Latest news with #CiscoTalos
Channel Post MEA
30-04-2025
- Business
- Channel Post MEA
Cisco Unveils 2025 State Of AI Security Report
Ahead of GISEC GLOBAL in Dubai from 6-8th May 2025, Cisco has unveiled the findings of its inaugural global State of AI Security report. The report aims to provide a comprehensive overview of important developments in AI security across several key areas: threat intelligence, policy, and research. Artificial Intelligence AI has emerged as one of the defining technologies of the 21st century, yet the AI threat landscape is novel, complex, and not effectively addressed by traditional cybersecurity solutions. The State of AI Security report aims to empower the community to better understand the AI security landscape, so that companies are better equipped to manage the risks and reap the benefits that AI brings. Cisco is participating at GISEC GLOBAL 2025 as a Platinum Sponsor, under the theme 'Innovating where security meets the network'. Across its portfolio, Cisco is harnessing AI to reframe how organizations think about cybersecurity outcomes and tip the scales in favor of defenders. Visitors at GISEC will learn how Cisco combines AI within its breadth of telemetry across the network, private and public cloud infrastructure, applications and endpoints to deliver more accurate and reliable outcomes. 'As AI becomes deeply embedded into business and society, securing it must become a top priority,' said Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS. 'As our State of AI Security report indicates, traditional cybersecurity approaches are no longer sufficient to address the unique risks presented by AI. GISEC serves as the ideal platform to discuss the new age of AI-enhanced cybersecurity – bringing together security leaders, innovators, and policymakers who are shaping the region's cyber defense strategies. Through our thought leadership and innovations, we are showcasing at GISEC, Cisco aims to equip organizations with the insights, research, and recommendations they need to build secure and resilient AI systems.' Findings from Cisco's first State of AI Security report include: Evolution of the AI Threat Landscape The rapid proliferation of AI and AI-enabled technologies has introduced a massive new attack surface that security leaders are only beginning to contend with. Risk exists at virtually every step across the entire AI development lifecycle; AI assets can be directly compromised by an adversary or discreetly compromised though a vulnerability in the AI supply chain. The State of AI Security report examines several AI-specific attack vectors including prompt injection attacks, data poisoning, and data extraction attacks. It also reflects on the use of AI by adversaries to improve cyber operations like social engineering, supported by research from Cisco Talos. Looking at the year ahead, cutting-edge advancements in AI will undoubtedly introduce new risks for security leaders to be aware of. For example, the rise of agentic AI which can act autonomously without constant human supervision seems ripe for exploitation. On the other hand, the scale of social engineering threatens to grow tremendously, exacerbated by powerful multimodal AI tools in the wrong hands. Key Developments in AI Policy The past year has seen significant advancements in AI policy. International efforts have led to key developments in global AI governance. Early actions in 2025 suggest greater focus towards effectively balancing the need for AI security with accelerating the speed of innovation. Original AI Security Research The Cisco AI security research team has led and contributed to several pieces of groundbreaking research which are highlighted in the State of AI Security report. Research into algorithmic jailbreaking of large language models (LLMs) demonstrates how adversaries can bypass model protections with zero human supervision. This technique can be used to exfiltrate sensitive data and disrupt AI services. More recently, the team explored automated jailbreaking of advanced reasoning models like DeepSeek R1, to demonstrate that even reasoning models can still fall victim to traditional jailbreaking techniques. The team also explores the safety and security risks of fine-tuning models. While fine-tuning is a popular method for improving the contextual relevance of AI, many are unaware of the inadvertent consequences like model misalignment. The report also reviews two pieces of original research into poisoning public datasets and extracting training data from LLMs. These studies shed light on how easily—and cost-effectively—a bad actor can tamper with or exfiltrate data from enterprise AI applications. Recommendations for AI Security Securing AI systems requires a proactive and comprehensive approach. The report outlines several actionable recommendations: Manage risk at every point in the AI lifecycle: Ensure your security team is equipped to identify and mitigate at every phase: supply chain sourcing (e.g., third-party AI models, data sources, and software libraries), data acquisition, model development, training, and deployment. Ensure your security team is equipped to identify and mitigate at every phase: supply chain sourcing (e.g., third-party AI models, data sources, and software libraries), data acquisition, model development, training, and deployment. Maintain familiar cybersecurity best practices: Concepts like access control, permission management, and data loss prevention remain critical. Approach securing AI the same way you would secure core technological infrastructure and adapt existing security policies to address AI-specific threats. Concepts like access control, permission management, and data loss prevention remain critical. Approach securing AI the same way you would secure core technological infrastructure and adapt existing security policies to address AI-specific threats. Uphold AI security standards throughout the AI lifecycle: Consider how your business is using AI and implement risk- based AI frameworks to identify, assess, and manage risks associated with these applications. Prioritize security in areas where adversaries seek to exploit weaknesses. Consider how your business is using AI and implement risk- based AI frameworks to identify, assess, and manage risks associated with these applications. Prioritize security in areas where adversaries seek to exploit weaknesses. Educate your workforce in responsible and safe AI usage: Clearly communicate internal policies around acceptable AI use within legal, ethical, and security boundaries to mitigate risks like sensitive data exposure. 0 0
Forbes
28-04-2025
- Forbes
Backdoors Installed, Passwords Stolen — Who Is The ToyMaker?
Who is the ToyMaker? getty A lot of effort goes into tracking and reporting on the ransomware threat and those who launch the attacks. Given the sheer number of ransomware attacks and the money that can be made by those with no moral compass, this isn't exactly surprising. No surprise, either, that some are willing to pay good money to those willing to snitch on ransowmare threat groups. What is surprising, however, is that less time and resources seem to go into researching the people who enable ransomware attackers. I'm talking about initial access brokers who, like it says in the tin, are the ones who open the doors to your systems for the ransomware attackers to exploit. Initial access brokers like the ToyMaker. As I have already reported, ransomware attacks have surged by 132% despite a 35% drop in payments in the first quarter of 2025. Social engineering, adversary-in-the-middle attacks and information-stealing malware have all contributed to this ransomware resurgence. Welcome to the world of the initial access broker. Leaks from within the ransomware gangs themselves have shown that initial access brokers play a pivotal role in the success of any attack. The ToyMaker is an initial access broker and, according to a new report from researchers at Cisco Talos, a very dangerous one indeed. In their deep dive into the world of the ToyMaker, Cisco Talos threat intelligence researchers Joey Chen, Asheer Malhotra, Ashley Shen, Vitor Ventura and Brandon White have revealed just how dangerous this mysterious figure is. The ToyMaker isn't motivated by politics or tied to any nation-state espionage groups, but rather is, the threat intelligence experts said with medium confidence, a financially motivated threat actor. The job that they do is simple: exploit vulnerable systems that are exposed to the internet. Well, I say simple, but the methods used and the consequences of success are anything but. The ToyMaker deploys a custom-coded backdoor called lagtoy, which can steal credentials from the target system it is installed upon, as well as create reverse shells and execute commands on infected endpoints. This is not a toy to be played around with lightly. 'A compromise by lagtoy may result in access handover to a secondary threat actor,' Cisco Talos warned, specifically, a double extortion ransomware group known as Cactus. The ToyMaker is also a speedy operator when it comes to deploying these malicious toys. 'ToyMaker performed preliminary reconnaissance, credential extraction and backdoor deployment within the span of a week,' Cisco Talos said. As is the case with initial access brokers, that would then signal the end of the ToyMaker's involvement in the attack. After a three-week pause, the Cactus ransomware group strikes using the credentials stolen by the ToyMaker.
Tahawul Tech
08-04-2025
- Business
- Tahawul Tech
Cisco Talos Report: The education sector the most targeted industry for cyberattacks in 2024
The annual report from Cisco Talos has shown that the education sector was the most targeted industry for cyberattacks in the last 12 months. Unsurprisingly, identity-based attacks emerged as the most dominant threat, accounting for 60% of Cisco Talos incident response cases in 2024. The report, based on telemetry from over 46 million global devices across 193 countries and regions, including the Middle East, analyses the most significant trends in threat actor behavior, including identity attacks, ransomware, network vulnerabilities, and the role of artificial intelligence (AI) in cyber threats. The findings reveal that in 2024, threat actors prioritized stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities. Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access. Commenting on the report's findings, Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, stated: 'The findings from Cisco Talos' 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually taking advantage of security gaps, demonstrating the essential nature of a proactive, identity-focused defense strategy. And with the emergence of remote and hybrid working models, implementing a Zero-Trust Network Access (ZTNA) strategy is key to ensure that the correct security controls are in place while enhancing end-user experience. By staying aware of these evolving tactics, organizations can reinforce their security measures and more effectively shield themselves from new and emerging threats.' To strengthen cybersecurity and protect against emerging threats, Cisco Talos shares five key recommendations: promptly install updates and patches, enforce strong authentication methods, implement best practices such as strict access controls, network segmentation, and employee training, encrypt all traffic for secure monitoring and configuration, and apply all security measures across the network infrastructure. By adopting these practices, organizations can build a more resilient security posture. Top threats observed in 2024 include: Identity-based attacks: These attacks accounted for 60% of all Cisco Talos Incident Response (IR) cases, with Active Directory identified as a prime target, representing 44% of such incidents. Additionally, 20% of identity-based compromises affected cloud applications, with APIs being particularly attractive due to their access to sensitive data. Ransomware tactics: Last year, ransomware attacks continued to impact organizations globally, with attackers using valid accounts for initial access in nearly 70% of cases. Many ransomware operators successfully disabled security solutions, while the education sector was the most targeted industry due to budget constraints and extensive attack surfaces. Additionally, LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, despite increased law enforcement efforts. Exploitation of Network Vulnerabilities: A major concern in 2024 was the persistent exploitation of older vulnerabilities, particularly those affecting widely used software and hardware. Many of the top-targeted network vulnerabilities impacted end-of-life (EOL) devices that no longer receive patches yet remain actively targeted by cybercriminals. The most frequently targeted vulnerabilities were older CVEs that have been public for several years. Multi-Factor Authentication (MFA) Abuse: Multi-factor authentication (MFA) abuse was another prevalent attack vector during the year. Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA attacks, accounting for nearly a quarter of related incidents. This highlights the critical need for robust MFA implementations and vigilant monitoring of IAM systems. AI-Refined Cyber Threats: Despite industry speculation regarding AI-driven cyber threats, the report found that threat actors primarily used AI to refine existing techniques. Enhancements in social engineering tactics and task automation were the primary applications of AI, rather than the development of entirely new methods of attack. Cisco Talos' 2024 Year in Review provides valuable insights for cybersecurity professionals and organizations looking to enhance their defense strategies. By identifying key trends and offering actionable recommendations, the report serves as a critical resource for mitigating emerging cyber threats. For more information, please visit
Zawya
08-04-2025
- Business
- Zawya
According to Cisco Talos' 2024 Year in Review: Identity-based attacks emerged as a dominant threat
Identity-based attacks emerged as the dominant threat, accounting for 60% of Cisco Talos Incident Response cases in 2024. Ransomware actors increasingly exploited valid credentials, with nearly 70% of incidents leveraging legitimate accounts for initial access. The education sector was the most targeted industry, as institutions faced challenges with cybersecurity budgets and broad attack surfaces. Dubai, UAE: Cisco Talos, one of the world's most trusted threat intelligence teams, has released its annual report, ' Cisco Talos 2024 Year in Review ', sharing strategic insights into the evolving cybersecurity global landscape. The report, based on telemetry from over 46 million global devices across 193 countries and regions, including the Middle East, analyzes the most significant trends in threat actor behavior, including identity attacks, ransomware, network vulnerabilities, and the role of artificial intelligence (AI) in cyber threats. The findings reveal that in 2024, threat actors prioritized stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities. Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access. Commenting on the report's findings, Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, stated: 'The findings from Cisco Talos' 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually taking advantage of security gaps, demonstrating the essential nature of a proactive, identity-focused defense strategy. And with the emergence of remote and hybrid working models, implementing a Zero-Trust Network Access (ZTNA) strategy is key to ensure that the correct security controls are in place while enhancing end-user experience. By staying aware of these evolving tactics, organizations can reinforce their security measures and more effectively shield themselves from new and emerging threats." To strengthen cybersecurity and protect against emerging threats, Cisco Talos shares five key recommendations: promptly install updates and patches, enforce strong authentication methods, implement best practices such as strict access controls, network segmentation, and employee training, encrypt all traffic for secure monitoring and configuration, and apply all security measures across the network infrastructure. By adopting these practices, organizations can build a more resilient security posture. Top threats observed in 2024 include: Identity-based attacks: These attacks accounted for 60% of all Cisco Talos Incident Response (IR) cases, with Active Directory identified as a prime target, representing 44% of such incidents. Additionally, 20% of identity-based compromises affected cloud applications, with APIs being particularly attractive due to their access to sensitive data. Ransomware tactics: Last year, ransomware attacks continued to impact organizations globally, with attackers using valid accounts for initial access in nearly 70% of cases. Many ransomware operators successfully disabled security solutions, while the education sector was the most targeted industry due to budget constraints and extensive attack surfaces. Additionally, LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, despite increased law enforcement efforts. Exploitation of Network Vulnerabilities: A major concern in 2024 was the persistent exploitation of older vulnerabilities, particularly those affecting widely used software and hardware. Many of the top-targeted network vulnerabilities impacted end-of-life (EOL) devices that no longer receive patches yet remain actively targeted by cybercriminals. The most frequently targeted vulnerabilities were older CVEs that have been public for several years. Multi-Factor Authentication (MFA) Abuse: Multi-factor authentication (MFA) abuse was another prevalent attack vector during the year. Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA attacks, accounting for nearly a quarter of related incidents. This highlights the critical need for robust MFA implementations and vigilant monitoring of IAM systems. AI-Refined Cyber Threats: Despite industry speculation regarding AI-driven cyber threats, the report found that threat actors primarily used AI to refine existing techniques. Enhancements in social engineering tactics and task automation were the primary applications of AI, rather than the development of entirely new methods of attack. Cisco Talos' 2024 Year in Review provides valuable insights for cybersecurity professionals and organizations looking to enhance their defense strategies. By identifying key trends and offering actionable recommendations, the report serves as a critical resource for mitigating emerging cyber threats. For more information, please visit
