If you’re using AWS, it’s easy to assume your cloud security is handled – but that’s a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility.
Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it’s up to the customer to handle the locks, install the alarm systems,
from The Hacker News https://ift.tt/XmOGn0v
via IFTTT
In a rapidly evolving and increasingly intelligent threat landscape, the cybersecurity industry grapples with a staggering gap between overworked security teams and the protection modern enterprises require, leaving space for cyber attacks to creep in through the cracks. Threat actors are tapping into more complex methods powered by emerging technologies, like AI, and humans alone are no match for the battle. For companies to meet the moment and address these threats more proactively, it is crucial that both security teams and aspiring professionals stay ahead of the curve by leaning into AI as a valuable ally to bolster human capabilities and allow teams to focus on more complex tasks.
Employees are Burnt Out and Threats Don’t Rest
According to recent research, the cybersecurity sector is faced with approximately 4.8 million job vacancies globally, with a talent gap of nearly 550,000 in the U.S. alone. Amidst an increasingly persistent threat landscape, the depletion of cyber talent opens companies up for increased risk of vulnerability and break-ins. There was a 72% increase in the number of global data compromises between 2022 and 2023, and a 10% increase in data breach costs in 2024.
With an ever-present AI attack force, numbers are anticipated to soar. Threat actors are on the cusp of employing AI to intelligently locate and analyze targets, personalize tactics based on perceived vulnerabilities, and amplify the persistence of their attempts. Security teams continue handling an ever-increasing number of issues due to a growing attack surface, as their organizations deploy various pure and hybrid cloud business applications. As a result, these teams are seeing the detrimental effects of inefficient processes, alert fatigue, and ultimately employee burnout.
AI Enhancing Human Capital Through Automation and Streamlined Remediation
Adversaries are already utilizing emerging technologies to increase their firepower, and human labor alone simply cannot keep up, especially amidst this talent shortage. Furthermore, in order to combat the high volume of incoming threats, security teams must fight fire with fire. In fact, the number of organizations using security AI and automation extensively increased by nearly 11% from 2023 to 2024. By automating workflows and streamlining detection and response processes through the adoption of AI, security teams and organizations can maximize human potential.
Hyperautomation is enabling the autonomous SOC, which streamlines security operations, improves efficiency, and accelerates incident response. Together, they automate routine tasks, intelligently prioritize, investigate, and remediate alerts around-the-clock, and enrich case data with contextual information and threat intelligence. By recognizing and responding to high-volume, low-complexity tasks, such as phishing and repetitive security incidents, AI allows security teams to pivot their energy from mundane monitoring toward more complex defensive endeavors.
Organizational AI adoption has increased from 20% in 2017 to 72% in 2024, and these numbers are predicted to rise. Myriad Fortune 500 companies have successfully taken the leap into AI automation, cutting down time spent on manual and repetitive security tasks from hours to minutes. Within one month of adopting AI workflows, the world’s leading online car reseller was able to automate 41 different runbooks. Hyperautomation and the autonomous SOC cannot replace human value, but they can redirect and amplify it to maximize efficiency.
Breaking the Barrier
A paradox many aspiring professionals are faced with is that despite the talent shortage, entry-level cybersecurity roles have become difficult to find and even harder to obtain. From a recent study of 15,852 global cybersecurity practitioners, nearly one third of participants reported that their security teams had no entry-level professionals. How can we foster the next generation of cybersecurity professionals and bridge the talent gap if we do not invest in their growth? Likewise, how can aspiring professionals better prepare themselves for this AI-driven threat landscape and distinguish themselves as viable assets as they enter the job market amidst this AI-dominated world?
1.Upskilling Young Professionals
Approximately 90% of organizations are faced with security team skills gaps, and over one third attribute this gap to a lack of AI expertise. In order to keep up with the demands of AI threats, companies need to invest in not only incoming professionals, but the entirety of their workforce. It is critical that companies build AI training modules for current and future employees to better prepare them for the modern threat landscape. Using AI to teach AI, companies can train large language models to coach new employees based on an analysis of what high-performing employees do. This is already being adopted within the sales sector, where AI agents can listen to a young salesperson, automatically generate analysis, and coach them in real time. Adopting this AI-mentorship approach would bring employees up to speed without expending human resources for training, and ultimately strengthen security team effectiveness.
2.What Aspiring Professionals Need to Know
At the same time, incoming cybersecurity professionals should increase their chance of success and likelihood of being hired by taking the time to develop certain skills before approaching the job market.
A New Defense Landscape
By integrating hyperautomation and the autonomous SOC to drive speed and more effective resource allocation, as well as introducing intelligent AI training programs, companies can eliminate employee burnout, optimize their defense systems, and narrow the talent gap. With threats becoming increasingly innovative as the cybersecurity industry hurries to catch up, it is imperative for security teams to reinforce their repertoire and transform their potential with the adoption of AI.
The post Harnessing AI to Strengthen Cyber Teams Amidst Talent Shortage first appeared on Cybersecurity Insiders.
The post Harnessing AI to Strengthen Cyber Teams Amidst Talent Shortage appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/oXU3VRw
via IFTTT
The year 2025 is critical for cybersecurity as cyber threats are advancing unprecedentedly. AI-driven attacks, deepfake scams, and state-of-the-art ransomware schemes have become more prevalent. Businesses and individuals must remain vigilant against these emerging dangers. Implementing various security measures, adopting smarter defense strategies, and taking a proactive stance on digital protection are now more essential than ever.
This article explores the biggest cybersecurity threats expected in 2025 and the most effective ways to protect yourself and your business.
The Biggest Cybersecurity Threats in 2025
1. AI-Powered Cyberattacks
AI is not limited to defense alone; cybercriminals have turned artificial intelligence into a powerful weapon. Unethical hackers leverage AI to automate attacks, evade security systems, and identify vulnerabilities instantly.
With AI’s ability to design and send highly realistic phishing emails, break passwords at unprecedented speeds, and execute large-scale cyberattacks with minimal effort, the threat landscape is rapidly growing. This shift demands stronger security measures and proactive defenses to stay ahead of AI-driven cyber threats.
How to Protect Yourself:
2. Deepfake Scams & Identity Fraud
Deepfake technology is advancing significantly, blurring the line between what’s real and what’s digitally fabricated. Cybercriminals use AI-generated videos and audio clips to impersonate executives, alter financial transactions, and distribute false information on a large scale.
In 2025, the growing trend of deepfake scams will present a serious threat to businesses and individuals, making verifying digital content and implementing effective security measures more critical than ever.
How to Protect Yourself:
3. Ransomware 2.0: More Destructive Than Ever
Ransomware threats have become more refined, extending beyond simple data encryption. Ransomware 2.0, the latest variant, locks critical files and blackmails victims by threatening to expose sensitive information unless payment is made.
Due to the value of their data, industries such as healthcare, finance, and government face heightened risks, making them primary targets for these increasingly aggressive cyberattacks.
How to Protect Yourself:
4. Supply Chain Attacks on the Rise
As businesses depend more on third-party vendors, cybercriminals exploit vulnerabilities in supplier systems to breach larger networks. These supply chain attacks take advantage of weak security measures within vendors, allowing hackers to gain unauthorized access and spread their impact across multiple organizations and industries.
How to Protect Yourself:
5. Internet of Things (IoT) Vulnerabilities
IoT security has become a growing challenge with the rapid expansion of connected devices. Many smart home gadgets, wearables, and industrial IoT systems have weak or inadequate security protections, leaving them vulnerable to cyber threats.
The risk of attacks targeting IoT infrastructure is expected to rise, with cybercriminals exploiting these weaknesses for large-scale botnet-driven DDoS attacks and unauthorized device takeovers.
How to Protect Yourself:
How to Strengthen Your Cybersecurity in 2025?
1. Adopt a Zero-Trust Security Model
Zero-trust security is a model that assumes no user or device should be trusted by default. It requires continuous verification of users, devices, and network activities before granting access. This approach is gaining prominence in cybersecurity, particularly in 2025, as it provides a more robust defense against evolving cyber threats.
2. Leverage AI for Threat Detection
AI-driven cybersecurity tools help identify and neutralize threats faster than traditional methods.
3. Educate and Train Employees
Human error is still one of the leading causes of cyber breaches. A well-trained workforce can significantly reduce security risks.
4. Strengthen Data Privacy Measures
With strict data protection regulations (like GDPR and CCPA), businesses must take data privacy seriously.
5. Secure Cloud Environments
As businesses increasingly rely on cloud storage, securing cloud environments is crucial.
Conclusion
Cybersecurity in 2025 is more than just an IT concern—it’s a business necessity. With cyber threats becoming more sophisticated, individuals and organizations must proactively approach security. By adopting zero-trust models, leveraging AI for threat detection, and educating employees, you can stay ahead of cybercriminals and safeguard your digital assets.
The post Cybersecurity in 2025: The Biggest Threats and How to Protect Yourself first appeared on Cybersecurity Insiders.
The post Cybersecurity in 2025: The Biggest Threats and How to Protect Yourself appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/9ixGURu
via IFTTT
In today’s increasingly digital world, ransomware attacks have become one of the most pervasive threats to businesses and individuals alike. Ransomware is a type of malicious software that locks a victim’s files or entire system, demanding a ransom to restore access. With the rising frequency and sophistication of these attacks, it is crucial to adopt effective defensive strategies. Among the most vital components in ransomware defenses are backup and encryption, two practices that can significantly mitigate the damage caused by such cyber threats.
Why Backup is Essential in Ransomware Defense
One of the primary goals of a ransomware attack is to encrypt a victim’s data, rendering it inaccessible until the ransom is paid. However, relying solely on paying the ransom to regain access to critical files is both risky and unreliable. There’s no guarantee that cybercriminals will restore access after receiving the payment, and doing so only encourages further criminal activity.
Regular data backups can be a game-changer in such scenarios. By maintaining frequent backups of important files, applications, and system settings, organizations can restore their data to a previous, uninfected state without having to pay the ransom. This makes backup one of the most powerful tools in ransomware defense. Here’s how it helps:
Quick Recovery: In the event of a ransomware attack, having an up-to-date backup enables rapid recovery of lost or encrypted data, minimizing downtime and reducing the operational impact.
Data Integrity: Backups provide a secure copy of data, ensuring that critical files are protected and can be restored without corruption or modification caused by ransomware.
Prevents Data Loss: Ransomware attacks often target organizations’ most vital data. Backing up this data regularly ensures that, even in the worst-case scenario, the organization can restore all files without any permanent loss.
Cost Savings: By avoiding the need to pay a ransom, businesses save significant amounts of money that would otherwise be spent on paying cybercriminals or hiring expensive recovery services.
Best Practices for Effective Backups:
3-2-1 Backup Strategy: Keep three copies of your data (one primary copy and two backups), store the backups on two different types of media (external hard drives, cloud storage, etc.), and keep one copy offsite or in the cloud for added protection against local disasters.
Automate Backups: Use automated backup systems that regularly update your files. This reduces the risk of human error and ensures that the latest data is always backed up.
Test Backups Regularly: Ensure that your backups are functional and can be restored effectively by conducting regular tests.
The Role of Encryption in Ransomware Protection
Encryption plays a pivotal role in preventing ransomware from compromising sensitive data. When data is encrypted, it is transformed into an unreadable format that can only be deciphered with the correct decryption key. Ransomware typically encrypts files and demands payment in exchange for the decryption key. By adopting encryption practices, you can take steps to make data inaccessible to attackers, even if they manage to breach your systems.
Here’s why encryption is critical in ransomware defense:
Data Protection: Encrypted files are of no value to cybercriminals because they cannot be read or altered without the decryption key. Even if attackers gain access to your system, the encrypted data remains secure.
Preventing Unauthorized Access: With robust encryption protocols in place, unauthorized users or cybercriminals are unable to view sensitive files or steal valuable intellectual property.
Strengthening Backup Security: Encrypting your backups ensures that even if ransomware infiltrates your backup storage, the attacker won’t be able to access or manipulate the files without the decryption key.
Securing Data in Transit: Ransomware often spreads through phishing emails or compromised networks. By encrypting sensitive data both in transit (when being sent over networks) and at rest (when stored), you add an extra layer of protection that can help safeguard your information.
Best Practices for Effective Encryption:
Encrypt Sensitive Data: Encrypt all sensitive files, including customer data, financial information, and proprietary business documents.
Use Strong Encryption Standards: Employ advanced encryption algorithms (e.g., AES-256) to ensure the highest level of data security.
Encrypt Backups: Ensure that all backup copies are encrypted, making it difficult for cybercriminals to access and hold data hostage.
Manage Keys Securely: Protect encryption keys and decryption credentials using key management systems to prevent unauthorized access.
How Backup and Encryption Work Together to Mitigate Ransomware Risks
While backup and encryption are powerful defenses individually, when used together, they create a formidable barrier against ransomware attacks.
Backup and Encryption Work in Tandem: When you encrypt your backups, you ensure that even if ransomware targets your backup systems, the attacker will not be able to read or modify the files. The encrypted backups can be restored safely without fear of reintroducing malware into your environment.
Layered Defense: By combining backup and encryption, you’re creating a multi-layered defense strategy that doesn’t rely on a single point of failure. If one layer is compromised, the other still offers a strong line of defense.
Ensuring Complete Data Protection: While backups provide a means of recovery, encryption ensures that your data is not exposed to unauthorized access during the backup process, further strengthening your organization’s data security.
Conclusion: Proactive Measures Against Ransomware Attacks
As ransomware continues to evolve and grow more sophisticated, relying on backup and encryption is no longer optional—it’s a necessity. Backups provide the means to recover from an attack quickly, while encryption ensures that your data remains safe and inaccessible to hackers, even if they breach your network. Together, these two strategies offer a robust defense mechanism that can help organizations minimize the risks and impact of ransomware attacks.
To ensure your defenses are as strong as possible, adopting a proactive cybersecurity strategy that includes regular backups, strong encryption protocols, and employee training on safe digital practices is essential. By doing so, you can significantly reduce your vulnerability to ransomware and protect your most valuable assets—your data.
The post The Critical Role of Backup and Encryption in Ransomware Defenses first appeared on Cybersecurity Insiders.
The post The Critical Role of Backup and Encryption in Ransomware Defenses appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/TxJIElZ
via IFTTT
Just a few days ago, Oracle made headlines after becoming the victim of a cyberattack that led to the leak of over 6 million records, affecting both its customers and employees. Initially, the incident appeared to be a ransomware attack. However, Oracle quickly denied any breach or server encryption at that time, leading to some confusion.
Recent reports have revealed that the actual data leak occurred on legacy servers belonging to Oracle Health, formerly known as Cerner. The leaked data now circulating online is reportedly linked to this breach. Cerner, which specialized in providing healthcare software services, including Electronic Health Records (EHR) and other technology solutions, was acquired by Oracle in 2022. Following the acquisition, Cerner was rebranded as Oracle Health. The leaked data appears to involve both customers and employees from Cerner, stored on Oracle Cloud’s archival servers, though confirmation is still pending.
Cerner, prior to its acquisition, was a well-established player in the healthcare sector, working with hospitals and healthcare providers throughout the United States. The breach, now confirmed by Oracle, seems to have occurred when a threat actor compromised the company’s servers earlier this year, possibly in January. It is believed that the attacker may have copied sensitive information, including patient data from electronic health records, to a remote server.
The exposure of patient and employee data can be extremely damaging to any organization, especially one in the healthcare industry. Such sensitive information can be exploited in numerous ways, including social engineering attacks, phishing schemes, identity theft, malware distribution, and ransom demands. Moreover, the reputational damage to Oracle Health and its affiliates could be long-lasting, eroding trust among customers and patients. The implications of this data breach highlight the growing risks and challenges organizations face in securing sensitive information in an increasingly digital world.
The post Oracle Health data breach related to hospitals first appeared on Cybersecurity Insiders.
The post Oracle Health data breach related to hospitals appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/DL9PgNK
via IFTTT
Palo Alto, USA, March 28th, 2025, CyberNewsWire
From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.
Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts, and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victim’s device. However, thanks to the proliferation of the cloud and SaaS services, the device no longer holds the keys to the kingdom. Instead, the browser has become the primary way through which employees conduct work and interact with the internet. In other words, the browser is becoming the new endpoint.
SquareX has been disclosing major browser vulnerabilities like Polymorphic Extensions and Browser Syncjacking, and is now issuing a strong warning on the emergence of browser-native ransomware.
SquareX’s founder, Vivek Ramachandran cautions, “With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the ‘ingredients’ of browser-native ransomwares being used by adversaries. It is only a matter of time before one smart attacker figures out how to put all the pieces together. While EDRs and Anti-Viruses have played an unquestionably vital role in defending against traditional ransomware, the future of ransomware will no longer involve file downloads, making a browser-native solution a necessity to combat browser-native ransomwares.”
Unlike traditional ransomware, browser-native ransomware requires no file download, rendering them completely undetectable by endpoint security solutions. Rather, this attack targets the victim’s digital identity, taking advantage of the widespread shift toward cloud-based enterprise storage and the fact that browser-based authentication is the primary gateway to accessing these resources. In the case studies demonstrated by SquareX, these attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.
One potential scenario involves social engineering a user into granting a fake productivity tool access to their email, through which it can identify all the SaaS applications the victim is registered with. It can then systematically reset the password of these apps with AI agents, logging the users out on their own and holding enterprise data stored on these applications hostage.
Similarly, the attacker can also target file-sharing services like Google Drive, Dropbox and OneDrive, using the victim’s identity to copy out and delete all files stored under their account. Critically, attackers can also gain access to all shared drives, including those shared by colleagues, customers and other third parties. This significantly expands the attack surface of browser-native ransomware – where the impact of most traditional ransomware is confined to a single device, all it takes is one employee’s mistake for attackers to gain full access to enterprise-wide resources.
As fewer and fewer files are being downloaded, it is inevitable for attackers to follow where work and valuable data are being created and stored. As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of client-side application layer identity attacks will become essential in combating the next generation of ransomware attacks.
To learn more about this security research, users can visit https://sqrx.com/browser-native-ransomware
About SquareX
SquareX’s industry-first Browser Detection and Response (BDR) solution helps organizations detect, mitigate, and threat-hunt client-side web attacks happening against their users in real time. In addition to browser ransomware, SquareX also protects against various browser threats including identity attacks, malicious extensions, advanced spearphishing, GenAI DLP, and insider threats.
The browser-native ransomware disclosure is part of the Year of Browser Bugs project. Every month, SquareX’s research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Previously disclosed attacks include Browser Syncjacking and Polymorphic Extensions.
To learn more about SquareX’s BDR, users can contact founder@sqrx.com.
For press inquiries on this disclosure or the Year of Browser Bugs, users can email junice@sqrx.com.
Head of PR
Junice Liew
SquareX
junice@sqrx.com
The post SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk first appeared on Cybersecurity Insiders.
The post SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/pdl7XwK
via IFTTT
Key Insights and Strategies for Protecting Cloud Environments
Introduction
Cloud adoption is continuing to transform the IT infrastructure and security landscapes by delivering unmatched scalability and flexibility. Multi-cloud strategies further enhance these advantages but introduce unique challenges, prompting organizations to implement innovative solutions to safeguard their critical assets effectively.
The 2025 State of Cloud Security Report, based on insights from 873 cybersecurity professionals, provides an in-depth analysis of the evolving cloud security landscape, highlighting key trends, challenges, and priorities for organizations navigating increasingly complex environments. This report serves as a guide for IT and security professionals seeking to strengthen their hybrid and multi-cloud security posture while continuing innovation.
Key findings from this report include:
This report underscores the importance of unified cloud security solutions that streamline policy enforcement, automate threat detection, and ensure consistent protection across hybrid and multicloud environments. By leveraging these insights and best practices, organizations can build a resilient cloud security posture that adapts to evolving threats and business demands.
We extend our sincere gratitude to Fortinet, a global leader in cloud security, for their invaluable contribution to this research. Their expertise and insights into securing hybrid and multi-cloud environments have significantly strengthened the findings and recommendations presented in this report.
We hope this report serves as a valuable resource for IT and cybersecurity professionals striving to secure their organizations in this era of rapid cloud expansion.
Thank you,
Holger Schulze Founder
Cybersecurity Insiders
Shifting Cloud Deployment Strategies
The choice of an organization’s cloud deployment strategy directly impacts its security needs, operational outcomes, and infrastructure requirements, making it a pivotal decision in today’s multi-faceted IT environments.
The survey findings show that hybrid cloud is the predominant strategy, chosen by 54% of respondents, up from 43% last year. This growth reflects a strong shift away from single-cloud toward integrating multiple cloud services with on-premises systems into cohesive environments. For example, a retail company might use a public cloud to host customer-facing applications while retaining sensitive payment data in a private on-premises system to meet compliance requirements like PCI DSS. Such hybrid strategies allow organizations to enjoy the scalability of public clouds while maintaining control over critical data.
Multi-cloud deployments, which are critical for scenarios where organizations distribute workloads across providers to avoid vendor lock-in or utilize specific capabilities, follow at 28%. For instance, a tech company might host its compute-heavy applications on Amazon Web Services (AWS) while using Google Cloud’s advanced AI services for data analytics, ensuring they optimize performance while mitigating reliance on a single provider.
Single cloud adoption is becoming less common, with just 18% relying on a single provider (down from 22% in 2024), often reflecting simplicity in management at the potential cost of reduced flexibility. This may be the preferred model for smaller businesses, such as a law firm exclusively using Microsoft’s Azure for its document storage and workflow management, prioritizing ease of management over diversification.
Expanding Multi-Cloud Adoption
The increasing number of cloud providers that organizations use reflects the evolving preference for hybrid and multi-cloud strategies, as well as the operational complexity they introduce.
The survey results reveal that 78% of organizations use two or more cloud providers, up from 71% last year, marking a 7-point increase that underscores the growing shift toward multi-cloud adoption. For example, a multinational company might use AWS for its global content delivery network while relying on Microsoft Azure’s compliance-ready offerings in regions with strict data residency laws. The strategic use of multiple providers enables businesses to leverage specialized capabilities, such as AI services from Google Cloud or Oracle Cloud’s database expertise, while ensuring resilience through redundancy.
Dominance of Major Cloud Providers
Understanding which cloud service providers organizations currently use, or plan to adopt, sheds light on market preferences and reveals how businesses align their cloud strategies with evolving workloads and specialized capabilities.
The findings confirm Microsoft Azure and AWS as dominant players, with 76% and 70% of respondents reporting current usage, respectively.
Currently used by 52% of respondents, the Google Cloud Platform is gaining interest, as reflected by 25% of respondents planning to adopt it in the future.
Meanwhile, Oracle Cloud and IBM Cloud maintain smaller market shares but see notable future interest, likely driven by their expertise in integrating with enterprise legacy systems.
Overcoming Barriers to Cloud Adoption
The survey reveals the primary barriers organizations face in adopting cloud services, highlighting the challenges IT and security teams must address to fully realize the potential of cloud environments.
Security and compliance concerns remain the top challenge, cited by 61% of respondents (up from 59% in last year’s survey). This reflects growing interest around issues like data leakage and the complexities of meeting regulatory requirements. For instance, a healthcare organization might delay migrating sensitive patient records to the cloud due to uncertainty around compliance with HIPAA or other regional data protection laws.
Organizational and operational factors follow closely at 54% (moving up to #2 spot from 49% last year), highlighting challenges such as resistance to change, vendor lock-in concerns, and cultural hurdles. A manufacturing company, for example, may face internal pushback when moving legacy systems to the cloud due to fears of losing control over proprietary processes.
Resource constraints, including limited staff expertise and budgetary restrictions, are cited by 51% (up from 49% in 2024), emphasizing the difficulty many organizations face in managing and securing cloud capabilities. Meanwhile, technical challenges, though slightly less prominent this year at 48%, still represent a substantial barrier, particularly when integrating complex hybrid cloud environments.
Public Cloud Security Concerns
Persistent concerns about the security of public clouds reflect the ongoing challenge of balancing the benefits of scalability and agility with the need for robust protection.
A staggering 92% of survey respondents expressed concern about public cloud security, underscoring its importance as a critical area of focus for IT and cybersecurity professionals.
This apprehension aligns with findings in this survey where 61% identified security and compliance as the top barrier to cloud adoption. For example, a financial services firm considering cloud migration for customer transaction data might hesitate due to fears of regulatory non-compliance or potential exposure of sensitive information through misconfigurations. Such concerns extend to specific risks, including data leakage, shared responsibility confusion, and limited visibility into cloud provider activities, further complicating adoption decisions.
Operational Challenges in Cloud Security
Managing day-to-day cloud security operations reveals the complex and evolving hurdles organizations face in securing their environments.
Data security and privacy emerges as the top concern, identified by 63% of respondents, reflecting ongoing fears about protecting sensitive information and preventing leaks. Access control and identity management follows at 59%, underscoring the need for robust authentication and privilege management in distributed cloud environments. A hybrid cloud deployment, for instance, may face challenges in synchronizing user access policies across on-premises systems and cloud platforms.
Configuration and misconfiguration management is a close third at 56%, illustrating the operational difficulty of ensuring proper cloud setups — such as monitoring for unintentional public exposure of cloud storage buckets, a scenario that has led to numerous high-profile breaches.
Cloud security management (55%), threat detection and response (54%), and policy and compliance management (47%) collectively highlight the need for consistent and scalable solutions to manage multi-cloud environments.
Securing Multi-Cloud Environments
Securing multi-cloud environments introduces distinct challenges stemming from their inherent complexity, lack of standardization, and rapidly evolving technologies. These issues directly impact organizations’ ability to protect sensitive data, maintain operational efficiency, and manage diverse cloud ecosystems.
Ensuring data protection and privacy for each environment continues to be the leading challenge, cited by 58% of respondents, up from 55% in 2024. This mirrors earlier findings in our survey where data security and privacy were identified as the top operational concern (63%), emphasizing the need for consistent safeguards across fragmented cloud infrastructures.
Loss of visibility and control, at 55%, underscores the difficulty of maintaining oversight in multi-cloud setups—a concern echoed previously where 55% highlighted cloud security management as a daily challenge.
The lack of skills to deploy and manage comprehensive multi-cloud solutions is cited by 53%. Challenges such as keeping up with the rate of change (45%) and understanding how different solutions fit together (43%) reflect the operational and strategic hurdles of navigating the rapid evolution of cloud technologies.
Low Confidence in Real-Time Threat Detection
The ability to detect and respond to threats across cloud environments in real time is critical as organizations adopt increasingly complex multi-cloud and hybrid strategies. These architectures introduce unique challenges in achieving seamless visibility and rapid responsiveness across disparate platforms.
The survey data highlights a significant confidence gap, with 64% of respondents indicating they lack confidence in their organization’s ability to handle real-time threat detection. For example, an organization may lack the ability to link together a series of isolated malicious actions, leading to significant delays in identifying and responding to a potential breach. This trend suggests that while many organizations have foundational security measures in place, the growing sophistication of cloud threats and the challenges of managing diverse environments leave them vulnerable to advanced attacks and misconfigurations. Survey findings discussed earlier align with this, showing that loss of visibility and control (55%) and challenges in threat detection and response (54%) are top barriers in cloud security operations.
Only 10% of respondents report being extremely confident and another 26% feel very confident, leaving fewer than 40% well-prepared for the demands of modern cloud threat management.
Cloud Security Priorities
As organizations expand their cloud footprints, deploying the right mix of security capabilities is essential to ensure resilience, compliance, and operational efficiency in the face of growing threats.
When asked about the adoption priorities for critical cloud security tools over the next 12 months, Cloud Security Posture Management (CSPM) leads with 67%, underscoring its critical role in identifying and remediating misconfigurations across cloud environments. For example, a CSPM tool might alert a retailer of publicly exposed storage buckets in AWS, preventing a costly data breach.
Similarly, Cloud Native Application Protection Platforms (CNAPP), at 62%, showcase growing recognition of the need for end-to-end application lifecycle security. A CNAPP might proactively flag vulnerabilities in containerized workloads running in Kubernetes, identify malicious runtime activity, and detect a chain of events that indicate compromise. Close behind, Cloud Workload Protection Platforms (CWPP), at 60%, and Cloud Detection and Response (CDR), at 59%, highlight the increasing focus on workload security and threat mitigation, especially in multi-cloud setups. The adoption of Cloud Infrastructure Entitlement Management (CIEM), at 50%, further demonstrates the demand for robust access and privilege controls across diverse cloud platforms and the drive towards implementing least privilege or eliminating unused credentials.
Addressing the Cybersecurity Skills Gap
The industry-wide shortage of qualified cybersecurity professionals continues to be a critical issue that directly impacts an organization’s ability to protect its assets and respond effectively to evolving threats.
The findings reveal that 95% of respondents are moderately to extremely concerned about the ongoing cybersecurity skills shortage, highlighting the significant strain it places on organizations as they struggle to recruit and retain the talent needed to address increasingly complex cybersecurity challenges. For instance, a healthcare provider struggling to implement multi-cloud security controls might face delays due to the lack of specialized talent in cloud-specific skills like configuration management or CIEM.
This concern is validated by survey data showing that 76% of organizations are experiencing a cybersecurity talent shortage today.
Key Security Skills for Today’s Threats
The survey findings on the most important security skills highlight the diverse and evolving expertise organizations require to tackle increasingly complex cloud security challenges.
Cloud and application security skills lead the list at 65%, reflecting the priority organizations place on securing cloud platforms and applications. For example, expertise in cloud platform-specific security might involve creating automated guardrails and scalable, secure landing zones, all available as code for automated deployment.
Identity and access management follows closely at 61%, emphasizing the need for robust access controls, particularly in hybrid and multi-cloud environments where unified user privilege management is essential. Technical and advanced security skills (58%) and threat intelligence and analysis (57%) reflect the rising demand for specialists capable of leveraging AI and understanding sophisticated adversary tactics, in order to quickly identify and mitigate malicious activity, particularly for compromised cloud admin accounts. Skills in incident response and forensics (55%) remain essential for mitigating breaches, while security monitoring and operations (52%) showcase the need for expertise in detecting anomalies and accelerating mitigation.
Investment Trends in Cloud Security
The survey results reveal fresh insights into how organizations are prioritizing their financial resources to address cloud security challenges. A majority of 63% of respondents report plans to increase their cloud security budgets in the next 12 months (up from 61% last year), signaling a strong recognition of the need to bolster defenses in hybrid and multi-cloud setups.
Meanwhile, 31% indicate unchanged budgets (down from 32% in 2024), likely reflecting organizations that have already invested heavily or are managing consistent operational needs. Only 6% expect a decrease, a rare trend in an era of escalating cloud threats and regulatory requirements.
On average, 35% of IT security budgets are allocated to security budgets, demonstrating that cloud protection is becoming a focal point of overall security spending, particularly as cloud adoption accelerates.
This growing emphasis on cloud security investment reflects a proactive approach to addressing gaps in visibility, access control, and threat detection—challenges cited throughout this report. Organizations planning budget increases should focus on solutions that efficiently integrate key capabilities, such as CNAPP, to maximize the impact of their investment.
The Value of Unified Cloud Security Platforms
The value of a single, unified cloud security platform with a centralized dashboard lies in its potential to simplify policy configuration, ensure consistency, and enhance visibility across an organization’s cloud footprint.
The survey results show overwhelming interest in the concept, with 97% of respondents finding such a platform either moderately to extremely helpful. For example, a single dashboard could allow a financial services organization to apply uniform access controls across AWS, Azure, and Google Cloud, reducing the likelihood of configuration errors. This aligns with earlier findings where 55% of respondents cited loss of visibility and control as a primary challenge in multi-cloud and hybrid environments, emphasizing the need for centralized tools to close these gaps.
Best Practices for Stronger Hybrid & Multi-Cloud Security
As organizations increasingly adopt hybrid and multi-cloud environments, managing diverse providers and maintaining robust security becomes more complex. To navigate these challenges effectively, it’s essential to implement strategic best practices that align with industry insights and leverage advanced security solutions.
The following recommendations offer actionable steps to enhance your multi-cloud security posture.
1.AUTOMATE DETECTION AND REMEDIATION OF CLOUD RISKS
Misconfigurations are a common vulnerability, with 67% of respondents either using or planning to adopt automated tools to address this issue. Continuous monitoring and real-time remediation solutions can proactively identify risks, such as misconfigured storage or excessive permissions, and correct them efficiently. These tools also simplify compliance with industry regulations.
2.PROTECT DATA FLOWS ACROSS CLOUD ENVIRONMENTS
As data moves between cloud environments, it is crucial to ensure its security and integrity. With 58% of respondents highlighting data protection and privacy as a top concern, leveraging tools that provide comprehensive visibility into data flows helps organizations safeguard information during transit. These tools enable monitoring for potential risks, prevent unauthorized access, and facilitate adherence to regulatory frameworks like GDPR and CCPA, enhancing overall data protection efforts.
3.IMPLEMENT UNIFIED THREAT DETECTION MECHANISMS
Over half of respondents (54%) highlighted difficulties in detecting and responding to threats across multi-cloud environments. Unified threat detection solutions centralize visibility, allowing teams to identify and respond to anomalies quickly. These tools can correlate data across different cloud environments to reduce detection times and improve response accuracy.
4.INVEST IN CLOUD-SPECIFIC TRAINING FOR SECURITY TEAMS
Skills shortages impact 76% of organizations, limiting their ability to deploy and manage cloud-native solutions effectively. Upskilling employees in areas like DevSecOps and container security empowers teams to address emerging security challenges.
5.UTILIZE POLICY-AS-CODE FOR CONSISTENT SECURITY ENFORCEMENT
As 43% of respondents reported challenges understanding how different solutions integrate, leveraging policy-as-code approaches ensures consistent enforcement across platforms. Policyas-code simplifies audits and enables automated configuration management, ensuring that security controls remain aligned with organizational requirements.
6.ALIGN SECURITY INVESTMENTS WITH APPLICATION WORKLOAD REQUIREMENTS
Application-level security is a growing priority, with 62% of respondents planning to adopt comprehensive protection platforms. End-to-end security for applications, from development to runtime, ensures tailored protection for workloads while supporting consistent policies across environments. Solutions that integrate with containerized environments and runtime protections address this need effectively.
7.STANDARDIZE ACCESS CONTROLS ACROSS CLOUD PLATFORMS
Access control and identity management remains a top challenge for 59% of organizations, especially in distributed cloud setups. Centralized access control solutions can streamline user privilege management and enforce consistent security policies across hybrid and multi-cloud environments. Implementing a unified identity platform ensures seamless policy enforcement while minimizing the risk of unauthorized access.
8.EMBRACE CLOUD-BASED SECURITY TOOLS FOR SCALABILITY
With 54% of respondents identifying hybrid cloud as their primary deployment model, scalable cloud-based security tools are essential. These solutions enable consistent protection across on-premises systems and public clouds, ensuring organizations can expand their cloud footprints without compromising operational efficiency.
Conclusion
This report underscores the importance of strategic investment in unified tools, training, and processes tailored to the evolving demands of hybrid and multi-cloud security. By addressing the challenges—such as misconfigurations, skills gaps, and lack of visibility—organizations can build a resilient security posture.
Implementing the best practices provided in this report equips businesses to thrive in complex cloud environments, safeguarding critical assets while maintaining agility and compliance in an era of rapid digital transformation.
Cloud Security Glossary
This glossary provides a quick overview of essential cloud security technologies discussed in this report, focusing on what they do, the security challenges they solve, and why they matter in protecting today’s complex cloud environments.
Application Security Posture Management (ASPM) – ASPM provides visibility into application vulnerabilities and configuration issues across the software development lifecycle. It supports secure coding practices and integrates security into DevSecOps workflows. ASPM is crucial for ensuring that applications remain secure from development through deployment and runtime.
Cloud Detection and Response (CDR) – CDR is a specialized technology that identifies and mitigates threats in cloud environments. It offers real-time visibility into cloud activities, enabling quick detection of anomalies and swift incident response. CDR is crucial for maintaining a strong defense against sophisticated threats in distributed cloud setups.
Cloud Infrastructure Entitlement Management (CIEM) – CIEM focuses on managing permissions and access controls within cloud environments. It identifies excessive permissions, enforces least-privilege principles, and reduces the risk of privilege misuse. CIEM is important for maintaining secure and compliant access policies in multi-cloud architectures.
Cloud Native Application Protection Platform (CNAPP) – CNAPP integrates multiple security functions to protect cloud-native applications throughout their lifecycle. It combines workload protection, configuration management, and runtime defense to secure containers, serverless functions, and other cloud-native workloads. CNAPP is essential for organizations adopting modern development practices like DevOps and microservices.
Cloud Security Posture Management (CSPM) – CSPM is a solution designed to automate the detection of misconfigurations in cloud environments. It continuously monitors cloud infrastructure for security risks, such as exposed storage buckets or overly permissive access controls, ensuring compliance with regulatory frameworks. CSPM is critical for maintaining visibility and addressing vulnerabilities in multi-cloud and hybrid environments.
Cloud Workload Protection Platform (CWPP) – CWPP secures workloads across cloud environments, including virtual machines, containers, and serverless architectures. It provides visibility into vulnerabilities, ensures consistent security policies, and protects workloads from advanced threats. CWPP is key for organizations managing diverse and dynamic cloud workloads.
Data Security Posture Management (DSPM) – DSPM is a data-centric solution that identifies, classifies, and secures sensitive information in cloud environments. It ensures that data is properly protected and aligns with privacy regulations like GDPR and CCPA. DSPM is vital for addressing the challenges of safeguarding sensitive information across complex cloud ecosystems.
Methodology and Demographics
The 2025 Cloud Security Report is based on a comprehensive survey conducted in late 2024, gathering insights from 873 IT and cybersecurity professionals across a range of countries and industries, including technology, financial services, healthcare, and government. Respondents represented organizations of varying sizes, from small businesses to large enterprises, and included professionals in roles ranging from specialists to C-level executives.
The survey, conducted online, explored key trends, challenges, and priorities in cloud security. The findings provide a well-rounded view of how organizations are navigating the complexities of cloud environments and adopting security technologies to address emerging threats.
For questions that allow respondents to select multiple answers, the percentages may total more than 100%, as participants could choose more than one option.
__
Fortinet (NASDAQ: FTNT) secures the largest enterprises, services providers, and government organizations around the world. Fortinet empowers our customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networks, application, multi-cloud, or edge environments. Fortinet ranks #1 as a security company, with more than 800,000 clients who trust their solutions and services to protect their businesses. www.fortinet.com
__
Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges. Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges. Contact us today to learn how Cybersecurity Insiders can help you stand out in a crowded market and boost demand, brand visibility, and thought leadership presence. Email us at info@cybersecurity-insiders.com or visit cybersecurity-insiders.com
The post State of Cloud Security Report 2025 first appeared on Cybersecurity Insiders.
The post State of Cloud Security Report 2025 appeared first on Cybersecurity Insiders.
from Cybersecurity Insiders https://ift.tt/Cl4MRcQ
via IFTTT
I’m excited to announce that AWS CodeBuild now supports parallel test execution, so you can run your test suites concurrently and reduce build times significantly.
With the demo project I wrote for this post, the total test time went down from 35 minutes to six minutes, including the time to provision the environments. These two screenshots from the AWS Management Console show the difference.
Sequential execution of the test suite
Parallel execution of the test suite
Very long test times pose a significant challenge when running continuous integration (CI) at scale. As projects grow in complexity and team size, the time required to execute comprehensive test suites can increase dramatically, leading to extended pipeline execution times. This not only delays the delivery of new features and bug fixes, but also hampers developer productivity by forcing them to wait for build results before proceeding with their tasks. I have experienced pipelines that took up to 60 minutes to run, only to fail at the last step, requiring a complete rerun and further delays. These lengthy cycles can erode developer trust in the CI process, contribute to frustration, and ultimately slow down the entire software delivery cycle. Moreover, long-running tests can lead to resource contention, increased costs because of wasted computing power, and reduced overall efficiency of the development process.
With parallel test execution in CodeBuild, you can now run your tests concurrently across multiple build compute environments. This feature implements a sharding approach where each build node independently executes a subset of your test suite. CodeBuild provides environment variables that identify the current node number and the total number of nodes, which are used to determine which tests each node should run. There is no control build node or coordination between nodes at build time—each node operates independently to execute its assigned portion of your tests.
To enable test splitting, configure the batch fanout section in your buildspec.xml, specifying the desired parallelism level and other relevant parameters. Additionally, use the codebuild-tests-run utility in your build step, along with the appropriate test commands and the chosen splitting method.
The tests are split based on the sharding strategy you specify. codebuild-tests-run offers two sharding strategies:
CodeBuild supports automatic merging of test reports when running tests in parallel. With automatic test report merging, CodeBuild consolidates tests reports into a single test summary, simplifying result analysis. The merged report includes aggregated pass/fail statuses, test durations, and failure details, reducing the need for manual report processing. You can view the merged results in the CodeBuild console, retrieve them using the AWS Command Line Interface (AWS CLI), or integrate them with other reporting tools to streamline test analysis.
Let’s look at how it works
Let me demonstrate how to implement parallel testing in a project. For this demo, I created a very basic Python project with hundreds of tests. To speed things up, I asked Amazon Q Developer on the command line to create a project and 1,800 test cases. Each test case is in a separate file and takes one second to complete. Running all tests in a sequence requires 30 minutes, excluding the time to provision the environment.
In this demo, I run the test suite on ten compute environments in parallel and measure how long it takes to run the suite.
To do so, I added a buildspec.yml file to my project.
version: 0.2
batch:
fast-fail: false
build-fanout:
parallelism: 10 # ten runtime environments
ignore-failure: false
phases:
install:
commands:
- echo 'Installing Python dependencies'
- dnf install -y python3 python3-pip
- pip3 install --upgrade pip
- pip3 install pytest
build:
commands:
- echo 'Running Python Tests'
- |
codebuild-tests-run \
--test-command 'python -m pytest --junitxml=report/test_report.xml' \
--files-search "codebuild-glob-search 'tests/test_*.py'" \
--sharding-strategy 'equal-distribution'
post_build:
commands:
- echo "Test execution completed"
reports:
pytest_reports:
files:
- "*.xml"
base-directory: "report"
file-format: JUNITXML There are three parts to highlight in the YAML file.
First, there’s a build-fanout section under batch. The parallelism command tells CodeBuild how many test environments to run in parallel. The ignore-failure command indicates if failure in any of the fanout build tasks can be ignored.
Second, I use the pre-installed codebuild-tests-run command to run my tests.
This command receives the complete list of test files and decides which of the tests must be run on the current node.
sharding-strategy argument to choose between equally distributed or stable distribution as I explain above.files-search argument to pass all the files that are candidates for a run. We recommend to use the provided codebuild-glob-search command for performance reasons, but any file search tool, such as find(1), will work.test-command argument.Lastly, the reports section instructs CodeBuild to collect and merge the test reports on each node.
Then, I open the CodeBuild console to create a project and a batch build configuration for this project. There’s nothing new here, so I’ll spare you the details. The documentation has all the details to get you started. Parallel testing works on batch builds. Make sure to configure your project to run in batch.
Now, I’m ready to trigger an execution of the test suite. I can commit new code on my GitHub repository or trigger the build in the console.
After a few minutes, I see a status report of the different steps of the build; with a status for each test environment or shard.
When the test is complete, I select the Reports tab to access the merged test reports.
The Reports section aggregates all test data from all shards and keeps the history for all builds. I select my most recent build in the Report history section to access the detailed report.
As expected, I can see the aggregated and the individual status for each of my 1,800 test cases. In this demo, they’re all passing, and the report is green.
The 1,800 tests of the demo project take one second each to complete. When I run this test suite sequentially, it took 35 minutes to complete. When I run the test suite in parallel on ten compute environments, it took six minutes to complete, including the time to provision the environments. The parallel run took 17.1 percent of the time of the sequential run. Actual numbers will vary with your projects.
Additional things to know
This new capability is compatible with all testing frameworks. The documentation includes examples for Django, Elixir, Go, Java (Maven), Javascript (Jest), Kotlin, PHPUnit, Pytest, Ruby (Cucumber), and Ruby (RSpec).
For test frameworks that don’t accept space-separated lists, the codebuild-tests-run CLI provides a flexible alternative through the CODEBUILD_CURRENT_SHARD_FILES environment variable. This variable contains a newline-separated list of test file paths for the current build shard. You can use it to adapt to different test framework requirements and format test file names.
You can further customize how tests are split across environments by writing your own sharding script and using the CODEBUILD_BATCH_BUILD_IDENTIFIER environment variable, which is automatically set in each build. You can use this technique to implement framework-specific parallelization or optimization.
Pricing and availability
With parallel test execution, you can now complete your test suites in a fraction of the time previously required, accelerating your development cycle and improving your team’s productivity. The demo project I created to illustrate this post consumes 18.7 percent of the time of a sequential build.
Parallel test execution is available on all three compute modes offered by CodeBuild: on-demand, reserved capacity, and AWS Lambda compute.
This capability is available today in all AWS Regions where CodeBuild is offered, with no additional cost beyond the standard CodeBuild pricing for the compute resources used.
I invite you to try parallel test execution in CodeBuild today. Visit the AWS CodeBuild documentation to learn more and get started with parallelizing your tests.
PS: Here’s the prompt I used to create the demo application and its test suite: “I’m writing a blog post to announce codebuild parallel testing. Write a very simple python app that has hundreds of tests, each test in a separate test file. Each test takes one second to complete.”
How is the News Blog doing? Take this 1 minute survey!
(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)
from AWS News Blog https://ift.tt/QEATomV
via IFTTT
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. The text has been machine-translated from Russian.
Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites.
The website legiohliberty[.]army features a carbon copy of the homepage for the Freedom of Russia Legion (a.k.a. “Free Russia Legion”), a three-year-old Ukraine-based paramilitary unit made up of Russian citizens who oppose Vladimir Putin and his invasion of Ukraine.
The phony version of that website copies the legitimate site — legionliberty[.]army — providing an interactive Google Form where interested applicants can share their contact and personal details. The form asks visitors to provide their name, gender, age, email address and/or Telegram handle, country, citizenship, experience in the armed forces; political views; motivations for joining; and any bad habits.
“Participation in such anti-war actions is considered illegal in the Russian Federation, and participating citizens are regularly charged and arrested,” Silent Push wrote in a report released today. “All observed campaigns had similar traits and shared a common objective: collecting personal information from site-visiting victims. Our team believes it is likely that this campaign is the work of either Russian Intelligence Services or a threat actor with similarly aligned motives.”
Silent Push’s Zach Edwards said the fake Legion Liberty site shared multiple connections with rusvolcorps[.]net. That domain mimics the recruitment page for a Ukrainian far-right paramilitary group called the Russian Volunteer Corps (rusvolcorps[.]com), and uses a similar Google Forms page to collect information from would-be members.
Other domains Silent Push connected to the phishing scheme include: ciagov[.]icu, which mirrors the content on the official website of the U.S. Central Intelligence Agency; and hochuzhitlife[.]com, which spoofs the Ministry of Defense of Ukraine & General Directorate of Intelligence (whose actual domain is hochuzhit[.]com).
According to Edwards, there are no signs that these phishing sites are being advertised via email. Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.
In August 2024, security researcher Artem Tamoian posted on Twitter/X about how he received startlingly different results when he searched for “Freedom of Russia legion” in Russia’s largest domestic search engine Yandex versus Google.com. The top result returned by Google was the legion’s actual website, while the first result on Yandex was a phishing page targeting the group.
“I think at least some of them are surely promoted via search,” Tamoian said of the phishing domains. “My first thread on that accuses Yandex, but apart from Yandex those websites are consistently ranked above legitimate in DuckDuckGo and Bing. Initially, I didn’t realize the scale of it. They keep appearing to this day.”
The results of a search at DuckDuckGo on Mar. 27, 2025 for “Freedom of Russia legion” shows the first result returned is a phishing domain.
Tamoian, a native Russian who left the country in 2019, is the founder of the cyber investigation platform malfors.com. He recently discovered two other sites impersonating the Ukrainian paramilitary groups — legionliberty[.]world and rusvolcorps[.]ru — and reported both to Cloudflare. When Cloudflare responded by blocking the sites with a phishing warning, the real Internet address of these sites was exposed as belonging to a known “bulletproof hosting” network called Stark Industries Solutions Ltd.
Stark Industries Solutions appeared two weeks before Russia invaded Ukraine in February 2022, materializing out of nowhere with hundreds of thousands of Internet addresses in its stable — many of them originally assigned to Russian government organizations. In May 2024, KrebsOnSecurity published a deep dive on Stark, which has repeatedly been used to host infrastructure for distributed denial-of-service (DDoS) attacks, phishing, malware and disinformation campaigns from Russian intelligence agencies and pro-Kremlin hacker groups.
In March 2023, Russia’s Supreme Court designated the Freedom of Russia legion as a terrorist organization, meaning that Russians caught communicating with the group could face between 10 and 20 years in prison.
Tamoian said those searching online for information about these paramilitary groups have become easy prey for Russian security services.
“I started looking into those phishing websites, because I kept stumbling upon news that someone gets arrested for trying to join [the] Ukrainian Army or for trying to help them,” Tamoian told KrebsOnSecurity. “I have also seen reports [of] FSB contacting people impersonating Ukrainian officers, as well as using fake Telegram bots, so I thought fake websites might be an option as well.”
Search results showing news articles about people in Russia being sentenced to lengthy prison terms for attempting to aid Ukrainian paramilitary groups.
Tamoian said reports surface regularly in Russia about people being arrested for trying carry out an action requested by a “Ukrainian recruiter,” with the courts unfailingly imposing harsh sentences regardless of the defendant’s age.
“This keeps happening regularly, but usually there are no details about how exactly the person gets caught,” he said. “All cases related to state treason [and] terrorism are classified, so there are barely any details.”
Tamoian said while he has no direct evidence linking any of the reported arrests and convictions to these phishing sites, he is certain the sites are part of a larger campaign by the Russian government.
“Considering that they keep them alive and keep spawning more, I assume it might be an efficient thing,” he said. “They are on top of DuckDuckGo and Yandex, so it unfortunately works.”
Further reading: Silent Push report, Russian Intelligence Targeting its Citizens and Informants.
from Krebs on Security https://ift.tt/ZEPpIFT
via IFTTT
Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers.
from darkreading https://ift.tt/9zWP1RV
via IFTTT