to cybersecurity. Are there thousands of hours being spent on mundane tasks? Could a chatbot speed up the customer service process? How will you keep sensitive data safe after the introduction of AI software?

What’s important is that businesses have taken the time to identify where AI could add value and not just include it in digital transformation plans because they think it’s the right thing to do. Fail to prepare, prepare to fail – and avoid embarking on vanity projects that could do more harm than good.

Step 2: Decide on your AI transformation partner

This doesn’t mean you start using ChatGPT to run your business!

Assuming you don’t already have the talent in-house, there are hundreds, if not thousands, of AI transformation businesses for you to partner with on your journey.

I won’t labour over this step as every business will have its procurement processes. Still, my best advice is to look at the case studies of an AI transformation company’s existing work and even reach out to their existing clients to find out if their new AI tools have been helpful. Crucially, make a note of any security issues encountered in AI projects and bear this knowledge in mind. Like anything, a third-party endorsement for impactful work goes a long way.

That said, with the rapid growth in AI, sometimes “case studies’ are not freely available, and businesses should consider not discounting skilled firms. Instead, if a company has the credentials, insight, and technology, allow them the ability to demonstrate capabilities and how these support your journey.

Step 3: Ensure cyber-hygiene and cyber-education are communicated across the business

Unfortunately, most cyber-attacks are caused or enabled by insiders, usually employees. In the vast majority of cases, it’s not malicious; it’s just a member of your team who doesn’t understand the implications of cyber risks and doesn’t take all the necessary precautions.

Therefore, your best opportunity to nullify those risks is by thoroughly and consistently educating your employees. This should apply just as much to new AI tools as to anything else at the business.

It seems obvious to most by now, but ChatGPT is free because we are the product. Every time you input data into the model, it learns from your input, and there’s a distinct possibility that your data will be regurgitated at some stage to someone else. That’s why staff must be careful about entering sensitive information, even if an AI tool claims to keep data secure.

Not inputting sensitive company data into (Large Language Models) LLMs might be an easy and obvious starting point, but there’s plenty more that companies should be educating their employees about cyber-hygiene and not just its relevance to AI. Key topics can include:

  • Best practices in handling sensitive company data
  • The right way to communicate and flag potential breaches
  • Implementing an incident/rapid response plan
  • Regularly backing up data and ensuring it is secure
  • Secure by design – “Doing the thinking up front”

I believe education and training remain the best tools for tackling cybercrime, and failing that; you should ensure you have a solid plan to ensure that criminals can’t hold you to ransom should the worst happen.

Step 4: Implementation and regular review

If you successfully completed steps 1-3, you should have a powerful new AI tool to improve your business.

Once your staff have been trained on security risks are and using it, AI shouldn’t be treated as a ‘set and forget’ tool – any business using it should constantly review its effectiveness and make the necessary tweaks to ensure it provides maximum value the same way we do with our staff. It’s not just for efficiency either: there’s a good chance that regular reviews will expose potential vulnerabilities, and it’s far better for you to catch them before a potential cyber-criminal does.

If you skip one of the above steps, you risk encountering significant security issues and ultimately wasting capital on a failed or troublesome project. Follow each step correctly, however, and AI will become a powerful tool to help you stay ahead of the curve.

The post How Kyocera’s CISO tackles the threat of cyber risk during AI adoption appeared first on Cybersecurity Insiders.


February 27, 2025 at 09:24PM

SIGNAL denies access to user data in Sweden, reverse of what Apple has done

SIGNAL, the encrypted messaging platform based in California, USA, has made a significant announcement regarding its plans to exit Sweden. The reason for this decision stems from the Swedish government’s demands for access to a backdoor into the platform, allowing it to access user data whenever necessary.

This move underscores Signal Messenger’s unwavering commitment to user privacy, signaling to its global user base that it prioritizes the protection of personal data. The company has made it clear that it will not compromise on its promise of strong encryption and security, which ensures that user data is not stored, analyzed, or accessed without the user’s consent.

Signal’s stance echoes a similar dilemma faced by Apple in the past. The tech giant, known for its stringent data protection measures, also encountered pressure from governments seeking access to user information. In response, Apple had to announce the removal of its Advanced Data Protection (ADP) service, which was designed to prevent governments from accessing private information through backdoors.

In a somewhat similar vein, Signal has decided to entirely cease its operations in Sweden rather than surrender to government demands that would potentially compromise its users’ privacy and security. This decision is rooted in the company’s fundamental belief that any backdoor, even if initially intended for government use, could be exploited by malicious actors, posing a greater risk to users. By withdrawing from Sweden, Signal hopes to avoid putting its users at risk by exposing their data.

However, this exit isn’t final just yet. Signal has clarified that it will pause its plans to withdraw from Sweden until the Swedish government formalizes its stance. A proposed bill scheduled for presentation in March 2025 may clarify the government’s position on data security and backdoor access. The messaging platform is holding off on taking any final steps until this bill is introduced and its implications are fully understood.

What the Swedish Government’s New Data Security Bill Suggests

The Swedish government, like several other nations, is pushing for stricter data sovereignty measures. The new data security bill, which is expected to be proposed in March 2025, aligns Sweden with countries such as China, the USA, Canada, Australia, and Russia, all of which have stringent data storage laws. These laws mandate that companies operating within their borders store data on local servers and refrain from transferring data offshore.

This growing trend of data localization and government access to private information is becoming a significant challenge for companies like this encrypted messaging platform, which have built their reputation on providing strong encryption and privacy to their users. Signal has previously faced similar challenges, including pressure from the UK government, which proposed the Online Safety Act in 2023. This legislation aimed to grant the government access to the data generated and stored by messaging platforms, a move Signal strongly opposed.

Signal has also faced a complete ban in China due to its refusal to comply with the country’s data security laws, which are under the control of President Xi Jinping’s government. In China, the government requires full access to user data from digital platforms, a policy that directly contradicts Signal’s principles of user privacy and data encryption.

All of these developments indicate that Signal remains steadfast in its commitment to user privacy. The platform has made it clear that it is willing to sever ties with any nation that demands access to private user information, including metadata, regardless of the potential business impact. By choosing privacy over profits, Signal is sending a strong message that it will not compromise on its core values, even if it means stepping away from entire markets.

The post SIGNAL denies access to user data in Sweden, reverse of what Apple has done appeared first on Cybersecurity Insiders.


February 27, 2025 at 08:41PM

Wednesday, February 26, 2025

LockBit ransomware gang sends a warning to FBI Director Kash Patel

Recent reports circulating on social media suggest that FBI Director Kash Patel has been targeted by the infamous LockBit ransomware group. According to sources, the gang warned Patel that he is surrounded by subordinates who seem more focused on manipulating narratives and issuing misleading statements rather than performing their duties effectively.

In a message that resembles a version originally published on Forbes, the LockBit group first extended their congratulations to Patel for becoming the 9th Director of the Federal Bureau of Investigation. However, the tone quickly shifted, and the ransomware gang members launched a scathing criticism of his administration.

The controversy began last year when several members of LockBit, a notorious cybercrime group responsible for spreading ransomware globally, were arrested. This led to the takedown of their IT infrastructure in a coordinated effort named Operation Cronos . However, just 45 days after the crackdown, the gang re-emerged with the announcement of LockBit 2.0, vowing to operate with greater intensity. They made it clear that they would target critical federal infrastructure ahead of the November 2024 elections, which saw Donald Trump elected as the 47th President of the United States.

In October 2024, another group claimed to represent LockBit 3.0 and announced that they were focusing on financial institutions and power grids, continuing their efforts to sow political chaos among the public.

But within weeks, their activities seemed to die down. This was largely attributed to the Pentagon’s ongoing surveillance and efforts to disrupt cybercriminal networks responsible for malware attacks and DDoS operations.

Now, in a surprising turn of events, the Russian intelligence-affiliated LockBit group appears to be using a new tactic: directly reaching out to newly sworn in FBI Director Kash Patel. This interaction seems to involve offering him a false narrative, possibly as part of an ongoing psychological operation.

While there has been no official confirmation of these developments—since authorities are still investigating—it’s evident that LockBit is actively promoting this narrative on social media platforms such as Telegram and Facebook. Even some journalists from prominent media outlets have reportedly been contacted to help spread the gang’s fabricated story.

In a curious twist, the criminals seem to be playing a dual game. On one hand, they are praising Donald Trump for his efforts to amend immigration policies and resolve the conflict between Ukraine and Moscow. On the other, they appear to be engaging in a mind game with the FBI Director, possibly to distract Patel from an ongoing campaign that remains hidden from law enforcement.

As the situation unfolds, it remains to be seen how much of this controversy surrounding Kash Patel holds any truth. Given the ransomware gang’s long history of launching high-profile attacks, their latest psychological tactics certainly add an element of intrigue and suspense.

The post LockBit ransomware gang sends a warning to FBI Director Kash Patel appeared first on Cybersecurity Insiders.


February 27, 2025 at 10:45AM

Personal data of over 3 million US populace leaks in a data breach

Data breaches have become increasingly common in recent years, yet the level of concern surrounding these information leaks has grown significantly. One such breach that has recently come to light involves DISA Global Solutions, a company that provides vital services related to background checks, alcohol testing, and drug diagnostic services.

DISA issued a statement revealing that a data breach occurred on one of its servers in April 2024. The breach exposed sensitive data of more than 3.3 million individuals across the United States. This information, which included background checks, drug and alcohol testing results, and other personal details, belonged to employees working in over 55,000 companies nationwide. Notably, this also included some employees from Fortune 500 companies, highlighting the scale and significance of the breach.

Further details about the breach were disclosed in a filing submitted to the Attorney General of Maine, which revealed some alarming facts. According to the documents, the breach actually occurred earlier, on February 9, 2024, but was not detected until two months later. The leaked data was not limited to employment-related information. It also included highly sensitive personal data such as social security numbers (SSNs), financial information, educational backgrounds, criminal records, credit history, debit and credit card numbers, and even driving licenses.

Such a significant data breach can have far-reaching consequences, especially since hackers often use the stolen information to carry out social engineering attacks like phishing. This is where cybercriminals exploit the trust of individuals to steal even more sensitive data, often leading to financial losses, identity theft, or other forms of exploitation.

When a breach of this magnitude occurs, it is not just an immediate concern but can also lead to long-term repercussions. Hackers typically do not keep such large troves of personal data for themselves. Instead, they sell the information in smaller batches, often containing around 1,000 records per dataset. The prices for these data sets can vary greatly, ranging anywhere from $10 to $1,200 per set. Items like credit card numbers, SSNs, and driving license information are particularly valuable on the dark web, where they are often sold for substantial sums.

Given the scale and nature of this breach, both individuals affected and organizations involved will likely face numerous challenges in the coming months. The compromised data can have serious financial and reputational consequences, and the breach may spur further scrutiny over data protection policies, with stakeholders calling for stronger safeguards against cyber threats.

The post Personal data of over 3 million US populace leaks in a data breach appeared first on Cybersecurity Insiders.


February 26, 2025 at 08:33PM

Fortifying Financial Services Cybersecurity with Threat Intelligence and Cybersecurity Automation

The World Economic Forum’s Global Cybersecurity Outlook 2025 Insight Report paints a bleak picture of what the year ahead holds for technology security  teams worldwide. However, some industries are likely to be worse off than others. The financial sector, for example, is an attractive target for cyber-attacks, as confirmed by Statista which states that the average cost of a data breach in this industry in  2024 was approximately $6.08 million, compared to $4.88 for the overall average cost of a data breach across all industries. As such, financial institutions must prioritize cyber defense and take action to minimize the impact of attacks. One route to doing  this is by automating aspects of cybersecurity so SOC teams can focus on higher-value activities. 

According to the latest Threat Quotient research into The Evolution of Cybersecurity Automation Adoption, financial services organizations tend to be more mature in cybersecurity  automation adoption than their industry counterparts. Further, they may have passed through the period of disillusionment that commonly occurs in the technology adoption cycle. This is evidenced by the report finding that 87% of financial services organizations value the importance of cybersecurity automation, up from 69% the previous year, which is mostly used to focus on incident response, phishing analysis and threat hunting.  

However, given the growing complexities of the threat landscape, more needs to be done to equip financial organizations globally to prepare for attack. To try to counter this issue, governments have introduced new regulations for the financial sector such as The Digital Operational Resilience Act (DORA) which is an EU regulation that aims to strengthen the sector’s resilience to ICT-related incidents  with clearly defined requirements. Part of the regulation requires organizations to engage in threat intelligence sharing, to raise the level of knowledge and awareness of cyber threats on an industry scale. 

Knowledge is power 

Being aware of the latest industry threats, vulnerabilities and attack patterns is a powerful way to enhance the security posture of an organization and proactively mitigate risks. To achieve this, companies should systematically collect, analyze and disseminate information about potential cybersecurity threats to help identify emerging trends and stay ahead of possible threats. This knowledge, when shared across organizations and industries, can go a long way in helping more companies be alert and prepared for potential cyber threats. 

Within the financial services industry, threat intelligence is commonly only shared with direct partners and suppliers (59%) and within their organizations (48%), according to ThreatQuotient research. However, by sharing insights beyond the borders of the organization to the broader industry, security teams within all these organizations are empowered to gain a tactical advantage and actively improve their cybersecurity practices based on information collected according to real-world attack methodologies. 

Growing a community of information sharing  

Nevertheless, it is encouraging that 59% of Financial Services organizations are sharing threat intelligence with partners and suppliers, because considerable cyber risk resides in the supply chain – especially where smaller suppliers may lack sophisticated security solutions and in-house expertise. DORA addresses this by specifying that third-party ICT risk must be managed as an integral component of the overall ICT risk management framework. Sharing threat intelligence with the wider supplier ecosystem should be considered best practice as part of this risk management approach. 

Threat actors are sharing knowledge amongst themselves to enhance their skills with Cybercrime-as-a-Service (CaaS) providing a range of sophisticated tools and malicious services to a broad range of users through online marketplaces. Organizations must follow suit and band together with the sharing of threat intelligence across large and small organizations to collectively assess vulnerabilities and implement proactive measures to defend against rising threats. This collaboration is a cornerstone of effective cybersecurity which is further enhanced by integrating cybersecurity platforms to augment collaboration efforts. 

Closing the skill gap with automated threat intelligence 

There is no quick fix for the widening cybersecurity skills gap, but technology can be part of the solution in helping to ease the pressure on the teams that are combating cyber risks daily. With threat intelligence, security teams have valuable, real-world intelligence that can help them to be better prepared for attacks.  

Further, by automating elements of the process of threat hunting, intelligence gathering and threat profiling, security teams can work smarter and not harder, as they gain insights to prioritize threats, detect attacks earlier and develop strategies to respond faster and more effectively. This proactive approach not only strengthens the cybersecurity posture of the organization but – when intelligence is shared – also improves the posture of supply chains and the industry.  

AI is the problem and the solution 

While cybersecurity automation has achieved a degree of maturity in the financial sector, applying artificial intelligence to cybersecurity is still in relatively early stages across most industries. Again, the sector seems to be an early adopter, as evidenced by The Evolution of Cybersecurity Adoption report, which found that half of the financial services respondents are using AI across their cybersecurity operations, a figure that is considerably higher than other industries. 

However, the widespread adoption of AI will also increase the threat landscape. Not only do technologies like ChatGPT create potential risks for organizations, but AI tools are also being used by threat actors to enhance their skills and increase their breach success rates.

Despite the risks, AI also brings with it immense potential in bolstering an organization’s defence mechanisms, detecting threats and enabling faster incident response times. For example, Gen AI can help speed up threat intelligence gathering and reporting, so security teams can focus on more complex tasks.  

As cyber threats become increasingly sophisticated, it is more important than ever that the financial services industry bands together to collaborate and establish a united front against potential cyber-attacks. This includes prioritizing the adoption of cyber security automation to identify, analyze and prioritize threats in the industry to make better decisions and respond efficiently and effectively, thereby minimizing the impact of a potential attack. Ultimately shared threat intelligence enables organizations in the financial services industry to put up a united front and safeguard the valuable assets that their customers entrust them with. 

 

The post Fortifying Financial Services Cybersecurity with Threat Intelligence and Cybersecurity Automation appeared first on Cybersecurity Insiders.


February 26, 2025 at 02:06PM

Tuesday, February 25, 2025

Ransomware hackers are more interested in data exfiltration than encryption

As ransomware attacks gained popularity, hackers initially focused on encrypting entire databases and demanding ransom in exchange for decryption keys. However, recent trends suggest a shift in their tactics, with cybercriminals now more interested in stealing data rather than encrypting it.

A report by the American cybersecurity firm ReliaQuest reveals that more malware-spreading gangs are targeting data exfiltration. This method is faster, often taking just 48 to 90 minutes, and carries a lower risk of being traced by law enforcement. In contrast, when encryption is used, victims may refuse to comply with ransom demands and contact authorities, complicating the criminals’ plans.

Law enforcement typically intervenes by discouraging ransom payments, sometimes offering decryption keys to quickly restore the victim’s database. They also attempt to trace cryptocurrency payments, which can eventually lead to identifying the perpetrators, though this is a rare occurrence.

To avoid these complications, ransomware gangs are increasingly opting to steal data first. This allows them to sell the stolen information for profit or, in some cases, hold it for months before releasing it on the dark web for social engineering attacks.

To mitigate such risks, it’s crucial for organizations to deploy threat monitoring systems that can provide early warnings. Regular backups using a reliable disaster recovery solution are also essential. Additionally, notifying relevant authorities can help share information across industries and facilitate the capture of criminals, ultimately reducing the spread of cybercrime.

While data theft isn’t replacing ransomware entirely, it represents a shift in the criminal focus from disrupting systems to generating profit—minimizing attention from global authorities like the FBI and CISA.

The post Ransomware hackers are more interested in data exfiltration than encryption appeared first on Cybersecurity Insiders.


February 26, 2025 at 11:54AM

Overcoming Critical AI Security Risks Uncovered in DeepSeek-R1

DeepSeek has taken the AI world by storm, surpassing ChatGPT as the most downloaded smartphone app and gaining rapid adoption due to its efficiency and accessibility. While its advancements in AI reasoning and performance optimization are impressive, security researchers, including our team at Qualys, have uncovered many critical vulnerabilities that raise serious concerns for enterprise adoption.

It is vital that organizations prioritize security just as much, if not more than performance when it comes to AI deployment. This piece will dive into the findings from Qualys’ security analysis of DeepSeek-R1, explore the real-world implications of unsecure AI environments, and share best practices for organizations to implement proactive security measures that ensure responsible and secure AI deployment. 

The Alarming Results from DeepSeek-R1’s Security Analysis

To evaluate DeepSeek-R1’s security posture, the Qualys team conducted a comprehensive analysis using its AI security platform, Qualys TotalAI. TotalAI provides a purpose-built AI security and risk management solution that can identify threats and other safety concerns to ensure that AI models are secure, compliant and resilient. 

The analysis of DeepSeek focused on two key areas: knowledge base (KB) and jailbreak attacks. TotalAI’s KB Analysis assessed DeepSeek-R1 across 16 categories, including controversial topics, factual inconsistencies, illegal activities, unethical actions, sensitive information exposure, and more. Throughout the testing, nearly 900 assessments were conducted. Alarmingly, the model failed 61% of these tests, identifying critical ethical, legal and operational risks. 

During the analysis, DeepSeek-R1 was also subjected to 885 jailbreak attempts using 18 different attack categories. It failed 58% of these tests, meaning attackers can easily bypass critical built-in safety mechanisms, including instructions on how to make explosives, promoting misinformation and violence, among other illegal activities. The testing exposed severe weaknesses in DeepSeek’s AI alignment and presents serious risks for organizations integrating it into their workflows. 

Why Is This Concerning for Enterprises?

The vulnerabilities exposed through this security analysis highlight three major risks for enterprises – the first being evident ethical violations. DeepSeek-R1’s inability to prevent adversarial jailbreak attempts could lead to unintended consequences, such as the spread of misinformation, bias reinforcement, or facilitation of illegal activities. It is important that enterprises leveraging AI must ensure their models align with ethical and legal standards to maintain trust and integrity.

The next major risk concerning enterprises is privacy and security breaches. A recent cybersecurity incident exposed over a million log entries from DeepSeek AI, including sensitive user interactions and authentication keys. This shows clear deficiencies in DeepSeek’s data protection measures and increases concerns for enterprises storing sensitive information. 

Finally, DeepSeek-R1’s data storage practices present significant compliance concerns for organizations operating under regulations like GDPR and CCPA. Since all user data is stored on servers in China, it is subject to Chinese Cybersecurity Law, which allows government authorities access to locally stored data without user consent. This creates potential conflicts with GDPR’s strict data protection requirements and CCPA’s provisions for user privacy rights. Additionally, opaque data governance practices raise concerns about unauthorized access or state-mandated disclosure of sensitive information.

Best Practices to Strengthen AI Security

To address vulnerabilities in AI models like DeepSeek-R1 effectively, businesses must adopt a proactive security strategy that prioritizes both technical safeguards and regulatory compliance. This begins with implementing comprehensive security solutions tailored for AI environments, which provide continuous monitoring and automated risk management for LLMs. Organizations should also conduct adversarial testing to identify weaknesses like jailbreak susceptibility or ethical misalignment before deployment. 

On the compliance front, businesses must perform detailed legal risk assessments to ensure adherence to data protection regulations like GDPR and CCPA, while addressing cross-border privacy concerns tied to data storage practices. Deploying models in private cloud environments rather than relying on hosted solutions can help mitigate regulatory risks while maintaining greater control over sensitive data. By combining these measures with ongoing updates to align with evolving threats and standards, businesses can ensure secure and responsible use of AI technologies. 

As AI adoption accelerates, so do its risks. DeepSeek-R1 is a perfect example of this. While the model does deliver significant advancements in AI efficiency, it failed more than half of the Qualys TotalAI KB and Jailbreak tests. Attackers will continuously develop new techniques to bypass AI safeguards. Organizations must adopt proactive, comprehensive security solutions, like Qualys TotalAI, that ensure AI models remain resilient, compliant and aligned with evolving business and regulatory demands.  

 

The post Overcoming Critical AI Security Risks Uncovered in DeepSeek-R1 appeared first on Cybersecurity Insiders.


February 25, 2025 at 05:48PM

INE Secures Spot in G2’s 2025 Top 50 Education Software Rankings

Cary, NC, February 25th, 2025, CyberNewsWire

 INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with its designation as the recipient of G2’s 2025 Best Software Awards for Education Products. This category of awards ranks the world’s top 50 software education products based on authentic reviews from more than 100 million G2 users. 

“We are thrilled to be recognized for a second consecutive year by G2’s Best Software Awards,” said Dara Warn, CEO of INE. “This is not only a testament to INE’s robust educational offerings but also underscores our dedication to empowering enterprise teams and professionals with the skills they need to thrive in a challenging digital landscape. We are proud to set the standard for quality and effectiveness in cybersecurity and technical education, as evidenced by the success of our students.”

G2’s Best Software Awards rank the world’s best software companies and products based on verified user reviews and publicly available market presence data. Fewer than 1% of vendors listed on G2 are named to the list. 

“The 2025 Best Software Award winners represent the very best in the industry, standing out for their exceptional performance and customer satisfaction. The stakes for choosing the right business software are higher than ever,” said Godard Abel, co-founder & CEO at G2. “With over 180,000 software products and services listings and 2.8 million verified user reviews in the G2 marketplace, we’re proud to help companies navigate these critical choices with insights rooted in authentic customer feedback. Congratulations to this year’s honorees!”

G2 badges, released quarterly, recognize INE’s strong performance compared to competitors in specific areas, including its enterprise cybersecurity training and certification offerings, the depth and breadth of its online learning library, and global impact. INE earned the following G2 badges for Winter 2025:

  • Fastest Implementation, Online Course Providers
  • Leader, Cybersecurity Professional Development
  • Leader, Online Course Providers
  • Leader, Technical Skills Development
  • Enterprise Leader, Online Course Providers
  • Small Business Leader, Online Course Providers
  • Leader, Asia Online Course Providers
  • Leader, Asia Pacific Online Course Providers
  • Momentum Leader, Technical Skills Development
  • Momentum Leader, Online Course Providers
  • Small Business High Performer, Technical Skills Development
  • High Performer, India Online Course Providers
  • High Performer, Europe Online Course Providers
  • High Performer, Asia Technical Skills Development

INE was recently named to Security Boulevard’s list of the Top 10 Hacking Certifications for both the Certified Professional Penetration Tester (eCPPT) and Web Application Penetration Tester eXtreme (eWPTX) certifications. The list showcases some of the best ethical hacking certifications for cybersecurity professionals. 

In reviewing the eCPPT, reviewers noted: 

  • The realistic experience
  • A robust training program
  • Its credentials to boost employability in Europe (specifically noted as “remarkable”). 

In reviewing the eWPTX, reviewers applaud: 

  • The challenging nature of the exam
  • Requiring advanced methodologies and skills in creating exploits that “modern tools couldn’t fathom.” 

With a suite of the best cybersecurity certifications and training programs designed for teams and individuals, INE continues to lead in developing cybersecurity professionals equipped with real-time, hands-on experience to manage cyber threats and security incidents. Our award-winning cybersecurity software and comprehensive training in network security, cloud security, and risk management, prepare learners to become certified ethical hackers (CEH), certified information systems security professionals (CISSP), and more, solidifying our reputation as the trusted partner in cybersecurity excellence and threat intelligence.

About INE: 

INE is the premier provider of online technical training for the IT industry. Harnessing the world’s most powerful hands-on lab platform, cutting-edge technology, global video distribution network, and world-class instructors, INE is the top training choice for Fortune 500 companies worldwide, and for IT professionals looking to advance their careers. INE’s suite of learning paths offers an incomparable depth of expertise across cybersecurity, cloud, networking, and data science. INE is committed to delivering the most advanced technical training on the planet, while also lowering the barriers worldwide for those looking to enter and excel in an IT career. 

Contact

Kathryn Brown
INE Security
kbrown@ine.com

The post INE Secures Spot in G2’s 2025 Top 50 Education Software Rankings appeared first on Cybersecurity Insiders.


February 25, 2025 at 04:05PM

Monday, February 24, 2025

Google to replace SMS authentication with QR Codes for enhanced Mobile Security

Google is strengthening online security by transitioning from SMS-based authentication codes to more secure QR codes, providing a robust defense against current cyber threats. This shift comes as SMS codes, traditionally used for two-factor authentication (2FA), have proven to be vulnerable to various forms of attacks.

SMS authentication has long been a target for cybercriminals due to its susceptibility to phishing schemes and SIM swapping attacks. In SIM swapping, hackers clone a victim’s phone number, gaining unauthorized access to sensitive accounts, including banking and email. This reliance on SMS also exposes users to risks if the mobile network signal is weak or if service providers fail to ensure consistent security.

QR codes, on the other hand, offer a more secure alternative. These codes can be easily scanned using a smartphone camera, eliminating the need to manually input codes sent via SMS. This method reduces the risk of interception and reliance on network connectivity, as QR codes don’t require a continuous signal from the service provider. While the smartphone needs an internet connection for scanning and verification, QR codes are a more resilient option against network-dependent vulnerabilities.

One notable advantage of QR codes is their ability to function offline in certain situations, further reducing reliance on consistent server connectivity. However, for applications such as payment gateways, where real-time data transfer and fast transaction processing are essential, an active internet connection is still required. This presents an ongoing challenge, as maintaining high-speed, reliable connectivity is critical for efficient and secure online transactions.

Google’s initiative to integrate QR codes into their authentication process reflects their commitment to enhancing user security. By shifting away from SMS-based codes, the company aims to provide users with a safer, more reliable method of securing their online identities. This transition is part of Google’s broader efforts to address evolving cyber threats and offer cutting-edge solutions for online authentication.

In addition to these advancements, the FBI has recently issued a warning about an ongoing phishing scam targeting millions of Gmail users. The scam, which exploits tools like Astaroth, is designed to steal users’ credentials, passwords, and banking information. The scam works by redirecting victims to phony websites that harvest sensitive data.

To protect themselves, users are urged to activate email spam filters and be cautious when receiving emails from unknown senders. Clicking on links embedded in suspicious emails could lead to malicious websites designed to compromise personal information. Deleting such emails or marking them as spam not only protects individual users but also helps Google’s servers identify and isolate harmful threats before they reach a wider audience.

As cyber threats continue to evolve, it’s essential for internet users to stay vigilant and adopt security practices that mitigate the risks of online fraud and identity theft. With Google’s push for QR code authentication and the FBI’s warning about phishing scams, it’s clear that the fight against cybercrime is ongoing, and proactive measures are necessary to safeguard personal data in an increasingly digital world.

The post Google to replace SMS authentication with QR Codes for enhanced Mobile Security appeared first on Cybersecurity Insiders.


February 25, 2025 at 11:20AM

Kaspersky ban across Australia government agencies

In June of last year, under the leadership of then-President Joe Biden, the United States became the first nation to implement a sweeping ban on Kaspersky products and services, prohibiting their use across all federal agencies. This move, driven by concerns about national security, set the stage for other countries to take similar actions. 

Most recently, the Australian government followed suit, announcing a ban on Kaspersky’s software in all its federal agencies. This decision was made following an order issued by the Secretary of the Department of Home Affairs over the past weekend, and it is part of the nation’s broader Protective Security Policy Framework (PSPF). The PSPF allows for the restriction of IT products or services when they pose unacceptable security risks, such as potential threats to national security.

The central concern driving both the U.S. and Australia’s decisions is the possibility that Kaspersky’s software could be used to gather intelligence and relay sensitive data to foreign entities. Although there has been no concrete evidence to support these claims, the mere suspicion of potential espionage has led both nations to act decisively in limiting the use of Kaspersky products. Under national security laws, businesses can be banned from operating within a country if there are credible allegations of such activities, regardless of whether the accusations are substantiated.

It’s important to note, however, that the Australian government’s ban is limited to the use of Kaspersky software by federal agencies. Corporate and private entities in Australia are still free to use Kaspersky products, although they are cautioned to do so at their own risk. This distinction highlights the concern for national security without necessarily criminalizing the use of Kaspersky on a broader scale.

Kaspersky Lab, founded by Eugene Kaspersky in Russia, has consistently denied any wrongdoing. The company, which initially operated from Russia, has since relocated its headquarters to a Southeast Asian country, likely in an attempt to alleviate concerns related to data security and privacy. Despite these efforts, the company is still facing significant challenges in regaining the trust of Western nations. Along with Australia and the U.S., other countries, including Canada, have also moved to restrict or ban the use of Kaspersky software within their borders.

As part of the new Australian directive, entities using Kaspersky software are being urged to seek alternative solutions by the end of March 2025. By April 1st, 2025, all government-funded systems and devices must remove Kaspersky software, and failure to comply will result in legal consequences. The Department of Home Affairs has made it clear that any devices still using Kaspersky software after this date will be subject to prosecution.

Kaspersky has yet to issue an official statement regarding the ban in Australia, but an anonymous source within the company has confirmed that they will continue to provide customer support and software updates for six months following the imposition of the ban, regardless of whether the customer is using the premium service or not.

In an effort to reassure its customers, Kaspersky has moved much of its data hosting operations to European countries, including Switzerland, France, and the Netherlands, over the past two years. This was done to address ongoing concerns about data privacy and security. Despite these efforts, Kaspersky has struggled to regain the confidence of many Western nations, which continue to be wary of potential security threats posed by the company’s software.

The post Kaspersky ban across Australia government agencies appeared first on Cybersecurity Insiders.


February 24, 2025 at 08:34PM

Sunday, February 23, 2025

How Password Managers Enhance Security in Corporate Networks

In the digital age, corporate networks face an ever-growing number of cybersecurity threats, making password management a critical component of an organization’s security strategy. Password managers serve as essential tools for improving security, streamlining access control, and reducing the risks associated with weak or compromised credentials.

The Role of Password Managers in Corporate Security

A password manager is a software application designed to store and manage passwords securely. It enables users to generate, store, and retrieve complex passwords without the need to remember them, reducing reliance on weak or reused credentials. In corporate environments, password managers contribute to security in several key ways:

1. Strengthening Password Security

One of the most common vulnerabilities in corporate networks is the use of weak or repetitive passwords. Password managers generate strong, unique passwords for each account, minimizing the risk of brute-force attacks and credential stuffing.

2. Secure Storage and Encryption

Password managers use robust encryption algorithms, such as AES-256, to store passwords securely. This ensures that even if a cybercriminal gains access to the database, the credentials remain protected from unauthorized access.

3. Reducing Phishing and Credential Theft Risks

Employees often fall victim to phishing attacks, inadvertently providing credentials to malicious actors. Password managers mitigate this risk by auto-filling credentials only on legitimate sites, preventing users from unknowingly entering credentials on fraudulent platforms.

4. Centralized Access Management for IT Teams

For IT administrators, password managers provide centralized access control mechanisms. They allow IT teams to enforce security policies, monitor access logs, and grant or revoke credentials in real time. This helps in managing employee access to sensitive systems efficiently.

5. Facilitating Secure Collaboration

In corporate settings, employees often need to share access to business tools and systems securely. Password managers enable secure credential sharing without exposing actual passwords, reducing the likelihood of unauthorized access or leaks.

6. Multi-Factor Authentication (MFA) Integration

Many password managers integrate with multi-factor authentication (MFA) solutions, adding an additional security layer. This ensures that even if a password is compromised, unauthorized access remains difficult without the second authentication factor.

7. Automated Password Auditing and Compliance

Password managers often include auditing tools that identify weak, reused, or compromised passwords. They assist organizations in maintaining compliance with industry regulations such as GDPR, HIPAA, and PCI-DSS, ensuring adherence to best security practices.

Implementing Password Managers in Corporate Networks

Deploying password managers in a corporate environment requires careful planning and adherence to best practices:

    • Enforcing organization-wide adoption to ensure uniform security across departments.
    • Educating employees on best password practices and the importance of secure credential management.
    • Integrating with existing security infrastructure, including single sign-on (SSO) and MFA solutions.
    • Regularly updating and auditing password policies to align with evolving cybersecurity threats.

Conclusion

Password managers play a crucial role in securing corporate networks by strengthening password security, minimizing credential theft, and providing centralized control over access management. As cyber threats continue to evolve, adopting password management solutions becomes imperative for organizations looking to safeguard their digital assets and sensitive information effectively.

The post How Password Managers Enhance Security in Corporate Networks appeared first on Cybersecurity Insiders.


February 24, 2025 at 10:58AM

US Satellites enabled with AI Tech to make them immune to Cyber Attacks

China has emerged as one of the primary geopolitical and technological adversaries of the United States, a fact widely acknowledged on the global stage. In its pursuit of dominance, China continuously competes with the West, with the satellite sector being a significant area of contest.

Over the past decade, the Xi Jinping-led administration has aggressively invested substantial resources into military research and development, with a strategic focus on satellite technology and defense systems. This investment aims to establish technological superiority and enhance its defense infrastructure, particularly in space-based operations.

To mitigate potential cyber threats targeting satellites in orbit, the U.S. military has opted to integrate Artificial Intelligence (AI) into its space defense systems. AI technology is being employed not only to process vast amounts of data in real-time but also to proactively detect, neutralize, and mitigate the repercussions of cyber intrusions aimed at the satellite ecosystem. By leveraging machine learning algorithms and anomaly detection models, AI can predict and counteract potential threats before they compromise critical space assets.

A recent Pentagon report highlights that the U.S. Navy has developed a network of autonomous satellites designed to operate with minimal human intervention. These AI-powered satellites are not only capable of independent space navigation but also possess the computational prowess to analyze and process massive datasets concurrently. This advancement underscores a significant shift toward autonomy in space warfare and reconnaissance, reducing reliance on traditional ground control systems.

As the race for satellite supremacy intensifies, countries are increasingly integrating sophisticated technological innovations to assert dominance in aerospace. Melanie Garson, an associate professor specializing in International Conflict Resolution & International Security at University College London, has provided critical insights into this evolving landscape. She notes that AI is not just a tool for enhancing satellite capabilities but also a potent force in revolutionizing surveillance and cyber-espionage—two pivotal components in modern cyber warfare.

A recently published news report, citing CIA sources, confirms that in 2023, China attempted to seize control of a U.S. satellite constellation for a brief period, intending to either disrupt or commandeer its functions. However, the cyber-attack fell short of complete success, highlighting both the offensive capabilities of China and the resilience of U.S. defense mechanisms. Additionally, the strategic deployment of drones has been identified as a viable countermeasure in scenarios where low-altitude aerial missions align with operational objectives.

From mid-2025, the U.S. military plans to integrate AI-driven defense mechanisms to counter aerial drone threats effectively. Simultaneously, it has commenced rigorous testing of autonomous satellite systems capable of operating with low to moderate human oversight. The ongoing Russia-Ukraine conflict has demonstrated the increasing role of AI-powered drones and satellites, showcasing how digital manipulation can significantly impact battlefield operations.

In essence, the U.S. military is harnessing cutting-edge AI technology to fortify satellite defenses against external threats, thereby reducing reliance on GPS and ground-based control centers. The efficacy of these advancements in countering China’s expanding influence in space warfare remains to be seen, with only time revealing the true impact of this technological arms race.

The post US Satellites enabled with AI Tech to make them immune to Cyber Attacks appeared first on Cybersecurity Insiders.


February 24, 2025 at 10:50AM

Friday, February 21, 2025

Harnessing Agentic AI To Supercharge Security Awareness Training

Security awareness training has been steadily gaining traction and momentum as organizations have come to understand that cyberattacks mostly stem from their own employees (e.g., clicking on phishing links, downloading malicious files, failing to use strong passwords). Despite a lot of in-house training, almost half (46%) of employees still continue to struggle with phishing emails. 

Common Mistakes That Dampen Security Training

Conventional cyber awareness programs may fall short in certain areas.

One-size-fits-all: Most training programs are generic, offering the same content to all individuals regardless of their role, skill level, or prior knowledge. This lack of personalization can lead to disengagement and ineffective learning.

Outdated content: Training programs may fail to keep pace with the evolving threat landscape – content isn’t regularly updated to reflect the latest threats like AI-generated phishing attacks, or coercive synthetic media such as deepfakes, leaving users unprepared to defend against modern cyber risks.

Absent real-world context: Conventional training rarely simulates real-world scenarios, making it difficult for people to apply what they’ve actually learned in practice. This gap between theory and application can leave organizations vulnerable to attacks.

Lack of consistent feedback: Without timely and actionable feedback, individuals may not understand their mistakes or learn how to respond and improve. This can result in repeated errors and a false sense of security.

Limited user context: Basic metrics to assess user performance – i.e., click-through rates or completion percentages – can lack depth when not analyzed in the context of an employee’s background, learning history, job role, cyber maturity level, or other factors. In the absence of such granular understanding, organizations are unable to measure a program’s true education efficacy or tailor it to address specific worker behaviors or risks. 

What Is Agentic AI And How Can It Enhance Cyber Training Programs? 

So-called agentic AI refers to artificial intelligence systems that exhibit a high degree of autonomy and adaptability. Unlike conventional AI that follows predefined rules and operates within a specific framework or scope depending on its training models, agentic AI can learn, reason, and make independent decisions in dynamic environments. These systems are capable of understanding context, predicting outcomes, and taking actions to achieve specific goals. In the context of security awareness training (SAT), agentic AI can serve as a virtual coach, a mentor, or even a simulated adversary, providing employees with real-time feedback, personalized learning paths, and immersive experiences. One agentic AI program can even be dictated by another agentic AI program.

There are number of ways in which agentic AI can enhance SAT programs:

Personalized learning: Agentic AI can analyze an employee’s role, skill level, and learning history to create customized programs tailored to individual need. AI can also generate intelligent quizzes based on an organization’s specific security and compliance policies.

Contextual and targeted training: Agentic AI can analyze each user’s learning history, job role, risk score, behavior patterns, susceptibility to specific threats, and factors such as location or language to automatically deliver the most relevant and targeted content tailored to the individual. 

Adaptive learning: AI agents can adapt to an employee’s progress, adjusting the difficulty and focus of the training as needed. If an employee consistently performs well in identifying phishing emails, the AI might introduce more complex attacks or shift focus to other areas, such as password security or data protection. This approach ensures that users are always challenged and maximizes the effectiveness of training.

Dynamic template generation: AI agents can dynamically generate training templates based on the latest scams and social engineering tactics. This ensures that employees are always learning about the most current threats, creating a more relevant and up-to-date training experience.

Continuous monitoring and feedback: AI agents can continuously track employee behavior, interactions, and responses during training sessions and offer real-time feedback and guidance. This proactive monitoring and nudging can help organizations address security concerns quickly and ensure employees receive timely feedback, thereby boosting cyber awareness and practices.

User Benefits of Agentic AI-Powered Cyber Awareness Training

Lower training fatigue: Agentic AI can make security training more engaging and less overwhelming by delivering bite-sized knowledge refreshers at optimal intervals. This reduces information overload, ensures that security awareness becomes part of the daily routine and improves learning retention without causing fatigue.

Enhanced user experience and learning: AI agents can boost employee enthusiasm and engagement by offering interactive, gamified, and scenario-based learning. This makes the training experience more enjoyable, immersive and effective, improving retention of best practices while fostering a culture of cyber awareness and vigilance.

Deep behavioral insights: AI can track and analyze user behavior during training programs to identify patterns, strengths, and weaknesses, allowing for more targeted intervention like hands-on coaching, and improved results.

Agentic AI is transforming security training by making it more personalized, targeted, and effective. By addressing the limitations of conventional training, it equips employees with the skills and knowledge needed to combat modern cyber threats. As organizations face increasingly sophisticated attacks, agentic AI offers a modern and scalable solution to build a resilient, security-conscious workforce.

 

About the Author

 Erich Kron is Security Awareness Advocate for KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management with over 70,000 customers and more than 60 million users. A 25-year veteran information security professional with experience in the medical, aerospace, manufacturing and defense fields, he was a security manager for the U.S. Army’s 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP and other certifications. Erich has worked with information security professionals around the world to provide tools, training and educational opportunities to succeed in information security.

LinkedIn: https://ift.tt/52oclY3

 

The post Harnessing Agentic AI To Supercharge Security Awareness Training appeared first on Cybersecurity Insiders.


February 22, 2025 at 12:55AM

Apple backs out of offering Data Security tool to UK customers

Apple Inc., renowned for its commitment to data privacy and security, made an unexpected announcement a few hours ago that its Advanced Data Protection (ADP) service will no longer be available for new sign-ups in the United Kingdom. The tech giant also revealed that current users of the service will need to discontinue its use in the coming days.

This move follows growing media reports suggesting that the UK government had pressured Apple to provide a backdoor allowing authorities access to the photos, videos, and documents stored on its cloud service, iCloud.

Initially, Apple firmly rejected the request, citing concerns that such a measure would expose user data to potential threats and cyberattacks. However, for reasons that remain unclear, the company has now decided to comply with the UK government’s demands, announcing the removal of ADP services for all UK account holders.

Launched in December 2022, ADP is an end-to-end encryption service that ensures only the user has access to their data stored in the iCloud. Under this security measure, neither Apple nor governments can access the stored information.

Apple has not disclosed how many users have subscribed to the service, leaving the exact number unknown.

Ultimately, this decision suggests that Apple has yielded to the UK Home Office’s request for special powers under the Investigatory Powers Act (IPA). This law calls for a backdoor mechanism to allow investigative agencies access to encrypted data under specific conditions and warrants.

In conclusion, while Apple’s reputation for championing user privacy has been a key part of its brand identity, this latest development suggests that the company may be more willing to compromise on certain privacy issues when faced with legal and governmental pressure. This decision is likely to have significant implications for users in the UK, as well as for the broader debate surrounding encryption and digital privacy

The post Apple backs out of offering Data Security tool to UK customers appeared first on Cybersecurity Insiders.


February 21, 2025 at 08:42PM

Thursday, February 20, 2025

Genea Australia data breach and Black Basta Ransomware gang data leak

Genea IVF Australia Data Breach: A Detailed Account

Genea Australia, a leading fertility service provider and one of the three largest in the country, has confirmed that it has fallen victim to a significant cyberattack, resulting in a data breach. The company has acknowledged the breach publicly and assured that a thorough investigation is currently underway to determine the full extent of the incident. Further details are expected to be disclosed as the investigation progresses.

In an official press release dated February 13th of this year, Genea IVF revealed that unauthorized access to its systems was detected in the early days of February. The company has indicated that there is a strong likelihood that sensitive information has been compromised, including the personal and medical records of patients, proprietary scientific research, and critical research and development (R&D) data. However, despite the breach, there is currently no concrete evidence suggesting that the stolen information has been misused or exploited.

Potential Ransomware Involvement

Cybersecurity experts analyzing the situation suggest that the attack bears the hallmarks of a ransomware attack, a type of malicious cyber incident where threat actors encrypt an organization’s data and demand a ransom in exchange for its release. This speculation is based on the fact that the attack resulted in a complete disruption of Genea’s IT infrastructure, affecting all of its servers.

Following the breach, both the Genea IVF website and its associated mobile application have been rendered inaccessible. In response to the crisis, the company has enlisted the help of an external cybersecurity firm to conduct a thorough forensic investigation into the attack. The external experts are expected to determine the attack vector, identify the perpetrators, and assess the potential impact on affected stakeholders.

As a precautionary measure, Genea has opted to temporarily shut down all of its IT systems to prevent further damage and mitigate risks associated with the attack. Fortunately, the company has emphasized that it possesses a robust data recovery plan, which includes regularly maintained backups. This strategy is expected to facilitate the restoration of lost data and ensure business continuity in the near future.

Black Basta Ransomware Chat Logs Leak Online: Possible Insider Threat

While cybercriminal organizations have long been known for targeting businesses and exposing stolen data, a new and unusual development has emerged in the form of leaked internal communication logs of the infamous Black Basta ransomware gang. Cybersecurity insiders have reported that chat logs from the group’s private communications have surfaced on the dark web, fueling speculation that the breach may have resulted from an insider threat.

According to credible sources, an archival dataset containing internal Matrix chat logs has been made available for purchase on the dark web. The individual responsible for the leak, who operates under the pseudonym “ExploitWhispers,” has also advertised the data for sale on Telegram, a popular encrypted messaging platform often used by cybercriminals for illicit activities.

Theories Behind the Leak

Telegram discussions surrounding the incident present two possible theories regarding how the chat logs became publicly accessible.

Insider Betrayal: One possibility is that a disgruntled member of the Black Basta ransomware gang deliberately leaked the chat logs. Internal disputes, financial disagreements, or rivalries within the cybercriminal community could have motivated this insider to expose sensitive information.

Undercover Government Operation: Another theory suggests that the leak may have been orchestrated by a sleeper cell working covertly for a major law enforcement agency, such as the FBI. Sleeper cells are cyber operatives who embed themselves within criminal organizations under the guise of participating in cybercrime but are, in reality, working for government agencies. The release of the chat logs could be a strategic move to disrupt Black Basta’s operations and assist law enforcement in tracking its members.

Upon further examination, some analysts speculate that “ExploitWhispers” may be an independent cybersecurity researcher or a white-hat hacker affiliated with Western governments. Alternatively, the individual may simply be a freelancer engaged in selling sensitive information, such as cryptocurrency wallet credentials and Zoom meeting links, for personal financial gain.

The exposure of Black Basta’s internal communications represents a rare and significant event in the cybersecurity landscape. If the leak indeed originated from within the gang, it could lead to internal chaos and distrust among its members, potentially weakening the group’s operational capabilities. On the other hand, if the leak was orchestrated by law enforcement, it could serve as a strategic move to dismantle the cybercriminal network from within.

Final Thoughts

Both the Genea IVF data breach and the Black Basta chat log leak underscore the ever-growing cybersecurity threats faced by organizations and cybercriminals alike. While businesses must invest in stronger security measures to safeguard sensitive information, cybercriminal groups are not immune to internal breaches and betrayals. As investigations into both incidents unfold, the cybersecurity community remains on high alert for further developments.

The post Genea Australia data breach and Black Basta Ransomware gang data leak appeared first on Cybersecurity Insiders.


February 21, 2025 at 11:09AM

AI vs. AI – How Cybercriminals Are Weaponizing Generative AI, and What Security Leaders Must Do

There is a speeding train hurtling down the tracks which is unstoppable, persistent, and accelerating faster than anyone predicted. We all have three choices- be on it, be under it, or stand by and watch it pass us by.  AI and automation are reshaping the battlefield, and cyber criminals are already exploiting these tools to launch attacks at machine speed. From AI-powered phishing and deepfake fraud to autonomous malware that evolves on its own, we are witnessing a new era where traditional security defenses are rapidly becoming obsolete.

According to the World Economic Forum, while 66% of organizations acknowledge that AI will significantly impact cybersecurity, only 37% have established processes to evaluate the security of AI tools before deploying them. This massive gap highlights a critical oversight of whether businesses are integrating AI-driven solutions into their security stacks but are still failing to assess their vulnerabilities. 

Security leaders must decide- Will they adapt and harness AI to fight back, or will they be left scrambling as AI-driven cyber threats overwhelm them? This isn’t just another phase in cybersecurity, it’s an arms race- AI vs. AI. Attackers are using AI to craft undetectable phishing scams, generate deepfake fraud, and automate hacking. The question isn’t whether your organization will be targeted, but whether you’ll be ready when it happens.

So, the choice is clear- Will you board the train, or will it run you over?

The Rise of AI-Driven Cyber Threats

Now, AI-powered phishing emails are grammatically perfect, highly personalized, and nearly indistinguishable from legitimate messages. Attackers leverage AI chatbots to engage victims in real-time, increasing success rates. Meanwhile, deepfake technology enables real-time impersonation of executives and public figures, allowing fraudsters to authorize transactions, manipulate stock prices, and spread misinformation with hyper-realistic voice and video forgeries.

Malware development has also evolved beyond manual coding. AI now enables cybercriminals to generate self-mutating malware that bypasses antivirus software and endpoint protection. Instead of deploying a single attack, AI tests multiple variations in real-time, ensuring at least one version evades detection.

Despite these escalating threats, many organizations remain vulnerable. Legacy security systems struggle to detect AI-generated attacks, while even well-trained employees fall victim to AI-enhanced phishing and deepfake scams. Traditional authentication methods are increasingly unreliable, highlighting the urgent need for AI-driven detection tools to counteract evolving cyber threats. Without proactive AI security measures, organizations risk being outpaced in the AI-driven cyber arms race.

The AI-Powered Security Strategy

To combat AI-driven cyber threats, security leaders must embrace AI as part of their defensive strategy. A proactive, AI-driven security framework can help organizations predict, detect, and neutralize AI-powered attacks before they cause damage.

•AI-Driven Threat Intelligence- Anticipating Attacks Before They Happen

Security teams must shift from a reactive security model to a predictive one, leveraging AI-driven threat intelligence to identify emerging threats before they strike. AI can analyze massive datasets in real time, detecting patterns and anomalies that indicate potential cyberattacks.

By integrating AI-powered analytics, security teams can anticipate and neutralize attacks proactively rather than responding after the damage is done.

•Automated Irregularity Detection- Spotting the Subtle Signs of AI-Generated Attacks

Traditional security systems struggle to detect AI-powered cyberattacks because they don’t match known threat signatures. AI-powered anomaly detection systems, however, can identify suspicious behavior in real time.

For example, AI can flag an unusual login attempt from an employee who appears to be in two different locations within minutes, indicating a potential credential compromise. By continuously learning from user behavior, AI-driven security systems can detect subtle anomalies that indicate an attack.

•Combative AI- Fighting AI With AI

To counter AI-powered threats, organizations must leverage adversarial AI—AI models designed to detect and disrupt malicious AI-generated attacks. By training AI systems to recognize AI-generated phishing attempts, deepfake fraud, and evolving malware, enterprises can stay one step ahead of cybercriminals.

Combative AI works by introducing deceptive signals that mislead malicious AI models, disrupting cybercriminal operations before they reach their targets.

Employing AI for Cybersecurity Dominance

AI is both a powerful tool and a formidable threat in the cybersecurity landscape. To stay ahead, security leaders should embrace AI-driven threat intelligence, automate anomaly detection, and deploy adversarial AI techniques. The future of cybersecurity is about defending against AI and using AI to outthink and overcome attackers in the security arms race.

By leveraging AI to its fullest potential, organizations can turn the tide against AI-powered cybercrime and secure their digital assets in an increasingly automated world.

 

The post AI vs. AI – How Cybercriminals Are Weaponizing Generative AI, and What Security Leaders Must Do appeared first on Cybersecurity Insiders.


February 20, 2025 at 07:00PM

The Human Factor: How Eliminating Human Vulnerabilities Can Stop Social Engineering Fraud

Fraud is becoming more sophisticated, targeting companies with increased precision, especially in two critical areas: Accounts Payable (AP) and Payment Processes.  Both jobs with vendor-facing roles, these employees are prime targets due to their access to funds and ability to approve or modify payments.  

A couple of factors exacerbate the issue. First, these businesses continue to rely on security tools and financial controls that are not only siloed but lack the contextual data needed to detect and prevent these sophisticated attacks, which, according to the FBI, cost organizations $1.5 million each on average (source: FBI). 

Next, attackers have upped their tactics in a few key ways:

  • They have begun infiltrating businesses from multiple angles, including through vendor accounts, where they leverage layers far beyond the organization’s day-to-day visibility (those people they interact with regularly).
  • They are creating more sophisticated capabilities for evading security and setting off new risk thresholds, which include the greatest threat to payments today: social engineering.  

Cybersecurity’s Biggest Threat

Social engineering, which includes deepfakes, is the most prevalent form of attack. Research found that 90% of cyberattacks in 2024 involved social engineering tactics. And it’s not just about frequency. Through the power of AI, these attacks are becoming increasingly more costly.  In its Digital Fraud: The Case for Change report, Deloitte states that the “rapid expansion of AI and GenAI tools provides the resources for bad actors to scale their attacks, both on the financial institutions and directly to their customers.” The report says that “the proliferation of GenAI tools could enable fraud losses to reach US$40 billion in the United States by 2027, up from US$12.3 billion in 2023.”

The Lifecycle of Fraud: How Social Engineering Exploits Each Stage

When it comes to fighting back, a key element is to understand the many ways attacks are coming at your business. Here are examples.

Deepfake Impersonations:  Fraudsters frequently leverage deepfake impersonations to craft emails, videos, and other communication that convincingly appear to be from senior executives of Financial Times Stock Exchange (FTSE) companies. The goal of these efforts is to convince the employee to transfer substantial funds. While these attacks can impersonate people on all levels, selecting more senior executives is far more effective since employees naturally trust leadership and are often inclined to bypass standard review protocols for what looks like significant matters. The FBI’s Internet Crime Complaint Center (IC3) reported $2.95 billion in losses from BEC scams in 2023.

To turn up the heat on these attacks, fraudsters often add a layer of pressure. They might claim a payment is overdue or tied to a critical deadline, such as finalizing an acquisition. In extreme cases, they may threaten disciplinary action or other penalties to push employees into bypassing established protocols. This tactic preys on the human desire to avoid conflict or negative repercussions, especially when the request comes from a high-ranking authority.

AI-Generated Phishing: Attackers leverage AI to gather and analyze vast data about their targets. This includes information from social media profiles, public records, and leaked data from breaches. As a result, cybercriminals can understand the target’s behavior, preferences, and potential vulnerabilities. From there, they can craft highly personalized and convincing phishing emails that not only mirror the person’s writing style but leverage other details, such as a recent event, making them more effective and harder to detect. And these aren’t one-off campaigns. Thousands of these messages can be sent out simultaneously, targeting an extensive audience.

Fake Invoices in Payment Initiation: The payment lifecycle begins with the initiation when a vendor submits an invoice for goods or services rendered. As mentioned earlier, larger businesses have small teams processing large piles of invoices every day. For many criminals, the initiation phase is the ideal time to launch a social engineering attack using vendor impersonation schemes. 

Here, fraudsters, posing as legitimate vendors, use fake invoices to initiate payments. Sometimes, they intercept genuine invoices, altering minor details such as bank account numbers or payment amounts, and resubmit them for processing. Thanks to small teams that are stretched thin, meticulous scrutiny is not an option, which is precisely why fraudulent invoices can slip through undetected, leading to significant financial losses.

Account Takeovers and Payment System Manipulation:  At the processing stage, fraudsters leverage stolen credentials obtained through phishing attacks or data breaches to gain unauthorized access to payment systems. Once inside, they impersonate legitimate users, modifying payment instructions or creating fraudulent transactions for work that was never done. In automated systems like Automated Clearing House (ACH) transfers, attackers may manipulate payment templates or schedules to redirect funds into their accounts. These subtle changes can often go unnoticed until the damage is done.

Strengthening Defenses: Combating Social Engineering at Every Stage

For businesses fighting back, here’s the first step: Stop viewing social engineering solely as an email security threat. These attacks extend far beyond email, infiltrating the entire payment process and targeting systems, workflows, and data across the organization. 

With this understanding, it’s time to implement a multi-layered defense strategy that addresses vulnerabilities across the payment lifecycle to protect against social engineering and other fraudulent tactics. Some key elements of this approach include:

  • Comprehensive Contextual Insight: Seamlessly integrating email, payment, and vendor behavior data so that your team can detect irregular patterns across the entire process.
  • Proactive Monitoring of High-Risk Roles: While everyone at a business can be a target, it’s vital that systems are actively monitoring and securing those roles with access to funds, such as finance, executives, and vendor-facing employees. 
  • Adaptable AI-Driven Detection: Just as fraudsters are turning to AI, so should you. Start leveraging advanced AI tools to analyze patterns, detect anomalies, and recognize synthetic threats like deepfakes or real-time voice manipulation. These tools are not static. They continuously learn from new attack methods, enabling real-time identification and prevention of emerging threats. 

While forms of social engineering have existed for some time, the latest variety of attacks demonstrates an evolution in techniques that are unlike what came before. These methods will continue to evolve and leverage psychological manipulation to exploit weaknesses in the payment lifecycle. From fake invoices and account takeovers to executive impersonation and high-pressure tactics, these schemes are designed to capitalize on human error and trust to get their hands on your company’s money. 

But companies are not without recourse. Fighting back begins with understanding the vulnerabilities at each stage of the payments lifecycle and implementing a comprehensive defense strategy that includes key elements, such as comprehensive contextual insight, proactive monitoring of high-risk roles, and adaptable AI-driven detection. With the right approaches and innovative solutions, organizations can protect themselves from these sophisticated threats and whatever comes in the future.

__

Shai Gabay Bio

A visionary entrepreneur, Shai Gabay has always held a deep passion for cybersecurity and fintech, and over the course of his career, he has developed his expertise in both areas. Currently, Shai is a co-founder and the CEO of Trustmi, a leading end-to-end payment security platform founded in Israel in 2021. Prior to Trustmi, he was General Manager at Opera, VP of Product and Services at Cynet, CIO at Cyberbit and the CISO at Discount Bank.

Shai holds a Bachelor’s Degree from Shenkar College in software engineering, and also a Master’s degree in Business Administration and Management from Tel Aviv University.  Additionally, Shai was selected for the prestigious 1-year full scholarship executive excellence program at the Hoffman Kofman Foundation, a program tailored to outstanding alumni of IDF’s Elite Units. Through this program, he had the opportunity to study with prominent co-founders and leaders at renowned global tech companies and professors at elite universities.

 

 

The post The Human Factor: How Eliminating Human Vulnerabilities Can Stop Social Engineering Fraud appeared first on Cybersecurity Insiders.


February 20, 2025 at 06:24PM

State of Secure Network Access 2025

Exploring the Future of SASE, SSE, Zero Trust, and Hybrid Security Strategies

Overview

As organizations continue to manage increasingly sophisticated IT environments and widespread hybrid work models, the demand for secure, scalable network access remains a top priority. This 2025 Secure Network Access Report, based on insights from 411 IT leaders and cybersecurity professionals, explores the trends, challenges, and strategies that are shaping secure access today.

Key findings:

SASE Urgency Required: With 32% implementing, 31% evaluating, and 24% planning SASE adoption within the next year, momentum is building. However, with only 8% fully deployed, slow progress leaves organizations vulnerable, making it critical for distributed workforces to prioritize SASE for stronger security.

Remote Access as a Top Driver for SASE: 45% of participants identified secure remote and hybrid access for employees as their primary driver for adopting SASE solutions. This focus is vital, as 42% of respondents noted employees as the user group posing the greatest risk to business security. Traditional Virtual Private Networks (VPNs) often increase these risks, causing high latency, reduced performance, and inadequate security. SASE mitigates these issues with technologies like Software- Defined Wide Area Networks (SD-WAN), optimizing traffic flow and performance while ensuring secure, seamless access for remote and hybrid employees.

Zero Trust on the Rise: With 38% of organizations currently implementing Zero Trust and another 42% planning to do so within the next year, this security model has become a key focus for managing access in distributed environments and reducing insider threats.

Challenges in SASE Implementation: 48% of respondents pointed to integration with existing systems as the most significant barrier to adopting SASE. Policy management across different environments (44%) and user disruption during transitions (38%) were also identified as common challenges. Managed services help address these integration challenges by connecting existing infrastructure with SASE components, ensuring minimal disruption and faster time-to-value.

Leveraging MSSPs to Address Expertise Gaps: 47% of respondents cited lack of in-house expertise as the primary reason for turning to Managed Security Service Providers (MSSPs). Partnering with MSSPs can help streamline complex deployments like SASE, offering the expertise needed for seamless integration, improved network visibility, and reduced costs through a unified approach to security and performance.

This report provides in-depth analysis of these trends, alongside actionable recommendations for overcoming the challenges of SASE and Zero Trust implementation.

We extend our thanks to Hughes for supporting this critical research project. Their commitment to advancing secure access solutions has made this comprehensive analysis possible.

We hope that the insights provided in this report will guide your efforts to enhance security and protect your organization against evolving threats.

Holger Schulze

Founder, Cybersecurity Insiders

A Message from Hughes

Traditional IT approaches are a thing of the past as organizations navigate new and emerging technologies, workforce structures, and AI-driven cyber threats. In a world where the workforce is often distributed—and connected by cloud and other remote software solutions—securing a scalable network has never been more important. Cybersecurity as we know it is evolving, and we must evolve with it.

Thank you to all involved in this important research. As cybersecurity threats and technologies evolve, new partnerships and creative strategies will determine success and an organization’s ability to secure their workforce and safeguard their performance now and in the future.

Dan Rasmussen

SVP & GM, North America Enterprise Division, Hughes

Workforce Dynamics in a Hybrid World

The shift toward hybrid and remote models fundamentally impacts how cybersecurity strategies are deployed, particularly in securing network access, preventing insider threats, and managing distributed data environments.

With 63% of organizations now embracing a hybrid work model, maintaining secure access across a blend of remote and in-office environments has become increasingly critical. 19% of respondents operate fully remotely, further emphasizing the need for secure endpoint solutions and VPN alternatives.

Given the distributed nature of workforces, solutions like Security Service Edge (SSE) platforms offer layered protections, combining Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), and Cloud Access Security Brokers (CASB) to prevent data loss and ensure secure access. Managed Secure Access platforms are particularly valuable in simplifying these processes, providing centralized security management while ensuring high network performance.

Zero Trust Adoption: A Strategic Imperative

As organizations continue to face growing cyber threats, the adoption of Zero Trust security strategies has become increasingly critical for safeguarding networks, users, and data. Zero Trust, a framework that emphasizes continuous verification of identities and devices, has rapidly gained traction as a core security model for organizations aiming to reduce risk across their environments.

According to the survey, 42% of respondents are planning to implement Zero Trust within 12 months, showing that a significant number of organizations are in the early stages of their Zero Trust journey. 38% are currently implementing Zero Trust solutions, reflecting the urgency many organizations feel in transitioning to this security framework. The fact that 12% are still exploring Zero Trust concepts without concrete plans suggests that while awareness is high, some organizations are still evaluating how best to integrate these strategies into their infrastructure.

For organizations yet to adopt or fully implement Zero Trust, focusing on areas like Identity and Access Management (IAM), network micro-segmentation, and continuous monitoring can provide immediate security improvements. Leveraging integrated Zero Trust solutions through managed service providers can further streamline adoption and reduce the complexity of deployment, ensuring a smoother transition while addressing the most critical security gaps.

Securing Access to Critical Business Resources

As organizations continue to adopt cloud services and remote work, securing access to essential business resources has become one of the most pressing cybersecurity challenges. The survey asked which resources are most difficult to secure, underscoring the complexities of managing distributed infrastructures while maintaining consistent security.

The results show that 52% of respondents find remote network connectivity (e.g., VPNs) to be the most challenging to secure. This reflects the inadequacies of legacy VPNs in handling scalable and secure connections for dispersed teams as the backhauling of traffic to remote data centers introduces high latency and reduced performance, along with significant security vulnerabilities.

50% cited SaaS applications like Microsoft 365, highlighting the difficulty of enforcing data governance and access control across cloud-based services. Similarly, 49% noted the challenge of securing remote endpoints (e.g., laptops, mobile devices), emphasizing the risks associated with unmanaged devices operating outside of controlled environments.

Additionally, securing internal applications (46%) and cloud infrastructure (45%) remains complex as companies adopt hybrid cloud environments where security policies must span multiple platforms. To address these challenges, organizations should consider using flexible, scalable platforms that unify security across remote networks, SaaS, and endpoint devices. SASE platforms help eliminate the need for traditional VPNs, providing secure, direct access to cloud and on-prem applications through SDWAN and ZTNA, without compromising performance.

Managing Secure Access: Complexity and Visibility Gaps

As organizations scale their operations and embrace a mix of cloud, on-premises, and remote infrastructures, managing secure access has become more challenging.

The most pressing issue, reported by 23% of respondents, is the complexity of managing access policies across multiple platforms. This highlights the strain organizations face when trying to maintain consistency across fragmented systems. Similarly, 16% cited rising costs related to scaling capacity and bandwidth. Lack of visibility into user activity (14%) is another critical issue, as gaps in monitoring can leave organizations vulnerable to undetected threats, especially as cloud use grows.

Additional challenges include inflexible technologies that struggle to support mixed environments (11%) and excessive user privileges (10%), both of which can expose organizations to risks. Less frequently mentioned but still relevant concerns, like latency and integration issues, signal the persistent technical difficulties organizations face with legacy systems.

To address these challenges, organizations should turn to integrated platforms like SSE, which streamline policy enforcement across various environments and provide real-time visibility into user activities. Investing in cloud-native solutions with built-in scalability and adopting Zero Trust principles can significantly reduce complexity, ensuring security controls evolve alongside business needs. Additionally, focusing on technologies that provide granular user access control can help prevent privilege misuse while maintaining flexibility in policy enforcement.

Filling Strategic Gaps with MSSPs

The inherent challenges of cybersecurity threats and the rapid evolution of attack methods have left many organizations struggling to maintain sufficient in-house defense capabilities. This challenge drives the need for strategic partnerships with MSSPs, enabling companies to fill critical skill gaps and access advanced security solutions that would otherwise be beyond their internal capacity.

The survey shows that 47% of respondents identified lack of in-house expertise as a key reason for turning to MSSPs. This highlights a common issue: many organizations, despite their investment in cybersecurity, lack the deep, specialized skills needed to manage complex security tasks at scale.

In response, 46% of participants seek external access to specialized skills or expertise, recognizing that third-party providers can offer capabilities such as advanced threat detection and response that would be costly or impractical to build internally. Enhanced incident response capabilities (44%) and proactive threat detection (43%) were frequently cited, reflecting the importance of having robust, responsive measures in place to mitigate sophisticated attacks.

For security teams, leveraging MSSPs can provide much-needed flexibility and scale, enabling a stronger defense without overwhelming internal resources. However, organizations should look for providers that integrate seamlessly with their existing security architecture, offering proactive services such as threat intelligence and automated incident response. By doing so, they can enhance their security posture while maintaining agility and focusing on strategic initiatives.

 

Growing SASE Adoption and Urgency

As digital transformation accelerates and IT environments evolve, the need for a unified, cloud-centric approach to secure network access has intensified.

According to the survey, 32% of respondents are currently implementing SASE solutions, reflecting the growing momentum toward adopting this architecture. An additional 31% are currently evaluating SASE solutions. Combined with those planning to implement within the next year (24%), it’s critical that these organizations prioritize SASE solutions quickly in order to maintain security.

Despite strong interest, only 8% of organizations have fully implemented SASE, highlighting the complexity and gradual nature of this transition. This slow progress leaves organizations vulnerable as threat actors accelerate their tactics, striking with unprecedented speed and sophistication.

Given the growing adoption rate, organizations should focus on integrating SASE components, prioritizing technologies like ZTNA, SWG and Cloud Security Access Brokers (CASB) that provide immediate security benefits for cloud and remote work environments. Partnering with managed service providers that specialize in SASE deployment can further accelerate the process and help overcome integration challenges, allowing businesses to leverage the scalability, flexibility, and comprehensive security capabilities that SASE offers.

The Drivers Behind SASE Adoption

The survey reveals key factors driving the adoption of SASE solutions, which continue to gain traction as organizations modernize their security and networking infrastructures. 45% of respondents point to secure remote access for a distributed workforce as the leading driver, highlighting the ongoing need to safeguard access for remote and hybrid workers.

42% of respondents cite the need to enhance cloud security and visibility, showing that as businesses migrate to the cloud, maintaining control over data and securing access points remain significant challenges. Meanwhile, 40% express a desire to implement a Zero Trust security model and simplify their network and security architecture, indicating that organizations want to consolidate complex infrastructures and adopt continuous verification principles. Other notable factors include improving network performance (39%) and achieving cost savings through consolidation of tools (38%).

To capitalize on these drivers, organizations should focus on deploying SASE platforms that integrate Zero Trust principles with unified security across cloud and remote environments. By enhancing visibility and optimizing network performance, SASE offers a comprehensive approach that simplifies operations and strengthens security, making it essential for companies undergoing digital transformation.

Benefits Driving SASE Adoption

The survey results reveal a clear set of priorities driving organizations to adopt SASE solutions, reflecting the wide-ranging benefits that this architecture brings to both security and network management.

54% of respondents report an enhanced security posture, showing that organizations prioritize SASE’s ability to integrate security directly into the network, thereby reducing vulnerabilities. 52% value the simplified management of security and networking functions, reflecting SASE’s consolidation of tools and reduced complexity in managing hybrid infrastructures.

50% of respondents noted enhanced productivity and secure access for remote workforces as key benefits, underscoring the importance of seamless, secure access for distributed teams. Improved application performance and bandwidth optimization was highlighted by 49%, pointing to SASE’s ability to use SD-WAN for intelligent traffic routing.

Organizations can fully leverage these benefits by prioritizing SASE deployments that unify network and security functions, enhancing scalability and reducing operational overhead. This approach not only strengthens security but also supports productivity and optimizes network performance, aligning with broader digital transformation efforts.

Key Challenges in Implementing SASE

Organizations adopting SASE face a variety of challenges, especially as they attempt to integrate these solutions into their existing infrastructure. 48% of respondents identified integration with existing systems as their biggest challenge, underscoring the difficulty in aligning legacy infrastructure with modern, cloud-native architectures. 44% also reported struggles with policy management across multiple environments, reflecting the challenge of ensuring consistent security controls across on premises, cloud, and remote work settings.

Operational and transitional issues are also significant, with 38% concerned about user disruption during transition and 37% struggling to phase out legacy security tools. These challenges are further compounded by a lack of in-house expertise (37%), as many organizations don’t have the skill sets needed to effectively manage SASE deployments at scale.

To mitigate these issues, organizations should focus on identifying specific integration points where SASE can provide immediate value, such as enhancing cloud security visibility or improving remote access management. Partnering with SASE providers that offer built-in integration, APIs, and automation features can reduce the burden of policy management and limit downtime.

SASE Components Adoption

Understanding which components of SASE organizations are prioritizing offers valuable insight into how they are modernizing their security strategies. The key component, SD-WAN has been implemented or planned by 52% of respondents, highlighting its role in optimizing network performance for distributed environments. ZTNA follows closely at 49%, reflecting the importance of Zero Trust principles in securing remote access. 47% have adopted SWG, emphasizing the need for securing web traffic and enforcing policies.

FWaaS at 45% reflects a clear shift towards cloud-delivered security, while CASB (Cloud Access Security Broker) at 41% underscores the need for securing cloud applications more robustly.

To succeed in SASE implementation, organizations should focus on deploying high-impact components like SD-WAN and ZTNA first. Simplifying management by consolidating these services into integrated platforms will reduce complexity and improve scalability. Partnering with managed service providers that offer seamless integration can help ease the transition while ensuring ongoing optimization.

SASE Management Models

The decision of how to manage an SASE deployment often reflects an organization’s need to balance control with complexity and availability of skilled resources. 46% of respondents favor a co-managed approach with an MSP, indicating a common strategy of retaining oversight while leveraging external expertise for operational management. This model helps bridge internal capability gaps without fully relinquishing control over the infrastructure.

Meanwhile, 32% opt for fully managed SASE by an MSP, suggesting that many organizations prefer outsourcing to simplify their SASE deployment and management, especially those with limited resources. 16% manage SASE in-house, likely representing larger organizations with strong internal IT and security expertise.

Organizations should align their management model with their overall security strategy and internal resources. A co-managed approach provides flexibility, while outsourcing to MSPs ensures technical expertise and scalability, especially when internal teams are limited.

Key SASE Use Cases for Organizations

Understanding the most relevant use cases for SASE can help organizations prioritize deployment strategies based on their unique networking and security needs.

According to the survey, 52% of respondents consider secure remote and hybrid access for employees the most relevant use case, driven by the need to protect distributed workforces and access scenarios. Access and security for cloud applications ranked next at 47%, reflecting the increasing reliance on SaaS platforms and the growing importance of cloud security. Simplifying WAN infrastructure and management (45%) highlights the push to streamline network operations as organizations transition to SD-WAN.

Other key use cases include secure internet access (42%) and ZTNA (40%), both of which focus on securing user traffic and identities across network environments.

To fully leverage these use cases, organizations should deploy SASE solutions that address secure access for remote work, cloud services, and WAN management, ensuring seamless security and consistent policy enforcement across all IT environments.

SASE and SSE: Distinct Roles in Unified Security

Many cybersecurity professionals wonder how SASE and SSE differ, as both play critical roles in securing today’s complex, distributed environments.

SASE and SSE share common goals in modern cybersecurity architectures but differ in scope and focus. Both aim to unify and simplify security for distributed networks, yet while SASE encompasses networking and security functions, SSE focuses solely on the security side.

SASE

Combines security with network optimization by integrating technologies such as SDWAN and Zero Trust Network Access (ZTNA) with Secure Web Gateway (SWG), Firewallas-a-Service (FWaaS), and Cloud Access Security Broker (CASB) within a single, cloudnative framework. This approach enables organizations to secure remote access while ensuring optimal network performance.

SSE

As a subset of SASE, narrows the focus to security controls—specifically SWG, CASB, and ZTNA—without incorporating networking aspects like SD-WAN. SSE is ideal for organizations prioritizing security and access control, often working in tandem with existing network solutions.

In essence, SASE is suited for organizations needing a unified, end-to-end network and security approach, while SSE serves those focused on strengthening security postures in existing network frameworks. Both models help enforce Zero Trust principles and offer centralized management, enhancing scalability and control in cloud-centric, distributed environments.

SSE Adoption: A Path to Enhanced Security

Understanding the adoption of SSE offers insight into how organizations are securing cloud access and enforcing consistent security policies across increasingly distributed environments.

According to the survey, 41% of respondents are planning to implement SSE within 12 months, showing that many organizations are still in the evaluation or preparation phase. This suggests that while interest in SSE is high, full deployment remains a future priority for many. 33% are currently implementing SSE, indicating that a significant portion of organizations are actively transitioning to this model. Meanwhile, 18% have fully implemented SSE, reflecting that while adoption is underway, few have reached full maturity. Only 8% of respondents report having no plans to implement SSE, likely because they either have alternative solutions in place or are not yet ready to transition to cloud native security.

To accelerate SSE adoption, organizations should consider focusing on specific pain points, such as improving cloud security and ensuring visibility across hybrid work environments. A targeted approach that addresses immediate needs, such as securing remote access or optimizing application performance, can deliver quick wins and drive faster overall implementation. Additionally, aligning SSE deployment with existing business initiatives, like cloud migration or Zero Trust strategies, ensures that the transition integrates smoothly with ongoing projects without overwhelming internal teams.

Key Drivers for SSE Adoption

Identifying the primary reasons organizations are adopting SSE reveals the strategic benefits driving its implementation.

The survey shows that 55% of respondents prioritize enhanced cloud security and visibility as the top driver, reflecting the need to protect cloud environments where traditional security tools fall short. 48% are motivated by implementing Zero Trust strategies, emphasizing the importance of reducing insider threats and improving access control. Simplifying remote access for distributed workforces (45%) highlights the ongoing demand for secure, efficient access solutions.

Additional drivers include simplifying security management (44%) and enhancing scalability (39%), showing the need for flexible solutions that can grow with the business. Improving network performance (37%) and meeting compliance requirements (35%) also rank high, indicating SSE’s ability to reduce latency and enforce consistent security policies.

To address these drivers, organizations should focus on deploying SSE solutions that tackle their most immediate needs first, such as real-time data protection, cloud security, and efficient remote access.

SASE: Optimizing Secure Network Access

As digital transformation accelerates and IT landscapes evolve, the need for a unified, cloud-centric approach to secure network access has intensified. SASE, or Secure Access Service Edge, combines networking and security into a single, cloud-native framework, providing a comprehensive solution that addresses the needs of remote work, cloud migration, and increasingly distributed workforces.

What SASE Offers

SASE architectures bring together essential technologies—such as SD-WAN, Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Firewall-as-a-Service (FWaaS)—into a cohesive security model designed to operate seamlessly across both cloud and on-premises environments. With strategically placed global points of presence (PoPs), SASE enables consistent and high-performance access to cloud resources and applications by minimizing latency and optimizing traffic flow.

Why SASE Matters

The traditional network security model, focused on perimeter defense, has been disrupted by the growth of hybrid workforces (implemented by 63% of organizations) and the adoption of cloud services. With SASE, remote users gain direct, secure access to applications and data without the need for inefficient traffic backhauling, allowing organizations to maintain control and enforce security policies wherever users and applications are located. Using a unified, cloud-based security infrastructure, SASE simplifies network management and reduces operational complexity by consolidating tools and eliminating redundant infrastructure.

SASE Benefits

1. Performance Optimization: SASE enhances application and network performance by routing traffic through distributed points of presence (PoPs), strategically located data centers, or nodes distributed globally. These PoPs act as on-ramps to cloud services, ensuring minimal latency and maximum efficiency, particularly for remote workers, regardless of their location.

2. Simplified Management: By converging security and networking in a single platform, SASE enables centralized policy control, visibility, and reporting across all environments.

3. Enhanced Security Posture: Integrating technologies like ZTNA, SWG, and CASB into the network enables real-time threat detection and response, ensuring that only trusted users can access sensitive resources.

4. Flexibility and Scalability: Cloud-based delivery provides elastic scalability, which adapts seamlessly to fluctuating bandwidth needs and offers resilience for expanding cloud environments.

5. Reduced Operational Burden: With a managed SASE approach, organizations can offload significant operational demands, focusing internal resources on strategic objectives rather than routine security management.

For organizations facing evolving network demands, SASE offers an adaptable, unified framework that bridges the gap between security and networking while optimizing access to cloud applications and internet services. This approach empowers security teams to enforce Zero Trust principles and simplifies the management of complex, distributed environments.

Next Steps: Best Practices for Secure Network Access

Securing network access across hybrid and cloud environments requires adopting an integrated, multifaceted technology strategy. The following best practices offer a streamlined approach to strengthen security while reducing complexity.

1.DEPLOY SASE FOR UNIFIED SECURITY

With 52% of organizations finding remote network connectivity challenging, SASE integrates key components like SD-WAN and ZTNA to secure remote and hybrid access. Focus on these core components to streamline operations while enhancing security.

2.SIMPLIFY POLICY MANAGEMENT

Managing access policies across multiple environments is a key issue for organizations. Simplify this process with platforms like SASE or SSE, which provide centralized management and realtime visibility.

3.ADOPT A ZERO TRUST SECURITY STRATEGY

Zero Trust continuously verifies users and devices, ensuring secure access. With 42% of organizations planning to implement Zero Trust soon, focus on implementing ZTNA to protect against unauthorized access.

4.ENHANCE CLOUD SECURITY

55% of respondents cited cloud security and visibility as a major driver for SSE. Tools like CASB enforce governance and protection for cloud apps, ensuring data security in distributed work environments.

5.INVEST IN SCALABILITY AND FLEXIBILITY

39% of respondents highlight the need for scalable security solutions. Cloud-based platforms such as SASE offer flexible, scalable security that adapts to growing infrastructures, improving both performance and security.

6.FOCUS ON COMPLIANCE

Meeting compliance needs is critical for 35% of organizations. Integrated platforms like SSE provide built-in compliance controls, helping align security with industry regulations and streamlining audits.

7.LEVERAGE MANAGED SECURITY SERVICES

47% of respondents rely on managed services due to in-house skill gaps. By partnering with MSSPs, organizations can benefit from SASE / SSE expertise, continuous monitoring, and expert threat detection, without overburdening internal teams.

These best practices help organizations address security challenges while supporting flexibility, scalability, and control across hybrid and cloud environments.

Conclusion

As organizations continue to adapt to the demands of increasingly distributed IT environments and heightened security challenges, the findings of this report underscore the critical importance of modern, integrated approaches such as SASE and SSE.

While interest and adoption rates are rising, the complexities of full implementation remain a hurdle. Strategic investments in scalable, cloud-native solutions, along with partnerships that bridge expertise gaps, will be essential in maintaining robust security postures.

By prioritizing flexible architectures and embracing Zero Trust principles, organizations can better position themselves to face evolving threats and ensure secure, seamless access across all environments.

Methodology and Demographics

This 2025 Secure Network Access Report is based on a comprehensive online survey of 411 cybersecurity professionals, conducted in November 2024, to gain deep insight into the latest trends, key challenges, and solutions for secure network access.

The survey utilized a methodology ensuring a diverse representation of respondents, from technical executives to IT security practitioners, across various industries and organization sizes. This approach ensures a holistic and balanced view of the network security landscape, capturing insights from different organizational perspectives.

__

About Hughes

Hughes Network Systems provides broadband equipment and services; managed services featuring smart, software-defined networking; and end-to-end network operation for millions of consumers, businesses, and governments worldwide.

As a Managed Security Service Provider (MSSP), we provide customers with comprehensive security coverage that protects, detects, and responds to modern threats. With an extensive networking background, Hughes Managed Cybersecurity Services provides businesses of all sizes with the convergence of network and security solutions they desire. Top brands in the restaurant, retail, franchise, grocery, c-store & retail petroleum, government, and healthcare industries rely on Hughes for managed network services. Our experience managing large networks gives us a unique advantage when it comes to cybersecurity. We know how to defend networks because we’ve been building customer networks for decades. Customers rely on our proven experience, leading innovation, and top tier customer service delivery.

There is a strong amount of synergy between our services, which include Managed SASE, Managed Detection and Response (MDR), Network Detection and Response (NDR), Ransomware & Zero-Day Prevention, and Unified Threat Management (UTM). Our customers also take advantage of our Managed Network Services, such as Wi-Fi, VoIP, Wireless 5G, Managed LEO, Digital Signage, and more.

Learn how Hughes Managed Cybersecurity can protect your business. Learn more www.hughes.com

__

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges.

Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges.

For more information: email us info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

 

The post State of Secure Network Access 2025 appeared first on Cybersecurity Insiders.


February 20, 2025 at 05:30PM