Project blog

New investigation by Kaspersky on Cyber Attacks

Kaspersky has recently concluded an investigation into cyber-attacks targeting the industrial sector in Eastern Europe. The investigation has revealed the employment of advanced tactics, techniques, and procedures (TTPs) by threat actors to compromise industrial organizations in the region. Industries such as manufacturing, industrial control system (ICS) engineering and integration have been particularly affected, emphasizing the urgent need for enhanced cybersecurity preparedness.

According to the research a series of targeted attacks was revealed, aiming at data -breach through the creation of a channel with similarities to cases previously reported, such as ExCone, and DexCone, a fact that clearly manifests the participation of APT31 (also known as Judgement Panda and Zirconium).

Continue reading

The Fileless present of Malware and its evolving ML based detection, classification and prevention

The main approach for detection and prevention of malware is based upon the concept of file signatures. More specifically, the AV solutions are scanning the system’s storage devices and hash files at process/creation time. Then they compare each of these hashes with their respective curated database which contains signatures of known malware samples. If there is a match then the file is flagged as malicious and subsequent actions take place to contain it. But what could happen if there was some kind of malware that did not rely on a file to accomplish its mission?

Continue reading

The Risk of Misinformation and Disinformation in Cyber Threat Intelligence Communities

The ever-growing digital landscape presents organisations with a double-edged sword: vast amounts of data on cyber threats and the challenge of sifting through it all. Here’s where Cyber Threat Intelligence (CTI) comes in. By analysing attacker behaviour and uncovering early signs of attacks, CTI empowers organisations to proactively defend themselves. However, a significant hurdle exists: misinformation.

This misinformation comes in two forms: accidental mistakes (misinformation) and deliberate deception (disinformation). Both pose serious threats to CTI’s effectiveness, eroding trust in shared intelligence and weakening cybersecurity defences.

Continue reading

Cybersecurity and the Domino effect

A cyberattack is rarely caused by one big thing, but more often a combination of many little things. We see it all the time in disaster documentary film, how even the tiniest little detail can start a chain reaction with devastating results. A chain reaction that could have been stopped if even just one of the Dominos in the line were missing.

Take documentary film about plane crashes for example. We know flying is safe, we know how high the security priority is. In the events of a crash, we hear of all the frustratedly many small errors and we are left wondering how so many things have been overlooked.

Continue reading

How Local and Regional Authorities can improve their ransomware defenses

A recent study done by the National Association of State CIOs (NASCiO) and Deloitte found in the US 75% of state CISOs view ransomware as a threat. As this Govloop report reported “…there’s good reason for that. A number of factos, the report notes that combine to make local and regional governments particularly vulnerable to this attack”.

• High impact: Ransomeware is capable of causing an organization’s operations to a halt. As an attack it is one of the most likely facing local and regional organizations.
• Easy entry: With commercialization of attacks using “Ransomware-as-a-Service”, even non-technical threat actors are able to profit easily from ransomware operations
• Emergence of distributors: Malware families tend to be, the Govloop article points out, prolific information stealers are linked to various ransomware operators.

Clearly local and regional organizations need to revamp their strategies to deal with these challenges:

Continue reading

CriM 2023

The Cyber Security Seminar and Workshops (CriM) has been running for 24 years. We are glad to host for three days experts on this year’s topic: Supply Chain and Cyber Security.

The mornings are filled with lectures and the afternoon workshops give practical expereince. The attendence is free of charge and 5 ECTS are available for completing the course. Please join us between 14th and 16th of November 2023 here in Oulu.

Continue reading

Lessons learnt from cyber-attacks on Greek municipalities

Just how hard is to describe the importance of a service whose value the customers cannot quite comprehend or quantify in order to invest in it in the Greek public sector?

If one had to answer this question, he would have to give many answers, depending on various factors. It is incredibly difficult for an organisation to fully comprehend the need and the importance of cybersecurity service or product when he hasn’t been exposed or harmed by a cyber-attack. It is even harder, when the organisation lacks the necessary funds, or has other priorities to address. In some cases, one needs to give specific examples of the danger and the prevention procedure or restoring. An issue that has arisen and has been widely discussed lately is a cyber-attack in the City Hall infrastructure of Thessaloniki, Greece. That has been a wake-up call for many Municipalities, but majorly the big ones.

Continue reading

New Cybersecurity Master's Program in Oulu

Cybersecurity is a new study option based on the research excellence in software security at the University of Oulu. The student specialising in cybersecurity will be able to design, develop, test and evaluate systems, software or hardware for security goals in the ever evolving digital landscape​.

As a whole, artificial intelligence and the development of different AI solutions play a role in all four study options. For example, the studies can contribute to various aspects of emerging edge computing and edge AI technologies.

Continue reading

New Cybersecurity Master's Program in Oulu

Cyber security is a new study option based on the research excellence in software security at the University of Oulu. The student specialising in cyber security will be able to design, develop, test and evaluate systems, software or hardware for security goals in the ever evolving digital landscape​.

As a whole, artificial intelligence and the development of different AI solutions play a role in all four study options. For example, the studies can contribute to various aspects of emerging edge computing and edge AI technologies.

Continue reading

CS-AWARE NEXT received support from the Horizon Standardisation Booster

Our project had the opportunity to receive advisory services by the HSbooster.eu that is a European Commission initiative aiming to provide expert services to European projects to help them to increase and valorise project results by contributing to the creation of new or improvement of existing standards.

As presented in the final expert report, ‘the whole HSBooster consultancy process with CS-AWARE NEXT went fluently and there was great support by the team of CS-AWARE NEXT to identify a suitable standardisation strategy for their envisioned project results’. It is also mentioned that ‘the CS-AWARE NEXT project is on a very good track’ and that we ‘have identified a clear and actionable target’ in terms of, amongst others, ‘adding an extension to the OASIS STIX public repository’. There is no doubt that this might potentially ‘pave the way for future standardisation impacts, i.e., the inclusion of the extension in the official STIX OASIS standard’. Standardisation is, as known to all of us that have been involved in one or some other way in such a process, a long shot, but also well worth trying.

Continue reading