Latest news with #APTs
France 24
19-07-2025
- Business
- France 24
Singapore facing 'serious' cyberattack by espionage group with alleged China ties
Singapore is dealing with a "serious" cyberattack against its critical infrastructure by a highly sophisticated entity linked by industry experts to China, the country's coordinating minister for national security said. The attack, part of a sophisticated level of cyber hacks called advanced persistent threats (APTs), poses a serious danger to Singapore and could undermine national security, K. Shanmugam disclosed in a speech late on Friday. "I can say that it is serious and it is ongoing. And it has been identified to be UNC3886," said Shanmugam, who is also the home affairs minister. Shanmugam did not disclose the group's sponsors, but UNC3886 has been pinpointed by Mandiant, a cybersecurity firm owned by Google, as a China-linked cyber espionage group involved in global attacks. "Even as we speak, UNC3886 is attacking our critical infrastructure right now," he said, adding that Singapore's Cyber Security Agency (CSA) and relevant authorities were dealing with the problem. APTs are highly sophisticated and well-resourced actors that typically steal sensitive information and disrupt essential services such as healthcare, telecom, water, transport and power, Shanmugam said. "If it succeeds, it can conduct espionage and it can cause major disruption to Singapore and Singaporeans," Shanmugam warned. A successful breach of Singapore's power system, for example, could disrupt electricity supply and have knock-on effects on essential services such as healthcare and transport. "There are also economic implications. Our banks, airports and industries would not be able to operate. Our economy can be substantially affected," he said. He said that between 2021 and 2024, suspected APTs against Singapore increased more than fourfold. A cyber breach on a public healthcare cluster in 2018 accessed the medication records of about 160,000 patients, including then-prime minister Lee Hsien Loong. On Saturday, China's embassy in Singapore expressed "strong dissatisfaction" with media reports linking UNC3886 to China. In a statement, the embassy said it "firmly opposes any unwarranted smearing of China" and that "in fact, China is one of the main victims of cyberattacks". The statement added: "China firmly opposes and cracks down on all forms of cyberattacks in accordance with the law. China does not encourage, support, or condone hacking activities." The attack on Singapore's critical infrastructure "highlights the extraordinary challenges posed by APT actors," said Satnam Narang, senior staff research engineer at US-based cybersecurity firm Tenable. "Combating such stealthy opponents is becoming increasingly demanding as the scale and complexity of IT infrastructure that organisations and nations must defend continues to grow," he said.
Time Business News
10-07-2025
- Business
- Time Business News
Zryly.com Cybersecurity for Businesses: A Complete Breakdown
In today's hyper-connected digital landscape, cybersecurity isn't just an IT concern; it's a fundamental business imperative. With cyber threats growing more sophisticated by the day, safeguarding your digital assets is paramount to maintaining operations, protecting sensitive data, and preserving your reputation. This is precisely where cybersecurity steps in, offering a comprehensive suite of solutions designed to empower businesses of all sizes to build a robust defense posture against an ever-evolving threat landscape. Let's face it, the sheer volume and complexity of cyberattacks can be overwhelming. From cunning phishing schemes to devastating ransomware assaults, every organization, regardless of its scale, is a potential target. The challenge lies not only in preventing attacks but also in rapidly detecting, responding to, and recovering from incidents when they inevitably occur. This article will delve deep into how provides an all-encompassing platform to address these critical needs, offering peace of mind and operational continuity. positions itself as a centralized hub for cybersecurity intelligence, resources, and tools. Their approach is holistic, covering various facets of digital protection. This isn't just about throwing a firewall at the problem; it's about building layers of defense and fostering a culture of security within your organization. focuses on several core areas to deliver comprehensive cybersecurity: Threat Intelligence Aggregation: Staying ahead of threats requires real-time knowledge. provides a constantly updated dashboard, email/SMS alerts, and the ability to track Indicators of Compromise (IOCs) related to emerging malware, Advanced Persistent Threats (APTs), and other critical vulnerabilities. This proactive intelligence allows businesses to anticipate and prepare for potential attacks. Staying ahead of threats requires real-time knowledge. provides a constantly updated dashboard, email/SMS alerts, and the ability to track Indicators of Compromise (IOCs) related to emerging malware, Advanced Persistent Threats (APTs), and other critical vulnerabilities. This proactive intelligence allows businesses to anticipate and prepare for potential attacks. Vulnerability Management: Knowing your weaknesses is the first step to strengthening your defenses. offers robust vulnerability scanning that covers the OWASP Top 10, providing detailed reports with actionable mitigation recommendations. This is crucial for identifying exploitable flaws in your systems and applications before malicious actors do. Knowing your weaknesses is the first step to strengthening your defenses. offers robust vulnerability scanning that covers the OWASP Top 10, providing detailed reports with actionable mitigation recommendations. This is crucial for identifying exploitable flaws in your systems and applications before malicious actors do. Secure Connectivity and Data Protection: In an age of remote work and public Wi-Fi, secure connections are non-negotiable. offers a VPN with AES 256-bit encryption and IP masking, ensuring your business's sensitive data remains protected whether your employees are in the office or on the go. In an age of remote work and public Wi-Fi, secure connections are non-negotiable. offers a VPN with AES 256-bit encryption and IP masking, ensuring your business's sensitive data remains protected whether your employees are in the office or on the go. Cybersecurity Education and Awareness: Human error remains a leading cause of security breaches. addresses this critical aspect with a robust e-learning platform. This includes webinars, certification modules, and crucial phishing awareness campaigns designed to equip your employees with the knowledge and skills to identify and avoid common cyber threats. Human error remains a leading cause of security breaches. addresses this critical aspect with a robust e-learning platform. This includes webinars, certification modules, and crucial phishing awareness campaigns designed to equip your employees with the knowledge and skills to identify and avoid common cyber threats. Professional Services for Deeper Security: For businesses requiring more in-depth analysis and custom solutions, provides professional services. These include full-spectrum audits, penetration testing (both black-box and white-box), and customized incident response planning. These services are invaluable for organizations seeking to thoroughly assess their security posture and develop tailored strategies. The modern threat landscape demands more than just basic antivirus software. Businesses need a proactive, integrated, and intelligent cybersecurity solution. cybersecurity stands out by offering exactly that, moving beyond reactive measures to provide a comprehensive framework for digital resilience. Implementing solutions can be a structured process to maximize its benefits: Initial Assessment and Setup: Utilize the Free Diagnostics Suite: Start with free tools like website vulnerability scans and password strength testers. This provides an initial snapshot of your current security posture. Start with free tools like website vulnerability scans and password strength testers. This provides an initial snapshot of your current security posture. Onboarding and Configuration: Work with support to integrate the platform with your existing IT infrastructure. This might involve setting up VPN access for employees, configuring threat intelligence feeds, and deploying vulnerability scanners. Proactive Monitoring and Intelligence: Daily Threat Dashboard Review: Make it a daily routine to check the Threat Dashboard for critical alerts, especially those related to ransomware and emerging threats relevant to your industry. Make it a daily routine to check the Threat Dashboard for critical alerts, especially those related to ransomware and emerging threats relevant to your industry. Subscribe to Alerts: Configure email and SMS alerts for immediate notification of suspicious activities or newly identified vulnerabilities. This ensures you're always informed, even when away from the dashboard. Strengthening Your Defenses: Regular Vulnerability Management: Embed scanners into your continuous integration/continuous deployment (CI/CD) pipelines. Conduct bi-weekly risk classification meetings to prioritize and address identified vulnerabilities. Embed scanners into your continuous integration/continuous deployment (CI/CD) pipelines. Conduct bi-weekly risk classification meetings to prioritize and address identified vulnerabilities. Employee Training and Simulations: Schedule quarterly phishing simulations through e-learning platform. Follow these with mandatory debriefs to reinforce best practices and educate employees on identifying social engineering tactics. Schedule quarterly phishing simulations through e-learning platform. Follow these with mandatory debriefs to reinforce best practices and educate employees on identifying social engineering tactics. Implement Zero Trust Principles: strongly advocates for a Zero Trust framework. Work towards enforcing identity verification, session validation, and microsegmentation across your network to minimize potential attack surfaces. Incident Response and Recovery: Develop a Robust Incident Response Plan (IRP): Utilize IRP toolkit, which provides ready-to-deploy templates and crisis communication checklists. This ensures you have a clear plan of action in the event of a breach. Utilize IRP toolkit, which provides ready-to-deploy templates and crisis communication checklists. This ensures you have a clear plan of action in the event of a breach. Practice IRP Execution: Conduct tabletop exercises or simulated incident responses to ensure your team is familiar with the protocols and can act swiftly and effectively when a real incident occurs. Conduct tabletop exercises or simulated incident responses to ensure your team is familiar with the protocols and can act swiftly and effectively when a real incident occurs. Post-Incident Analysis: After any incident, major or minor, use reporting features to conduct a thorough analysis, identify the root cause, and implement measures to prevent recurrence. Choosing a cybersecurity solution isn't just about features; it's about investing in the future of your business. cybersecurity offers a compelling value proposition that makes it an indispensable asset for any organization serious about its digital security. Centralized Control and Visibility: Instead of managing disparate security tools, brings everything under one roof. This centralized platform provides a holistic view of your security posture, simplifying management and enabling quicker responses. Instead of managing disparate security tools, brings everything under one roof. This centralized platform provides a holistic view of your security posture, simplifying management and enabling quicker responses. Scalability for All Businesses: Whether you're a small startup or a large enterprise. solutions are designed to scale with your needs. You can start with fundamental protection and expand as your business grows and your security requirements evolve. Whether you're a small startup or a large enterprise. solutions are designed to scale with your needs. You can start with fundamental protection and expand as your business grows and your security requirements evolve. Proactive Threat Mitigation: emphasis on real-time threat intelligence and continuous vulnerability scanning empowers businesses to move from a reactive stance to a proactive defense, significantly reducing the likelihood of successful attacks. emphasis on real-time threat intelligence and continuous vulnerability scanning empowers businesses to move from a reactive stance to a proactive defense, significantly reducing the likelihood of successful attacks. Enhanced Employee Awareness: By providing comprehensive e-learning modules and simulations, directly addresses the human element of cybersecurity , transforming your employees from potential vulnerabilities into your strongest line of defense. By providing comprehensive e-learning modules and simulations, directly addresses the , transforming your employees from potential vulnerabilities into your strongest line of defense. Expert Support and Community: offers not just technology but also access to expert-led forums, Q&A sessions, and premium hotline support for enterprise users. This means you're never alone in navigating complex security challenges. offers not just technology but also access to expert-led forums, Q&A sessions, and premium hotline support for enterprise users. This means you're never alone in navigating complex security challenges. Cost-Effectiveness: By offering a comprehensive suite of tools within a single platform, often proves to be more cost-effective than purchasing and integrating multiple standalone security solutions. This allows businesses to achieve higher levels of security without breaking the bank. By offering a comprehensive suite of tools within a single platform, often proves to be more cost-effective than purchasing and integrating multiple standalone security solutions. This allows businesses to achieve higher levels of security without breaking the bank. Compliance Support: data protection features align with major regulatory frameworks such as GDPR, CCPA, and ISO 27001, helping businesses meet their compliance obligations and avoid hefty fines. In conclusion, the question isn't if your business will face a cyber threat, but when . The intelligent and proactive approach offered by Cybersecurity provides the essential tools, knowledge, and support to not only defend against these threats but also to build a resilient and secure digital environment. By investing in you're not just buying a product; you're securing your business's future in the digital age. Don't wait for a breach to realize the importance of robust cybersecurity. Take control of your digital destiny today with Also, read: How to do Outbound Sales for Cybersecurity Companies TIME BUSINESS NEWS
Zawya
26-05-2025
- Business
- Zawya
What's on the cybersecurity horizon: Kaspersky shares cybersecurity trends for the Middle East, Turkiye and Africa
At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, Kaspersky ( Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, AI and IoT developments. Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including well-known ones such as SideWinder, Origami Elephant, and MuddyWater. The rise of creative exploits for mobile and further development of techniques aimed at evading detection are among the trends Kaspersky is seeing in these targeted attacks. On a broader level, the first quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats) – 26.1% and 20.1% respectively. They were followed by Qatar (17.8%), Nigeria (17.5%) and South Africa (17.5%). In the Middle East ransomware affected a higher share of users due to rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity. Ransomware is less prevalent in Africa due to lower levels of digitisation and economic constraints, which reduce the number of high-value targets. However, as countries like South Africa and Nigeria expand their digital economies, ransomware attacks are on the rise, particularly in the manufacturing, financial and government sectors. Limited cybersecurity awareness and resources leave many organisations vulnerable, though the smaller attack surface means the region remains behind global hotspots. Ransomware trends AI tools are increasingly being used in ransomware development, as demonstrated by FunkSec, a ransomware group that emerged in late 2024 and quickly gained notoriety by surpassing established groups like Cl0p and RansomHub with multiple victims claimed in December alone. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec employs double extortion tactics — combining data encryption with exfiltration — targeting sectors such as government, technology, finance, and education in Europe and Asia. The group's heavy reliance on AI-assisted tools sets it apart, with its ransomware featuring AI-generated code, complete with flawless comments, likely produced by Large Language Models (LLMs) to enhance development and evade detection. Unlike typical ransomware groups demanding millions, FunkSec adopts a high-volume, low-cost approach with unusually low ransom demands, further highlighting its innovative use of AI to streamline operations. In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities, as demonstrated by the Akira gang's use of a webcam ( to bypass endpoint detection and response systems and infiltrate internal networks. Attackers are likely to increasingly target overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace, capitalising on the expanding attack surface created by interconnected systems. As organisations strengthen traditional defenses, cybercriminals will refine their tactics, focusing on stealthy reconnaissance and lateral movement within networks to deploy ransomware with greater precision, making it harder for defenders to detect and respond in time. The proliferation of LLMs tailored for cybercrime will further amplify ransomware's reach and impact. LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks, allowing even less skilled actors to craft highly convincing lures or automate ransomware deployment. As more innovative concepts such as RPA (Robotic Process Automation) ( and LowCode ( which provide an intuitive, visual, AI-assisted drag-and-drop interface for rapid software development, are quickly adopted by software developers, we can expect ransomware developers to use these tools to automate their attacks as well as new code development, making the threat of ransomware even more prevalent. 'Ransomware is one of the most pressing cybersecurity threats facing organisations today, with attackers targeting businesses of all sizes and across every region, including META. Ransomware groups continue to evolve by adopting techniques, such as developing cross-platform ransomware, embedding self-propagation capabilities and even using zero-day vulnerabilities that were previously affordable only for APT actors. There is also a shift toward exploiting overlooked entry points — including IoT devices, smart appliances, and misconfigured or outdated workplace hardware. These weak spots often go unmonitored, making them prime targets for cybercriminals,' said Sergey Lozhkin, Head of META and APAC regions in Global Research and Analysis Team at Kaspersky. 'To stay secure, organisations need a layered defense: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education'. Kaspersky encourages organisations to follow these best practices to safeguard their assets: Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network. Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to outgoing traffic to detect cybercriminals' connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. Use the latest Threat Intelligence ( information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors. Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business ( that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions. To protect the company against a wide range of threats, use solutions from the Kaspersky Next ( product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing. Distributed by APO Group on behalf of Kaspersky. For further information please contact: Nicole Allman nicole@ Social Media: Facebook: X: YouTube: Instagram: Blog: About Kaspersky: Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at
The Australian
12-05-2025
- Business
- The Australian
Cyber threat trends: a CISO guide to emerging risks
Cybercriminals are leveraging large language models, and ransomware risks are on the rise, according to a new report that provides insights into evolving cyber threats. The prevalence of the ransomware-as-a-service (RaaS) model has significantly increased the frequency, destructiveness, and complexity of ransomware operations throughout 2024, according to Deloitte's Annual Threat Trends Report. The increase in use of RaaS models is enabling, for example, developers to concentrate on creating and improving ransomware and its components, initial access brokers to specialise in obtaining access to potential victims, and affiliates to focus on navigating compromised networks, payload deployment, and extortion, notes the report. Moreover, nation-state advanced persistent threats (APTs) have been increasingly deploying ransomware by collaborating with cybercriminal groups or developing their own ransomware strains for both financial gain and as a distraction to mislead incident responders while carrying out espionage-driven tactics. 'In today's rapidly evolving digital landscape, understanding cyber threat trends is crucial for safeguarding organisational assets and maintaining trust with stakeholders,' says Adnan Amjad, partner and US Cyber Offering portfolio leader at Deloitte & Touche LLP. 'Such insights can help CISOs navigate a complex threat landscape and implement effective security strategies,' adds Amjad. The Cyber Threat Trends Report emphasises the need for organisations to remain vigilant and adaptive in their cybersecurity strategies by identifying emerging threat trends in ransomware groups, AI-powered social engineering, and AI-as-a-service models, as well as evolving initial access trends. Effective cybersecurity begins with a deeper understanding of the evolving threats organisations continually face and the threat actors behind them, say report authors. They also explain that due to an influx of rapidly evolving and disruptive emerging issues and threat trends observed throughout 2024, organisations can benefit from adopting a broad approach to help mitigate the specific and ever-changing cyber risks they face. In this context, CIOs and CISOs can leverage the insights from threat intelligence teams to strengthen their organisation's cyber defences and prepare for worst-case scenarios to recover quickly in the event of a cyber intrusion. Trending and emerging initial access vectors The report investigates cyber threat trends across industry vectors, including the global impact of ransomware, trending and emerging initial access vectors, and observations from underground forums and marketplaces. Cybercriminals and nation-state APTs use large language models (LLMs) in many aspects of a cyberattack, according to the report. That includes actions such as gathering information on the target via multiple social engineering tactics, conducting reconnaissance, defense evasion, and crafting customised phishing lures. The use of LLMs to generate phishing content presents a significant challenge to traditional threat detection. Consider that threat actors can generate 1000 phishing emails in under two hours for as little as $6, with LLMs likely contributing to the overall 1265 per cent increase in phishing attacks reported in early 2024. [2] 'The future of cybersecurity lies in an organisation's ability to innovate and adapt,' says Kushagr Singh, principal and US Cyber Detect and Respond leader with Deloitte & Touche LLP. 'By leveraging advanced technologies while continuing to foster a culture of trust and security, we can help our clients stay one step ahead of cyber adversaries,' observes Singh. Underground trends Throughout 2024, report authors observed an increased influx of individuals' private information and a higher volume of sales of this information on various underground forums. Although international law enforcement efforts yielded visible results, they also underscored the persistent resilience of cybercriminal networks as threat actors often reconstitute quickly, indicating a continual need for intelligence-driven defense, closer public-private partnerships, and information-sharing initiatives to forge a more accurate picture of the threat landscape. Clare Mohr is leader and vice-president, Shawn Cozzolino, senior solution delivery manager, and David An, manager, all with Deloitte US Cyber Intelligence, Solution Delivery, Deloitte & Touche LLP. 1. 2. As published by the Deloitte US Chief Financial Officer Program in the 30 April 2025 edition of The CFO Journal in WSJ. Disclaimer This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ('DTTL'), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as 'Deloitte Global') does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the 'Deloitte' name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms. Copyright © 2025 Deloitte Development LLC. All rights reserved.
Daily Mail
29-04-2025
- Business
- Daily Mail
BREAKING NEWS Man City demand key financial information from Arsenal and other clubs in legal battle with Premier League
Arsenal - and a host of others – could be forced to hand over key and sensitive financial information following a demand from Manchester City. As City's war with the Premier League continues, Mail Sport understands that lawyers acting for the club have requested that the competition invokes one of its own rules and force a group of clubs which also includes the likes of Brighton and Everton to provide detail on loans they have received from their owners. City want to then use the information in their latest battle with the competition over its amended rules on sponsorship deals. They say that new regulations on Associated Party Transactions (APTs) – introduced by the Premier League after City successfully had the previous version deemed null and void – continue to discriminate. Their view is that shareholder loans, which often feature favourable or zero interest rates, give clubs who receive them, such as the Gunners, an unfair advantage as they are not subject to the same scrutiny as other commercial deals. All clubs have been informed of the request and will now face a wait to find if they have to comply. The likelihood of that being the case may well have caused a headache for the powers-that-be at the Emirates as they prepared for tonight's Champions League semi-final against Paris Saint-Germain. Arsenal benefitted from £259m worth of shareholder loans in 2022-23 while, in 2023, Liverpool owed owners FSG £71.4m. Brighton benefitted from shareholder loans of around £406.5m in 2021-22 while Everton's figure for 2022-23 was £450m. An independent panel, which previously ruled in City's favour, is set to consider the matter at a hearing in mid-October. Ahead of that date, representatives for City have asked the Premier League to use its Rule B18 which states that clubs 'shall comply promptly with any request for information'. After their previous victory, City warned the competition against effectively tweaking rules on APTs, which are commercial deals with groups linked to clubs' ownerships. They have now carried through on their threat to take legal action against them. Following their initial success, clubs were hit with a bill of more than £20m. The case is separate from the hearing into allegations that saw City charged with 115 alleged breaches of the Premier League's financial rules. A verdict may not be delivered until next Spring. Should City again emerge successful the Premier League could see its financial rules thrown into disarray once more with its clubs hit with another hefty legal bill. The Premier League declined to comment.
