The Cyber Express | November 2023 | Israel Vs Hamas by The Cyber Express

Award Winning World’s Fastest Growing Cybersecurity Company

ISSUE 12

TheCyberExpress

Cyble VISION Beyond

Threat Intelligence

The Best Ai-Powered Threat INtel PLATFORM • Uncover hidden threats. • Predict and prevent attacks. • Empower informed decision-making. • Stay ahead of evolving risks. • Secure your digital ecosystem.

See Cyble Vision in Action

TheCyberExpress

ISSUE 12

Contents 6 FROM THE EDITOR

Navigating the Digital Crossfire: A Chronicle of Cyber Conflict and Technological Triumphs

8 SCOOP

Ai In Cybersecurity: Experts Weigh In

16 CYBERVILLE

NLP-Powered AI: The Future of Cybersecurity Threat Detection

24 REGISTER

AI Cybercriminals’ Unlikely Best Friend

32 VIEWPOINT

Ransomware: The Unseen War Holding Lives Hostage

ISSUE 12

TheCyberExpress

38 HOT SEAT

AI Vs Cyberbullying: Protecting The Vulnerable

44 THE COVER Decryption, Deception, And Disinformation: The Complex Web Of Lies In The Hamas-Israel Cyber War

56 FORESIGHT Cyber Clash: Israel-Palestine Timeline Tangle

62 DIGEST

Who Has Chatgpt Helped More – Cybercrime Or Security?

70 BOTTOMLINE Season’s Greetings, Cyber Threats: Staying Safe In The Online Holiday Rush

76 ROUND UP October 2023 Cybersecurity Highlights: Monthly Roundup

TheCyberExpress

ISSUE 12

STAFF

Editorial

Management

Augustin Kurian

Rajashakher Intha

Editor-in-Chief editor@thecyberexpress.com

Head - Marketing & Sales raj@thecyberexpress.com

Avantika Chopra

Ashish Jaiswal

Associate Editor avantika@thecyberexpress.com

Conference Manager ashish.j@thecyberexpress.com

Samiksha Jain

Priti Chaubey

Magazine Producer samiksha.jain@thecyberexpress.com

Content Strategist priti.c@thecyberexpress.com

Ishita Tripathi

Ravi Gupta

Senior Tech Journalist

SEO Analyst

ishita.tripathi@thecyberexpress.com

ravi@thecyberexpress.com

Vishwa Pandagle

Vittal Chowdry

Journalist vishwa@thecyberexpress.com

Design Lead vittal@thecyberexpress.com

Ashish Khaitan Journalist ashish@thecyberexpress.com

Image credits: Shutterstock & Freepik

*Responsible for selection of news under PRB Act. Printed & Published by Augustin Kurian, The Cyber Express LLC., The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may not be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing.

ISSUE 12

TheCyberExpress

From The Editor’s DESK Augustin Kurian Editor-in-Chief

Dear Readers, As we unveil the November 2023 issue of The Cyber Express, we find ourselves at an intersection of history and innovation, where the echoes of past conflicts reverberate in the digital corridors of the present. Our cover story, “Decryption, Deception, and Disinformation: The Complex Web of Lies in the HamasIsrael Cyber War,” is not just a piece of journalism; it’s a comprehensive examination of how cyber warfare has become an integral part of modern conflict. This analytical deep dive exposes the intricate web of digital strategies employed by various hacker groups and hacktivists, whose actions have significantly escalated the already tense atmosphere in the Middle East. These digital warriors, armed with codes and keyboards, have opened a new front in the age-old conflict, blurring the lines between the cyber world and the physical one. We follow this with a detailed chronology in “Cyber Clash: IsraelPalestine Timeline Tangle,” which documents the cyberattacks that have paralleled the physical skirmishes of the Israel-Palestine conflict. This conflict, deeply rooted in the early 20th century, has taken a dramatic turn with the advent of cyber warfare. The year 2023 has been marked by an unprecedented scale of violence, both in the loss of

human lives and the displacement of communities. In the shadows of these tragedies, over a hundred hacker groups have waged a relentless digital war, targeting government, communication networks, and critical infrastructures, causing damage that extends beyond the immediate impact of their attacks. As we delve into these stories, we also recognize a landmark in technological advancement with the first anniversary of widespread public access to Natural Language Processing (NLP) technologies. This innovation has reshaped the interface between humans and machines, making digital interactions more natural and intuitive. Beyond convenience, NLP has fortified cybersecurity, providing new tools to understand and counteract cyber threats with remarkable precision. In our special feature, “A Year in Words: The NLP Revolution,” we explore the transformative impact of NLP across various sectors. From customer service bots that can understand and empathize with human concerns to sophisticated security systems that can parse through language to identify potential threats, NLP has proven to be a formidable ally in the digital age. Yet, with great power comes great responsibility. The potential for misuse of such technologies is a

subject we cannot afford to ignore. Our discussions and articles probe into the ethical considerations and the dual-use nature of AI and NLP, recognizing the fine balance between innovation and its potential for exploitation. This issue of The Cyber Express has been meticulously crafted to provide you with a clear, comprehensive understanding of these complex topics. We strive to cut through the technical jargon and present you with information that is not only accessible but also engaging and thought-provoking. We thank you for your trust in us as your guide through the everchanging landscape of cybersecurity. Your readership motivates us to continue our pursuit of truth and clarity in a world where both can sometimes be as elusive as the cyber threats we face. We hope this issue enriches your understanding and contributes to the ongoing conversation about our digital future. Most importantly, we welcome your feedback at editorial@thecyberexpress.com. Stay Informed, Stay Secure. Augustin Kurian Editor in Chief The Cyber Express

TheCyberExpress

ISSUE 12

SCOOP

AI in

CYBERSECURITY: EXPERTS WEIGH IN Artificial Intelligence (AI), through the emulation of human intelligence, has emerged as a powerful tool with dual capabilities: safeguarding and influencing digital infrastructure. The true extent of AI’s potential in thwarting cyberattacks remains a subject of ongoing exploration, as this realm continually evolves, unveiling fresh wonders with each passing day.

The Cyber Express revisited the insights shared by experts concerning AI’s role in cybersecurity. These collective perspectives provide substantial food for thought, compelling us to delve deeper into the uncharted territories of AI’s complete integration and utilization in the world of cybersecurity.

AI in CYBER 8

ISSUE 12

TheCyberExpress

RSECURITY TheCyberExpress

ISSUE 12

DIGEST SCOOP

BEENU ARORA

JUHANI HINTIKKA

CEO at Cyble (AI-Based Threat Intelligence Startup)

CEO at WithSecure (Cybersecurity Solutions Firm)

AI is already changing industries, not just cyber but everywhere in the world, and cyber is no different. We see there are a number of avenues to how we can make the lives of SOC analysts or cybersecurity analysts easier by doing a number of automation, generating insights, and making quick decisions. AI is one of the core areas where Cyble is actively investing. We are still heavily investing in our engineering capabilities. And we strongly believe that investment is going to continue to happen, if not increase further. In my humble opinion, AI has a lot to offer to our industry. Threat intel, as a segment, has been around for more than a decade. I think there is a need, there is an imperative that this core segment needs a revamp. And Cyble is well-positioned to make this segment better for the customers. As Artificial Intelligence continues to evolve, so do the imperatives of cyber defense. At Cyble, we are committed to providing businesses and individuals with the most advanced insights and AI tools needed to secure their digital territories.

ISSUE 12

TheCyberExpress

We use AI as part of the defense and haven’t seen Artificial Intelligence being used so much in the offense. We need to evolve our defenses and as a company, we are in a good position to do that. We started investing in AI 18 years ago. We have in-built capabilities related to machine learning and the use of Artificial Intelligence in our products. In that sense, our standing is good but at the same time, we like everybody else are following very closely what’s happening in ChatGPT which is an opportunity for us to improve the way we operate the products at the same time we need to consider the fact that it will be used by attackers. We have seen the first samples of malware, of which the codes were written by ChatGPT.

AI in CYBERSECURITY

According to the official document titled the “Report on the Investigation into Russian Interference in the 2016 Presidential Election,” the IRA launched a massive disinformation campaign, favoring Trump and disparaging Clinton, while provoking and amplifying political and social discord within the United States.

Independent researchers, working on behalf of the Senate Intelligence Committee, uncovered evidence indicating that Moscow’s intelligence officials engaged with millions of social media users from 2013 to 2017.

Their methods involved exploiting pre-existing political and racial divisions within American society. Vox obtained access to these two reports before their scheduled release. The scope of Russian social media propaganda dissemination was extensive, covering various platforms such as Facebook, Twitter, Reddit, Tumblr, Pinterest, Medium, YouTube, Vine, and Google+, among others. Notably, Instagram emerged as the most heavily utilized platform, largely evading public scrutiny until late 2018.

While this concluded the fact that social engineering was widely used in the election, another question subsequently pops up: were the electronic systems hacked?

The US Senate Intelligence Committee in 2019 investigated into Russia’s 2016 election interference. The first investigative report in the series was published 24 hours after the former special counsel Robert S. Mueller III warned that Russia was moving again to interfere “as we sit here”. It could not dig up hard evidence of any votes being changed in actual voting machines, but categorically stated that the worst fear has indeed come true.

“Russian cyberactors were in a position to delete or change voter data,” it said. The committee probe report found “an unprecedented level of activity against state election infrastructure”, mostly looking for vulnerabilities in the security of the automated election systems.

The further reports by the Senate Intelligence Committee in 2019 revealed an unprecedented level of activity by Russian hackers, an audacious trial run to probe the vulnerabilities of America’s election infrastructure. Election hacking and the bane of connectivity

The scale of the operation was staggering, with intrusions detected in “all 50 states”, reported the Senate Intelligence Committee.

TheCyberExpress

ISSUE 12

DIGEST SCOOP

ISSUE 12

TheCyberExpress

LAURA KOETZLE Vice President at Forrester Research (A Research and Advisory Firm) There are a bunch of different ways to use AI and machine learning in the security context. There are security tools that use various flavors of machine learning or artificial learning to improve detection rates say or minimize false positive rates. Or you get automation of various kinds of tasks which is a long-standing thing. There are plenty of companies that are offering solutions that take advantage of the possibilities of various kinds of machine learning models. It’s particularly useful for monitoring user behavior against baseline so that you’ve got a system that learns what the sort of baseline activity of your set of users is. So, you can raise a flag when people start behaving strangely or when systems start behaving strangely. That is an established thing that will continue to improve over time. What is new in the world is generative AI. I think the direct current challenge for us in the world of information security is generative AI is good at writing convincing-looking phishing emails on a large scale. That means that we’ve got to have better detection and phishing exercise training for corporate employees to deal with that. We also have disinformation challenges of generative AI. It’s very easy to see all the kinds of dystopian examples of this from pedestrian stuff like university students who are looking for a bibliography about something getting plausible sounding but fictitious title author journal for something that doesn’t exist. The large language model was found by somebody who’s an expert in that field. If they assign it to a random page number in a journal that is going to be a serious challenge. And all of us in the information security world aren’t necessarily experts in combating disinformation. But I think we will have to bring that expertise into our organizations.

MIKE BECK Global CISO at Darktrace (An Autonomous Cyber AI Firm) I am very passionate about AI and I don’t think that AI is going to come in and take our jobs in security. There are parts that AI is great at including the assessment and analysis of mass data. At Darktrace, we use AI across email, public cloud, network, and endpoint to get a holistic picture of those data points and continuous assessment. I think human teams are good at overlaying domain knowledge as security analysts. I don’t see it as a kind of taking jobs, I see it as a partnership like how you scale the AI in your environment to do more work but also keep you thinking about how you can use the domain knowledge and security.

AI in

CYBERSECURITY

TheCyberExpress

ISSUE 12

DIGEST SCOOP

YEHUDA SUNSHINE Chief Marketing Officer at Epicenter Consulting (Technology Firm) I think that AI can do specialized tasks if it’s trained. It’s about the bias that inherently gets put into AI. I worked many years ago in a synthetic data and facial recognition company. The biggest thing that they were dealing with was this algorithm bias where they just didn’t train it on enough diverse people. And then all of a sudden, they said that black people are doing this, or Asian people are doing this. And it’s making distinctions because it just doesn’t have the quantity of data. I think the bigger issue here is the people who are training the systems and the expectation that it’s going to do these multifunctioning broad tasks. But if we say that AI can do a very hyper-focused or almost superficial thing especially off national language processing, I think that is realistic. I am not afraid that AI is going to take over the world like a Terminator. But I think that we are a lot closer than we were 10 years ago. I think the complexity of a lot of cyberattacks is still beyond what an AI can pull off right now. But to say that it’s completely out of the question or more so an element of AI could act in the hacking process where it could take a channel of the responsibilities and take off some of the expectations of the hackers. I think that that’s something more realistic.

ISSUE 12

TheCyberExpress

SATNAM NARANG Senior Staff Research Engineer at Tenable (Cybersecurity Firm) We are in the infancy with the rollout of ChatGPT and it becoming more available to the masses. We see all these new iterations coming out; there are a lot of creative individuals who are coming up with things like AutoGPT which is like taking ChatGPT and then super powering. AgentGPT creates these agents that will perform tasks not just singularly focused. So, I think we are still just barely scratching the surface. Naturally, we have broader cybersecurity concerns about what that means in terms of how will threat actors take advantage of these generative AI tools. We obviously know some of the more common things that are available using Large Language Models. Essentially what it does is it gives individuals who may lack the necessary skills to craft good and convincing phishing emails, it gives them the ability to do it. It even helps in creating fake profiles on dating apps. If you think about it, a lot of profiles and emails contain spelling errors and things that if you look at the surface, you might be able to pick apart. And say that this doesn’t seem legitimate. I think we are still a little far from seeing generative AI developing really good custom malware that can be used in attacks.

RYAN DAVIS CISO at NS1 (Premium DNS and Traffic Solutions) I think AI is like any other technology. When we had the industrial revolution and the advent of the internal combustion engine, that changed entire industries and how they operated. I think AI will look back and we will have a similar sentiment towards AI. There will be an AI revolution that may not be like Skynet where computers are taking over the world. But I think there will be a fundamental shift in how society and humans operate with AI. I think it’s one of those things where the technology is here, whether we choose to embrace it or not. There will always be people who will use it to their own benefit and maybe to the detriment of others like deepfakes. The ability to create content that appears to be somebody else that’s not real. From where I sit in the security world, we can either choose to reject it or embrace it. The more you try to deny that a technology exists, especially one that could be used for adversarial purposes, you are setting yourself up for failure. If a developer can utilize Google to find a piece of code that helps them do their job, they are going to do it. Likewise, if there is an AI algorithm that allows them to say here’s my problem, help me write the code to solve that problem, they are going to do it. Whether you permit it or not. For me, the core of my job is risk mitigation. It is understanding what the risk versus the reward is, and it’s a constant balance. There is not a single point in time where there’s a 100% right answer. Here’s the answer for today and that answer might change tomorrow.

ROSS BREWER Chief Revenue Officer at SimSpace (Military-Grade Cyber Ranges and Training) I have never seen anything take over the world in terms of consciousness of a particular technology in such a short space of time. However, there is a risk to it. You potentially could have AI develop malware. If you think about some of the hacking groups now, they’re requiring small open-source companies and small open-source technology so that they could inject into those libraries their malware. And have banks using that application and then doing an update not realizing that a library in the background was bringing in code. It is a sneaky way to get into the back room. And SolarWinds was a big example of that. There’s a lot more of that going on than people realize. Then if you look at the likes of ChatGPT. It has nothing to tell itself whether it’s writing safe code or not. That’s not the point. You could mal-train the AI engine. Let’s take autonomous vehicles. You could go all out and put a whole lot of scripts all over the internet about how you do a certain autonomous vehicle health check. And if you write that in enough places on the internet then it goes into machine learning or the AI capabilities. Imagine that it is writing those bits into the code that it’s writing because it’s seen everywhere. It doesn’t know if it’s good, bad, or indifferent. It’s just being told that this is the way to go when it comes to that component in autonomous vehicles.

TheCyberExpress

ISSUE 12

CYBERVILLE

NLP-Powered

AI: The Future of Cybersecurity Threat Detection - By Ashish Khaitan

The integration of Natural Language Processing (NLP) into the field of cybersecurity represents a pivotal development in safeguarding online data. As the use of artificial intelligence (AI) driven solutions continues to reshape the landscape of cybersecurity, the synergy between NLP and AI emerges as a robust defense against the ever-evolving spectrum of cyber threats.

Undoubtedly, cybersecurity has evolved into a paramount concern for organizations of all sizes. The ascent of increasingly sophisticated cyber threats and the changing nature of attacks necessitate the adoption of cutting-edge technologies to maintain a competitive edge in this digital arms race. NLP is one such technology that has garnered substantial attention.

This integration not only enhances communication between machines and humans but also strengthens the capability to comprehend and respond to both human and nonhuman languages, thus bolstering organizations’ defenses against potential breaches.

Harnessing the capabilities of AI, NLP platforms have emerged as potent tools in the ongoing battle against cybercrime. In this article we will delve deep into the story of NLP-powered AI, as it reinforces cybersecurity measures and unveils its multifaceted applications in safeguarding the digital frontier.

ISSUE 12

TheCyberExpress

ISSUE 12

CYBERVILLE

NLP’s Vital Role in Cybersecurity To dive into how NLP platforms strengthen cybersecurity, it’s essential to grasp the core concepts of NLP and its pivotal role in this field. NLP represents a subset of artificial intelligence dedicated to equipping machines with the ability to grasp, interpret, and interact with human language. It transcends basic text analysis, enabling machines to delve into the intricacies of human communication. By leveraging NLP technology, cybersecurity experts can automate various tasks, elevate their threat detection capabilities, and streamline incident response procedures. NLP’s unique strength lies in its capacity to contextualize and learn from human language, making it an invaluable asset in the relentless battle against cyber threats. Conventional rule-based systems often grapple with keeping pace as hackers continually evolve their tactics. Conversely, NLP empowers machines to adapt to new expressions, dialects, and even unforeseen queries, ensuring a comprehensive understanding of the language used in cyberattacks.

ISSUE 12

TheCyberExpress

Harmonizing Contextual Insight with Threat Intelligence As we look to the future, NLP-powered AI systems are poised to revolutionize the field of cybersecurity. These systems will redefine our understanding of language, equipping themselves with an unparalleled ability to decipher nuances and context-specific information. This heightened contextual intelligence will be a game-changer, enabling them to effectively distinguish between genuine threats and false alarms, thus empowering organizations to respond more efficiently. Let’s dig into the five keyways in which NLP is set to transform the cybersecurity landscape:

Enhanced Behavioral Analysis for Anomaly Detection

Multimodal Capabilities for Comprehensive Threat Assessment

AI systems will adopt a proactive stance by scrutinizing user and system behaviors for signs of anomalies that might indicate potential cyber threats. This proactive approach is instrumental in the early identification and mitigation of risks, preventing them from escalating into full-scale attacks. By understanding established patterns of normal behavior, AI-powered systems can swiftly pinpoint deviations that could signal an impending security breach.

The AI systems of the future may seamlessly integrate with other technologies, such as image recognition and video analysis, to provide a more holistic assessment of potential threats. By marrying linguistic analysis with visual data interpretation, these systems will be better equipped to identify and respond to complex, multi-modal attacks.

Augmented Decision Support for Security Analysts NLP-powered AI tools will increasingly serve as valuable allies to security analysts, offering real-time insights that assist them in making more informed decisions. This augmentation of human capabilities is critical in the dynamic and ever-evolving threat landscape. By harnessing the computational prowess and data processing capabilities of AI, analysts can efficiently sift through vast amounts of information intelligence.

Privacy-Centric Approaches to AI Development In a world increasingly concerned with data privacy, forthcoming NLP-powered AI solutions will prioritize the development of privacy-centric features. This commitment will encompass robust encryption measures, stringent access controls, and transparent data handling practices. By embedding privacy principles at the very core of AI systems, organizations can build trust with their users and ensure compliance with evolving data protection regulations.

TheCyberExpress

ISSUE 12

DIGEST CYBERVILLE NLP Platforms for Enhanced Cybersecurity in 2024 NLP technologies have the potential to completely transform cybersecurity in 2024 by offering better defense against a wide range of constantly changing online threats. Since NLP has a sophisticated contextual knowledge of the language, these platforms can distinguish between real threats and false alarms by comprehending nuances and context-specific information. These revolutionary technologies come with five main benefits. Initially, it improves behavioral analysis for anomaly identification, spotting and averting possible threats before they materialize into extensive attacks. Second, real-time NLP solutions give security analysts insightful information that improves their ability to make decisions. For a thorough danger assessment, they also integrate with other technologies such as image recognition and video analysis. Finally, privacy-centric development techniques guarantee adherence to changing data protection laws. Let’s take a closer look at various NLP platforms that are at the forefront of revolutionizing the cybersecurity scape.

Google Bard: Empowering Threat Intelligence Gathering Debuted on March 21, 2023, Google Bard stands out as an NLP-powered platform that plays a pivotal role in the realm of threat intelligence gathering. It employs advanced machine learning algorithms to sift through vast volumes of text data, extracting valuable insights. By comprehending threat intelligence reports, Google Bard empowers organizations to swiftly identify emerging threats, monitor threat actors, and proactively bolster their security measures. A key advantage lies in its proficiency at grasping the nuances of human language, allowing it to efficiently sift through extensive data and pinpoint crucial information. This capability is made possible by Google’s large language model, PaLM 2, which excels at processing human language. As a result, cybersecurity professionals can keep abreast of the latest threat trends and take proactive steps to safeguard their systems and data. Google Bard equips cybersecurity analysts with a wealth of features, enabling them to discover the most recent vulnerabilities, stay updated on security news, swiftly generate code, and much more. Much like ChatGPT, Google Bard employs a chatbot interface, all supported by the formidable backbone of Google’s search engine.

ISSUE 12

TheCyberExpress

ChatGPT: Enhancing Incident Response Automation Released by OpenAI on November 30, 2022, ChatGPT stands out as a robust NLP platform specializing in automating incident response. This AI-driven tool not only comprehends natural language queries but responds to them effectively, making it an indispensable resource for security teams in their incident investigations. With its unique capacity to grasp complex situations and provide real-time, pertinent information, ChatGPT significantly expedites incident response, enabling organizations to swiftly mitigate the impact of cyberattacks. Powered by OpenAI’s foundational large language models (LLMs), ChatGPT currently ranks among the most soughtafter Natural Language Processing (NLP) platforms. Furthermore, ChatGPT also excels in automating the cross walking process, which entails the mapping of telemetry data to specific controls. By pinpointing keywords in telemetry data and correlating them with control actions, ChatGPT streamlines the assessment process, reducing manual labor and enhancing accuracy.

Cyble Vision: Redefining Cybersecurity Excellence Cyble Vision offers a wide range of security features, making it a top choice for cybersecurity professionals. This NLP platform leverages cutting-edge technology to provide real-time updates on the latest vulnerabilities and modernday threats. Its capabilities include dark web and deep web monitoring, attack surface management, vulnerability management and brand intelligence for cybercrime. By combining Artificial Intelligence (AI) and Machine Learning (ML), Cyble Vision excels in pinpointing even the tiniest vulnerabilities, streamlining error rectification with minimal effort, and empowering organizations to detect and respond to potential attacks more efficiently.

Natural Language Toolkit (NLTK): Simplifying Threat Analysis NLTK, a robust NLP platform released in January 2023, is supported by Python and can be tailored for cybersecurity applications, rendering it a top choice for threat analysis. It offers an extensive collection of libraries and algorithms for natural language processing, earning favor among both data scientists and cybersecurity experts. With NLTK, security teams can conduct sentiment analysis, entity recognition, document classification, and various other tasks. By extracting valuable insights from unstructured text data, NLTK streamlines threat analysis, enabling organizations to swiftly detect malicious activities and respond effectively.

TheCyberExpress

ISSUE 12

CYBERVILLE

CoreNLP: Unleashing the Power of Machine Learning

spaCy: Streamlining Threat Detection and Prevention

Launched in 2010 by Stanford University, CoreNLP is an opensource NLP platform that has evolved over the past decade. It offers a wide array of tools and models for natural language processing, making it a versatile choice for cybersecurity professionals. CoreNLP employs machine learning techniques to carry out tasks like named entity recognition, sentiment analysis, and part-of-speech tagging.

Introduced in February 2015, spaCy has gained significant popularity as an efficient and precise Natural Language Processing (NLP) library. It boasts a comprehensive suite of features, including tokenization, named entity recognition, and dependency parsing, among others.

As one of the oldest NLP platforms, CoreNLP boasts over a decade of consistent updates. It’s been trained extensively in human language and, thanks to its Java application library structure, is accessible to both cybersecurity experts and those new to the field. By leveraging the power of machine learning, CoreNLP empowers organizations to automate a variety of cybersecurity processes, from detecting malware to identifying intrusions and analyzing threat intelligence. Its flexibility and robustness render it an invaluable asset in the ongoing battle against cyber threats.

ISSUE 12

TheCyberExpress

In the realm of cybersecurity, spaCy proves to be a valuable tool for optimizing threat detection and prevention. By analyzing text data from diverse sources like social media, forums, and news articles, spaCy can swiftly pinpoint potential security risks and empower proactive mitigation strategies. Its remarkable speed and precision render it indispensable for organizations looking to fortify their cybersecurity defenses. Moreover, spaCy excels at handling vast quantities of text data and delivers precise insights, making it the ideal companion for cybersecurity researchers who often grapple with these challenges when dissecting ransomware groups.

But wait, there’s more! The world of NLP boasts a diverse array of tools, exceeding a hundred in number. While not exclusively designed for cybersecurity, many of these NLP tools find applications in data analysis by security analysts. Let’s take a brief tour of some of the most popular NLP tools currently available to internet users. •

AllenNLP

•

Amazon Comprehend

•

Amazon Lex

•

AYLIEN

•

ChatGPT

•

Dialogflow

•

Gensim

•

Bard

•

IBM Watson

•

Kaldi

•

MonkeyLearn

•

NLTK (Natural Language Toolkit)

•

OpenNLP

•

PyNLPl

•

spaCy

•

Stanford NLP

•

TextBlob

•

Apache OpenNLP

•

Wit.AI

The Growing Importance of NLP in Cybersecurity

Harnessing the Power of NLP in Cybersecurity

Artificial intelligence is currently one of the fastest-growing industries. In 2022, it was valued at USD 17.4 billion, and it’s projected to reach approximately USD 102.78 billion by 2032, according to Precedence Research. Technologies harnessing AI are immensely popular among both organizations and individuals.

Embracing NLP in cybersecurity is not just a trend; it’s a necessity in today’s world. By harnessing the power of AI and NLP, organizations can significantly enhance their ability to detect, prevent, and respond to cyber-attacks, ensuring the security and integrity of their valuable assets. Leveraging platforms like Google Bard, ChatGPT, NLTK, CoreNLP, and spaCy, they can fortify their cybersecurity defenses and stay one step ahead of malicious actors as the field of NLP continues to advance, offering more innovative applications to empower cybersecurity experts.

Natural Language Processing (NLP) platforms, a rapidly expanding sector within AI, have demonstrated their effectiveness in enhancing productivity, simplifying complex data, and providing swift responses. Moreover, their integration into cybersecurity has proven to be a valuable asset, streamlining research and analysis processes.

So, take a proactive stance and explore the possibilities of NLP-powered cybersecurity solutions to safeguard your organization against the cyber threats of tomorrow.

With the ever-evolving landscape of cyber threats, organizations are increasingly turning to NLP platforms to bolster their cybersecurity defenses. NLP can be applied to various aspects of cybersecurity, including gathering threat intelligence, prioritizing alerts, detecting phishing attempts, and analyzing user behavior. The automation facilitated by NLP platforms empowers security teams to identify and respond to threats more efficiently, ultimately reducing response times and minimizing potential damage.

TheCyberExpress

ISSUE 12

CYBERCRIMINALS’ UNLIKELY BEST FRIEND - By Ishita Tripathi Since its emergence in the 1960s, artificial intelligence (AI) has made significant strides. Its applications in various sectors, including healthcare, finance, transportation, and entertainment, have been transformative. However, AI’s incredible potential also presents a significant challenge, as

ISSUE 12

TheCyberExpress

it has become a potent weapon in the hands of hackers and cybercriminals. In this article, we’ll take a detailed journey through the evolution of AI, exploring how it has become a tool for hackers.

TheCyberExpress

ISSUE 12

Evolution of AI Hacking In today’s digital era, hackers continuously devise innovative methods to target large organizations and gain unauthorized access to their data, with AI being one of their preferred tools. Here are a few ways in which hackers leverage AI to victimize and assault businesses: Automated Attacks and Exploits: Hackers employ artificial intelligence to enhance the efficiency of their attacks against organizations. AI assists them in swiftly identifying vulnerabilities in an organization’s networks and applications, such as weak passwords or security system flaws. AI algorithms enable hackers

ISSUE 12

TheCyberExpress

to orchestrate large-scale attacks on multiple businesses simultaneously, making it easier for them to breach their target’s networks. Advanced Phishing and Social Engineering: AI is harnessed by hackers to make their phishing endeavors more potent. Through AI, they can create highly convincing phishing emails and messages that deceive individuals into divulging their passwords and financial information. These messages appear authentic and personalized, as AI algorithms analyze vast amounts of data, making it challenging for recipients to discern their legitimacy.

Sneaky Malware and Evading Security: Modern hackers use AI to craft malware that is exceptionally difficult to detect. Malware refers to malicious software that can infiltrate a computer without the user’s knowledge, allowing cybercriminals to access and steal confidential information. AI aids hackers in developing malware that can adapt its code or behavior to evade detection by antivirus software, thereby increasing the difficulty for organizations to protect their networks. Cracking Passwords and Bypassing Biometric Systems: AI-driven password generation algorithms enable hackers to guess

passwords through trial and error or exploit data from previous breaches to decipher common password patterns. Additionally, hackers employ AI technology to create fake fingerprint and voice samples to deceive biometric-based systems, allowing them to bypass security measures based on these traits. Analyzing Data for Targeted Attacks: Hackers utilize AI to gather and analyze vast amounts of data from various sources, including social media and leaked databases. This enables them to identify trends and design tailored attacks, adapting their strategies based on vulnerabilities or targeting specific individuals,

all in their quest to steal valuable information from companies. The flexibility of AI allows for the rapid generation of slightly different scripts using various words, enabling the creation of various malicious artifacts. Consequently, defenders and threat hunters must swiftly embrace this technology to avoid falling behind cyber attackers. Cybercriminals employ several key AIdriven methods to breach company networks, including the generation of deep fakes, sophisticated malware development, stealthy attacks, AI-assisted password cracking, CAPTCHA circumvention using

GANs, impersonation on social networks, and the use of automated frameworks. In underground forums dedicated to scams, threat actors have begun exploring ways to exploit ChatGPT and similar AI tools, particularly in early 2023. These efforts include generating digital art with tools like DALL·E2 and marketing it through legitimate channels like Etsy. Additionally, individuals have shared insights on creating e-books or chapters for online sale using ChatGPT.

TheCyberExpress

ISSUE 12

Expert Insights on the Evolution of AI-Powered Cybercrime

They also explored methods for creating and selling e-books or short chapters using the ChatGPT tool.

The evolution of AI-powered cybercrime is currently in its nascent stage. In January 2023, researchers made a startling revelation concerning posts related to the bypassing of ChatGPT restrictions on the deep web. These posts served various purposes, including the development of malware, encryption tools, and trading platforms.

Cybercrime’s Shifting Landscape: The Role of AI in Future Threats

A Statista report, published in April 2023 and based on research conducted in January, shed light on the prevalent beliefs in this domain. According to the report, 50% of respondents anticipated that cyberattacks using ChatGPT would be executed within a year. An even larger 80% believed that such cyberattacks might materialize within two years. Within this discourse, there are experts expressing contrasting viewpoints. A senior FBI official emphasized, “We anticipate that as the adoption and democratization of AI models continue, these hacking trends will intensify.” However, Bitdefender’s Tech Solutions Director, Martin Zugec, countered this argument, stating, “The quality of malware code produced by chatbots tends to be subpar.” Furthermore, in various underground forums dedicated to fraudulent activities, threat actors initiated discussions on exploiting ChatGPT’s capabilities at the outset of 2023. Their activities ranged from generating digital art through another AI tool, DALLE2, and selling it through legitimate platforms such as Etsy.

ISSUE 12

TheCyberExpress

Sami Khoury, the head of the Canadian Centre for Cyber Security, has pointed out that AI is making significant inroads into the world of cybercrime. According to him, AI is now being harnessed for a variety of nefarious purposes, from crafting more convincing phishing emails to generating malicious code and spreading misinformation and disinformation (source: Reuters, July 20, 2023). However, Khoury also notes that there’s still room for growth in this area, as creating a truly effective exploit remains a challenging endeavor. Cybercrime stands out as a domain that has adeptly embraced the capabilities of AI. Its effectiveness lies in its ability to not only understand current trends but also predict future ones. This makes it a formidable tool in the hands of those who seek to exploit the advantages of artificial intelligence. As the saying goes, “By far, the greatest danger of Artificial Intelligence is that people conclude too early that they understand it.” (Eliezer Yudkowsky, Telefonicatech) AI has shown remarkable efficiency in the realm of criminal cyber activities, thanks to its reliability in forecasting both current and future events. The potential of AI in this field is evident in various methods employed by cybercriminals to infiltrate company networks:

Deep Fake Generation: AI is used to create convincing deep fakes, making it harder to discern fake content from real. State-of-the-Art Malware: AI facilitates the development of sophisticated malware, enabling more potent and challenging-to-detect attacks. Sneak Attacks: AI aids in stealthy intrusion techniques that are hard to detect until it’s too late. AI-Enhanced Password Guessing: Cybercriminals leverage AI to guess passwords, increasing their success rate. CAPTCHA Breaking with GANs: AI, particularly Generative Adversarial Networks (GANs), is used to break CAPTCHA systems, bypassing security measures. Human Masquerade on Social Networks: AI helps impersonate legitimate users on social networks, enabling cybercriminals to deceive and manipulate. Automated Frameworks: AI-driven automated frameworks streamline and enhance the efficiency of cyberattacks. The interplay between AI and cybercrime is evolving rapidly, creating new challenges for cybersecurity professionals. As AI continues to advance, both defenders and offenders in the digital realm must adapt and innovate to stay ahead in this ongoing battle.

TheCyberExpress

ISSUE 12

AI’s Evolving Impact on Cybersecurity Europol has foreseen a troubling trend in the world of cybercrime, one where artificial intelligence plays an increasingly prominent role in identifying targets, vulnerabilities, and expanding the scale and impact of attacks. The agency predicts that cybercriminals will unleash larger and more dangerous cyberattacks, bolstered by the power of AI. An area where this advancement is particularly concerning is in the realm of deception. AI-driven tools like ChatGPT can now mimic human writing styles and bewilder victims, making them believe they are conversing with real humans. Europol has issued a stern warning about the potential misuse of “NO CODE” tools, which can transform human language into code, potentially inciting greater interest in cybercrime among the younger generation. The evolution of AI-powered malware is another grave concern. These malicious programs are growing smarter, capable of homing in on specific information, such as a company’s intellectual property or employee data. Ransomware, too, is adapting, discovering new vulnerabilities while maintaining stealth for extended periods, evading detection within IT systems. Furthermore, artificial intelligence has the potential to breach biometric security measures and mimic human device-handling behavior, further complicating cybersecurity efforts. A Statista report from April 2023 shed light on public perceptions. A majority of respondents, 53%, expressed fears that cybercriminals could harness chatbots like ChatGPT to craft more convincing phishing emails. Similarly, 49% believed that ChatGPT could be used by novice hackers to bolster their technical knowledge and perpetuate misinformation. This research was based on responses from cybersecurity firms across the UK, US, and Australia. The dangers posed by AI’s capacity to intensify and multiply attacks extend to individuals, critical infrastructure, and national security. It’s a sobering reality that society must grapple with as AI continues its rapid advance.

ISSUE 12

TheCyberExpress

On a more optimistic note, AI-based chatbots are showing signs of improved ethical behavior. The GPT-4 model, for instance, generates 89% less harmful content compared to its predecessor, GPT-3.5, according to a Statista report published in May 2023.

AI’s progress, with its manifold opportunities and associated risks, underscores the need for vigilance. Hackers are continually devising complex schemes to exploit AI’s potential for malicious ends, threatening not only individuals but also businesses and nations. To harness the power of this technology while minimizing harm, we must

remain watchful, adaptable to the evolving landscape, and dedicated to implementing ethical AI practices. The path forward hinges on collective vigilance, collaboration, and ethical considerations. The choices we make in navigating this AI transformation will determine the future we shape.

TheCyberExpress

ISSUE 12

VIEWPOINT

Ransomware:

The Unseen War Holding Lives Hostage - By Samiksha Jain Imagine the lights go out in a hospital. Vital systems crash, computers stutter into silence, and labs fall harshly quiet. Further, the chaos added up when emergency room nurses resorting to pen and paper, racing against time to save lives. This isn’t the script of a dystopian movie; it’s the chilling reality that unfolded at CommonSpirit Health in October 2022 which faced ransomware attack. In the heart of Washington, ER nurse Kelsay Irby found herself thrust into a nightmare when a crippling ransomware attack brought the second-largest nonprofit healthcare system in the United States to its knees. Lives hung in the balance for over two weeks, as doctors and nurses scrambled to manage a crisis that exposed the terrifying human toll of cyberattacks. But this is just one tale among many, for across the digital landscape, countless similar ransomware attacks have struck terror into the hearts of people. Let’s take the

ISSUE 12

TheCyberExpress

recent figures. In starting of 2023, The US Department of Health and Human Service Office for Civil Rights got hit with total of 327 reported data breaches. The massive increase of over 100 percent from the 160 breaches they had on record by mid-2022. And guess what? This surge in breaches shows no signs of stopping any time soon, as revealed by Fortified Health Security. Now here is the kicker: these cyberattacks impacted the data of more than 40 million individual patients in 2023. That’s a 60% jump from the same time the previous year. In 2022, there was just one breach involving 2 million records. But in the first half of 2023, there were five breaches, each one compromising at least 3 million records. It’s a clear sign that patient data security is facing a growing threat. In this article, we will explore about the creepy world of ransomware, uncovering the unsettling impact it has on lives and the horrors it leaves in its wake.

TheCyberExpress

ISSUE 12

VIEWPOINT Understanding Ransomware Let’s understand what ransomware is first. It’s like this sneaky software that gets into your computer or network and basically holds your important stuff hostage by locking it up with a secret code. You’ve got to pay up to get your files back. And you know what, ransomware actually goes way back to 1989, when floppy disks were all the rage, and the ransom was a tiny US$189! Now, fast forward to today, ransomware attacks have shot up by 13 percent over the past five years, costing an average of a whopping US$1.85 million each time. And in 2023, the top spots for getting hit by ransomware are Singapore and Austria, while the United States wins the prize for the most attacks. Additionally, from January 2023, there have been nearly 91,000 times that ransomware got caught causing trouble. And if you’re into stats, the Astra report says that ransomware is responsible for about 27 percent of all malware breaches. These numbers themselves speak volumes about how terrifying ransomware attacks can be if they aren’t detected in time.

Ransomware’s Deadly Consequences The human toll of these ransomware attacks is immeasurable, affecting individuals, businesses, and even critical infrastructure. Here are some of the key consequences: Financial Ruin: Ransomware attacks can cripple businesses by encrypting valuable data and demanding hefty ransoms. When organizations are unable to recover their data or pay the ransom, the financial losses can be catastrophic. For instance, the WannaCry attack in 2017 cost the UK’s National Health Service (NHS) an estimated £92 million (equivalent to approximately US$97.52 million as of the current exchange rate) in damages. This ransomware epidemic spread outside Europe, disabling computer systems in 150 countries. The global financial ramifications of the WannaCry ransomware outbreak were considerable, with an estimated US$4 billion in losses occurring as a result of this cybercrime. Compromised Privacy: Ransomware breaches can expose sensitive personal information. For instance, in

ISSUE 12

TheCyberExpress

February 2016, Hollywood Presbyterian Medical Center, a major healthcare facility, fell prey to a malicious cyberattack through the Locky ransomware endeavor. An employee inadvertently triggered the attack by opening an infected email attachment. The hospital’s network was swiftly compromised, leading to a complete system shutdown. Locky quickly encrypted critical patient data and disrupted medical procedures, forcing some patients to be redirected to other hospitals. The hospital paid US$17,000 to regain system control, alongside significant PR damage. Critical Services Under Siege: Ransomware attacks on critical infrastructure, like power grids or transportation systems, could lead to widespread chaos. The attack on the Colonial Pipeline in 2021 disrupted fuel supplies along the U.S. East Coast, highlighting the vulnerability of essential services. To breach the pipeline responsible for transporting around 2.5 million barrels of fuel daily, cybercriminals exploited an unused account with lingering network access. When these attackers risked revealing crucial segments of the nearly 100 gigabytes of purloined data, Colonial Pipeline paid a ransom of US$4.4 million. Long-term Repercussions: The aftermath of a ransomware attack can linger for years. The compromised data may end up on the dark web, leaving individuals vulnerable to identity theft or other cybercrimes.

TheCyberExpress

ISSUE 12

VIEWPOINT

Steps to Tame the Ransomware Beast

forget to install and regularly update reliable antivirus and anti-malware software.

Taming the ransomware beast might sound like a daunting task, but there are practical steps you can take to fortify your digital defenses. Think of it as securing your home against intruders; you wouldn’t leave the doors wide open, right? First, keep your software and systems up to date. Regular updates often include security patches that close vulnerabilities.

In the digital world, vigilance is the name of the game. Stay informed about the latest threats and evolving attack techniques and adapt your defense strategies accordingly. By taking these steps, you’re not only making it harder for the ransomware beast to wreak havoc, but also sending a message that your digital stronghold is off-limits.

Next, educate your team about the dangers of phishing emails – these are often the gateway for ransomware attacks. Implement a robust backup system, so even if your data gets kidnapped, you have a clean copy to restore. And don’t

ISSUE 12

TheCyberExpress

Turning the Tide: A Unified Stand Against Ransomware In ransomware world, where cyberattacks threaten lives and livelihoods, decisive action is

paramount. The harrowing tales of hospitals in the dark, critical services disrupted, and financial ruin remind us that the ransomware beast lie in wait in our digital realm. Hope remains. By implementing proactive cybersecurity measures such as regular updates, vigilant education, robust backups, and reliable security software, we can confront this digital terror head-on. This battle against ransomware is personal, safeguarding our data, privacy, and way of life. Together, we send a powerful message to ransomware attackers: your reign of terror ends here. Our digital future is off-limits to the ransomware horror, and we are determined to win this fight.

TheCyberExpress

ISSUE 12

HOT SEAT

AI VS.

CYBERBULLYING: PROTECTING THE VULNERABLE - By Samiksha Jain In the quiet town of Bayville, New Jersey, a tragedy unfolded on February 3. A young soul, just 14 years old, named Adriana Kuch, found herself entangled in a nightmare that no one her age should ever experience. It all began in the halls of her high school when she became the target of a vicious physical assault. The torment didn’t stop there; it was all recorded and, unimaginably, shared on TikTok. What followed was a storm of cyberbullying that engulfed Adriana, pushing her to a decision that no one should ever have to make. As the days passed, four students found themselves facing charges, and the school district’s superintendent took the step of resignation. Adriana’s family, in their grief, connected the dots and attributed her tragic end to the ruthless cyberbullying that followed the assault. Others, within the community, cast a pointed finger at the school’s leadership, holding them accountable for allowing a culture of bullying to persist.

ISSUE 12

TheCyberExpress

But it’s not just about Adriana. This heart-wrenching tale is one of many similar stories, each a stark warning sign that demands our attention. In an era where we find connection through screens and where friendships are crafted through likes and shares, the dark shadow of cyberbullying has become an all-too-common plague. Victims, both young and old, from diverse backgrounds, have found themselves under barricade. Their digital safe havens have turned into battlegrounds, and the toll it takes on their self-esteem and mental well-being is immeasurable. Yet, amidst this digital darkness, a glimmer of hope emerges. A hero has stepped onto the stage, one who doesn’t wear a cape or wield a sword but possesses a power greater than any human. They call it artificial intelligence, or AI for short. With the rise of AI, a new dawn has arrived, a time when the digital world has found its defender.

AI VS. CYBERBULLYING TheCyberExpress

ISSUE 12

HOT SEAT

The Rising Threat of Cyberbullying Cyberbullying is an escalating issue, affecting a significant number of individuals, including over 60% of kids and approximately 40% of adults, with the situation expected to worsen. In the past, bullying used to be a primarily face-to-face occurrence. However, today’s bullies have the power to reach their targets constantly through platforms like social media, texting, emails, and online games. This digital era has given rise to a distressing mix of cyberbullying, encompassing text, audio, images, and videos. According to a survey, children who fall victim to online bullying, especially in middle school, face nearly double the risk of contemplating self-harm. The situation has deteriorated over time, as the number of people encountering physical threats and sexual harassment online has doubled since 2014. Remarkably, a significant 75% of cyberbullying occurs on Facebook, marking it as the primary platform for such misconduct. In contrast, other social media platforms like Twitter, Instagram, YouTube, and Snapchat witness significantly fewer cyberbullying incidents, with 25% or fewer of cases traced back to these platforms. “Today, social media is very powerful due to its reach and affordability. With Internet connectivity becoming better, access to social media is also increasing exponentially. People are free to express their ideas and views freely and openly. One wrong comment and we have seen the kind of pressure an individual is put through,” said Ambarish Kumar Singh, Chief Information Security Officer (CISO) at Godrej & Boyce.

The Profound Impact of Cyberbullying The consequences of cyberbullying can be profoundly damaging, both psychologically and emotionally. Victims often experience heightened stress, anxiety, and depression due to relentless online harassment, as Singh, points out: “In the digital space, whatever we do remains alive in some form or the other forever, even after deletion. This can affect an individual mentally, physically, and emotionally as well.” In severe cases, cyberbullying can lead to suicidal ideation, with victims feeling overwhelmed by the negative impact on their mental well-being. Additionally, the constant connectivity to digital devices, paired with the anonymity

ISSUE 12

TheCyberExpress

that online platforms provide, can make the torment unrelenting and deeply distressing. Amitabh Bhardwaj, Joint Director of IT and Cyber Security, has highlighted key patterns and difficulties associated with cyberbullying, which pose a significant threat to online safety. These encompass heightened digital engagement, particularly among youth, which increases their vulnerability to online harassment. The use of anonymity and false identities by cyberbullies complicates the identification and mitigation of their actions. Policymakers and online platforms face substantial challenges in establishing and enforcing effective regulations to prevent cyberbullying, compounded by the monumental task of monitoring extensive online content. These consequences underscore the urgent need to address and prevent cyberbullying in our increasingly digital world.

AI to the Rescue: The Unsung Hero in Tackling Cyberbullying In a world where the shadows of cyberbullying loom large, a silent guardian has emerged, and it’s not your conventional hero. Artificial intelligence (AI), the unsung hero, is quietly but powerfully stepping in to tackle the relentless wave of online harassment. With its vigilant algorithms and tireless watchfulness, AI is rewriting the narrative, standing as a beacon of hope for countless victims of cyberbullying.

“By leveraging the capabilities of NLP, ML, DL, AI-powered chatbots and AI-driven analytics, organizations and platforms can create safer online environments and provide timely support to those affected by cyberbullying.AI technologies collectively contribute to a more robust and comprehensive approach to identifying and preventing cyberbullying in real-time,” said Bhardwaj. Bhardwaj highlights the multifaceted strengths of AI, from NLP’s pattern recognition in text and speech to ML’s algorithmic precision in identifying cyberbullying behavior and atrisk individuals. DL’s data analysis prowess enhances the precision of detecting cyberbullying instances and vulnerable targets, while AI-powered chatbots offer constant guidance and aid in reporting abusive content. Additionally, AI-powered analytics provide insights into the evolving landscape of cyberbullying, shaping more effective prevention and intervention strategies. Singh further highlights the pivotal role of Machine Learning in training

models to detect cyberbullying across digital platforms. “Machine learning has become a very powerful tool today, which can be trained on various models to detect cyberbullying in the digital space. ML algorithms can be trained to detect cyberbullying behavior on social media, messaging apps, and other digital platforms,” Singh said.

quicker to do a wide and deep search for evidence of bullying and then act on it. Likewise, concerned human operators can use emerging tools like Generative AI to quickly research suspected abuses in some cases. This can augment more targeted searches of social media posts to find incidents of bullying,” Quinn explained.

He further emphasizes the need for users to exercise mindfulness when posting online, emphasizing the importance of considering what, why, and how we share content.

AI Ethics and Challenges in the Fight Against Cyberbullying

On the other hand, Neal Quinn, Head of Cloud Security Services, North America at Radware, highlights AI’s capacity to enhance the accuracy and reach of systems for spotting abusive online behaviors earlier. “AI can be used to improve the accuracy and reach of systems so you can spot abusive online behaviors earlier. For instance, AI can be used to automate image analysis and correlate crowd behaviors across social media platforms. This combination makes it easier and

The use of Artificial Intelligence (AI) and Machine Learning (ML) to identify cyberbullying presents a range of challenges and ethical dilemmas. A survey by the Capgemini Research Institute revealed that cybersecurity professionals are concerned about the opacity of AI and ML algorithms, which makes it difficult to understand how they arrive at their decisions, posing a significant obstacle to implementing these technologies in cybersecurity strategies.

TheCyberExpress

ISSUE 12

HOT SEAT

Privacy and security are central concerns when it comes to AI. AI systems process massive amounts of data, and there’s a risk of mishandling this information, whether through deliberate breaches or unintentional leaks. This mishandling could lead to the exposure of sensitive data, potentially resulting in identity theft, financial fraud, and other forms of misuse. Another worry is the susceptibility of AI systems to hacking and manipulation. As AI systems become more sophisticated and autonomous, the risk of cyberattacks rises. These attacks could allow malicious actors to gain control over AI systems, causing them to make harmful decisions for individuals or society. In addition to these technical security issues, ethical questions arise concerning AI decision-making. AI’s ability to process vast datasets means it can make decisions that exhibit bias or discrimination. This could lead to the unfair treatment of certain individuals or groups, further aggravating existing social inequalities. To address these concerns, it’s vital to establish a robust framework of privacy and security principles in AI development. This framework should include measures for safeguarding personal data, such as encryption and secure data storage, as well as protocols for handling data breaches and cyberattacks. Furthermore, transparency and accountability are essential in AI systems’ decision-making processes, and mechanisms must be in place to detect and rectify biases in cyberbullying detection algorithms.

The Path Forward: Uniting Against Cyberbullying Advancements in AI technology have brought us to a pivotal moment in this fight, offering a robust and comprehensive approach to identifying

ISSUE 12

TheCyberExpress

and preventing online harassment. However, AI alone cannot solve this issue; it takes a community to make a change. We call upon stakeholders, including schools, parents, social media platforms, and policymakers, to join this fight. “In the battle against cyberbullying, several critical factors must be considered. This includes the implementation of rigorous regulations on social media platforms, the widespread promotion of digital literacy and online safety education, the nurturing of a culture marked by empathy and respect in all online interactions, the encouragement of open and honest communication between parents, educators, and children, and the provision of accessible mental health support services for those affected by cyberbullying,” opined Bhardwaj. User empowerment and digital literacy are our best defenses against the shadows of cyberbullying, for every interaction matters in the digital world. Together, let’s work towards a hopeful vision where the online environment is safer, kinder, and more inclusive, and where a silent hero called AI continues to stand guard, protecting us from the relentless wave of cyberbullying.

TheCyberExpress

ISSUE 12

THE COVER

DECRYPTION, DECEPTION, AND DISINFORMATION:

THE COMPLEX WEB OF LIES IN THE HAMAS-ISRAEL

CYBER WAR This analytical piece delves into the digital battleground of the Israel-Hamas conflict, where diverse hacker groups and hacktivists with complex motives add to the region’s already unstable situation.

- By Avantika Chopra

ISSUE 12

TheCyberExpress

ISSUE 12

THE COVER

The day began with the promise of a joyous celebration during the Jewish holiday of Sukkot, with the early morning sun casting a hopeful glow. But soon, it all turned dark as Daniel Levi, an attendee at the Supernova music festival in southern Israel, and many like her, attempted to escape after Hamas paragliders descended onto the scene, launching an attack that transformed the serene morning into a nightmare. Dozens of terrorists seemed to emerge from thin air, advancing upon the crowd like malevolent apparitions, shooting from all directions. Festival attendees scattered around like ants, as the terrorists took one shot after another, sparing no one in sight. Simultaneously, the Palestinian militant group launched a flurry of rockets at Israel and breached its defenses by air, sea, and land in a surprise attack. “They began firing, and rockets filled the sky,” Levi recounted during an ABC News Live interview. With nowhere to hide, Daniel and her friends decided to climb the trees instead of staying out in the open fields. They bore witness to the horrifying sight of people being shot down. Six agonizing hours passed while they clung to the branches, their hearts pounding in rhythm with the gunfire below. As the daylight gave way to shadows, a glimmer of hope appeared. Daniel and her companions decided to make a daring escape, venturing into an open field and making their way toward a nearby stream. The turning point came when they spotted a police vehicle approaching—a beacon of salvation in a landscape fraught with peril. However, not all were as fortunate. The massacre claimed the lives of hundreds, igniting the flames of the ongoing Hamas-Israel war, a devastating conflict that has exacted a heavy toll on countless innocent lives.

Hamas-Israel War Goes Digital The Hamas-Israel conflict has transcended the physical battlefield, spilling into the digital domain.

ISSUE 12

TheCyberExpress

The rapid dissemination of deceptive claims and altered images was already a major concern, but the emergence of hacktivist groups aligning themselves with either side of the conflict has compounded these mounting apprehensions. These self-proclaimed “digital warriors” make their presence known on popular social media platforms like X, formerly Twitter, and Telegram, where they boast of their cyber exploits, asserting successful attacks on critical organizations, although the evidence for their claims often remains elusive. They go a step further by disclosing their intended targets and even sharing stolen sensitive information. This digital onslaught adds another layer of deception and complexity to the traditional battlefield, making discernment and truthseeking crucial in these tumultuous times. With the war’s physical and digital dimensions becoming intertwined, the motivations driving these cyber-attacks span a spectrum, encompassing objectives such as intelligence gathering, disruption of critical infrastructure, and the dissemination of ideological messages. In essence, the primary objectives of these hacktivists are to intimidate and create chaos. Certain hacker collectives are also exploiting the conflict to advance their own objectives, employing it as a diversion to escalate their cyberattacks.

Prominent Hacktivist Groups Take a Stand Hackers backing the war are unpredictable in their choice of targets, presenting challenges for security experts trying to anticipate their actions. While identifying which side hacker groups align with can give some insight into their motives, predicting their specific next target remains complex.

Moreover, hacktivist groups like Team insane PK, Garnesia Team, Garuda Security, Team Herox, Hacktivist Pakistan, Team Azrael, Mysterious Team Bangladesh, GB Anon 17, Executor Team Cyber, SYLHET GANG-SG, Lulz Security Agency and Ghosts of Palestine were quick to propagandize the campaign in favor of Palestine. Dark Web, Social Media: A Breeding Ground for Cyberattack Claims

Shedding light on these cyber operations, Cyble, the leader in AI-based Threat Intelligence Solutions Provider, thoroughly analysed a week into the Hamas-Israel conflict, noting the coordinated web of attacks and the fundamentalism fueling the conflict. Since the start of 2023, the report noted, Israeli entities have faced DDoS attacks from hacktivists with political and ideological motives, although these attacks were relatively moderate in scale and reach. Following heightened tensions along the Gaza Border, researchers at Cyble noted a surge in hacktivism on social media platforms, particularly using hashtags like #OpIsrael and #AlAqsaFlood, beginning on Saturday, October 7, 2023.

Several hacker groups have been boasting about their latest targets and victims on platforms like Telegram and X. Cybersecurity experts and threat intelligence platforms are constantly sharing these updates, highlighting the rapid escalation of this cyber war. Among the initial attacks, hackers were noted targeting critical infrastructure and communication centers. Moreover, hackers with political motivations reportedly launched attacks on colleges, billboards, and newspapers within the initial weeks of the war. On the dawn of Sunday, October 8, Pro-Russia hacker group Killnet vocalized its plan to compromise all Israeli government systems using distributed denial-of-service (DDoS) attacks.

(Source: Cyble)

TheCyberExpress

ISSUE 12

THE COVER

The hacker collective attributes the ongoing violence to Israel and alleges the nation’s support for Ukraine and NATO.

threat warnings. They claimed to have successfully breached the ‘Red Alert Israel’ national emergency phone application. Within this app, they generated numerous fake alerts, including deceptive notifications of a nuclear bomb threat.

Post their declaration, Killnet claimed they momentarily disrupted an Israeli government portal and the Shin Bet security agency’s website, as reported by Time. Anonymous Sudan, believed to be operating as a facade for Russian interests, expressed its backing for the “Palestinian resistance” and claimed responsibility for taking down the Jerusalem Post’s website. The incident was confirmed by the news organizations.

(Source: Cyble)

Furthermore, the group shared a Proof of Concept (PoC) to exploit vulnerabilities in the Red Alert system, allowing them to compromise users’ mobile devices. AnonGhost Official sought to sow panic by circulating fabricated nuclear threat warnings.

Two smart billboards near Tel Aviv were hacked, replacing the commercials with anti-Israeli content. The displayed content, as reported by CNBC, depicted the Israeli flag under fire and footage from Gaza. GHOSTS of Palestine was found to have exposed the IP addresses of Israel’s air defense system, the Iron Dome. A Telegram channel known as ‘AKSAR DDOS’ was also noted for discussions among its members regarding potential targets within the Iron Dome systems.

Cyberattack on Iron Dome systems claimed by hackers - (Source: Cyble) AnonGhost Official sought to sow panic by circulating fabricated nuclear

ISSUE 12

TheCyberExpress

(Source: Cyble)

The hacktivist collective ‘Cyber Av3ngers’ has also gained prominence amid the Hamas-Israel war. Their tactics include launching DDoS attacks and achieving full system breaches.

In another analysis of the Israel-Palestine cyberwar, threat intelligence platform FalconFeeds identified a total of 116 active hacker groups involved. Among these groups, 23 express pro-Israel sentiments, while a significant majority of 90 show support for the Palestinian side. Interestingly, three groups have chosen to remain neutral and refrained from taking a stance in the conflict. Breaking these groups down by their inclinations, a pronounced number of religious hacktivists from Asia and the Middle East have backed Palestine.

(Source: Cyble) As per insights from Cyble, this group has reportedly compromised several pivotal organizations in Israel, naming the Israel National Cyber Directorate, Bazan Group, Railway Authority, National Electricity Authority, Noga Enterprises, Dorad Energy Ltd., and Mekorot, recognized as Israel’s National Water Carrier.

Over 100 Active Hacker Groups Involved in the Israel and Palestine Conflict The continuous conflict between Israel and Hamas brings forward nations’ challenges when addressing politically driven cyber groups. Hacktivists frequently target government-affiliated entities to disrupt wartime operations.

In addition, the pro-Russia hacker coalition KillNet, in alliance with Anonymous Sudan, has vocalized its support for Palestine. This alignment has stirred discussions, suggesting that some hacker groups may leverage the conflict to further their agendas. Conversely, the report highlighted groups, predominantly from the Indian subcontinent like SilentOne and Indian Cyber Force, siding with Israel and significantly impacting the cyber warfare landscape. In a separate analysis conducted by Fusion Intelligence Center @StealthMole, a range of hacker groups expressing support for both Israel and Palestine were observed. This analysis uncovered direct and indirect connections to hacker groups that have claimed or been alleged to have launched cyberattacks against South Korea. Adding to the absurdity of the affiliations and strategic positions among threat actors. Moreover, it also emphasized the intricate and multifaceted nature of the cyber warfare within the Israel-Palestine conflict.

TheCyberExpress

ISSUE 12

THE COVER

In the visual representation provided below, green lines are used to depict groups supporting Palestine, blue lines signify those advocating for Israel, red lines are employed to indicate references to direct attacks on South Korea, and yellow lines are utilized to highlight mentions of indirect attacks on South Korea.

Earlier in the month, Rob Joyce, the director of cybersecurity at the National Security Agency, mentioned at a Georgia-based security conference that, as of then, the U.S. Intelligence hadn’t witnessed substantial cyber campaigns in the Israel-Hamas fray. However, he alluded to the potentiality of prominent cyber onslaughts in the offing. Joyce highlighted the possible emergence of more hacktivists and cautioned, “Sometimes, you don’t need to be sophisticated to have an impact.”

The report highlights several prominent hacker groups that support Palestine. These groups include Ghostsec, Islamic Cyber Team Indonesian, Ghosts of Palestine, Cyber Error System, UserSec, We Are Killnet, Arab Anonymous Team, WeedSec, Ghost Clan, Team_Insane_Pakistan, TYG Team, Anonymous Sudan, Mysterious Team Bangladesh, Askar DDoS MY, Eagle Cyber Crew, and Cyb3r Drag0n. Recent cyber incidents also illustrate a coordinated effort among pro-Iran and pro-Russia activist groups to support Hamas by complicating Israel’s response efforts. These cyberattacks have primarily involved basic tactics, like DDoS attacks and website defacements, which have minimal disruptive consequences.

ISSUE 12

TheCyberExpress

It is interesting to note that the number of hacker groups siding with Israel is extremely low as compared to those siding with Palestine, despite the unexpected large-scale assault being triggered by the attack by Hamas militants on Israel. The question of which side – Palestine or Israel – receives more support is complex and varies depending on the context -- politically, internationally, regional groups or public opinion. Hence, it is tricky to understand why more hacker groups are fighting for Palestine compared to Israel. However, many experts have noted that several hacker collectives are often exaggerating their claims, attempting to seem more significant than they actually are.

Cybersecurity Capabilities: Palestine vs Israel Sanjeev Relia, a cybersecurity expert, weighed in on the disparity between the hacker support for Palestine and Israel, referencing the cybersecurity prowess of both nations. In strengthening Israel’s cyber capabilities, he accentuated the role of Unit 81, an elite technological division within the Israeli Military Intelligence Directorate. “Unit 81 of Israel plays a significant role in advancing cyber technology. Many veterans from here, after their tenure, have launched cybersecurity startups, which have now grown into multi-billiondollar businesses. With their deep understanding of security and cybersecurity, they significantly are helping Israel’s cyber defenses,” said Relia. Highlighting the involvement of

Unit 81 veterans in Israel’s cyber efforts, he remarked, “While they might not publicly acknowledge it, they are actively contributing to a significant portion of the offensive operations.” Unit 81 is a secretive elite technological unit within the Israeli Military Intelligence Directorate. The unit is known for its advanced technological work on various projects, including cybersecurity, intelligence operations, and other technology-driven missions. Veterans of Unit 81 are individuals who have served in this unit and have since moved on from active duty. On the flip side, discussing Hamas’s cyber capabilities, he inferred their exaggerated narratives on social media and their reliance on allied nations that aren’t particularly renowned for their cyber finesse. Discussing Hamas’s cyber capabilities, he said, “They virtually

have no capability, whatever capability is, is, from these nations who are supporting it, who themselves aren’t known for having advanced offensive cyber capabilities. Much of the narrative they have built on social media, including some shared images, has been exaggerated or manipulated.” Another interesting aspect that surfaced following Hamas’s attack on Israel is the use of weapons originating from North Korea. During the attack on Israel, Hamas fighters appear to have used weapons originating from North Korea, as suggested by a militant video and weapons recovered by Israeli forces. Recently, Hamas released photos showing their militants armed with a distinctively designed rocketpropelled grenade, which experts, including Matt Schroeder of the Small Arms Survey, identified as matching the features of Pyongyang’s F-7 weapon, as reported by AP.

TheCyberExpress

ISSUE 12

DIGEST THE COVER

While North Korea has historically been linked with supporting Palestinian militant groups, North Korean weaponry being found indicates direct support, which surely extends to the cyberwar as well. North Korea’s cyber capabilities have significantly evolved over the past decade, and the nation has emerged as a notable player in cyber warfare. Many of North Korea’s cyber operations have financial motivations. However, North Korea uses its cyber capabilities for espionage purposes as well. The majority of North Korean cyber activities are believed to be state-sponsored. Some of the well-known groups associated with North Korea include Lazarus Group, APT38, and Hidden Cobra. While several experts believe that the current Israel-Palestine cyber clash has become the most prominent display of cyber warfare since the Russia-Ukraine conflict, emphasizing the dramatic increase in hacker group participation in geopolitical disputes, this has also become a hotbed for misinformation and disinformation, with numerous claims being either fabricated or yet to be verified.

Digital Smoke and Mirrors: The Reality Behind Hacker Group Claims The Cyber Av3ngers’ alleged cyberattack on Israel’s Dorad power plant marked one of the initial significant incidents during the onset of the Hamas-Israel conflict that garnered widespread attention. However, it was soon debunked. Cyber Av3ngers took credit for this assault, flaunting PDF files and documents on their Telegram channel as evidence. They used imagery bearing the colors of the Palestinian flag along with snapshots of the purported attack to suggest their support for Palestine. Despite these claims, Israeli authorities did not confirm the attack. Subsequent media reports, complemented by an analysis from Kaspersky, revealed that the images circulated on Telegram were actually from a previous assault against multiple Israeli firms. This attack was orchestrated by the Moses Staff group in 2022. Notably, Moses Staff, believed to be an Iranian hacking collective, made its first appearance on hacker forums in 2021. Alon Gal, the Co-Founder & CTO of Hudson Rock, called into question the authenticity of claims made by pro-Hamas hacker groups. These groups alleged to have successfully infected Israeli computers with malware.

ISSUE 12

TheCyberExpress

Gal’s findings, however, suggest that these purported “infections” on Israeli systems actually dated back to 2022 and were unrelated to the said pro-Hamas groups. During a Flashpoint Israel-Hamas community call, Alon Gal spotlighted the ‘Haghjoyan’ hacking group. In a detailed LinkedIn post, he stated, “An example I recently came across... is the ‘Haghjoyan’ hacking group, which posted photos from Israeli computers on October 13th and provided a sample of some infected computers.” Further investigation unveiled discrepancies. “Checking the sample in Hudson Rock’s database reveals that these computers are from 2022 and were not infected via any recent infection campaign,” Alon observed. He wrapped up by noting, “It is common for these ‘pro-Hamas’ groups to either lie about cyberattacks or launch non-sophisticated attacks, emphasizing that such misleading claims often serve as an attempt by these groups to amplify their cyber capabilities or as tools for propaganda. Below, as presented by Gal, are the images circulated by the hacker group. Contrary to their assertions of recent cyberattacks on Israeli computers, these images are from 2022 and bear no relation to any current campaign.

TheCyberExpress

ISSUE 12

THE COVER The Imperative of Truth in the Age of Misinformation As the frequency of cyberattack claims escalates, the number of verified incidents remains conspicuously low. Such a landscape makes it challenging to ascertain the veracity of hacktivist claims, potentially leading to the rampant spread of misinformation. Regrettably, the damage has often been done by the time these allegations are debunked: lies tend to spread faster and wider than their subsequent corrections. Behind every cyberattack claim, there may be more than just an attempt to spread false information. Such claims are, at times, strategic power moves. Hacktivist groups may allege successful cyber breaches, intending to showcase their prowess and achieve a perceived victory— regardless of the truth behind such assertions.

A dark web analyst from the threat intelligence platform Cyble provided perspectives on the cyberattack allegations made by various hacker factions, addressing the nature of these attacks. “Most of these attempts are superficial without sustained efforts or depth. They aren’t advanced persistent threats (APTs), just individuals expressing their viewpoints through hacking.” “There haven’t been any sophisticated attacks identified from the Palestinian

ISSUE 12

TheCyberExpress

side. They mainly utilize DDoS; such attacks are not advanced against infrastructure.” They concluded by stating that only some of the claims were “authentic”, leading to pressing inquiries: Why are hacker groups perpetuating false claims amidst the conflict? What drives their intentions? What do they hope to accomplish by spreading misinformation? And does this foreshadow the emergence of more significant attacks in the near future?

Given the pattern of deceit that several hacktivist groups have shown in the past, one cannot take their claims at face value. However, these assertions, whether genuine or fabricated, can drain resources. Intelligence and cybersecurity teams find themselves chasing down these claims, trying to verify their legitimacy. In scenarios where most claims end up being baseless, this process can divert crucial resources from more pressing security concerns. However, the community isn’t remaining passive. A number of dedicated researchers are stepping up, rigorously investigating and debunking these assertions. By shedding light on the exaggerations and fabrications of certain groups, they’re aiming to mitigate the potential harm caused by such misinformation in the cybersecurity realm.

TheCyberExpress

ISSUE 12

FORESIGHT

CYBER CLASH:

ISRAEL-PALESTINE Timeline Tangle - By Ashish Khaitan The Israel-Palestine conflict, rooted in historical tensions dating back to the early 20th century, escalated into a fullscale armed conflict in 2023. This particular conflict stands out from previous ones due to the unprecedented human and material toll it has taken, leading to extensive loss of life and widespread displacement.

ISSUE 12

TheCyberExpress

Alongside this grim conflict, there has been a surge of hacktivists and ransomware groups actively targeting government entities, communication facilities, and other critical infrastructure. More than 100 hacker groups have joined this Israel-Palestine conflict, causing irreparable damage. The Cyber Express presents a timeline of the cyberattacks in the Israel-Palestine conflict.

CYBER CLASH ISRAELPALESTINE TheCyberExpress

ISSUE 12

FORESIGHT

Israel-Palestine Attack Spree The Israeli-Palestinian conflict, spanning decades, is among the world’s longest-standing conflicts. Efforts, including the Israeli-Palestinian peace process, often overlap with broader Arab Israeli disputes. Early tensions emerged from claims to a Jewish homeland, notably the First Zionist Congress in 1897 and the Balfour Declaration in 1917, leading to waves of Jewish immigration. Since 2006, Hamas and Israel have engaged in five wars, the latest in 2023. After the election of Israel’s 37th government in November 2022, led by Benjamin Netanyahu and notable for its inclusion of far-right politicians, violence escalated. This led to various military actions like the January, June, and July 2023 Jenin incursions, as well as events like the 2023 Al-Aqsa clashes, the May 2023 Gaza–Israel clashes, and the 2023 Israel–Hamas war. These, along with Palestinian political violence, resulted in the highest death toll in the conflict since 2005.

Timeline of Israel-Palestine Cyberattacks Cyber Av3nger claimed a cyberattack on Israel’s power grid, targeting Noga and DORAD power plants. CTI firm Group IB investigated, revealing unexpected details. This was the initial point of attack that later turned into a widespread war between hackers taking sides for both Israel and Palestine. Tensions on the Gaza Border rise, triggering a surge in hacktivist activities. Hashtags such as #OpIsrael and #AlAqsaFlood gained traction on social media platforms. Teams like Team insane PK, Garnesia Team, and Garuda Security, among others, advocate for Palestine. Hamas launched a significant assault on Israel, leading to widespread violence and casualties. Israel declares war on Hamas in response. Hacktivist groups target critical infrastructure and government entities.

October 7, 2023 The Information Security Unit reports an attempted large-scale cyberattack.

A massive cyberattack on Israel’s infrastructure was announced by the Information Security Department of the Zionist regime.

Israel acknowledges a cyberattack from Iran on its government.

Israel experiences a large-scale cyberattack. Internet connectivity in the Tel Aviv district drops, attributed to an attack by Palestine’s Hamas. Russian telegrams express support for the attackers.

The Mossad website is hit by a cyberattack, part of a larger-scale assault targeting Israeli intelligence and the Iron Dome system.

ISSUE 12

TheCyberExpress

October 8, 2023

October 9, 2023

The Indian cyber force launched a cyberattack on Palestine, affecting websites related to banking, telecom, and Hamas.

Hacktivists in Palestine and Israel target SCADA and industrial control systems. ProIsraeli and pro-Palestinian hacktivists join the fight.

The official website of the Israeli regime faces disruption following a Russian cyberattack.

The Pro-India Group initiated a cyberattack on Palestine, affecting Telecom, National Bank, the official Government website, and Hamas.

After Prime Minister Modi expressed support for Israel, cyber war teams turned their attention to India. Team Garencia targets Israeli servers and hacks several Indian websites. The Russian hacker group “Killnet” hacks the Israeli government website.

Sudan and Russia’s main hacker groups declare cyber war on Israel.

Palestinian hacker group “Ghosts of Palestine” calls on hackers worldwide to target Israel and US infrastructure.

Unconfirmed reports suggest a simultaneous cyberattack on Israeli communications during the Gaza conflict. The Jerusalem Post experienced a cyberattack.

Microsoft identifies a Hamas-linked group targeting Israel. Russian hacker group “Killnet” declares cyberwar on Israel. South Africa’s ANC expresses solidarity with the people of occupied Palestine. Oil prices surged over 2% in response to Hamas’s attack on Israel.

TheCyberExpress

ISSUE 12

FORESIGHT

October 11, 2023 Over 100 active groups participate in the ongoing cyber warfare between Israel and Palestine. Of these, 20 support Israel, 77 back Palestine, and 3 remain neutral.

Malaysian social media accounts engage in the Israel-Palestine conflict, monitoring and strategizing for information purposes.

Cyber avengers target Israel’s national water distribution infrastructure in response to water cuts in the Gaza Strip. The official website of Makrot Co. is reportedly down.

Wiz and GPS disruptions occur due to Israel’s electronic warfare activity, not a cyberattack.

An alert message from the Home Front Command instructs people in Israel to enter protected areas. The nationwide alarm to take cover in bunkers is mistakenly sent to all Israelis, potentially due to a cyberattack.

October 12, 2023 Hacktivists breach Israel’s rocket alert app. A cyberattack on screens at the Dizengoff Center in Tel Aviv displays the message “Palestine is strong and it will win.”

October 14, 2023 The Russian hacker group “Killnet” established a new Telegram channel dedicated to activities related to Palestine. They announce intentions to target Israel and oppose any entity supporting Israel. Algerian hacker group ‘1962’ expresses firm support for Palestine.

October 15, 2023

ISSUE 12

TheCyberExpress

October 16, 2023 Operation Al-Aqsa cyber war against Israel, carried out by Palestine hackers, is announced. Hacking groups reveal access to databases related to Palestine’s Ministry of Health, Iranian Redis servers, and Palestinian Foreign Affairs. Support for these actions is indicated via Termux Israel’s TG group and intel from the Ares Leaks forum.

October 17, 2023 Malaysian netizens express pride in their country’s cyber warfare expertise, citing their response to Israel’s actions in Palestine.

Hacktivist and Ransomware Groups’ Involvement Anonymous Sudan, with ties to Russia, supports Hamas and launches attacks against Israel. Emergency warning systems in Israel are compromised. Exploits in the RedAlert app expose vulnerabilities, disrupting real-time rocket alerts. Mysterious Team Bangladesh joins the campaign and launches the OpIsraelV2 campaign against Israel. Subsequently, ThreatSec’s unaffiliated strikes attack both sides without declaring affiliation, targeting critical infrastructure. The Indian Cyber Force announces cyber-attacks on Palestine starting from October 8th. Meanwhile, KillNet’s Russian hackers launched a cyberattack on the Israeli government, banks, and companies’ infrastructure.

Continuing the Cyberwarfare Numerous formidable hacker groups joined the conflict, including Ghosts of Palestine, which launched widespread attacks on major Israeli websites, including Iron Dome and government sites. Simultaneously, Russian hackers entered the fray through their Pro-Russian group KillMilk, boasting a legion of 10,000 members. Israel experienced 176 significant incidents, while Palestine, India, and Indonesia encountered varying degrees of cyber activity. The 2023 Israel-Palestine cyber conflict witnessed an unprecedented surge in hacktivist activities, intensifying the already devastating physical warfare. This timeline offers a comprehensive overview of the digital struggle accompanying the conflict, shedding light on the intricate dynamics of cyber warfare within the Israel-Palestine context.

Other hacker groups target countries supporting Israel, including India, France, the USA, and Ukraine. Following this, several hacktivists united in support of Palestine, focusing on cyberattacks against Israel.

TheCyberExpress

ISSUE 12

DIGEST

WHO HAS

CHATGPT HELPED MORE CYBERCRIME OR SECURITY? - By Vishwa Pandagle

ChatGPT made its debut in 2022 on November 30, quickly capturing the spotlight and becoming a versatile multifaceted tool. It now functions as an instructor, designer, malware coder, and music composer, among other impressive capabilities. In just over 11 months since

ISSUE 12

TheCyberExpress

its initial release, ChatGPT has gone through multiple evolutionary stages, all geared towards enhancing security. In this article we will delve deep into the transformative journey of ChatGPT and how it is poised to revolutionize cybersecurity.

TheCyberExpress

ISSUE 12

DIGEST

Charting the Generations: From ChatGPT to GPT-4 The Chat Generative Pre-Trained Transformer, known as ChatGPT, is a large language model chatbot that responds to user prompts. It achieved a remarkable milestone by attracting over 100 million users within just two months of its launch, underscoring its status as a multi-billiondollar project. ChatGPT, originally one among the many chatbots powered by artificial intelligence, has undergone significant transformations since its initial iteration as GPT-1 in 2018. In 2019, GPT-2 was introduced, enhancing its text creation capabilities, although concerns about potential misuse by malicious actors arose. The release of GPT-3 in 2020 marked a crucial step forward, enabling better communication with users in multiple languages. In recent months, the evolution of ChatGPT has seen developers of GPT-4 focusing more on ensuring that the results generated are minimally, if not entirely, free of offensive content.

ChatGPT, EvilGPT, and the Ongoing Battle for Cybersecurity Just like any other tool employed to advance cyberattacks, threat actors and dark web marketplaces wasted no time capitalizing on the rising popularity of ChatGPT. Users of these dark web platforms, who specialize in selling tools and applications for cyberattacks, began naming their malicious creations after ChatGPT.

(Source: Cyble)

ISSUE 12

TheCyberExpress

Notable examples discovered by researchers at The Cyber Express include WormGPT, WolfGPT, and EvilGPT, which were readily available on the dark web forums. These versions, priced at a mere US$10, promised to relieve threat actors from the tedious task of crafting convincinglooking emails essential for Business Email Compromise (BEC) attacks. In BEC attacks, perpetrators manipulate employees into transferring funds or divulging sensitive information. With the escalating threat to digital infrastructure, the custodians of cyberspace have devised elaborate strategies to counter cyberattacks. In a blog post, the United States of America’s cyber defense agency unequivocally stressed the importance of securing artificial intelligence by design. Addressing the enigmatic aura surrounding artificial intelligence due to its misuse, a report by the Cybersecurity and Infrastructure Security Agency (CISA) clarified, “Discussions of artificial intelligence (AI) often carry an air of mysticism concerning the inner workings of AI systems. The truth is much simpler: AI is a form of software system.” CISA strongly urged AI system manufacturers to consider security measures as not merely a technical feature but an essential business requirement. They called for AI tools to be inherently secure right out of the box, necessitating minimal configuration or additional costs. Recognizing that AI, particularly in the cybersecurity sector, is poised for significant growth, CISA issued explicit warnings to software manufacturers. Their guidance covered all aspects of AI implementation, including: Notable examples discovered by researchers at The Cyber Express include WormGPT, WolfGPT, and EvilGPT, which were readily available on the dark web forums.

Screenshot: WormGPT Prompt for BEC Email (Source: SlashNext)

•

AI software design

•

AI software development

•

AI data management

•

AI software deployment

•

AI system integration

•

AI software testing

•

AI vulnerability management

•

AI incident management

•

AI product security

•

AI end-of-life management

TheCyberExpress

ISSUE 12

DIGEST

ChatGPT: A Double-Edged Sword in Cybersecurity and Cybercrime Vulnerabilities providing hackers with access to the ChatGPT category have garnered significant attention. However, when considering the potential for unlimited exploitation of ChatGPT for cyber threats, it becomes evident that the possibilities are virtually boundless, and we have a long journey ahead in addressing these challenges. Hackers have already made attempts to exploit ChatGPT for malicious cyber activities. It comes as no surprise that numerous organizations, including Bank of America, Deutsche Bank, Goldman Sachs, and Citigroup, have taken precautionary measures to limit the use of ChatGPT. In response to these concerns, a BlackBerry research report has shed light on the utilization of unified endpoint management platforms to regulate the use of similar tools. “In this way, they can avoid measures that users may perceive as draconian, such as removing or blocking the use of personal apps on a user’s device, while still ensuring that enterprise security is maintained, by “containerizing” corporate data and keeping it separate and insulated from a device owner’s private data or applications,” it added.

Unwinding the Web of ChatGPT-Involved Cybercrime 1.

SEO Poisoning and malicious Google ads – Cybercriminals spread the Bumblebee malware through malicious download pages which were reflected on Google Ads. People looking for apps like ChatGPT were led to search results with software content containing the Bumblebee malware.

ISSUE 12

TheCyberExpress

Phishing attempts – Cyble Research and Intelligence Labs (CRIL) found several phishing websites on another fraudulent OpenAI social media page. Researchers also identified phishing websites impersonating ChatGPT to pilfer credit card information.

SMS fraud and Android malware – Cyble also brought to light SMS fraud wherein threat actors used the name and icon of ChatGPT to dupe individuals with billing fraud. Additionally, over 50 fraudulent apps were also found using the ChatGPT icon.

Limitations of ChatGPT ChatGPT initially served as a straightforward chat tool, but it underwent multiple functional changes, including the addition of security features in response to the growing exploitation of the system. However, despite these security enhancements, malicious actors managed to circumvent the safeguards, using ChatGPT to generate malware and other harmful content. This highlighted a significant limitation of the technology, showing that while it was sophisticated, it couldn’t truly reason and could easily become confused by complex prompts. Consequently, researchers and developers bore the increasing responsibility of continually testing and fortifying the tool’s security to protect its users.

Pilfered ChatGPT credentials traced to the dark web (Source: CheckPoint)

Cybercriminals were discovered using a tool known as an account checker, which facilitated brute force attacks and unauthorized access to accounts. Subsequently, there was another update indicating that hackers were posting stolen ChatGPT account data on the dark web. This resulted in the release of several ChatGPT premium account details on the dark web for further illicit use. While ChatGPT has gained widespread adoption among students, enthusiastic users, and cybersecurity researchers due to its numerous advantages, it remained banned in Italy due to security concerns. Canada initiated an investigation into ChatGPT’s handling of personal data, while other nations deliberated on regulatory frameworks for its use.

Despite its limitations, cybersecurity researchers recognize ChatGPT’s potential to expedite the completion of mundane tasks that involve vast amounts of data. It can efficiently execute various connected or disconnected tasks once properly programmed, thereby alleviating the workload on human employees. However, concerns have been raised about the possibility of job displacement, as ChatGPT and similar tools could potentially reduce the demand for human labor. Nevertheless, the misuse and limitations of technology seem unlikely to overshadow the creative and adaptive capabilities of the human mind. While ChatGPT streamlines and accelerates tasks, it remains a servant to humanity, simplifying processes but not assuming full control over them.

TheCyberExpress

ISSUE 12

DIGEST ChatGPT Facts and Stats OpenAI has been clearing the air about ChatGPT since its inception. Based on InstructGPT models, ChatGPT was assured to be formed with humans in the loop. Although the promise about how the language models are trained and are better equipped to answer user prompts remain under scrutiny, several fun facts about ChatGPT stir interest towards it. While it goes on an ever-evolving spree, lets read certain facts about ChatGPT that fascinate users. 1.

A group of writers accused that OpenAI trained ChatGPT based on their work, unlawfully. John Grisham, one of the writers said to the BBC, “For 30 years, I’ve been sued by everyone else - for slander, defamation, copyright, whatever - so it’s my turn.”

ChatGPT was tested to pass the final exam for the Master of Business Administration program. The test was taken by a professor at the University of Pennsylvania’s Wharton School. And it passed the test.

After creating content for school essays and checking grammar, ChatGPT was in the news for helping someone win a US$59 lottery. The winner claimed that they tricked ChatGPT to generate winning numbers using hypothetical questions.

OpenAI CEO Sam Altman expressed that the hype around GPT-3 was “way too much.” He said that it still has serious weaknesses and makes very silly mistakes.

Enthusiastic ChatGPT users have marveled at OpenAI’s innovative creations. DALL-E, for instance, has the capability to generate images based on textual descriptions, while CLIP can intelligently map images to text. Additionally, Whisper empowers multilingual speech recognition and translation, among other functionalities. The evolution of ChatGPT knows no bounds. Nevertheless, the very versatility and power of ChatGPT pose a risk. Threat actors have discovered ways to exploit its capabilities, and this trend continues to evolve. It is of paramount importance that cybersecurity researchers and professionals invest significant efforts in comprehensively understanding the potential vulnerabilities within ChatGPT. This involves exploring how it could be leveraged to disrupt digital infrastructure. To counter these threats effectively, it is crucial to employ a range of strategies, including red teaming, blue teaming, and purple teaming. These collaborative efforts ensure that we stay one step ahead of cybercriminals and enable us to harness ChatGPT for productive purposes.

(Photo: OpenAI)

ISSUE 12

TheCyberExpress

ISSUE 12

BOTTOMLINE

SEASON’S GREETINGS, CYBER THREATS: Staying Safe in the Online Holiday Rush - By Ishita Tripathi

As the calendar pages turn, signaling the end of another year, a festive tapestry unfolds across the globe. From the cozy gatherings of Thanksgiving to the eerie allure of Halloween, the vibrant celebrations of Dussehra and Diwali in India, and culminating in the yuletide cheer of Christmas and the hopeful countdowns of New Year’s Eve, each festival weaves its own unique spell. In the heart of these celebrations lies a cherished tradition: the exchange of gifts. The allure of convenient shopping on e-commerce giants like Amazon and Myntra has become increasingly irresistible, especially during the festive season. This shift not only elevates the shopping experience for individuals but also provides a significant boost to sellers on these platforms.

ISSUE 12

TheCyberExpress

However, this digital transformation comes with its own set of challenges, particularly in the cybersecurity space. The well-known English adage, “Prevention is better than cure,” holds particularly true when it comes to cybersecurity during the holiday season for both businesses and individuals. It’s always more prudent to prioritize safety in the digital realm. This is because once the trap of cybercriminals snaps shut, reversing the damage can be an extremely challenging, if not impossible, task. So, what exactly does cybersecurity entail during this festive period? Let’s delve into understanding its significance and scope. Recent research indicates that by the end of 2023, e-commerce fraud in the retail sector is projected to hit a staggering US$48 billion worldwide.

TheCyberExpress

ISSUE 12

BOTTOMLINE

What is Cybersecurity During Holiday Season? Cyberattacks are at their peak during the holiday season. Cybercriminals are much more active during this time of the year than ever. People can ensure cybersecurity during this time by avoiding using public WiFi, staying vigilant against phishing scams, not clicking on dubious links in emails, keeping software updated and using strong passwords, implementing MFA, and using credit cards for payments, among many other cybersecurity measures. But these measures are still not enough, it seems. Cybercrime rates are skyrocketing at an alarming level. Cybercriminals often target social media accounts to access individuals’ personal information and ultimately their financial details. By the close of 2022, statistics showed that 153 out of every 1000 internet users experienced breaches in their accounts. And these attacks not only target buyers, but sellers too. In Australia, cyberattacks occur with alarming frequency, approximately every 10 minutes. Notably, 43% of these attacks are specifically aimed at small and medium-scale enterprises.

79% of the businesses in the UK that suffered a cyberattack between 2022-23 said that they faced a phishing scam. But there is a ray of hope. Cyberattacks can be prevented by maintaining proper vigilance. 1.

Retailers should keep a check on their network activity to check for any unauthorised access or even an unusual activity for that matter. Retailers who are based on a multichannel selling strategy should be double focused on getting cybersecurity solutions that work on prevention, detection and respons strategy for any cybersecurity incidents.

Keeping the sensitive data encrypted can also prove helpful. Retail platforms also deploy homomorphic encryption practice to secure their sensitive data from cybercriminals who aim to fetch payment related and other sensitive data of customers for malpractices.

Network segmentation can help in securing buyers’ financial data, POS details and PII. Network monitoring tools help in monitoring each segment separately and noticing signs of lateral movement and attempts of data breach.

E-retailers should implement anti-malware solutions as a must, especially on the POS systems. Security patches and timely software updates too are helpful.

Zero trust approach is also crucial in maintaining cybersecurity in the e-retail sector. This helps to control user and device identity and access.

In UK, 32% Businesses suffered a breach between 202223. Among these incidents, medium-sized businesses witnessed a 59% increase in cyberattacks, while large businesses observed an even more significant hike of 69%. The financial repercussions were substantial, with the average cost of a breach to these businesses amounting to approximately €4,960. On a global scale, the average cost of a cyberattack in 2022 was a staggering US$4.35 million.

Risk to Businesses During Holiday Season Sales Supply chain attacks, ransomware, phishing and other advanced persistent threats are soaring in the retail industry. Cybercriminals are finding new ways of exploiting the vulnerabilities in the retail sectors’ POS Systems, cloud and server, endpoints and IoT devices. The average cost of a data breach industry is equivalent to US$3.28 million as of June 2023. Financial fraud, spamming, bot-attack, phishing, malware, DDoS attack, fake returns and refund frauds are the top cybersecurity risks associated with the ecommerce retailers.

ISSUE 12

TheCyberExpress

As per IBM, retail industry is more on risk with insider threats in the past two years, there has been a 38% hike. And 81% breaches start with compromised passwords, which is why employee training is essential in maintaining password hygiene and securing the digital landscape.

payment details of the customers for further exploitation.

Cybercriminals also send spoof emails to buyers that lead to fake web pages. These fake web pages imitate original websites and are almost indistinguishable and smartly siphon off personal information and

Never click on pop-ups. Whenever you are browsing a site, never click on pop-ups offering attractive discount coupons. These could lead you to malicious sites and possibly expose you to a cyberattack. Always close pop-ups.

Never fall trap for charity phishing scams. People donate for charity out of goodwill, and cybercriminals use this intent to their personal advantage. A lot of such links lead visitors to malwares or scamming sites.

Avoid using public WiFi for online shopping or while doing any financial transaction. These seem to help you save data but many times fraudsters use such networks to gather sensitive financial information.

General Data Protection Regulation (GDPR) in the European Union and California Consumer Privacy Act (CCPA) in the US are focused on protecting the rights of buyers. Sellers not following these regulations in their respective geographies can lead them to paying hefty fines.

But it is still possible to prevent such mishaps. Here are a few ways buyers can implement to prevent data and financial loss. 1.

Risk to Individuals During Holiday Season Sales Online shopping makes things much more easier for buyers. They don’t have to get into a hectic schedule of going to buy and distribute gifts. Buyers can now simple order online and get it delivered to a desired address. But with all these benefits come the risks too. These are cybersecurity related risks that could possibly expose buyers sensitive data like financial information or addresses, or more. Exposure of such data can present a myriad of perils to buyers.

Stay vigilant of fake online shops. Cybercriminals try to imitate original logos, fonts and layouts from trusted e-commerce sellers to compromise buyers personal information. But buyers need to stay vigilant and not fall into the trap no matter how amazing discounts are offered in the trap. Cybercriminals send emails to buyers for tracking delivery of their items. When buyers click on those links, they either download a malware on their device or are redirected to a scam site where their personal information is stolen. Prevent falling into social media scams by not clicking on every link you find on the social media platforms. A lot of these links could lead you to some very drastically negative outcomes like huge financial losses.

TheCyberExpress

ISSUE 12

DIGEST BOTTOMLINE

ISSUE 12

TheCyberExpress

Event’s Ticket Scams As people plunge into the holiday mood and plan to participate in festive events, scammers come running to exploit them in their hale and hearty moods. Cybercriminals sell fake tickets and create duplicate event listings. Scammers also produce false “error” messages at the time of payments. How to prevent getting trapped into such events? Read further. 1.

Buy event tickets and passes only from trusted and official sources. Try not to buy them from thrid party sellers that sell tickets for prices too low to be true.

Always check properly if the event page is original. Scammers replicate original pages and lure innocent people.

Beware if someone is asking for a direct money transfer for an event ticket. There are sure shot scammers.

Online payment fraud is expected to inflict a staggering cost of US$343 billion on businesses from 2023 to 2027. In the United States alone, a striking 53.35 million citizens fell victim to cybercrime in just the first half of 2022. These figures underscore the critical importance of cybersecurity. While cybersecurity offers immediate benefits, particularly during the high-risk holiday season, its advantages extend far beyond the short term. Long-term benefits include secure data and networks, protection for users and devices, better regulatory compliance, business growth, and enhanced safety of personal data, among others. This holiday season, let’s commit to safeguarding ourselves against cybercrime with mindful steps of vigilance, embracing both the immediate and enduring benefits of cybersecurity.

TheCyberExpress

ISSUE 12

ROUND UP

October 2023 Cybersecurity Highlights: Monthly Roundup In a world intricately interwoven by digital threads that define our daily existence, the unwavering importance of cybersecurity stands as a sentinel against the unseen threats lurking in the digital shadows. As we say bye to October 2023, our Monthly Roundup extends its hand as a knowledgeable guide, providing you with an allencompassing perspective on the cyberattacks that have seized the headlines this month.

ISSUE 12

TheCyberExpress

From perilous data breaches to the relentless surge of ransomware incidents, we set sail on a journey through the ever-unfolding narrative of digital threats. Our purpose is clear: to shine a spotlight on the perpetually shifting landscape of cybersecurity, unveiling the key events that demand our attention in this dynamic digital epoch. Let’s dive into the cybersecurity realm to uncover the highlights that have defined the landscape in October.

The Monthly Round-Up

Knight Ransomware Group Claims BMW Dealership Attack

The Knight ransomware group claimed to have launched a cyberattack on an authorized BMW dealership in the state of Rondônia. The BMW Munique cyberattack remained unconfirmed by the German manufacturer of luxury automobiles. Knight threatened to release a link to download all the exfiltrated data from the alleged automobile heist. The Knight ransomware concluded its dark web threat with the warning - “At the end of the countdown, the download links will be displayed here.” The threat was posted on October 15, 2023. No updates were found after that except claims of, yet another cyberattack days later. This time they posted about the US Claims Solutions (USCS) cyberattack with a similar threat found on the BMW cyberattack claim.

TheCyberExpress

ISSUE 12

ROUND UP

Kansas Courts Go Paper-Only Amid Cyberattack Probe Kansas Supreme Court issued an administrative order citing that it was experiencing an IT system outage which could be due to a ransomware attack. *The Kansas Court cyberattack remained unclaimed by any group. The suspected Kansas Supreme Court ransomware attack rendered court systems inactive. Following this, the employees had to maintain records on paper in the absence of connectivity and digital record-keeping platforms. The investigations into the Kansas Supreme Court cyberattack

ISSUE 12

TheCyberExpress

were ongoing when they published the administrative order. However, similar to the BMW Munique cyberattack, no cybercriminal group came forward with claims of conducting this security incident. The Kansas Supreme Court outage affected the Supreme Court, Court of Appeals, and the district courts in all counties except Johnson County which remained unscathed.

Massive Breach: 1M+ Palestinian Healthcare Records on Dark Web A hacker forum post of a data dump became a cause of concern as it contained Personal Identifiable Information (PII) with over 1.3 million records. The hacker forum user who made the post claimed that it was Palestine healthcare records which included nursing data, mental health information, screenings, and emergency nursing records.

The screenshot contained samples of data from Palestinian healthcare facilities. He wrote that the samples contained over 1,100,000 records of health data belonging to patients and their treatment. Keeping the state of war and conflict between Israel and Gaza in mind, the Palestine data breach poses a risk to civilians seeking healthcare besides their personal assets.

The Palestine healthcare data leak was not claimed by any cybercriminal group leading to speculations over the authenticity of the leaked records. Alon Gal, Chief Technology Officer at cybercrime firm Hudson Rock shared screenshots of the dark web post claiming the Palestine Healthcare data breach.

TheCyberExpress

ISSUE 12

ROUND UP

Casio Data Breach Hits ClassPad.net Users The Japanese electronics manufacturing giant Casio confirmed having suffered unauthorized access to its servers in a notice that also contained an apology to its affected customers. The educational web application of Casio called ClassPad.net was found to be accessed by an external party on October 12, 2023. This Casio data breach resulted in the compromise and leak of some registered customers within and outside of Japan. The incident came to light when a Casio employee discovered a database failure on October 11. Furthermore, some of the network security settings were disabled due to an operational problem facing the systems which contributed to the Casio cyberattack. 91,921 items belonging to Japanese customers and 35,049 of those outside of Japan were exposed to the threat actor resulting in the data breach of users from nearly 148 countries.

ISSUE 12

TheCyberExpress

Air Europa Data Breach Prompts Urgent Credit Card Cancellation Spanish airline Air Europa alerted its customers about a cyberattack that disclosed sensitive credit card details to threat actors. In an email addressing the Air Europa cyberattack, the airline asked its users to cancel their credit cards to prevent financial loss and data theft. The Air Europa Credit card data leak potentially exposed card numbers, 3-digit CVV codes, and card expiration dates. Users were urged to maintain caution in sharing card information with callers who may be scammers attempting to gain more data. Threat actors were suspected to have gained access to systems storing the credit card details of users. The number of credit cards compromised in the Air Europa cyberattack was not disclosed by the airlines.

TheCyberExpress

ISSUE 12

ROUND UP

Cyberattacks Stun 11 Ukrainian Telecom Providers Ukraine’s Computer Emergency Response Team (CERT-UA) released a news update that addressed cyberattacks targeting Information and Communication Systems (ICS). The update added that at least 11 telecommunications providers in the country were found to have been attacked between May 11, 2023, and September 09, 2023. The Ukrainian Telecom cyberattacks led to service outages leaving customers with no access to communication. The threat actors behind the Ukrainian Telecommunications cyberattack were identified as UAC-0165 a Russian state hacking group called Sandworm. Upon investigations of the systems involved in Ukraine’s Telecom cyberattack, the officials successfully found out the tactics, techniques and procedures employed by the threat actors.

ISSUE 12

TheCyberExpress

Data-Scraping Affects 1.3 Million 23andMe Users A biotechnology firm that tests DNA and offers other healthcare services was reported twice to have suffered data leaks within weeks. A user on a hacker forum named Golem was selling over 4 million genetic profiles in the second such attempt this month. The 23andMe data breach was confirmed by the firm in a statement with the Vice President of Communications of 23andMe sharing that the data leaks was under investigation. The second 23andMe data breach impacted users in the Great Britain, United States and Western Europe. In the previous data leak claim, Golem released 1.3 million individual’s personal data.

TheCyberExpress

ISSUE 12

ROUND UP

‘Major Nelson’ Accuses RansomedVC of Sony Data Leak Sony Interactive Entertainment suffered a data breach as part of the MOVEit vulnerability exploitation in the hands of the Clop ransomware group. The Sony data breach exposed the personal data of current and former employees of Sony Interactive Entertainment (SIE). The SIE cyberattack was confirmed by the firm by sending emails to impacted individuals. Before Sony confirmed the data breach, cybercriminals were found fighting over who had the exfiltrated Sony databases. A hacker forum user said that they had the SIE data. They further added that RansomedVC who announced to have breached Sony of making false claims. The personal information of 6,791 individuals was exposed to hackers in the SIE ransomware attack.

ISSUE 12

TheCyberExpress

NATO Cyberattack by SeigedSec Hacktivist Group The NATO cyberattack was claimed by the SeigedSec hacktivist group. Hackers allegedly pilfered 3,000 key military plans and surveys by exploiting a loophole in its architecture. Hackers posted the data stolen from the NATO cyberattack on their Telegram channel to celebrate the heist. In response, NATO officials announced that they were looking into the cybersecurity incident and taking necessary actions. SeigedSec stole the data from various portals of NATO including its ‘Learning Management System’ and the ‘Lessons Learned Portal.’ This content pilfered by threat actors was intended for official use only. However, this leak is speculated to have data that may be already released in a previous cyberattack on NATO.

TheCyberExpress

ISSUE 12

ROUND UP

European ETSI Data Breach The European Telecommunications Standards Institute (ETSI) alerted with a notice that it suffered a data breach. This was due to the exploitation of a vulnerability in the hands of unknown hackers. The ETSI data breach of the European Telecommunications Standards Institute was initially posted about in September however, it was reported a month later in the media. As ETSI is the central point of contact that caters to its customers spanning 900 member organizations, the result of the ETSI cyberattack is expected to be critical. The database containing the list of online users was exfiltrated in the ETSI cyberattack, read the alert posted by the organization.

ISSUE 12

TheCyberExpress

Fake Israeli Data Breaches Raise Credibility Concerns Due to the ongoing Israel-Hamas conflict, several cyberattack and airstrike claims have been found online. A report posted on Hudson Rock brought to light that several dark webs has been used to spread fake Israeli data breaches and claims. The CTO of the cybercrime firm confirmed that the cyberattack on Ministry of Defense of Israel was false. The data was not from the portal of Israel’s Ministry of Defense. Moreover, links posted to download the data allegedly from Israeli data breaches did not fetch data from the said organizations. Similarly, the Israel Defense Forces has also been sharing real-time updates to create awareness and deny claims that are not true in terms of airstrikes and other attacks on Gaza and Palestine.

TheCyberExpress

ISSUE 12

ROUND UP

RagnarLocker’s Leak Site Taken Down The leak site of the RagnarLocker ransomware group was seized in a coordinated international law enforcement action. Law enforcement and judicial authorities from eleven countries were part of the massive RagnarLocker operation takedown. The takedown of Ragnar Locker ransomware included the dark web portal of the group and infrastructure in the Netherlands, Germany and Sweden. In a media statement, Europol confirmed that in the RagnarLocker takedown, a key target was also arrested in Paris, France on 16 October from his home in Czechia. The searches were conducted in Czechia, Spain and Latvia. The arrested target was suspected of being the main developer working for the ransomware group.

ISSUE 12

TheCyberExpress

Ukrainian Cyber Alliance Performs Trigona Ransomware Takedown The Ukrainian hacktivist group called the Ukrainian Cyber Alliance took down the dark web portal of a Russian ransomware group. The Ukrainian hacktivist group exfiltrated the website of the Trigona ransomware group. They then defaced the website of Trigona ransomware as part of the ongoing mission since 2014, read the post by the Ukranian Cyber Alliance. The message on the Trigona ransomware’s dark web portal read, “Trigona is Gone!... Welcome to the world you created for others.” In response to the takedown of the Trigona web portal, they posted a message on the RAMP forum. They managed to hack into Trigona’s infrastructure by using a public exploit for CVE-2023-22515 which in Confluence Data Center and Server. Trigona announced that they will be back on October 22.

TheCyberExpress

ISSUE 12

ROUND UP

Killnet Discussed Tampering Nuclear Warhead Site Controls Killnet was found casually chatting over the possible repercussions of tampering with the Israeli nuclear warhead site. This, while Israel and Gaza have been embroiled in the violent war crimes rings alarm bells in the name of the security of people. Killnet, on Telegram wrote about the full-fledged strategic nuclear triad between the United States, Russia and China. Killnet further wrote that the triad was armed with the capability to deliver nuclear weapons in all three natural environments. Finally, they discussed if it was possible to activate or deactivate a nuclear warhead site in Israel using a network attack. The chat about the nuclear warhead site tampering ended with the hackers stating that more will become evident in the future.

ISSUE 12

TheCyberExpress

JFK Cyberattack: R_70 Hacktivist Amid Hamas-Israel Conflict The hacktivist group called R_70 claimed that they launched a cyberattack on JFK Airport in the United States. The JFK Airport cyberattack was due to it receiving the greatest number of Zionist entities, the hacker’s Telegram message read. The political movement of Zionism seeking the rights of the Jewish people in Israel has been ongoing since the 19th century. JFK Airport is one of the busiest, which takes thousands of passengers daily.

security officials were advised to be on high alert to further security. Not much has been known about the motive of the JFK Airport cyberattack. However, it has been linked to the United States’ support to Israel in the Israel-Hamas conflict. As we wrap up this October 2023 Cybersecurity Roundup, one thing remains clear: vigilance in the face of evolving digital threats is paramount. Stay informed, stay secure, and stay resilient in our ever-connected world.

Owing to the JFK Airport claim, the

TheCyberExpress

ISSUE 12

TheCyberExpress

ISSUE 12

SCAN AND STAY UPDATED WITH REAL TIME CYBERSECURITY NEWS To advertise with us, write to: marketing@thecyberexpress.com