Information

Business Security Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility? Tony Anscombe 08 Oct 2024  •  , 5 min. read It’s undeniable that cyber insurance and cybersecurity are intrinsically linked. One requires the other, and they are a perfect pairing, even if they may deny the relationship. Looking ahead, however, we probably need to add a third party into the relationship: the business. Now…

Read More

ESET researchers discovered a series of attacks on a governmental organization in Europe using tools capable of targeting air-gapped systems. The campaign, which we attribute to GoldenJackal, a cyberespionage APT group that targets government and diplomatic entities, took place from May 2022 to March 2024. By analyzing the toolset deployed by the group, we were able to identify an attack GoldenJackal carried out earlier, in 2019, against a South Asian embassy in Belarus that, yet…

Read More

Video As highlighted by new ESET research this week, attributing a cyberattack to a specific threat actor is a complex affair 04 Oct 2024 Attributing a cyberattack to a specific threat actor is no easy task, as highlighted by new ESET research published this week. ESET experts recently uncovered a new China-aligned APT group that they named CeranaKeeper and that takes aim at governmental institutions in Thailand, leveraging some tools previously attributed to Mustang Panda.…

Read More

ESET researchers observed several campaigns targeting governmental institutions in Thailand, starting in 2023. These attacks leveraged revamped versions of components previously attributed by other researchers to the China-aligned advanced persistent threat (APT) group Mustang Panda, and later, a new set of tools that abuse service providers such as Pastebin, Dropbox, OneDrive, and GitHub to execute commands on compromised computers and exfiltrate sensitive documents. Based on our findings, we decided to track this activity cluster as…

Read More

Digital Security Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices Tony Anscombe 01 Oct 2024  •  , 3 min. read As we enter October, governments, non-profit organizations, cybersecurity vendors and many companies with corporate social responsibility teams are all likely gearing up to push out some useful tips on staying safe online. Without even looking at the official theme of this year’s edition of the campaign,…

Read More

Business Security Building efficient recovery options will drive ecosystem resilience Tony Anscombe 01 Oct 2024  •  , 4 min. read Last week, a US congressional hearing regarding the CrowdStrike incident in July saw one of the company’s executives answer questions from policy makers. One point that caught my interest during the ensuing debate was the suggestion that future incidents of this magnitude could be avoided by some form of automated system recovery. Without getting into…

Read More