SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks.

Threat analysts have identified a new and emerging threat: a variant of the SystemBC RAT (Remote Access Trojan) that is now actively targeting Linux-based platforms. This development puts corporate networks, cloud infrastructures, and IoT devices at risk.

The latest version of SystemBC RAT is more stealthy and harder to detect, using encrypted communication to stay hidden while letting attackers move freely through compromised systems.

****SystemBC RAT: From Windows to Linux****

SystemBC is a Remote Access Trojan (RAT) commonly used in cyberattacks to provide attackers with remote control over infected systems. 

Initially a Windows-only threat, it has now expanded to Linux, making it even more dangerous as Linux-based servers are widely used in enterprise environments.

ANY.RUN’s analysts compared SystemBC’s Windows and Linux traffic

****What Makes the Linux Version of SystemBC RAT Dangerous?****

Let’s look at how this malware operates and why it poses a serious threat to Linux-based systems.

****Encrypted Communication with C2 Servers****

The SystemBC RAT for Linux maintains encrypted communication with C2 servers using the same custom protocols as its Windows counterpart. 

This allows attackers to keep a stable connection across a unified infrastructure of both Windows and Linux implants, making it easier to control infected machines without raising suspicion.

While SystemBC RAT is designed to keep its C2 communication encrypted and hidden, it becomes fully visible inside an ANY.RUN analysis session. By running a real sample in the sandbox, security teams can see the malware’s network connections, file modifications, and process activities in real time.

**View ANY.RUN analysis session**

SystemBC RAT analyzed inside ANY.RUN sandbox

Below the Linux Virtual Machine window, all network connections and system modifications related to this specific attack are clearly displayed. 

Suricata rule triggered by SystemBC RAT

In the Threats section, we can see that an alert was triggered by the Suricata rule: “Malware Command and Control Activity Detected – BOTNET SystemBC.Proxy Connection.” This immediate detection allows analysts to track the infection process and understand how the malware operates.

****Proxy Implant for Lateral Movement****

The malware operates as a proxy implant, meaning it can facilitate lateral movement within a compromised network without deploying additional, easily detectable tools. This makes it a powerful weapon for attackers who seek persistence and deeper infiltration within corporate infrastructures.

****Evasion of Traditional Detection****

One of the most concerning aspects is that security vendors struggle to detect this version as belonging to the SystemBC family. This stealthy approach allows the RAT to remain undetected for extended periods, making it a persistent threat.

****Sandbox and Virtualization Evasion****

Besides signature-based evasion, SystemBC also detects virtualized environments to resist dynamic analysis. In a real ANY.RUN analysis session mentioned above, the MITRE ATT&CK framework flags reveal “Virtualization/Sandbox Evasion- System Checks,” showing that the malware actively performs system checks to determine if it’s running inside a security sandbox or virtual machine. 

By identifying these environments, SystemBC can alter its behaviour or terminate execution, helping attackers bypass automated malware analysis tools while remaining fully operational on real infected systems.

Defense evasion techniques and tactics detected by ANY.RUN sandbox

****Integration with Other Malware Strains****

SystemBC is rarely deployed on its own. It often works alongside other malware to expand an attack’s impact. In Windows attacks, it has been observed delivering ransomware like Ryuk and Conti, as well as banking trojans and infostealers. 

With its new Linux variant, similar threats will likely follow, putting enterprise servers and cloud environments at greater risk of data theft, ransomware encryption, and persistent backdoor access.

****Unmasking Hidden Threats Before They Strike****

Cyber threats are getting smarter, and businesses can’t afford to play catch-up. With SystemBC RAT now hitting Linux, attackers have a new way to hide C2 traffic, move through networks unnoticed, and drop additional malware. Traditional security tools often miss these stealthy tactics, leaving corporate networks, and critical infrastructure at risk.

However, with tools like ANY.RUN interactive sandbox, hidden doesn’t mean unstoppable. Your security team can:

*   Analyze threats safely in a controlled environment.
*   Respond faster, containing threats before they spread and cause real harm.
*   Spot evasion techniques before they do damage, exposing how threats slip past defences.
*   Extract key IOCs, strengthening your threat intelligence and prevention strategies.
*   See hidden malware behaviours in real-time, from network traffic to system changes.

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

Luxembourg, Luxembourg, 11th February 2025, CyberNewsWire

**Luxembourg, Luxembourg, February 11th, 2025, CyberNewsWire**

Gcore, the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q3-Q4 2024 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and disruption in 2024, and businesses need to act fast to protect themselves from this evolving threat. The report reveals a significant escalation in the total number of DDoS attacks and their magnitude, measured in terabits per second (Tbps).

**Key highlights from Q3-Q4 2024**

●    Compared to Q3–Q4 2023, the number of DDoS attacks have risen by 56%, which highlights a steep long-term growth trend.

●    The gaming industry continues to be the most targeted by DDoS attacks, accounting for 34% of all attacks.

●    In Q3-Q4 2024, the financial services sector experienced a significant increase, accounting for 26% of all DDoS attacks, up from 12% in the previous period.

●    There was a 17% increase in the total number of attacks compared with Q1-Q2 2024.

●    The largest attack peaked at 2Tbps in Q3-Q4 2024, which is an 18% increase from Q1-Q2 2024.

●    DDoS attacks are becoming shorter in duration but more powerful.

**Attackers are shifting their focus**

The sectors that were targeted in Q3-Q4 2024 reflect a changing focus among DDoS attackers. The technology industry has seen a steady increase in its share of DDoS attacks, increasing from 7% to 19% since Q3-Q4 2023. This is because DDoS attackers recognise the wide-reaching disruption potential of attacking technology services. A single successful attack can take out a service that countless organizations depend on – causing significant harm to people and businesses. Another reason that technology platforms have seen an increase in DDoS attacks is due to their vast computational power, which malicious actors can exploit to intensify their attacks.

The gaming industry continues to be the most-attacked industry, although there were 31% fewer attacks compared with Q1-Q2 2024. The decline in attacks may be attributed to several factors. For instance, gaming companies are strengthening their DDoS defenses in response to ongoing attacks, which may result in fewer successful attacks. Another explanation is that attackers may be shifting their focus towards other high-value sectors, such as financial services, which saw a 117% increase in the number of attacks. The sector’s critical online services and susceptibility to ransom-based attacks make it a prime target.

Andrey Slastenov, Head of Security at Gcore, commented: “The latest Gcore Radar should be a wake-up call to businesses across all industries. Not only is the number and intensity of attacks increasing, but attackers are expanding the scope of their attacks to reach an increasingly wide range of sectors. Businesses must invest in robust DDoS detection, mitigation, and protection to prevent the financial and reputational impact of an attack.

**The geographical distribution of DDoS attacks**

With a presence that spans six continents, Gcore can accurately track the geographical sources of DDoS attacks. Gcore derives these insights from the attackers’ IP addresses and the geographic locations of the data centers where malicious traffic is targeted. 

Gcore’s findings have highlighted the Netherlands as a key source of attacks; leading application-layer attacks with 21% and ranking second for network-layer attacks at 18%. The U.S. ranked highly across both layers, reflecting its vast internet infrastructure for hackers to exploit.

Brazil featured prominently in network-layer attacks at 14%. Brazil’s growing digital economy and connectivity make it an emerging source of attacks. China and Indonesia also featured prominently, with Indonesia showing a growth in application-layer attacks at 8%, which reflects a broader trend of increased attack activity in Southeast Asia.

**Short but potent attacks continue to take hold**

DDoS attacks are becoming shorter in duration, but no less disruptive. The longest DDoS attack duration during Q3-Q4 2024 was five hours, which is a significant decrease from 16 hours in the first half of the year. This is reflective of an increasing trend towards shorter but more intense attacks. These ‘burst attacks’ can be more difficult to detect as they may blend in with normal traffic spikes. The delay in detection gives attackers a window of opportunity to disrupt services before cyber defenses can kick in.

The trend of shorter DDoS attack durations can in part be attributed to improvements in cybersecurity. As security tightens, attackers have learned to adapt with short burst attacks designed to bypass defenses. A short DDoS attack can also double as a smokescreen to conceal a secondary attack, such as ransomware deployment.

The full report is available at https://gcore.com/library/gcore-radar-ddos-attack-trends-q3-q4-2024

**About Gcore**  

Gcore is a global edge AI, cloud, network, and security solutions provider. Headquartered in Luxembourg, with a team of 600 operating from ten offices worldwide, Gcore provides solutions to global leaders in numerous industries. Gcore manages its global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM due to the average response time of 30 ms worldwide. Gcore’s network consists of 180 points of presence worldwide in reliable Tier IV and Tier III data centers, with a total network capacity exceeding 200 Tbps.

Users can learn more at gcore.com or follow them on LinkedIn, Twitter, and Facebook.

**Contact**

**Gcore press contact**  
**\[email protected\]**

Gcore Radar report reveals 56% year-on-year increase in DDoS attacks

In a coordinated international security operation, authorities have seized four dark web sites linked to the 8Base ransomware group and arrested four suspects.

International law enforcement agencies have seized the dark web infrastructure of the notorious **8Base ransomware group** and arrested four suspected members, including two men and two women.

The operation, led by the Bavarian State Criminal Police Office and the Office of the Public Prosecutor General in Bamberg, targeted the group’s TOR-based leak site used to publish stolen data and pressure victims into paying ransoms.

8Base dark web site shows seizure notice (Screenshot: Hackread.com)

According to a Thai media **report**, the arrests, carried out in Phuket, Thailand, targeted individuals believed to be part of the Phobos ransomware gang, the malware family linked to 8Base’s operations. The suspects are accused of carrying cyberattacks against over 1,000 victims worldwide, marking a big win in the ongoing fight against ransomware.

The 8Base ransomware group began its activities in 2022, initially operating on a smaller scale, suggesting it was in a developmental phase. By early 2023, the group emerged in its current form, rapidly evolving its tactics. In May 2023, 8Base adopted a multi-extortion model, encrypting data and threatening to leak it unless a ransom was paid. They also launched a TOR-based victim blog to publish stolen data.

By mid-2023, the group saw a sharp increase in activity, targeting organizations across various sectors. Analysts believe 8Base is using a modified version of Phobos ransomware, which has been linked to numerous attacks. The group’s impact has been global, with a significant number of victims in the United States and Brazil.

The latest infrastructure seizure and arrests come just two months after a Russian national was extradited to the United States to **face charges** related to the Phobos ransomware operation. This takedown also highlights law enforcement agencies’ commitment to fighting cybercrime, following the recent arrest of the admin behind the infamous cybercrime and hacker forums, **Cracked and Nulled**, just two weeks ago.

This article will be updated with more information once official confirmation from authorities is available. For now, it is confirmed that the agencies involved in this operation include the DoD Cyber Crime Center, FBI, Europol, Japan’s National Police Agency, the UK’s National Crime Agency (NCA), Germany’s Bavarian State Criminal Police Office, the Federal Office of Police, and Thailand’s Cyber Crime Investigation Bureau.

4 Arrested as Police Dismantle 8Base Ransomware, Seize Dark Web Sites

Iranian-linked hackers claim to have breached Israeli police systems, stealing 2.1TB of sensitive data. Police deny the breach. Learn more about the alleged hack and its implications.

The infamous Handala hacking group, with suspected ties to Iranian intelligence, has claimed responsibility for a cyberattack against Israel’s police force, managing to exfiltrate 2.1 terabytes of sensitive data, including personnel records, weapons inventories, medical and psychological profiles, legal case files, weapon permits, and identity documents. Handala further claims to have disseminated 350,000 of these documents publicly.

The scope of the claimed data breach is extensive, encompassing a wide range of sensitive information. Reports suggest the stolen data includes email addresses, gun licenses, officer photos and personal contact details, classified documents, and personal information about suspects and convicted criminals, including details about sex offender employment permits.

Handala also alleges obtaining access to the personal files of police officers, including psychological evaluations and other private data, and breaching the servers of the Israeli Ministry of National Security. 

Despite Handala’s claims, the Israeli police have denied any direct penetration of their systems. Their statement suggests that the breach, if confirmed, likely involved third-party entities that share data with the police. An investigation is currently underway to ascertain the true extent of the incident and identify any vulnerabilities.

https://twitter.com/IL\_police/status/1888576600985243926

This alleged break follows a pattern of disruptive cyber actions by Handala targeting Israeli entities, particularly since the escalation of the Israeli-Hamas conflict. Microsoft reports that Israel has become a prime target for Iranian cyber operations, experiencing a significant increase in attacks. Handala’s own activity reflects this trend, with a series of increasing data breaches targeting Israeli institutions.

For instance, in October 2024, Hackread.com reported their suspected involvement in a phishing campaign targeting cybersecurity personnel within Israeli organizations with wiper malware, aiming to disrupt the country’s digital defences. In September 2024, the group targeted Israel’s Soreq Nuclear Research Center (SNRC) in a significant ransomware attack.

The group has targeted crucial Israeli institutions/ systems with the Elad Municipality and the Ramat Gan Academic College being their recent targets. On January 27, 2025, the group compromised the emergency alert system, operated by Israeli electronics firm Maagar-Tec, impacting at least 20 kindergarten educational institutions across Israel, triggering widespread panic with false terror alerts.

Nevertheless, in its post on BreachForums dated February 9, 2025, Handala Group not only claimed responsibility for the latest attack but also taunted Israel, emphasizing their success in penetrating their defences and exposing their secrets while accusing Israel of arrogance and deception.

“Handala does not forget. Handala does not forgive,” the group reiterated their slogan.

Handala Hackers Claim Massive Data Breach on Israeli Police, Leak 350,000 Files

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin who are creating new security models for their AI infrastructure.

Artificial intelligence is changing industries from finance and healthcare to entertainment and cybersecurity. As AI adoption grows so do the risks to its integrity. AI models are being targeted by cybercriminals to manipulate, steal or exploit sensitive data. From adversarial attacks that mess with AI decision-making to large-scale data breaches the security landscape is more complex than ever.

The very nature of AI which relies on massive datasets, cloud computing power and decentralized processing creates vulnerabilities. Securing AI systems is not just about protecting data; it’s about reliability, trust and ethical usage.

This article looks at the measures AI solutions take to secure their offering with insights from platforms like OORT and Filecoin which are creating new security models for their AI infrastructure.

****The Growing Threats to AI****

AI is a target for cybercriminals. AI models process sensitive data from financial transactions to medical records so are a treasure trove for hackers. Breaches not only expose confidential information but also raise ethical concerns about privacy violations and data misuse.

The biggest security risks are data breaches, model theft and infrastructure vulnerabilities. AI models rely on proprietary datasets and unauthorized access to these datasets can cause financial and reputational damage. Attackers can steal AI models or feed them adversarial data to mess with outputs and cause incorrect decision-making. Centralized AI cloud solutions are single points of failure and can be taken down and cause service disruptions.

To address these risks many AI platforms are moving away from traditional centralized models to decentralized architectures. By distributing AI workloads and data across multiple nodes companies can increase security, reduce failure risks and create more robust AI-driven ecosystems.

****How These Two Decentralized AI Brands Tackle Cybersecurity****

AI solutions use different strategies to keep systems safe from cyber threats like hacking, data leaks, and unauthorized access. By building strong security measures, they help protect sensitive information and ensure AI runs smoothly and securely. Let’s take a look.

****OORT: Protecting Data with Blockchain****

OORT secures its holistic AI offering with blockchain and decentralization to build a more powerful cloud. One of its key patented innovations is the Proof of Honesty (PoH) algorithm which makes AI computations verifiable and tamper-proof. 

Unlike traditional cloud systems that rely on centralised servers that can be targeted, OORT distributes data across a decentralized network, so the risk of breaches or unauthorised access is greatly reduced. Even if one part of the network is compromised the rest remain secure so continuity and reliability are maintained.

To add more security, OORT uses Olympus Protocol, a DAG-based system (PDF), so transactions are faster, cheaper, and more scalable. Instead of miners, it uses trusted committees to validate transactions and secure the network. This allows for zero fees, high speed, and easy interoperability with other chains, it’s a good fit for Web3.

Since the blockchain is immutable any attempt to alter data leaves a trail so attackers can’t cover their tracks. 

Additionally, OORT recently partnered with DeTaSECURE to add AI security and data integrity using advanced threat intelligence to fortify decentralized AI infrastructure against cyber threats and support trustless, verifiable AI models in Web3.

By combining blockchain verification with distributed validation OORT creates a trustless AI infrastructure where users don’t have to rely on a single entity to verify computations. Nodes across the network validate AI processes so it’s fair, accurate and secure.

Image: OORT Infra. Edge, Super and Backup Nodes.

This is particularly useful for industries that require high trust such as finance, healthcare and autonomous systems where AI-driven decisions are critical. Through these mechanisms, OORT secures AI applications reduces risk and provides a safer environment for advanced AI solutions.

****Filecoin: Eliminating Single Points of Failure****

AI models need large datasets which are often stored in the cloud. Traditional cloud storage has risks due to centralization which creates a single point of failure. Decentralized storage is a more secure option.

Decentralized storage is key for AI because it eliminates single points of failure, and reduces the impact of a cyber attack. It uses cryptographic proofs to ensure data integrity and authenticity and allows users to control encryption and access permissions.

Filecoin is a decentralized storage network that provides secure and scalable data storage solutions. It secures AI-related data through Proof-of-Replication and Proof-of-Spacetime, cryptographic methods that verify data integrity and prevent unauthorized modifications. 

Distributed storage nodes prevent centralization breaches by distributing AI datasets across multiple storage providers.

Client-controlled encryption allows users to encrypt their data before storing it so only authorized parties can access it. By using decentralized storage AI platforms can reduce their dependence on vulnerable cloud providers and build a more resilient infrastructure.

****AI and Cybersecurity Future****

As AI adoption grows so will the sophistication of attacks on AI systems. Solving these security challenges requires continuous innovation and collaboration between AI developers, security experts and regulatory bodies.

Several trends are shaping AI security. Federated learning is emerging as a method where AI models are trained across decentralized devices without sharing raw data, more privacy. Blockchain-powered AI security uses smart contracts and distributed ledgers to ensure transparency and prevent unauthorized modifications. AI is being used to detect security threats in real-time, more resilience against attacks.

With cyber threats getting more sophisticated, AI platforms need to get proactive with security to be trusted and reliable. Companies need to realize that security is not an afterthought but a foundation of AI innovation. 

Whether through decentralized infrastructure, encryption protocols or secure AI training environments, the future of AI security is resilience, transparency and bleeding-edge tech. By security from the start, AI developers and companies can build systems that are intelligent and threat-proof.

How These Decentralized AI Solutions Secure Their Services in a Disruptive Industry

A new phishing campaign is targeting businesses with fake Facebook copyright notices.  Learn how to spot the signs and keep your Facebook account secure.

Facebook, the world’s leading social media platform, has become the subject of a new **phishing campaign** that has targeted over 12,000 email addresses across hundreds of businesses, reveals the latest research from Check Point Research (CPR). 

This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.

Reportedly, scammers are leveraging **Salesforce’s automated mailing** service to distribute these deceptive emails, without manipulating the sender ID, which makes these emails appear to originate from \[email protected\], lending a sense of authenticity to their operation.

These emails carry counterfeit Facebook logos and falsely accuse recipients of copyright infringement. Such as in a sample email screenshot researchers have shared, the attackers cite the unauthorized use of copyrighted music owned by Universal Music Group as the issue. 

According to CPR’s **report**, recipients are then threatened with account restrictions, including limitations on posting, live streaming, or advertising unless they contest the claim within a short timeframe.

2 of the phishing emails used in the campaign (Via CPR)

This deception continues with a fraudulent Facebook support page, the link to which is included in the email and unsuspecting victims are prompted to enter their login credentials. This page is designed to extract sensitive information, falsely claiming that these details are necessary for an account review rather than disablement.

The landing page itself mimics the legitimate Facebook interface as shown in the screenshot. It features an “Account Overview” section with details of a supposed “Account Restriction.”  It falsely claims the user is “not allowed to use Meta Products to advertise” due to non-compliance with Advertising Standards.  The page includes fake options to “Request a review” and “Unlock advanced features,” further enticing victims to provide their credentials.

The screenshot reveals a cybercriminal’s fraudulent landing page designed to harvest login credentials (Via CPR)

This campaign threatens Facebook-dependent businesses worldwide by allowing cybercriminals to control their admin accounts, alter content, manipulate messaging, delete posts, and modify security settings. This can lead to negative consequences such as client trust erosion, customer attrition, and potential legal actions. For businesses in regulated industries like healthcare and finance, breaches can result in non-compliance, fines, and legal challenges, researchers noted.

It is worth noting that Facebook is often targeted in copyright infringement-based scams. Last year, **Hackread reported** a sophisticated scam targeting META business owners, claiming their page would be permanently deleted due to a post allegedly infringing on trademark rights, forcing them to click on malicious links under the guise of resolving policy violations.

Therefore, organizations should implement a clear incident response plan, including steps for recovering compromised accounts, setting up alert systems for suspicious logins and unusual account activity and training employees to verify Facebook account page status. These strategies can significantly reduce vulnerability to the campaign.

Scammers Use Fake Facebook Copyright Notices to Hijack Accounts

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats…

Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and **cybersecurity threats** are more sophisticated than ever. Artificial intelligence (AI) has stepped in as the most powerful tool to combat these challenges, but it’s no longer just about automation; it’s about making real-time decisions that prevent losses before they happen.

The impact of AI in logistics is undeniable. Companies leveraging **AI in logistics and transportation** have reported up to a **30%** (PDF) reduction in delivery times and 12% lower fuel costs, while AI-driven fraud detection systems are cutting supply chain losses by 40%.

However, AI’s expansion into logistics has also **opened new vulnerabilities**, as cybercriminals are finding ways to manipulate automated systems, hack self-driving fleets, and disrupt global supply chains. AI is not just revolutionizing logistics, it’s becoming the next growing target for cyberattacks

****Cybersecurity Risks in AI-Powered Logistics****

As logistics companies increasingly rely on AI-driven automation, they also expose themselves to cyberattacks that target these very systems. One of the most infamous cyberattacks in supply chain history, the **NotPetya ransomware attack on Maersk**, cost the company over $300 million, bringing global shipping to a standstill. Similarly, hackers are now attempting to breach AI-driven warehouses, manipulate cargo tracking systems, and exploit self-driving vehicle software to reroute valuable shipments.

The rise of AI-powered fraud is another growing concern. Cybercriminals are using AI to predict shipment schedules, intercept high-value goods, and manipulate route optimization algorithms to misdirect cargo. In some cases, attackers have even **poisoned AI models**, feeding them false data to cause miscalculations in supply chain forecasting. Without proper cybersecurity measures, AI-driven logistics can become a liability instead of an asset.

****How AI is Strengthening Cybersecurity in Logistics****

Fortunately, AI is not just a target; it’s also a powerful defence against cyber threats in logistics. Companies are deploying AI to detect anomalies, prevent fraud, and monitor logistics networks for suspicious activity in real time.

**AI-powered fraud detection** systems now scan supply chains for unusual shipment patterns, unauthorized reroutes, and manipulated cargo tracking data, helping prevent cargo theft before it happens.

AI is also playing an important role in predicting and preventing ransomware attacks on logistics infrastructure. By analyzing behavioural data, AI-driven security platforms can identify possible cybersecurity threats before they execute, reducing the risk of supply chain-wide disruptions. With cybercrime damages **projected** to reach $10.5 trillion annually by 2025, logistics companies must integrate AI-driven security into their operations, or risk falling victim to cybercriminals.

****AI’s Role in Logistics Security and Cybercrime****

While AI is strengthening supply chain security, cybercriminals are also exploiting it to deploy **AI-powered hacking tools** to exploit vulnerabilities. One of the most concerning trends is adversarial AI attacks, where hackers could manipulate AI learning models to create errors in logistics decision-making.

These attacks may lead to mismatched shipments, delayed deliveries, and unnecessary fuel consumption, costing businesses millions. To fight these threats, logistics companies must deploy AI-driven cyber threat detection systems, ensuring that their own AI models cannot be compromised by external attacks.

****The Future of AI in Logistics: Security is Non-Negotiable****

The logistics industry is moving toward an AI-driven future, but without proper cybersecurity safeguards, AI itself can become a major risk. In the coming years, more and more supply chain platforms will be AI-driven, but these systems will need security frameworks to prevent AI manipulation and hacking. Regulations such as the **EU’s AI Act** are already enforcing strict compliance measures, requiring logistics companies to ensure AI security in automated transportation and warehouse operations.

Autonomous trucking is another area where AI security is becoming a priority. AI-driven self-driving fleets are expected to **reduce shipping costs** by 20-25%, but without proper cybersecurity protocols, they could be hacked to cause accidents, rerouted deliveries, or large-scale disruptions. Logistics leaders must now invest in AI-driven cybersecurity solutions to protect their fleets, warehouses, and digital infrastructure.

****AI in Logistics: The Difference Between Growth and Crisis****

AI is no longer just a tool for efficiency, it’s a critical component in protecting logistics companies from financial and cyber threats. Organizations that fail to secure their AI-powered logistics systems face significant risks, including multi-million-dollar cyberattacks, AI-driven fraud, and supply chain disruptions.

The companies that act now, investing in AI-powered security and fraud detection, will dominate the future of logistics. Those that don’t risk falling victim to cybercriminals who are already targeting AI-driven supply chains.

The question is no longer whether AI should be part of logistics, it’s whether companies can protect their AI systems before it’s too late.

1.  **Harnessing AI for Proactive Threat Intelligence**
2.  **Using AI in Business Security Decision-Making**
3.  **Why Many New AI Tools Aren’t Available In Europe?**
4.  **Top AI Trends of 2025 Businesses Should Be Ready For**
5.  **How Will Blockchain Technology Revolutionize Logistics?**

AI’s Role in Cutting Costs and Cybersecurity Threats in Logistics

PlayStation Network Down: PSN is experiencing a major outage, affecting account login, online gaming, PlayStation Store, and more.…

PlayStation Network Down: PSN is experiencing a major outage, affecting account login, online gaming, PlayStation Store, and more. No fixed ETA from Sony yet.

The PlayStation Network (**PSN**) is facing a major outage, leaving gamers around the world unable to access key online features. The disruption, which began around midnight on February 8, 2025, has continued for hours, causing frustration among PlayStation users.

Sony has acknowledged the issue on its official PSN status page, but details on what’s causing the problem remain unclear.

****Widespread Service Disruptions****

According to Sony’s status page, the following services are currently affected:

**Account Management**: Players are struggling to sign in, create new accounts, or manage their existing profiles. Without access to this, many other online features remain inaccessible.

**Gaming and Social Features**: Launching games, using apps, and accessing online multiplayer features have become nearly impossible. This has disrupted popular titles like Call of Duty, Fortnite, and EA FC 24, which require PSN connectivity to function properly.

**PlayStation Video**: Users are unable to stream or download movies and TV shows through PlayStation Video.

**PlayStation Store**: Sony’s digital marketplace is down, preventing users from browsing, purchasing, downloading, or redeeming vouchers for games and content. This means players can’t access new titles or expansions.

**PlayStation Direct**: Even Sony’s official store for physical products is affected, with reports of issues when searching, browsing, and purchasing items.

Impacted services (Screenshot Sony/PSN)

****All Platforms Affected****

The outage isn’t limited to just the PlayStation 5 or PlayStation 4; it extends across all PlayStation platforms, including the PS3, PS Vita, and even web-based access. This suggests the issue is widespread rather than tied to a specific console or region.

While Sony has confirmed the outage, updates have been minimal, and there’s no clear explanation or estimated time for a fix. Gamers have taken to social media to express their frustration, with the hashtag **#PSNdown** trending as users share their experiences and demand more transparency.

******What’s Causing the Outage?******

For many, PlayStation consoles are more than gaming devices; they’re entertainment hubs for streaming, digital purchases, and social interactions. The ongoing outage is affecting users who rely on PlayStation for movies, TV shows, and online purchases, making the disruption even more frustrating.

Sony has yet to reveal the cause of the issue. Speculation online includes server failures and even possible **cyberattacks**, but without confirmation from Sony, these remain rumors.

****What’s Next?****

The outage is still ongoing, and there’s no clear timeline for when services will be fully restored. Users are encouraged to check the **PlayStation Network Service Status** page and PlayStation’s official social media channels for updates.

For now, a large part of the PlayStation experience remains offline, leaving players waiting for Sony to bring the network back online.

PlayStation Network Down; Outage Leaves Gamers Frustrated

LLMjacking attacks target DeepSeek, racking up huge cloud costs. Sysdig reveals a black market for LLM access has…

LLMjacking attacks target DeepSeek, racking up huge cloud costs. Sysdig reveals a black market for LLM access has emerged, with ORP operators providing unauthorized access to stolen accounts. Find out how attackers steal access and monetize LLM usage. 

The Sysdig Threat Research Team (TRT) has observed the rapid evolution of LLMjacking attacks since their **initial discovery** in May 2024, including the expansion to new Large Language Models (LLMs) like DeepSeek. Just days after DeepSeek-V3’s release, it was, reportedly, integrated into ORP instances, demonstrating the speed with which attackers adapt. 

****Exploitation of DeepSeek API Keys and Monetization of LLMjacking****

According to researchers, similarly, DeepSeek-R1 was incorporated into these platforms shortly after its release. Multiple ORPs have been found populated with DeepSeek API keys, indicating active exploitation of this new model. 

LLMjacking, driven by the high costs associated with cloud-based LLM usage, involves attackers compromising accounts to utilize these expensive services without paying. As per TRT’s updated findings, LLMjacking has become a well-established attack vector, with online communities actively sharing tools and techniques. 

They observed a rise in the monetization of LLMjacking where LLM access is being sold through ORPs (OpenAI Reverse Proxies) with one instance reportedly selling access for $30 per month. Operators often underestimate the costs associated with LLM usage, whereas researchers noticed that in one instance, with an uptime of just 4.5 days, nearly $50,000 in costs were generated, with Claude 3 Opus being the **most expensive**.

One of the ORP instances operated by an attacker (Via Sysdig)

****The Scale of Resource Exploitation****

The total token (LLM-generated words, character sets, or combinations of words/punctuation) usage across observed ORPs exceeded two billion, highlighting the scale of resource exploitation. The victims are legitimate account holders whose credentials have been stolen.

ORP usage remains a popular method for LLMjacking.  ORP servers, **acting as reverse proxies** for various LLMs, can be exposed through Nginx or dynamic domains like TryCloudflare, effectively masking the attacker’s source.  These proxies often contain numerous stolen API keys from different providers like OpenAI, Google AI, and Mistral AI, enabling attackers to provide LLM access to others. 

“Sysdig TRT found over a dozen proxy servers using stolen credentials across many different services, including OpenAI, AWS, and Azure. The high cost of LLMs is the reason cybercriminals (like the one in the example below) choose to steal credentials rather than pay for LLM services,” researchers noted in the **blog post**.

****Online Communities Exploiting LLMjacking****

Online communities like 4chan and Discord facilitate the sharing of LLM access through ORPs. Rentry.co is used for sharing tools and services. Researchers discovered numerous ORP proxies, some with custom domains and others using TryCloudflare tunnels, in LLM prompt logs within honeypot environments, tracing back to attacker-controlled servers.

Credential theft is a significant aspect of LLMjacking, where attackers target vulnerable services and use verification scripts to identify credentials for accessing ML services. Public repositories also provide exposed credentials. Customized ORPs, often modified for privacy and stealth, are used to access stolen accounts.

To combat LLMjacking, securing access keys and implementing strong identity management are crucial.  Best practices include avoiding hardcoding credentials, using temporary credentials, regularly rotating access keys, and monitoring for exposed credentials and suspicious account behaviour.

Hackers Monetize LLMjacking, Selling Stolen AI Access for $30 per Month

A joint operation by Spanish law enforcement has resulted in the apprehension of Natohub, a “dangerous hacker” suspected of orchestrating numerous cyberattacks against prominent organizations in Spain and internationally.

A joint operation between the National Police and the Civil Guard concluded in the arrest of a suspected cybercriminal in Calpe, Alicante. The individual, whose name has not been released but goes by the handle of Natohub on **Breach Forums**, is allegedly responsible for over 40 cyberattacks targeting public and private entities in Spain and internationally and compromising personal data and sensitive documents.  

Among the Spanish government entities reportedly affected are the Civil Guard, the Ministries of Defence and Education, the National Currency and Timbre Factory, several Spanish universities and the Generalitat Valenciana, the governing body of the Valencian Community.

Internationally, databases belonging to NATO, the US Army, the United Nations, and the International Civil Aviation Organization (ICAO) were targeted.

ICAO publicly **acknowledged** the incident last month, after an account known as “Natohub” leaked information from the breach on the cybercriminal forum BreachForums, also claiming to possess the personal data of 14,000 UN delegates. 

“Natohub” on Breach Forums (Screenshot credit: Hackread.com)

“The reported information security incident involves approximately 42,000 recruitment application data records from April 2016 to July 2024 claimed to be released by the threat actor known as Natohub,” ICAO confirmed.

According to the Spanish police’s **official press release**, the arrest took place after an extensive investigation into crimes involving the unauthorized access and disclosure of sensitive information, damage to computer systems, and money laundering. 

The investigation began in February 2024 after a complaint from a Madrid business association that discovered their data published on a “specialized data leak forum.” Research revealed their website was compromised, data extracted, and the site defaced with a message claiming the hack. Eventually, investigators uncovered a pattern of cyberattacks occurring throughout 2024, culminating in late December, prompting the arrest.

“He attacked international agencies and governmental organizations by accessing databases with personal information from employees and clients, as well as internal documents that were subsequently sold or freely published in forums,” authorities noted.

Moreover, the individual used anonymous messaging apps and specialized navigation tools to create a complex technical network that made tracking a challenge for investigators. 

Authorities seized computer equipment, an iPhone, and around 50 cryptocurrency accounts containing “different types of cryptoactive” from the suspect’s residence. Spanish news outlet Larazon reports that the suspect is 18 years old and was released after a court appearance on the condition of passport confiscation.

Authorities Use Cellebrite to Extract Data from suspect’s iPhone (Via Spanish Police)

The National Cryptological Centre (CCN) of the National Intelligence Centre (CNI), the EUROPOL and the US Homeland Security Investigations (HSI) also assisted in this operation. This arrest is part of a larger effort by Spanish law enforcement to crack down on cybercrime, working with international agencies to dismantle cybercriminal operations originating within the country.

1.  Police Dismantle SIM Swapping Gang in Spain
2.  Spanish Police Nab Leader of Kelvin Security Hacker Group
3.  FBI Kills Kelihos Botnet after Russian Hacker Arrested in Spain
4.  Alcasec Hacker, aka “Robin Hood of Spanish Hackers,” Arrested
5.  Two Arrested in Spain as Authorities Dismantle Cracked and Nulled

Source

HackRead