Group-IB Warns Supply Chain Attacks Are Becoming a Self-Reinforcing Cybercrime Ecosystem  Cybercrime outfits now reshape supply chain intrusions into sprawling, linked assaults - spinning out data leaks, stolen login details, and ransomware in relentless loops, says fresh research by Group-IB. With each trend report, the security group highlights how standalone hacks have evolved: today’s strikes follow blueprints meant to ripple through corporate systems, setting off chains of further break-ins.  Instead of going after one company just to make money fast, hackers now aim at suppliers, support services, or common software tools - gaining trust-based entry to many users at once. Cases highlighted in recent reports - the Shai-Hulud NPM worm, the break-in at Salesloft, and the corrupted OpenClaw package - all show how problems upstream spread quickly across systems. Not limited to isolated targets, these attacks ripple outward when shared platforms get hit.  Modern supply chain attacks unfold in linked phases, says Group-IB. One stage might begin with a tainted open-source component spreading malicious code while quietly collecting login details. Following that, attackers may launch phishing efforts - alongside misuse of OAuth tokens - to seize user identities, opening doors to cloud services and development pipelines. Breached data feeds these steps, supplying access keys, corporate connections, and situational awareness required to move sideways across systems. Later comes ransomware, sometimes followed by threats - built on insights gathered during earlier stages of breach. One step enables another, creating loops experts call self-sustaining networks of attack.  Soon, Group-IB expects artificial intelligence to push this shift further. Because of AI-powered tools, scanning for flaws in vendor networks, software workflows, or browser add-on stores happens almost instantly. These systems let hackers find gaps faster - operating at speeds humans cannot match.  Expectations point to declining reliance on classic malware, favoring tactics centered on stolen identities. Rather than using obvious harmful software, attackers now mimic authorized personnel, slipping into everyday operational processes. Moving quietly through standard behaviors allows them to stay hidden longer, gradually reaching linked environments. Because they handle sensitive operations like human resources, customer data, enterprise planning, or outsourced IT support, certain platforms draw strong interest from threat actors.  When a compromise occurs at that level, it opens doors not just to one company but potentially hundreds connected through shared services - multiplying consequences far beyond the initial point of failure. Cases like Salesloft and the breach tied to Oracle in March 2025 show shifts in how data intrusions unfold. Rather than seeking quick payouts, hackers often collect OAuth credentials first. Missteps in third-party connections give them room to move inward.  Once inside client systems, fresh opportunities open up. Data copying follows naturally. Trust-based communication chains become tools for disguise later. Infected updates spread quietly through established channels. Fraud grows without drawing early attention. Fault lines in digital confidence now shape modern cyber threats, according to Dmitry Volkov, who leads Group-IB. Rather than one-off breaches, what unfolds are ripple effects across systems. Because outside providers act like open doors, companies should treat them as part of their own risk landscape.  Instead of reacting late, they build models for supply chain risks early. Automated scans track software links continuously. Insight into how information moves becomes essential - without it, gaps stay hidden until exploited. With breaches in supply chains turning into routine operations, protecting confidence among users, collaborations, and code links has shifted from being a backup measure to a core part of today’s security planning.  What once seemed secondary now shapes the foundation. Trust must hold firm where systems connect - because failure at one point pulls down many. Security can no longer treat relationships as external risks; they are built-in conditions. When components rely on each other, weakness spreads fast. The report frames this shift clearly: resilience lives not just in tools but in verified connections. Not adding layers matters most - it is about strengthening what already ties everything together.

Group-IB Warns Supply Chain Attacks Are Becoming a Self-Reinforcing Cybercrime Ecosystem #CredentialTheft #CyberAttacks #Cyberbreaches

Cybersecurity Breaches Emerge as top Business Risk for Indian Companies   Cybersecurity breaches and attacks have become the leading threat to business performance for Indian companies, with 51% of senior executives identifying them as their primary risk, according to a new survey released by FICCI and EY.  The FICCI-EY Risk Survey 2026 ranked changing customer expectations and geopolitical developments as the next most significant risks, flagged by 49% and 48% of respondents respectively.  The findings point to a business environment where technology, regulation and external shocks are increasingly interconnected.  The survey, conducted through a web-based questionnaire, gathered responses from 137 senior decision-makers, including CXOs, across multiple sectors.  Technology firms accounted for the largest share of respondents, followed by professional services companies. According to the report, technology-related risks are now closely tied to operational continuity and resilience.  About 61% of respondents said rapid technological change and digital disruption are affecting their competitive position, while an equal proportion cited cyber-attacks and data breaches as major financial and reputational threats.  More than half of those surveyed, 57%, flagged risks related to data theft and insider fraud, and 47% said they face difficulties in countering increasingly sophisticated cyber threats.  Artificial intelligence emerged as a dual risk area. While 60% of executives said inadequate adoption of emerging technologies, including AI, could weaken operational effectiveness, 54% said risks linked to AI ethics and governance are not being managed effectively.  “In a business environment shaped by volatility, the ability to anticipate, absorb and adapt to risk is emerging as a defining capability for sustained growth,” said Rajeev Sharma, chair of the FICCI Committee on Corporate Security and Disaster Risk Reduction.  He added that organisations are increasingly embedding risk considerations into strategic decision-making rather than treating them as isolated events.  The survey also highlighted workforce-related concerns. Nearly two-thirds of respondents said talent shortages and skill gaps could hurt organisational performance, while 59% pointed to weak succession planning as a risk to long-term stability.  Regulatory change remains another pressure point. About 67% of executives said regulatory developments need to be addressed proactively, while 40% acknowledged that existing compliance frameworks struggle to keep pace with evolving rules.  Climate and environmental, social and governance risks are also translating into financial exposure. Around 45% of respondents cited climate-related financial impacts as a critical operational risk, and 44% said non-compliance with ESG disclosure requirements could significantly affect business outcomes.  Supply chain disruptions continue to weigh on corporate planning, with 54% of leaders identifying them as a risk to operational and business continuity.  “Organisations are navigating a phase where multiple risks are converging rather than occurring in isolation,” said Sudhakar Rajendran, risk consulting leader at EY India, pointing to the combined impact of inflation, cyber threats, AI governance, climate exposure and regulatory change on corporate resilience.

Cybersecurity Breaches Emerge as top Business Risk for Indian Companies #Business #CyberBreaches #CyberSecurity

Dragos Links Coordinated Polish Power Grid Cyberattack to Russia-Backed ELECTRUM Group A wave of connected cyber intrusions struck multiple points in Poland’s electricity infrastructure near the end of 2025. Dragos, an industrial control system security firm, assessed with limited certainty that the activity aligns with a Russia-linked group known as ELECTRUM. While attribution is not definitive, the techniques and patterns resemble previous operations tied to the cluster. Investigators also flagged unusual entry routes through third-party maintenance channels, with disruptions occurring amid heightened geopolitical tensions. No major blackouts followed, but systems recorded repeated probing attempts. Response teams moved quickly to isolate affected segments, and attribution was supported by forensic traces left during the breaches. Officials emphasized continued vigilance despite containment.  At one site, critical hardware was destroyed and left unusable, marking what Dragos described as the first large-scale cyberattack focused on decentralized energy systems such as wind turbines and solar generation connected to the grid. Operational technology used in electricity distribution was accessed without authorization, and systems managing renewable output faced interference even though overall service stayed online. Communication failures also affected combined heat and power facilities. Entry was gained through systems tied to grid stability, with damage remaining localized but irreversible at one location.  Dragos noted links between ELECTRUM and another group, KAMACITE, with overlaps consistent with the broader Sandworm ecosystem, also tracked as APT44 or Seashell Blizzard. KAMACITE is believed to specialize in initial access, using spear-phishing, stolen credentials, and attacks against exposed public-facing systems.  After entry, KAMACITE reportedly conducts quiet reconnaissance and persistence in OT environments, creating conditions for later action. Once access is established, ELECTRUM activity is assessed to bridge IT and OT networks, deploying tooling inside operational systems. Actions attributed to ELECTRUM can include manipulating control systems or disrupting physical processes, either through direct operator interface interaction or purpose-built ICS malware depending on objectives.  Dragos described a division of roles between the clusters that enables long-term access and flexible execution, including delayed disruption. Even without immediate damage, persistent access can create long-term risk. KAMACITE-linked activity also appears geographically unconstrained, with scanning against U.S. industrial systems reported as recently as mid-2025.  In Poland, attackers targeted systems that connect grid operators with distributed energy resources, disrupting coordination. Roughly three dozen sites experienced operational impact. Investigators said poorly secured network devices and exploited vulnerabilities enabled entry, allowing intruders to reach Remote Terminal Units and move through communications infrastructure. Dragos said the attackers showed strong knowledge of grid systems, successfully disabling communications tools and certain OT components.  However, the full scope remains unclear, including whether operational commands were issued or whether the focus stayed on communications disruption. Overall, Dragos assessed the incident as more opportunistic than carefully planned, with attackers attempting rapid disruption once inside by wiping Windows systems, resetting configurations, and trying to permanently brick equipment. The hardest-hit devices supported grid safety and stability monitoring.  Dragos concluded that the damage shows OT intrusions are shifting from preparation into active attacks against systems that manage distributed generation.

Dragos Links Coordinated Polish Power Grid Cyberattack to Russia-Backed ELECTRUM Group #CyberAttacks #CyberBreaches #cybercrimegroup

True Cost Of Cyber Breaches: Fines, Lawsuits, Trust Loss Explore the true cost of cyber breaches: penalties, lawsuits, and loss of trust, and why BFSI leaders must act proactively.

The True Cost of Cyber Breaches: Penalties, Lawsuits, and Loss of Trust

read more : bi-journal.com/cyber-breach...

#CyberBreaches #CybersecurityCosts #BIJournal #BIJournalnews #BusinessInsightsarticles #BIJournalinterview

Retail Cyberattacks Surge as Service Desks Become Prime Targets  In recent months, reports of retail data breaches have surfaced with alarming frequency, showing that both luxury and high-street retailers are under relentless attack. During the second quarter of 2025, ransomware incidents publicly disclosed in the global retail sector rose by 58 percent compared with the first quarter, with businesses in the United Kingdom facing the worst consequences. The outcomes of such breaches vary, but the risks are consistently severe, ranging from loss of revenue and service disruptions to long-term reputational damage.  One recent example that highlights this growing threat is the cyberattack on Marks & Spencer (M&S), one of Britain’s most recognized retailers. Employing over 64,000 people across more than 1,000 stores, M&S reportedly fell victim to hackers believed to be part of the group Scattered Spider. The attackers infiltrated the company’s systems in February, deploying ransomware that encrypted vital infrastructure and severely disrupted operations. By impersonating employees, the cybercriminals manipulated IT help desk staff into resetting passwords and turning off multi-factor authentication. This gave them access to internal systems, where they stole a file containing password hashes from Active Directory. The fallout was severe, including a five-day suspension of online sales that cost an estimated £3.8 million per day, along with a drop of more than £500 million in market value.  The method used against M&S was not unique. Similar techniques were applied in attacks on other UK retailers, including Co-op and Harrods. In the case of Co-op, attackers also pretended to be employees to trick IT staff into granting them access. Although Co-op managed to prevent the full deployment of ransomware by shutting down parts of its infrastructure, the company still faced major operational disruption, proving that even partial breaches can have wide-reaching effects.  The common thread in these cases is the vulnerability of service desks. These teams often have privileged access to systems, including the ability to manage user accounts, reset credentials, and disable authentication tools. Their focus on quick support and customer service can leave them more exposed to sophisticated social engineering tactics. Because they are frequently overlooked in broader cybersecurity strategies, service desks represent a weak point that attackers are increasingly exploiting.  To address this issue, organizations must shift their approach from reactive to proactive defense. Service desks, while designed to solve problems efficiently, need to be supported with advanced training, strong verification procedures, and layered defenses that reduce the likelihood of manipulation. Investing in security awareness, modern authentication practices, and continuous monitoring of unusual account activity is now essential.  The rise in attacks on retailers like M&S, Co-op, and Harrods demonstrates that hackers are targeting service desks with growing precision, causing significant financial and operational harm. These incidents show the urgent need for companies to reassess their cybersecurity strategies, placing greater emphasis on the human element within IT support functions. While organizations cannot control who attackers choose to target, they can strengthen their defenses to ensure resilience when confronted with such threats.

Retail Cyberattacks Surge as Service Desks Become Prime Targets #CyberAttacks #CyberBreaches #CyberSecurityRansomwareAttacks

Unmasking Cyber Threats: The Power of Digital Forensics & Incident Response. Sanjay K Mohindroo

A must-read for IT leaders and cybersecurity experts—share your thoughts below! #DigitalForensics #CyberSecurity #IncidentResponse #DigitalEvidence #CyberBreaches #ForensicTools #ITSecurity #VisualInspiration
medium.com/@sanjay.mohi...

Unmasking Cyber Threats: The Power of Digital Forensics & Incident Response. Sanjay K Mohindroo

A must-read for IT leaders and cybersecurity experts—share your thoughts below! #DigitalForensics #CyberSecurity #IncidentResponse #DigitalEvidence #CyberBreaches #ForensicTools #ITSecurity #VisualInspiration
medium.com/@sanjay.mohi...

What the Google Class Action Settlement Means February’s $350 million preliminary settlement of two securities class actions resulting from a cyber incident involving the Google+ social media platform raises questions on which insurance policies ...

Companies should review their cyber and directors’ and officers’ liability policies as case law builds around #cyberbreaches and #regulators increase scrutiny of companies’ responses to the attacks. www.linkedin.com/pulse/what-g...

UK Legal Aid Agency investigates cybersecurity incident The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have…

More #cyberbreaches in the UK as Legal Aid Agency investigates #cybersecurity incident www.bleepingcomputer.com/news/securit...

Fake IT Support Used by Ransomware Gangs in Microsoft Teams Breaches   The Sophos security team has identified two ransomware campaigns that are utilizing Microsoft Teams to steal data from organizations, and the crooks may be allied with Black Basta and FIN7. In the X-Ops Managed Detection and Response (MDR) service,…

Fake IT Support Used by Ransomware Gangs in Microsoft Teams Breaches #Cyberbreaches #CyberCrime #FakeITSupport

Unveiling Questions on AI's Role in Cybersecurity - DZone Know the pivotal role of AI in cybersecurity, tackling key questions and implications for the future. Explore advantages, challenges, and expert insights.

The use of #AI in #cybersecurity is skyrocketing. 🚀

🤔 Wondering if AI can help in finding #cyberbreaches and how AI could enhance cybersecurity in the coming years?

Explore this topic in this article via DZone. ⤵️

dzone.com/articles/dec... #genAI #CISO #CISOs