Tag: ciberamenazas

A North Korean group uses AI-based tactics to infiltrate companies

A group of threats linked to North Korea, known as Jasper Sleet, is employing sophisticated tactics to infiltrate legitimate companies by creating fake professional identities. This actor has taken advantage of the increase in remote work driven by the COVID-19 pandemic, which has transformed the hiring landscape and access to resources within organizations. Taking advantage of telecommuting, the growing reliance on online environments and remote access tools has created new opportunities for malicious actors. Jasper Sleet uses artificial intelligence technologies to develop customized digital identities and meticulously prepares to appear […]

A group of threats linked to North Korea, known as Jasper Sleet, is employing sophisticated tactics to infiltrate legitimate companies by creating fake professional identities. This actor has taken advantage of the increase in remote work driven by the COVID-19 pandemic, which has transformed the hiring landscape and access to resources within organizations.

Taking Advantage of Telecommuting

The growing dependence on online environments and remote access tools has created new opportunities for malicious actors. Jasper Sleet uses artificial intelligence technologies to develop customized digital identities and meticulously prepares to appear as a genuine candidate, tailoring his applications according to the specific requirements of each position.

According to an analysis by Microsoft, the group uses workflows in human resources software like Workday through programmatic API calls to access data on job postings and active applications. This technique is characterized by its accuracy and repeatability, indicating a more calculated approach than that of a typical applicant.

Once hired, Jasper Sleet has access to various collaborative tools and cloud environments of the organization, allowing him to move freely between sensitive files, eventually leading to possible data theft or extortion. Microsoft has observed patterns of suspicious activity, including “impossible travel” alerts in the months following the onboarding of new employees.

To counter this threat, it is recommended that security and human resources teams work closely together and implement training measures on social engineering. Identifying warning signs in the hiring process may be more effective than trying to detect the threat once the actor already has access to sensitive information.

Cybercriminals are changing tactics: Data exfiltration and extortion on the rise

A recent report from Arctic Wolf highlights a significant shift in the tactics of cyber attackers, who have begun to abandon encryption in favor of data exfiltration and extortion. This turn has emerged as a response to the pursuit of better economic returns, contributing to a new wave of attacks where ransomware is no longer the only approach. In fact, ransomware accounted for 44% of response incidents during the analyzed period. New strategies from criminals The manufacturing sector has become the most affected, followed by […]

A recent report from Arctic Wolf highlights a significant shift in the tactics of cyber attackers, who have begun to abandon encryption in favor of data exfiltration and extortion. This shift has emerged as a response to the pursuit of better economic returns, contributing to a new wave of attacks where ransomware is no longer the sole focus. In fact, ransomware accounted for 44% of the response incidents during the analyzed period.

New strategies of criminals

The manufacturing sector has become the most affected, followed by law firms, schools, financial institutions, and health organizations. These sectors account for the majority of attacks, reflecting the growing impact of cyber threats on key industries of the economy. Furthermore, ransomware gangs have adopted affiliate models, allowing for greater interconnection between different groups, making them more competitive and harder to stop.

The report indicates that police interactions have weakened groups like LockBit, ALPHV/BlackCat, and BlackSuit, suggesting that law enforcement efforts have had some effect on their operability. However, other types of attacks, such as business email compromise, have proliferated, representing 26% of the cases investigated by Arctic Wolf. Most of these attacks have targeted financial and legal organizations, with a notable use of email phishing as the initial access method in 85% of the compared cases.

In addition, attackers have shown a particular preference for compromising remote access tools, such as Remote Desktop Protocol and remote management software, which account for two-thirds of cases unrelated to BEC, a significant increase compared to previous years. This shift in tactics underscores the adaptability and operational maturity of cybercriminals in a constantly evolving technological landscape.

Automated attacks targeting PHP servers are increasing

Cybersecurity researchers have warned of a significant increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways, driven by botnets like Mirai, Gafgyt, and Mozi. According to a report from Qualys’ Threat Research Unit, these automated attacks exploit known vulnerabilities and inadequate cloud configurations, allowing attackers to take control of exposed systems and thereby expand their botnet networks. Some simple measures to prevent attacks PHP servers have become the main targets of these […]

Cybersecurity researchers have warned of a significant increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways, driven by botnets such as Mirai, Gafgyt, and Mozi. According to a report from Qualys’ Threat Research Unit, these automated attacks exploit known vulnerabilities and inadequate cloud configurations, allowing attackers to take control of exposed systems and thereby expand their botnet networks.

Some simple measures to prevent attacks

PHP servers have become the main targets of these campaigns due to the popularity of content management systems (CMS) like WordPress and Craft CMS. The exposure of these servers to misconfigurations and outdated plugins expands their attack surface. Researchers highlight that some of the methods used by attackers involve the query string ‘/?XDEBUG_SESSION_START=phpstorm’, which allows starting debugging sessions that, if left active in production environments, can facilitate the extraction of sensitive data.

Additionally, it has been observed that attackers seek credentials, API keys, and access tokens on servers exposed to the internet, and they also exploit security vulnerabilities in IoT devices. Scanning activity often originates from cloud infrastructures such as AWS and Google Cloud, highlighting how cybercriminals abuse legitimate services to conceal their true locations.

Experts warn that even low-level attackers can cause significant damage thanks to widely available exploitation tools and botnet kits. To mitigate these risks, users are advised to keep their systems updated, remove development tools in production environments, and restrict public access to their cloud infrastructure.

This surge in the capabilities of botnets is reflected in the recent classification by NETSCOUT, which identified the AISURU botnet as a new class of malware capable of launching DDoS attacks exceeding 20 terabits per second. AISURU combines DDoS attack capabilities with additional functions, allowing illicit activities such as the use of residential proxies to conceal malicious activity.

The crucial importance of identity security in the era of AI

The rapid evolution of artificial intelligence agents has transformed business security, making identity management an essential component for protecting organizations from modern threats. As these agents perform tasks autonomously and without supervision, the risk of catastrophic errors increases significantly. A failure in logic or unauthorized access can turn effective automation into an operational disaster, highlighting the vulnerability posed by poorly regulated AI implementations. The transformation of business security Currently, less than 40% of AI agents have security policies of […]

The rapid evolution of artificial intelligence agents has transformed business security, making identity management an essential component to protect organizations from modern threats. As these agents perform tasks autonomously and without supervision, the risk of catastrophic errors increases significantly. A logic failure or unauthorized access can turn effective automation into an operational disaster, highlighting the vulnerability posed by poorly regulated AI implementations.

The transformation of business security

Currently, less than 40% of AI agents have identity security policies. This leaves organizations exposed to a range of potential attacks, as these systems operate with access privileges to sensitive data. According to the SailPoint Horizons of Identity Security 2025-2026 report, the situation has become critical, as old security measures, such as firewalls, are no longer sufficient against the new identity-driven threat models.

The report highlights that 63% of organizations are at early levels of maturity in identity security, which increases their risk of attacks. Companies that implement mature identity security programs not only achieve a higher return on investment but also benefit from better operational efficiency and transformative business capabilities.

However, only 25% of organizations consider identity management as a strategic enabler. This limited view prevents many companies from harnessing the full transformative potential that identity security can offer. As the threat landscape continues to evolve, it is imperative that organizations assess their current position regarding identity security and seriously consider their readiness to manage access from automated systems and AI agents.

Identity management as a key to protecting data in the cloud

In the current context of complex, data-centric cloud environments, the greatest threat to organizations does not solely lie in the possibility of data breaches, but in the erosion of trust in the management of that very data. This concern intensifies as organizations move sensitive applications and data to the digital realm, which has led to identity being positioned as the new control point to secure access and protect critical information. The erosion of trust However, many companies still face serious challenges, including isolated identity systems and […]

In the current context of complex, data-centric cloud environments, the greatest threat to organizations lies not only in the possibility of data breaches but in the erosion of trust in the management of that very data. This concern intensifies as organizations move sensitive applications and data to the digital realm, leading to the positioning of identity as the new control point to secure access and protect critical information.

The Erosion of Trust

However, many companies still face serious challenges, including isolated identity systems and inconsistent access policies. In addition, the threat landscape is becoming increasingly broad, ranging from misconfigurations to AI-driven fraud. The lack of a robust identity framework can leave organizations vulnerable to these emerging threats.

In this context, Rob Otto, CTO of EMEA at Ping Identity, emphasizes the importance of identity-centric security strategies. During the recent Virtual Cloud Security Summit, Otto explained how global companies are re-establishing control, simplifying access to the cloud, and protecting critical data without sacrificing user experience. It was highlighted that the implementation of adaptive identity can underpin a resilient cloud posture and enhance zero trust initiatives.

The session was designed to provide key insights on how proper identity management can not only ensure security but also enhance trust in every digital interaction. This approach is crucial for organizations to maintain their integrity and stability in an increasingly digitized world, where trust becomes the most valuable asset.