Decoding the black in BlackMamba; How does the world of malware look

With advancements in artificial intelligence (AI), experts believe that there has been a rise in AI-driven malware. From what it’s understood, fraudsters can use machine learning techniques such as Generative AI to create malware. By using generative AI, user’s data could be misused and synthesised for fraudulent activities. Reportedly, hackers use predictive AI to predict the defence mechanism of the target. In alignment with this, experts have predicted a new malware ‘BlackMamba’ which uses AI-powered techniques to stay hidden from endpoint detection and response (EDR) security solutions. “ In 2024, the future can combine the ongoing success of many current attack tactics, such as identity compromise, with an emerging landscape dominated by AI-powered cyberattacks,” Parag Khurana, country manager, Barracuda Networks (India) Pvt Ltd, a cloud-based cybersecurity platform, told FE-TransformX, adding that global shortage of cybersecurity professionals means organisations need to look to integrated-end-to-end security solutions, third-party security operations centers and ongoing employee security awareness training, to fortify their defences.

Decoding BlackMamba

From what it is understood, BlackMamba uses a benign executable which reaches out to an API (OpenAI) at runtime, so it can return synthesised, malicious code needed to steal an infected user’s keystroke. The code is then used as a benign programme using Python’s exec function, with the malicious polymorphic portion remaining in memory. Case in point, by using its built-in keylogging ability, BlackMamba collected sensitive information, such as usernames, passwords, credit card numbers, and other personal or confidential data, among others,  that a user entered in Microsoft Teams, as per insights from Security Boulevard. These were later sold on the dark web for fraudulent activities.

In 2023, about 400 million malware was found across 8.5 million endpoints, as per insights from Seqrite,a cybersecurity solutions provider. In March 2023, over eight percent of responding employees had used ChatGPT at least once in the workplace, and around three percent had entered confidential corporate data into ChatGPT. The most commonly exposed type of corporate data was the sensitive data intended for internal use only,  as per insights from Statista. Reportedly, illegal activists had been selling chatbot services such as DarkBART, FraudGPT and WormGPT, among others, as per insights from Seqrite, a cybersecurity solutions provider.

The dark side of generative AI

AI-powered attacks can become common as threat actors create polymorphic malware such as BlackMamba, using ChatGPT and other data-intelligence systems based on large language models (LLM), as per insights from HYAS Labs researchers. “AI also poses challenges and risks for the cybersecurity landscape as it can be used by malicious actors to launch attacks, evade detection and exploit vulnerabilities, among others. One of the main challenges that AI poses is that it can increase the scale, speed and complexity of cyberattacks” Sanjay Agrawal, chief product officer, Quick Heal Technologies Ltd, a cybersecurity platform, explained.

Industry experts believe that the rise of AI-driven attacks, ranging from deepfakes to intricate phishing techniques, poses a challenge to digital security and public trust alike. Threat actors employ BlackMamba to evade detection, intensifying the complexity of the cybersecurity landscape. Every time BlackMamba executes, it re-synthesises its keylogging capability, making the malicious component of this malware polymorphic. “Amidst these challenges, AI has the ability to equip cybersecurity professionals with the tools to fortify digital environments, fostering a proactive stance against emerging threats. Its ability to discern patterns, mitigate risks, and enable real-time responses can reshape the cybersecurity paradigm,” Shibu Paul, vice president, international sales, Array Networks, a security platform, highlighted.

The road ahead

By 2027, 50% of enterprise chief information security officers (CISOs) can adopt human-centric security design practices to reduce cybersecurity-induced friction and upgrade control adoption, as per insights from Gartner.  “The integration of decentralised identity systems, AI-driven deception techniques and focus on cyber-resilience postures can set new paradigms. The complexities of the digital realm underscore the need for robust cybersecurity measures. Quantum-resistant algorithms, the convergence of Internet of Things (IoT) vulnerabilities and the role of human-centric security strategies can emerge as the key areas in 2024,” Ajay Kabra, senior director, global business excellence, Xebia, a cloud solution provider, said.

Experts believe that this transformation shouldn’t overshadow the need for human expertise. The collaboration of AI-backed defences with human talent can be the strategy for fortifying cyber fortresses. “The trajectory of 2024 in cybersecurity will use the dual approach of inclusion of AI-powered defences and investment in human skills, along with the guidance of C-suite executives. This convergence can form the bedrock for resilience in an age that is dominated by relentless cyber challenges,” Vishal Gupta, CEO, Seclore,  a data-centric security platform, concluded.

Source Link: https://www.financialexpress.com/business/digital-transformation-decoding-the-black-in-blackmamba-how-does-the-world-of-malware-looknbsp-3355804/

Website Link: https://xebia.com/apac/

SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT - Blogs on Information Technology, Network & Cybersecurity | Seqrite

Estimated reading time: 13 minutes SEQRITE Labs APT-Team has discovered multiple campaigns of APT SideCopy, targeting Indian government and defense entities in the past few months. The threat group is now exploiting the recent WinRAR vulnerability CVE-2023-38831 (See our advisory for more details) to deploy AllaKore RAT, DRat and additional payloads. The compromised domains, used to host payloads…

View On WordPress

Cyber-Attacks: Understanding the Threat Landscape and Defending Your Digital World

Cyber-attacks have become an ever-present threat in our increasingly digital world. This comprehensive guide delves into the complex and evolving landscape of cyber threats, providing essential insights into the tactics, techniques, and motivations behind these attacks. Learn how to protect your digital assets and personal information through a deeper understanding of the cybersecurity measures, strategies, and best practices required to safeguard your online presence.

Link:- https://www.akgvg.com/blog/countering-cyber-attacks-with-seqrite-endpoint-security/

Visit our social media platform:- Linkedin:- https://www.linkedin.com/in/akgvg-and-associates-8a2680176/

Pakistani APT Group Imitates Indian Cyber Operation Methods to Deliver Malware Attack

Creating secure cyberspace in India has become more strenuous in the wake of persistent cyberattacks on the country. The malware attacks by adversaries have not only targeted the critical infrastructure in India but have advanced to the government and the military sector too.

As a developing country, India possesses cyber offensive and defensive capabilities that could ward off attacks from adversaries. India’s cyber offensive front has been stepped up by the private firms that have launched cyber operations against the neighbouring adversaries covertly. Lately, some of the adversaries are even copying the methods used by the Indian cyber threat groups to launch malware attacks.

One of the Pakistani threat groups called SideCopy was spotted imitating the Indian threat group SideWinder’s infection chains to deliver its own set of malware. SideCopy hackers appear to be highly motivated by the attack methods used by Indian APT groups like SideWinder that have been plaguing governments and enterprises in South Asia and East Asia since 2012. Other Indian groups that have come into the limelight for the same purpose include Dark Basin, Phronesis, Aglaya, etc.

SideWinder Advanced Persistent Threat group has been progressing in offensive cyber operations for a long time now. The firm was spotted using the Binder exploit to attack mobile devices. It proactively targeted victims that included multiple government and military units – in China, India, Nepal, and Pakistan using social-engineering techniques.

At present, SideCopy is actively copying techniques reserved for Sidewinder. Seqrite, Quick Heal’s enterprise security brand stated that the Pakistani cyber-espionage group has been active since 2019. The threat intelligence team first uncovered the spear-phishing campaigns in September 2020.

The team analysed that most of the old attacks were related to ‘Operation SideCopy’ by common IOCs. Cisco Talos, one of the networking giant’s cybersecurity divisions stated that the group has continued to launch cyber operations against the Indian government and military. They used spear-phishing email attacks each of which came with malicious file attachments—ranging from LNK files to self-extracting RAR EXEs and MSI-based installers—that installed remote access trojans (RATs) on infected systems.

SideCopy operators deployed RAT plugins that ranged from file enumerators to credential-stealers and keyloggers. The APT group’s activities posed a close resemblance to the campaigns initiated by another Pakistani threat group called APT36 (aka Mythic Leopard and Transparent Tribe), which has recently shifted its focus to Afghanistan. The Talos report has stated that the sophistication of attacks has comparatively increased and more visible in 2020 and 2021. It also reported a spike in activity by Chinese security firm – Rising.

The cyber-espionage efforts between India and Pakistan have been in continuation for more than five years now. Both the countries are keeping tabs on each other using cyberwarfare capabilities, while aggressively pursuing advanced infection techniques to ‘infect the victims’.

Seqrite detects trojan targetting co-operative banks

Seqrite detects trojan targetting co-operative banks

[ad_1]

PUNE: Seqrite, the enterprise security arm of Quick Heal Technologies, said that it had detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using Covid-19 as a bait. Researchers at Seqrite warned that if attackers are successful, they can take over the victim’s device to steal sensitive data like SWIFT logins and customer details and…

View On WordPress

Here are the top threats prediction according to it security firm #seqrite . Seqrite is the Enterprise Security solutions brand of Quick Heal Technologies Ltd. Launched in 2015, Seqrite solutions are defined by innovation and simplicity... . The most worrying statistic as revealed by the Seqrite Quarterly Threat Report Q3 2018 was the sheer volume of threats that organisations across sectors faced... . Seqrite detected more than 2.6 crore threats targeting Indian enterprises during the three-month period – translating to a per day detection rate of over 2.8 lakhs #threats... . IT/ITES companies faced the most number of threats, with over 40% of the threats targeting the industry... . #cyberthreats #cryptojacking #cyberattack #internetthreats #internetofthings #quickheal #norton #informationtechnology #technology #technews #techie #instafacts #cyberlaw #cybersecurity #cybersecuritytraining #antivirus #webtraffic #threats #digitalinfo #digitalduggu #digitalmarketing (at Bhopal, Madhya Pradesh) https://www.instagram.com/p/B8_vFxBJ6va/?igshid=qqa9lhiefa97

Decoding the black in BlackMamba; How does the world of malware look – Digital Transformation News

With advancements in artificial intelligence (AI), experts believe that there has been a rise in AI-driven malware. From what it’s understood, fraudsters can use machine learning techniques such as Generative AI to create malware. By using generative AI, user’s data could be misused and synthesised for fraudulent activities. Reportedly, hackers use predictive AI to predict the defence mechanism of the target. In alignment with this, experts have predicted a new malware ‘BlackMamba’ which uses AI-powered techniques to stay hidden from endpoint detection and response (EDR) security solutions. “ In 2024, the future can combine the ongoing success of many current attack tactics, such as identity compromise, with an emerging landscape dominated by AI-powered cyberattacks,” Parag Khurana, country manager, Barracuda Networks (India) Pvt Ltd, a cloud-based cybersecurity platform, told FE-TransformX, adding that global shortage of cybersecurity professionals means organisations need to look to integrated-end-to-end security solutions, third-party security operations centers and ongoing employee security awareness training, to fortify their defences.

Decoding BlackMamba

From what it is understood, BlackMamba uses a benign executable which reaches out to an API (OpenAI) at runtime, so it can return synthesised, malicious code needed to steal an infected user’s keystroke. The code is then used as a benign programme using Python’s exec function, with the malicious polymorphic portion remaining in memory. Case in point, by using its built-in keylogging ability, BlackMamba collected sensitive information, such as usernames, passwords, credit card numbers, and other personal or confidential data, among others,  that a user entered in Microsoft Teams, as per insights from Security Boulevard. These were later sold on the dark web for fraudulent activities.

In 2023, about 400 million malware was found across 8.5 million endpoints, as per insights from Seqrite,a cybersecurity solutions provider. In March 2023, over eight percent of responding employees had used ChatGPT at least once in the workplace, and around three percent had entered confidential corporate data into ChatGPT. The most commonly exposed type of corporate data was the sensitive data intended for internal use only,  as per insights from Statista. Reportedly, illegal activists had been selling chatbot services such as DarkBART, FraudGPT and WormGPT, among others, as per insights from Seqrite, a cybersecurity solutions provider.

The dark side of generative AI

AI-powered attacks can become common as threat actors create polymorphic malware such as BlackMamba, using ChatGPT and other data-intelligence systems based on large language models (LLM), as per insights from HYAS Labs researchers. “AI also poses challenges and risks for the cybersecurity landscape as it can be used by malicious actors to launch attacks, evade detection and exploit vulnerabilities, among others. One of the main challenges that AI poses is that it can increase the scale, speed and complexity of cyberattacks” Sanjay Agrawal, chief product officer, Quick Heal Technologies Ltd, a cybersecurity platform, explained.

Industry experts believe that the rise of AI-driven attacks, ranging from deepfakes to intricate phishing techniques, poses a challenge to digital security and public trust alike. Threat actors employ BlackMamba to evade detection, intensifying the complexity of the cybersecurity landscape. Every time BlackMamba executes, it re-synthesises its keylogging capability, making the malicious component of this malware polymorphic. “Amidst these challenges, AI has the ability to equip cybersecurity professionals with the tools to fortify digital environments, fostering a proactive stance against emerging threats. Its ability to discern patterns, mitigate risks, and enable real-time responses can reshape the cybersecurity paradigm,” Shibu Paul, vice president, international sales, Array Networks, a security platform, highlighted.

The road ahead

By 2027, 50% of enterprise chief information security officers (CISOs) can adopt human-centric security design practices to reduce cybersecurity-induced friction and upgrade control adoption, as per insights from Gartner.  “The integration of decentralised identity systems, AI-driven deception techniques and focus on cyber-resilience postures can set new paradigms. The complexities of the digital realm underscore the need for robust cybersecurity measures. Quantum-resistant algorithms, the convergence of Internet of Things (IoT) vulnerabilities and the role of human-centric security strategies can emerge as the key areas in 2024,” Ajay Kabra, senior director, global business excellence, Xebia, a cloud solution provider, said.

Experts believe that this transformation shouldn’t overshadow the need for human expertise. The collaboration of AI-backed defences with human talent can be the strategy for fortifying cyber fortresses. “The trajectory of 2024 in cybersecurity will use the dual approach of inclusion of AI-powered defences and investment in human skills, along with the guidance of C-suite executives. This convergence can form the bedrock for resilience in an age that is dominated by relentless cyber challenges,” Vishal Gupta, CEO, Seclore,  a data-centric security platform, concluded.

Source Link: https://www.theheraldnewstoday.com/decoding-the-black-in-blackmamba-how-does-the-world-of-malware-look-digital-transformation-news/

Website Link: https://xebia.com/apac/

IT Support Services in Delhi

If you are interested to get one of the best  IT Support Services in Delhi and Gurgaon so connect with Setup it and get best deals

Công ty TNHH SLA phân phối phần mềm antivirus của hãng Quick Heal India và quản lý máy trạm endpoint Seqrite.

Quick Heal antivirus: Pro, Internet Security, Total Security for Mac, for Android, Tablet Security, Antivirus for Server.

Seqrite endpoint security: SME, Business, Total, Enterprise.

Liên hệ: CÔNG TY TNHH SLA Địa chỉ: 534 Điện Biên Phủ, phường 21, Bình Thạnh, TP. Hồ Chí Minh Hotline/Whatsapp: 0789 708 807     |    Skype: live:sla.vn Web: https://sla.vn    |    Email: [email protected]

अपराधी ID COVID-19 ट्रोजन ’- टाइम्स ऑफ इंडिया का उपयोग करके भारतीय सहकारी बैंकों को हैक करने की कोशिश कर रहे हैं

अपराधी ID COVID-19 ट्रोजन ’- टाइम्स ऑफ इंडिया का उपयोग करके भारतीय सहकारी बैंकों को हैक करने की कोशिश कर रहे हैं

[ad_1]

नई दिल्ली: साइबर सुरक्षा सेवा कंपनी सेक्राइट ने दावा किया है कि एडवाइज जावा रिमोट एक्सेस ट्रोजन (आरएटी) अभियान की एक नई लहर का पता चला है, जो COVID-19 का उपयोग एक बैट के रूप में भारतीय सहकारी बैंकों को लक्षित करता है।

सेक्राइट के शोधकर्ताओं ने चेतावनी दी कि यदि हमलावर सफल होते हैं, तो वे स्विफ्ट लॉगिन और ग्राहक विवरण जैसे संवेदनशील डेटा चोरी करने के लिए पीड़ित के डिवाइस को संभाल सकते…

View On WordPress

Linux Antivirus: Deploy Seqrite's Antivirus Software for 360-degree Protection

Linux AntiVirus by Seqrite securities your Linux systems against malware. It offers real time, on- demand and listed scanning, Samba Share protection, and complete web security. The software’s Advanced Device Control point enforces complete governance over the use of removable storehouse bias, which helps to keep your system safe and secure. Our Linux antivirus features a stoner-friendly interface with comprehensive support for both 32- bit and 64- bit Linux distributions. also, Seqrite Linux AntiVirus is one of the stylish antiviruses in the request moment that offer comprehensive support to a range of Linux performances including Red Hat, Fedora, Ubuntu, Linux Mint, SUSE, CentOS, and master.

Seqrite launches End Point Security 8.0, features and more - Times of India

Seqrite launches End Point Security 8.0, features and more – Times of India

Enterprise cybersecurity solutions provider Seqrite has announced the advanced version of its flagship solution, the Endpoint Security. Called End Point Security 8.0 (EPS 8.0), it claims to be targeted at protecting connected devices from cyber attacks. With this version, Seqrite says it has also improved the scale of this solution to manage a large number of endpoints for the SME segment. This,…

View On WordPress