Project blog

Social engineering - the Jedi mind trick of cyberattacks.

“These aren’t the droids you’re looking for”, “These aren’t the droids we’re looking for” - The iconic exchange between Ben (Obi-Wan Kenobi) and the Stormtroopers in Star Wars episode IV - A New Hope. A scene where our heroes are almost caught in a check-point, but are able to convince the enemy Stormtroopers to let them pass.

And while the cybercriminals haven’t graduated from the Jedi Academy, they can use similar techniques to manipulate you when you least expect it.

Continue reading

Increased ransomware incidents in 2024 – Checkpoint Report

The annual Ransomware report for 2024 from the research team of Checkpoint reveals a deep change in cyber threats, with ransomware incidents facing an increase of 11% in 2024 in comparison to 2023.

In particular, Q4’s attacks represented the 33% of all the attacks, making it the most active semester recorded, with a total of 1.827 incidents.

Key findings of the report are outlined below:

• General increase: the report records in total 5.414 ransomware attacks in 2024, with an increase of 11% when compared to 2023. The most active period was the fourth semester, with 1.827 incidents which represent the 33% of the annual total.

  Continue reading

CriM 2024

The yearly cyber security seminar CriM is upon us once again! We are glad to host three days of expert lectures on this year’s topic: CyberSec in Muumimaa - Finnish Cybersecurity in a changing world.

Alongside with the expert lectures, there is a workshop on TPM 2.0 and a two-afternoon hackathon on AI Security focused on Large Language Models. The 100+ attendants from the industry and University of Oulu will get acquainted with TPM2.0 security, prompt engineering, and the latest LLM security testing tools.

Continue reading

Amateur criminals pose a significant threat to cyberspace

Amateur criminals who use do-it-yourself solutions to increase their attacks are now an increasing threat for the internet users. Kaspersky’s GReAT (Global Research & Analysis Team) published a report that describes the recent ransomware attacks with the use of code. The report sheds a light on the tools and the methods that are used by organized ransomware groups and single users. According to its findings the ransomware criminal organisations have a vast variety of tools and samples at their disposal. They often own sample ransomware, while isolated users often use DIY leaked variations to launch their attacks. The study by Kasperksy reveals recent ransomware attacks, which take advantage of the source code leaks, by allowing the attackers to locate their victims and reproduce fast any malware activity, thus constituting them a significant threat. Last April, the SEXi team attacked IxMetro, by using a recent ransomware variation called SEXi. This group targets ESXi apps while all the recognized victims used versions of the apps that were not supported. SEXi uses different ransomware versions for every platform – Bakuk for Linus and Lockbit for Windows. They are, also, the only ones using this Session app for communication, with a unified ID for multiple attacks. This lack of professionalism and the absence of a TOR leak website made them stand out even more.

Continue reading

Dangerous malware in Greece

The last report from Check Point Research, in August 2024, reveals the most recent data on the most prevalent cyberthreats in a global scale but also in Greece. Qbot software was the main threat in Greece, affecting 12.77% of the organisations. FakeUpdates was second, which affected 10.21% of the Greek organisations, while Androgyh0st reached 3.62%. A number of other significant threats include Tofsee (3.19%), Njrat (2,34%), Joker (1,91%), SnakeKeylogger (1,70%) and AsyncRat, which recorded a percentage of 1,70% both in Greece and globally.

Continue reading

The Crowdstrike Falcon outage

A faulty update was distributed to a cybersecurity software called The Falcon Sensor, provided by the company Crowdstrike. The botched update to the configuration files of the kernel-level vulnerability scanner caused an out-of-bounds memory read operation that resulted in affected machines booting over and over again. The fault was found and a fix was distributed within 12 hours, but damage had already been caused. Manually fixing the affected machines would take a lot longer. A total of over 8.5 million Windows systems had crashed, causing a multitude of different businesses to have their services to be hindered or even completely halted, including airlines, banks, different government agencies, railway traffic, and media companies.

Continue reading

Information Society is leading the battle for Cybersecurity

The Ministry of Digital Governance (MDG) in Greece is implementing a set of projects through Information Society for the protection of public bodies against cyberattacks.

Cybersecurity in the public sector is crucial for safeguarding sensitive information, ensuring the integrity of essential services, and maintaining public trust. Government agencies handle vast amounts of personal data and critical infrastructure, making them prime targets for cyberattacks. Effective cybersecurity measures prevent data breaches, protect national security, and ensure the continuity of public services. By investing in robust cybersecurity frameworks, the public sector can mitigate risks, respond effectively to incidents, and uphold the privacy and safety of citizens.

Continue reading

The importance of user role definition and access restrictions

Many of us have seen the cinematic masterpiece called The Lord of the Rings and can recall the scene where Pippin Took touches The Palantír (the glass orb looking thing with the eye of Sauron in it) and thus gave said villain an insight to his mind.

The bad news: Sauron knows everything Pippin knows. The good news: Pippin doesn’t know anything!

At first there is the panic when Gandalf thinks Sauron now knows everything, then there is the calmness of realising the ‘fool of a Took’ knows nothing that Sauron can use. If we compare that to real life: The panic of knowing your systems have been infiltrated, then the calmness of realising that the access is very limited and doesn’t cover any of the important parts of the IT system.

Continue reading

New investigation by Kaspersky on Cyber Attacks

Kaspersky has recently concluded an investigation into cyber-attacks targeting the industrial sector in Eastern Europe. The investigation has revealed the employment of advanced tactics, techniques, and procedures (TTPs) by threat actors to compromise industrial organizations in the region. Industries such as manufacturing, industrial control system (ICS) engineering and integration have been particularly affected, emphasizing the urgent need for enhanced cybersecurity preparedness.

According to the research a series of targeted attacks was revealed, aiming at data -breach through the creation of a channel with similarities to cases previously reported, such as ExCone, and DexCone, a fact that clearly manifests the participation of APT31 (also known as Judgement Panda and Zirconium).

Continue reading

The Fileless present of Malware and its evolving ML based detection, classification and prevention

The main approach for detection and prevention of malware is based upon the concept of file signatures. More specifically, the AV solutions are scanning the system’s storage devices and hash files at process/creation time. Then they compare each of these hashes with their respective curated database which contains signatures of known malware samples. If there is a match then the file is flagged as malicious and subsequent actions take place to contain it. But what could happen if there was some kind of malware that did not rely on a file to accomplish its mission?

Continue reading