Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated…

Businesses are perpetually under pressure to innovate in a **fast-paced digital era**. But legacy applications, written with outdated technologies, slow down progress and efficiency. However, legacy app migration provides a strategic solution to overcome this challenge and help organizations modernize their systems and gain scalability, security as well as performance.

We explore the concept of legacy app migration, its vital signs in the modern technological world, and how companies are using migration strategies to unlock new growth and innovation possibilities.

****What is Legacy App Migration?****

Legion migrates legacy apps by moving older software from old frameworks, platforms, or infrastructures to new ones. It is also a process for **migrating to the cloud platform**, changing underlying technologies, or reengineering the applications to current business requirements.

Migration is a bigger deal than just being a technical exercise; it’s a key step in bringing IT systems in line with business goals. With legacy app modernization, businesses eliminate inefficiencies and cost reduction, while increasing the capacity to respond to market dynamics.

****Legacy App Migration: Why You Need It****

Though legacy applications are usually reliable, they can become liabilities. Inevitably, however, they are based on obsolete technology that does not play well with modern systems or tools. These applications may also find themselves unable to support today’s digital ecosystem such as high volumes of traffic requiring enhanced security or real-time data processing.

The high maintenance cost of legacy systems is one of the biggest hurdles for legacy systems. But as the technologies become obsolete, the finding of skilled professionals who are willing and able to maintain, and upgrade these systems becomes more difficult. Secondly, organizations are more exposed to potential risks because of legacy systems which are more vulnerable to security breaches.

Legacy app migration manages these challenges by taking legacy systems and turning them into modern, energy-efficient applications. Moreover, it ensures business continuity and increases organizations’ ability to innovate and compete.

****Legacy App Migration: Transforming Outdated Systems****

Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated technologies, slow down progress and efficiency. However, legacy app migration provides a strategic solution to overcome this challenge and help organizations modernize their systems and gain scalability, security as well as performance.

We explore the concept of legacy app migration, its vital signs in the modern technological world, and how companies are using migration strategies to unlock new growth and innovation possibilities.

****Moving the Legacy App****

Though legacy applications are usually reliable, they can become liabilities. Inevitably, however, they are based on obsolete technology that does not play well with modern systems or tools. These applications may also find themselves unable to support today’s digital ecosystem such as high volumes of traffic requiring enhanced security or real-time data processing.

The high maintenance cost of legacy systems is one of the biggest hurdles for legacy systems. But as the technologies become obsolete, the finding of skilled professionals who are willing and able to maintain, and upgrade these systems becomes more difficult. Secondly, organizations are more exposed to potential risks because of legacy systems which are more **vulnerable to security breaches**.

Legacy app migration manages these challenges by taking legacy systems and turning them into modern, energy-efficient applications. Moreover, it ensures business continuity and increases organizations’ ability to innovate and compete. Cloud environments allow organizations to scale resources up or down based on demand, reducing operational costs and enhancing performance.

****Choose the Right Partner for Legacy App Migration****

Residing in the realm of legacy app migration is complicated stuff, and wisdom and proper planning are needed. A successful transition requires choosing the right partner.

A reliable migration partner starts by understanding the organization’s specific problem and objective. What they will do is run a thorough analysis of the system that is currently there and come up with a tailor-made migration strategy that will work in favor of the organization.

There are certain things that are critical: experience and a proven track record. Legacy app migration companies like ModLogix provide end-to-end services that ease the whole process and achieve top results. ModLogix brings a deep expertise in modern technology and industry-based approaches, making seamless changes in line with the business objective.

****Board of Legacy App Migration****

Legacy applications benefit from migrating to not only the latest apps but also to the best apps available today. Modern systems are much more reliable, secure, and adaptable allowing organizations to achieve their strategic goals.

One of the first and biggest advantages is operational efficiency. Applications are being modernized to be fast and scalable reducing downtime and boosting productivity. Another key superior is security. Installing a modern framework would protect business-sensitive data and comply with the regulatory requirements by replacing outdated technologies.

Legacy app migration not only makes your old apps work in a new environment, but it also allows for innovation. Modernized systems work in concert with the most advanced tools like artificial intelligence and data analytics to enable organizations to make data-driven decisions and explore new opportunities.

****Legacy App Migration: Future Trends****

Legacy app migration is growing more sophisticated as technology moves along. How organizations approach modernization is changing due to emerging trends.

Migration efforts are manifesting through artificial intelligence and machine learning. These technologies can automate complex processes, analyze legacy systems, and recommend the best migration strategy which slashes down the costs as well as spike the accuracy.

The other big trend is cloud-native development. Building scalable and resilient apps is on every organization’s microservices, containers, and serverless computing. These approaches are in line with a dynamic market and create flexibility for long-term adaptation.

Edge computing also has an impact on **legacy app migration** strategies. Edge computing processes data nearer to the source and improves the performance of modernized applications, especially in real-time scenarios.

****Conclusion****

Legacy app migration is a necessary process when updating older systems in preparation for the future. Businesses thus leveraging the ability to transform legacy applications into high-performing, secure, and adaptable solutions will open up new avenues for growth and innovation.

Trusted partners such as ModLogix simplify the migration process making the transition easy and successful outcomes. With legacy apps being the mainstay of business, it is time to take a migration of those legacy apps seriously in an era where agility and scalability are more important than ever.

1.  **Cross Tenant Microsoft 365 Migration**
2.  **Types of SaaS Applications: Categories and Examples**
3.  **Building Your First Web Application with Yii Framework**
4.  **How To Make Drupal Migration Successful: 6 Useful Tips** 
5.  **Using Power of Cloud App Dev & DevOps for Modern Businesses**

Legacy App Migration: Transforming Outdated Systems

Integrate weather APIs to enhance your app with real-time data, forecasts, and personalized insights. Improve user experience while…

Integrate weather APIs to enhance your app with real-time data, forecasts, and personalized insights. Improve user experience while managing costs and scaling globally.

The integration of weather APIs can do wonders for any web or mobile application. Whether it is food delivery apps, which need to know the exact time required to deliver ordered food so they can estimate delays caused by weather, or travel apps that can provide the best times to explore a place, the use cases are endless.

The concept of API integration may sound quite simple, but there’s more to it than just plugging in a key and hoping for the best. So, here are a few top tips to get it right, as well as how to get the most out of the weather data that’s about to be unlocked.

*   Think Beyond Basics
*   Handle Errors Gracefully
*   Test, Test, and Test Again
*   Monitor API Costs and Usage
*   Set Up a Reliable Update Schedule
*   Integrate Weather Data Intelligently
*   Plan for Regional and Global Scaling
*   Think About the Data You Really Need

****Think About the Data You Really Need****

Weather APIs can return a lot of data, like temperature, humidity, wind speed, precipitation levels, UV index, air quality, and so on. But do you need it all? Integrating extra data that you don’t need will just bloat your application, slow it down, and make it more difficult to deliver what’s important to your users.

For instance, if your app provides services to plan outdoor events, your requirements might be limited to precipitation forecasts and wind speed. In contrast, logistics will make you interested in road visibility and extreme weather alerts. The narrowing of focus saves bandwidth and keeps the application clean and efficient.

****Plan for Regional and Global Scaling****

Different locations have dramatically different weather, so if your application covers a global audience, that’s a factor to keep in mind. Some APIs have proven very good at hyper-local data while others may be better at giving wider, international coverage.

Also, it’s very important how location-specific weather data interfaces into your app. Will you require the user to physically type their location, or will you use GPS to automatically pull that information? And don’t forget about time zones, it may sound basic, but often it’s that little overlooked detail that gives way to embarrassing errors like showing nighttime weather for a city in broad daylight.

****Set Up a Reliable Update Schedule****

Weather data is fast-changing, so the frequency at which your app pulls updates will be important to determine. Pulling updates too often can overwhelm your servers and possibly your wallet, depending on your API pricing model. On the other side of that coin, pulling data too infrequently could leave users with stale information.

A good rule of thumb? Match the update frequency with the type of data. For instance, real-time weather apps may want to refresh every 10 minutes, while applications showing a general forecast could refresh every few hours. Most APIs will have options to tune this, so find that sweet spot that balances accuracy and performance.

****Handle Errors Gracefully****

Let’s face it, things can and do go wrong: APIs might be unavailable, data might not load, or you might have reached your request limit. Rather than leave your users staring at some error screen, make sure you’ve got fallbacks in place.

You could cache the last successfully fetched data and show that as a temporary placeholder, for instance. Even better, you could actually pass on the problem in a humanly sounding way, something like: _“Oops! Looks like we’re having an issue loading the latest and greatest weather updates. Hold on while we work it out.”_ Transparency does indeed go a long way with users, even in regard to glitches.

**Security Tip**: Make sure to secure your API keys by storing them in environment variables or using secret management tools to avoid exposure in code repositories.

****Integrate Weather Data Intelligently****

Weather data is only as good as how it’s presented. Smashing a bunch of raw numbers on the screen doesn’t mean anything to users other than a meteorologist. Instead, focus on providing insight.

For example, instead of showing only a temperature of 95°F, you could show _“It’s 95°F outside; perfect for the pool, but don’t forget sunscreen!”_

If your app has to do with travel, you may want to alert your users with _“Expect flight delays this afternoon due to thunderstorms.”_ Matching the weather data with the purpose of your app improves the user experience and makes the data resonate more.

****Choosing the Right Weather API****

Choosing the right API depends on a number of factors including real-time updates, and advanced forecasting models. According to Tomorrow.io, an American weather technology company which provides real-time weather forecasting services and APIs, it must also offer flexible integration options, which make it ideal for both small-scale and enterprise-level applications.

****Example Code****

python  
Copy code  
def interpret\_weather(weather\_data):  
    try:  
        temperature = weather\_data  
        weather\_code = weather\_data

        # Map weather codes to descriptions  
        weather\_descriptions = {  
            0: "Clear skies",  
            1001: "Cloudy",  
            1100: "Partly cloudy",  
            1101: "Mostly cloudy",  
            1102: "Overcast",  
            4000: "Drizzle",  
            4200: "Light rain",  
            5000: "Snow",  
            8000: "Thunderstorms",  
        }

        description = weather\_descriptions.get(weather\_code, "Unknown weather conditions")

        # Provide actionable advice based on the data  
        if temperature > 90:  
            advice = "It's hot outside! Stay hydrated and avoid prolonged sun exposure."  
        elif temperature < 32:  
            advice = "It's freezing! Make sure to bundle up if you're going out."  
        elif "rain" in description.lower() or "drizzle" in description.lower():  
            advice = "Rain is expected. Don't forget to carry an umbrella!"  
        else:  
            advice = "The weather looks good. Have a great day!"

        return f"{description}, {temperature}°F. {advice}"

    except KeyError:  
        return "Unable to interpret weather data at this time."

****Test, Test, and Test Again****

Even after the API has been integrated, do not stop here. This must be tested in real-life scenarios and across a variety of devices.

You will also want to make sure the data reflects real-world conditions. Compare the API output against other trusted sources for the weather to make sure the API truly reports accurately. Bugs and inconsistencies here kill user trust in record time.

****Think Beyond Basics****

Sure, showing the weather is cool, but why stop there? Weather APIs can unlock a world of creativity for your app. For example, fitness apps can suggest ideal outdoor workout times based on weather, or retail apps can time promotions for raincoats or sunscreen.

****Monitor API Costs and Usage****

While weather APIs are extremely useful, they can also be expensive if your application gains popularity. Pay attention to API request limits and consider batching requests or caching data to save costs.

****Wrapping It Up****

The real power is unleashed only when you take the proper approach to integrating the API into your app. Finding the right API, distilling the relevant information, and prioritizing a user-centric approach is critical in converting raw weather into something far more meaningful.

Looking ahead, AI-powered forecasting and IoT integrations may provide even more personalized and predictive weather insights. Don’t just show the weather; make it useful, engaging, and fun. Now go ahead, let your application rain or shine!

1.  **The Most Common API Vulnerabilities**
2.  **Study Finds AI Can Guess Crypto Seed Phrases in 0.02 Seconds**
3.  **How Does Automated API Testing Differ from Manual API Testing**
4.  **Blockchain Networks Using API Security Data to Mitigate Web3 Threats**
5.  **API Security in Open Banking: Balancing Innovation & Risk Management**

Top Tips for Weather API Integration and Data Utilization

PRESS RELEASE

DETROIT & TOKYO--(BUSINESS WIRE)-- VicOne, a leading automotive cybersecurity solutions provider, announced today it will co-host the zero-day vulnerability discovery contest, "Pwn2Own Automotive 2025," with Zero Day Initiative (ZDI). The event will take place from Wednesday, January 22 to Friday, January 24, 2025, at Tokyo Big Sight, West Hall, as part of the “17th AUTOMOTIVE WORLD 2025 – Advanced Automotive Technology Expo.” This will be the second Pwn2Own Automotive contest, following its highly successful debut in January 2024 where 49 zero-day vulnerabilities were discovered.

Pwn2Own Automotive helps build a foundation for automotive cybersecurity by strengthening cybersecurity measures and promoting the prevention of cyber incidents through the discovery of zero-day vulnerabilities. This event addresses growing concerns about vulnerabilities and increased attack risks with the growing adoption of software-defined vehicles (SDVs).

Through ZDI, the contest enables world-class security researchers to conduct real-world testing of the latest automotive technologies. By identifying zero-day vulnerabilities before they can circulate and become real-world cyber-attacks, the event facilitates swift countermeasures, helping prevent cyber threats and enhancing the overall security of automotive vehicles and products.

Additionally, the contest fosters innovation by recognizing the achievements of security researchers and offering over $1 million USD in total prizes. This incentivizes further research and development while providing hands-on experience that nurtures talent in the cybersecurity industry, ultimately contributing to an improved global cybersecurity landscape.

About Pwn2Own 2025 Automotive

Participants in "Pwn2Own Automotive 2025" will compete by earning points in four categories:

*   In-vehicle infotainment (IVI) systems
    
*   Electric vehicle (EV) chargers, and
    

Each contestant must demonstrate the ability to execute arbitrary code on the target devices or OS in their chosen category. They are allowed up to three attempts per target during the contest. Successful challenges earn points, and the participant or team with the highest points at the end of the contest is awarded the prestigious title of "Master of Pwn."

To qualify, the vulnerabilities targeted must be previously unknown, undisclosed, and unreported (according to the contest rules). Only the first participant to successfully complete a challenge in each category is eligible for a monetary reward. The order of the challenges is determined randomly through a draw.

“Through ZDI, we conduct research to address real-world cyberattack scenarios in the automotive sector. Hosting this contest in collaboration with VicOne, who has unmatched expertise and experience in automotive cybersecurity, is a key step in demonstrating our security research expertise within the automotive industry and the research community,” said

Brian Gorenc, VP of Threat Research at VicOne’s parent company, Trend Micro.

“Together with ZDI, VicOne is contributing to building a safer future for software-defined vehicles (SDVs). By discovering zero-day vulnerabilities, this event enables security researchers to uncover unknown, unpublished, and unreported vulnerabilities, facilitating early risk identification and mitigation within the automotive industry. Such efforts are critically important for the global automotive sector, especially as the evolution of SDVs accelerates,” said Max Cheng, CEO of VicOne

Registration Deadline

The deadline to register for the contest is 5:00 PM (JST) on January 16, 2025.

To complete registration, participants must submit a white paper detailing the vulnerability testing procedures and execution methods. Remote participation online is also available.

For more information about Pwn2Own Automotive and the contest rules, visit: https://www.zerodayinitiative.com/Pwn2OwnAuto2025Rules.html

VicOne and Partners at CES 2025

In addition, VicOne will be showcasing its award-winning comprehensive portfolio of cutting edge cybersecurity software and services for the whole automotive industry at the Las Vegas Consumer Electronics Show (CES), one of the most powerful tech events in the world (7-10 January 2025). Together with partners like P3 digital services, a leading provider of In-Vehicle Infotainment (IVI) systems, VicOne offers a safe and secure IVI environment for Android Automotive OS, with content protection for driver and all the vehicle’s passengers.

For more information about VicOne’s automotive cyber security portfolio please visit https://vicone.com/.

About VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro's 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit: www.vicone.com.

VicOne and Zero Day Initiative (ZDI) to Lead Pwn2Own Automotive

Your messages going back years are likely still lurking online, potentially exposing sensitive information you forgot existed. But there's no time like the present to do some digital decluttering.

If you're worried about possible expansions of government surveillance and access to your information, or simply want to do some digital purging so you're not saddled with old data, there are a bunch of concrete steps you can take to protect your digital privacy. Just as archeologists study carefully preserved tombs and ancient trash heaps to gain insight into historic communities, your long-forgotten digital footprint could be more revealing and sensitive than you realize. And while you can't control everything—particularly information stolen in breaches or gathered by data brokers—you probably have a digital attic full of old data that you can delete or download and save offline. First stop? Old message histories.

Chats are a good place to start your digital decluttering. Their real-time nature makes it easy to forget that if you don't have auto-delete turned on for a chat (or if a platform doesn't offer it), all of those “be there in 10 minutes,” “wait, what color is this dress???” and “welp, I have covid” messages are still knocking around years later. If you sent them on an end-to-end encrypted platform like Signal or WhatsApp, they only exist on your device and the devices of the other person or people you were chatting with. That means that for governments or bad actors to read them, they would need direct control of your device—a good level of protection, though not foolproof.

Crucially, though, messages that you sent on regular web apps like Slack, Facebook Messenger for most of its history, and Google Chat/Hangouts/Gchat are sitting on a cloud server somewhere. And while they're probably stored in an encrypted form to protect against theft, the platform itself has the keys to decrypt your data and would be able to comply with government requests for it, no matter how old the information is. Sure, all of those “u up?"s may not seem significant now, but years and years of chat histories can paint a very detailed picture of your life, associations, political beliefs, and past movements and activity.

“Doing a good digital cleaning from time to time is a great habit, especially with social media and old chat messages,” says Kenn White, security principal at the database developer MongoDB and director of the Open Crypto Audit Project. “Who you were five or 10 years ago is probably very different than who you are today, so it's worth asking yourself, ‘Do I really need those seven-year-old inside jokes and sarcastic posts? Do I need to keep old group chat messages and carry them forward to every new phone I get?’”

Some programs like Apple's Messages make it easy to auto-delete your chat histories after a set period of time. On iOS, go to **Settings** > **Apps** > **Messages** and then scroll and tap **Keep Messages**. Then choose whether to keep messages forever, for one year, or for 30 days before auto-deleting.

On the free version of Slack, data older than a year is automatically deleted. The company keeps data forever on paid plans, unless the administrator sets up rolling deletion. This is useful if you have an active Slack with your friends, but most people who use Slack at work don't make decisions about administrative policies and can't control deletion. Keep this in mind for any communication you do on an employer's platforms. You may be able to go through and delete messages or files one by one, but you likely won't have the access to make policy decisions about automatic or batch deletion.

Similarly, you may want to go through your chats on Android or iOS and delete old SMS conversations. Meta's Messenger now offers auto-delete options, but for your existing chats, you have to go down the list on desktop or in the Messenger mobile app and delete chats one by one. Meta's other chat platforms, Instagram Chat and WhatsApp, are similar, except that WhatsApp has been end-to-end encrypted since 2016 instead of adding the protection recently.

Consider whether you've spent time chatting on other social platforms as well. X, for example, has been through a lot of changes since Elon Musk bought Twitter more than two years ago and took the company private again. Musk promised that he would add end-to-end encryption to DMs on X, and eventually debuted an opt-in encryption feature with the paid tier of the platform, but the company doesn't definitively say that the tool offers full end-to-end encryption and it isn't open source for vetting. You can delete individual messages or go through your chat list and delete whole DM conversations if you want to pare down the data you're keeping on the platform.

If you've had Gmail for a long time, the messenger service “Google Talk,” once colloquially known as “Gchat,” may have a special place in your heart. And perhaps, over the years, you went through the saga in which Gchat—which was once known for interoperability with platforms like AIM—became the siloed Google chat platform Hangouts, and then transformed again into what is now called Google Chat. Your chats on this platform through the years are still hanging around, but they're not all in the same place.

The crucial thing to understand is that Gchat was fully integrated with Gmail and wasn't a separate platform, so your chat histories all saved in your mail archive. To find them now, open Gmail and **search for the phrase in:chats** (using no quotation marks). Hundreds or thousands of chats from May 2013 and earlier may pop up. They must be deleted directly from Gmail. After May 2013, Google migrated Gchat users to Hangouts, and that history has come forward into what is now Google Chat, so you can delete whole chats or individual messages there.

“Messages sent and received with history on in Google Talk from before May 2013 (the time when Google Hangouts launched) are stored in Gmail under the ‘in:chats’ label. Those messages are not available in Google Chat and can be deleted directly from Gmail only,” Google spokesperson Ross Richendrfer tells WIRED. “In terms of Hangouts data—which was merged with Chat—core Chat controls (including deletion) will work.”

There are lots of other chat apps to consider, too, where old messages may still be lurking. Think about Skype chat or GroupMe. And there's one other complicating factor when you declutter your messages: Most deletion features only delete data from your account, and the messages live on in the accounts of the person or people you were chatting with. To do a total digital detox you need to recruit your community to delete their message archives as well.

Additionally, you may feel sentimental about burning your letters (aka deleting all of your old chats). If you're sad about hitting that trash icon, consider downloading chat histories with your closest friends or other loved ones and storing them on an encrypted external hard drive before deleting them from the cloud. This way, you don't have to give up that slice of life completely, but the data isn't controlled by other entities anymore.

“Some apps, including Signal, give one the ability to set a ‘self-destruct’ time on messages, perhaps in hours or weeks. This is worth considering to reduce your exposure, particularly if you travel outside the country, are politically active, or in any way have a higher public profile,” MongoDB's White says. “It's easy to dismiss the potential of attacks on our personal data and physical safety as something that's only a concern for some James Bond–type scenarios, but the hard truth is that threats exist in many forms, both online and in person.”

Hey, Maybe It's Time to Delete Some Old Chat Histories

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

Source: Anggalih Prasetya via Shutterstock

Most industry analysts expect organizations will accelerate efforts to harness generative artificial intelligence (GenAI) and large language models (LLMs) in a variety of use cases over the next year.

Typical examples include customer support, fraud detection, content creation, data analytics, knowledge management, and, increasingly, software development. A recent survey of 1,700 IT professionals conducted by Centient on behalf of OutSystems had 81% of respondents describing their organizations as currently using GenAI to assist with coding and software development. Nearly three-quarters (74%) plan on building 10 or more apps over the next 12 months using AI-powered development approaches.

While such use cases promise to deliver significant efficiency and productivity gains for organizations, they also introduce new privacy, governance, and security risks. Here are six AI-related security issues that industry experts say IT and security leaders should pay attention to in the next 12 months.

**AI Coding Assistants Will Go Mainstream — and So Will Risks**

Use of AI-based coding assistants, such as GitHub Copilot, Amazon CodeWhisperer, and OpenAI Codex, will go from experimental and early adopter status to mainstream, especially among startup organizations. The touted upsides of such tools include improved developer productivity, automation of repetitive tasks, error reduction, and faster development times. However, as with all new technologies, there are some downsides as well. From a security standpoint these include auto-coding responses like vulnerable code, data exposure, and propagation of insecure coding practices.

"While AI-based code assistants undoubtedly offer strong benefits when it comes to auto-complete, code generation, re-use, and making coding more accessible to a non-engineering audience, it is not without risks," says Derek Holt, CEO of Digital.ai. The biggest is the fact that the AI models are only as good as the code they are trained on. Early users saw coding errors, security anti-patterns, and code sprawl while using AI coding assistants for development, Holt says. "Enterprises users will continue to be required to scan for known vulnerabilities with \[Dynamic Application Security Testing, or DAST; and Static Application Security Testing, or SAST\] and harden code against reverse-engineering attempts to ensure negative impacts are limited and productivity gains are driving expect benefits."

**AI to Accelerate Adoption of xOps Practices**

As more organizations work to embed AI capabilities into their software, expect to see DevSecOps, DataOps, and ModelOps — or the practice of managing and monitoring AI models in production — converge into a broader, all-encompassing xOps management approach, Holt says. The push to AI-enabled software is increasingly blurring the lines between traditional declarative apps that follow predefined rules to achieve specific outcomes, and LLMs and GenAI apps that dynamically generate responses based on patterns learned from training data sets, Holt says. The trend will put new pressures on operations, support, and QA teams, and drive adoption of xOps, he notes.

"xOps is an emerging term that outlines the DevOps requirements when creating applications that leverage in-house or open source models trained on enterprise proprietary data," he says. "This new approach recognizes that when delivering mobile or web applications that leverage AI models, there is a requirement to integrate and synchronize traditional DevSecOps processes with that of DataOps, MLOps, and ModelOps into an integrated end-to-end life cycle." Holt perceives this emerging set of best practices will become hyper-critical for companies to ensure quality, secure, and supportable AI-enhanced applications.

**Shadow AI: A Bigger Security Headache**

The easy availability of a wide and rapidly growing range of GenAI tools has fueled unauthorized use of the technologies at many organizations and spawned a new set of challenges for already overburdened security teams. One example is the rapidly proliferating — and often unmanaged — use of AI chatbots among workers for a variety of purposes. The trend has heightened concerns about the inadvertent exposure of sensitive data at many organizations.

Security teams can expect to see a spike in the unsanctioned use of such tools in the coming year, predicts Nicole Carignan, vice president of strategic cyber AI at Darktrace. "We will see an explosion of tools that use AI and generative AI within enterprises and on devices used by employees," leading to a rise in shadow AI, Carignan says. "If unchecked, this raises serious questions and concerns about data loss prevention as well as compliance concerns as new regulations like the EU AI Act start to take effect," she says. Carignan expects that chief information officers (CIOs) and chief information security officers (CISOs) will come under increasing pressure to implement capabilities for detecting, tracking, and rooting out unsanctioned use of AI tools in their environment.

**AI Will Augment, Not Replace, Human Skills**

AI excels at processing massive volumes of threat data and identifying patterns in that data. But for some time at least, it remains at best an augmentation tool that is adept at handling repetitive tasks and enabling automation of basic threat detection functions. The most successful security programs over the next year will continue to be ones that combine AI's processing power with human creativity, according to Stephen Kowski, field CTO at SlashNext Email Security+.

Many organizations will continue to require human expertise to identify and respond to real-world attacks that evolve beyond the historical patterns that AI systems use. Effective threat hunting will continue to depend on human intuition and skills to spot subtle anomalies and connect seemingly unrelated indicators, he says. "The key is achieving the right balance where AI handles high-volume routine detection while skilled analysts investigate novel attack patterns and determine strategic responses."

AI's ability to rapidly analyze large datasets will heighten the need for cybersecurity workers to sharpen their data analytics skills, adds Julian Davies, vice president of advanced services at Bugcrowd. "The ability to interpret AI-generated insights will be essential for detecting anomalies, predicting threats, and enhancing overall security measures." Prompt engineering skills are going to be increasingly useful as well for organizations seeking to derive maximum value from their AI investments, he adds.

**Attackers Will Leverage AI to Exploit Open Source Vulns**

Venky Raju, field CTO at ColorTokens, expects threat actors will leverage AI tools to exploit vulnerabilities and automatically generate exploit code in open source software. "Even closed source software is not immune, as AI-based fuzzing tools can identify vulnerabilities without access to the original source code. Such zero-day attacks are a significant concern for the cybersecurity community," Raju says.

In a report earlier this year, CrowdStrike pointed to AI-enabled ransomware as an example of how attackers are harnessing AI to hone their malicious capabilities. Attackers could also use AI to research targets, identify system vulnerabilities, encrypt data, and easily adapt and modify ransomware to evade endpoint detection and remediation mechanisms.

**Verification, Human Oversight Will Be Critical**

Organizations will continue to find it hard to fully and implicitly trust AI to do the right thing. A recent survey by Qlik of 4,200 C-suite executives and AI decision-makers showed most respondents overwhelmingly favored the use of AI for a variety of uses. At the same time, 37% described their senior managers as lacking trust in AI, with 42% of mid-level managers expressing the same sentiment. Some 21% reported their customers as distrusting AI as well.

"Trust in AI will remain a complex balance of benefits versus risks, as current research shows that eliminating bias and hallucinations may be counterproductive and impossible," SlashNext's Kowski says. "While industry agreements provide some ethical frameworks, the subjective nature of ethics means different organizations and cultures will continue to interpret and implement AI guidelines differently." The practical approach is to implement robust verification systems and maintain human oversight rather than seeking perfect trustworthiness, he says.

Davies from Bugcrowd says there's already a growing need for professionals who can handle the ethical implications of AI. Their role is to ensure privacy, prevent bias, and maintain transparency in AI-driven decisions. "The ability to test for AI’s unique security and safety use cases is becoming critical," he says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

6 AI-Related Security Trends to Watch in 2025

IN THIS ARTICLE, YOU WILL LEARN: NFT-focused news website NFTEvening and the NFT market’s data and analytics-based platform…

**IN THIS ARTICLE, YOU WILL LEARN:**

*   **Study Overview**: NFTEvening and Storible collaborated on a study to test whether AI, specifically Long Short-Term Memory (LSTM) networks, can recover missing cryptocurrency seed phrases by analyzing 85.7 million combinations using the BIP39 word list.

*   **AI’s Capabilities**: The neural network, trained for 30 days, achieved a prediction rate of 994,051 guesses per second. It could recover one missing word in 0.02 seconds, two words in 29 seconds, and three words in 2.28 hours. Recovery of up to four words required 178 hours, with recovery times increasing exponentially for more missing words.

*   **LSTM Functionality**: LSTMs are a type of RNN that excels in sequential data processing, using memory cells and gates to predict and complete patterns in text-like data, making them suitable for seed phrase prediction.

*   **Security of Crypto Seed Phrases**: Despite AI’s advancements, the massive number of possible seed phrase combinations makes it practically impossible for AI to recover enough words to breach cryptocurrency wallets. For example, cracking eight missing words would take 174 times the universe’s age.

*   **Conclusion and Disclaimer**: The study shows that AI is not a current threat to cryptocurrency seed phrase security if the phrase remains secret. However, these findings are based on current AI capabilities and computational limits.

NFT-focused news website NFTEvening and the NFT market’s data and analytics-based platform Storible collaborated to conduct a study to investigate whether powerful AI, specifically a type called Long Short-Term Memory (LSTM), can crack cryptocurrency seed phrases. 

For this research, they analysed 85,714,285 seed phrase combinations using 2048 words from the BIP39 word list to determine the time it takes for AI to recover missing crypto seed phrases and the feasibility of LSTM networks in recovering lost or incomplete cryptocurrency phrases.

For this, a neural network was trained on a cloud-based server for 30 days to predict seed phrases and estimate recovery time. The model used LSTM architecture, achieving an average prediction rate of 994,051 guesses per second. The recovery time was analyzed using scenarios from one to twelve missing words.

The results showed that AI could retrieve one missing word in 0.02 seconds, two words in 29 seconds, three words in 2.28 hours, and up to four words in a max recovery time of 178. Moreover, AI can discover the correct seed phrase sequence of 12 words in just 8 minutes, whereas the time needed to recover 8 missing words from a seed phrase is 174 times longer than the universe’s current age.

****What is LSTM?****

For your information, a seed phrase is like a secret password for your cryptocurrency. It is a list of 12-24 words that gives you access to your digital wallet.

LSTM networks are Recurrent Neural Networks (RNN) that excel in remembering information over extended sequences. They incorporate memory cells and gates to control information flow, allowing them to effectively learn and predict patterns in sequential data like text and time series.

****How LSTMs Work in Seed Phrase Recovery****

LSTMs can predict the next likely word in a sequence or complete missing words by observing patterns in known seed phrases. Memory cells store crucial information, with three gates – forget, input, and output – regulating the flow of information. The forget gate discards irrelevant information, the input gate determines new information, and the output gate controls the next word prediction.

The researchers tried to use this AI to guess missing words in seed phrases. They tested it on millions of possible combinations. They found that even with this powerful AI, it would take an incredibly long time, longer than the universe’s age, to guess enough words to steal someone’s cryptocurrency.

The research indicates that AI is not a threat to your cryptocurrency if you keep your seed phrase secret. While AI may eventually crack seed phrases, it is currently highly secure. Though LSTMs offer powerful capabilities for sequence learning, the sheer number of possible combinations and the inherent complexity of seed phrase structures make successful recovery highly improbable.

_**Disclaimer:** This analysis provides an estimate based on current AI capabilities and computational power._

1.  AI-based Model to Predict Extreme Wildfire Danger
2.  Are We on the Brink of Saying Goodbye to Passwords?
3.  Google’s Gemini AI Chatbot Keeps Telling Users to Die
4.  Guessing passcode “just from the way we tilt our phone”
5.  unCAPTCHA algorithm Crack Google’s AI System reCAPTCHA

Study Finds AI Can Guess Crypto Seed Phrases in 0.02 Seconds

Explore how Ethereum revolutionizes industries with smart contracts, DeFi, NFTs, gaming, DAOs, and sustainability, shaping the future of…

Explore how Ethereum revolutionizes industries with smart contracts, DeFi, NFTs, gaming, DAOs, and sustainability, shaping the future of business innovation and blockchain technology.

Vitalik Buterin developed Ethereum in 2014 after taking inspiration from Bitcoin. However, he envisioned an open-source blockchain through which users could access smart contracts and trade cryptocurrency by excluding third parties. The reasons were clear: traditional financial companies risk compromising users’ data and exposing them to cybersecurity threats, which are less likely to occur on the blockchain, where users can maintain anonymity. Decentralization ensures robust maintenance through a network of global nodes and validators.

Since the blockchain offered developers many perspectives and tools, cryptocurrency has also become popular, reaching second place after Bitcoin. Now, you can buy Ethereum with a debit card or credit through Google Pay or Apple Pay, making it highly accessible globally.  Hence, one can say Ethereum’s future is bright, especially since the blockchain might become an innovative solution to modern problems. Here’s how. 

****Ethereum will promote the DeFi market** **

Decentralized Finance (DeFi) is expected to be the future of the financial industry, as it will merge features of decentralization, transparency and immutability into financial service companies like banks. This will be possible as security protocols, software, and hardware advancements will replace our current outdated systems. The financial sector of the future will ensure high accessibility to all communities, low fees for interest rates and autonomy due to decentralization. 

DeFi will be helpful for: 

*   Liquidity pools;
*   Prediction markets;
*   Non-fungible tokens;
*   Decentralized exchanges;

Developing DeFi apps might seem time-consuming at the moment. Moreover, we’re currently navigating uncertainty in regulations for crypto and blockchain, as well as in security measures, so it might take some time until DeFi apps can be safely used worldwide. 

****Ethereum will ensure access to smart contracts** **

Smart contracts are what made Ethereum so demanded by companies. They automatically seal contracts when the parties involved accomplish the predetermined instructions. Therefore, smart contracts could save companies a lot of time and money by employing automation, so there’s no need for third parties to be involved. 

Smart contracts can be useful in DeFi, for example, as they can allow fast and easy landing and borrowing. They can also help the supply chain management sector by automating the process of verifying product origin and tracing their history. Due to their benefits of interoperability and scalability, smart contracts can be applied to real estate, healthcare, and every other type of business. 

****Ethereum will innovate gaming** **

The gaming industry is one of the most successful ones, being one of the few sectors that flourished during the pandemic and continued growing after. Some of the most recent innovations in gaming include cloud gaming, AI-based development, and Virtual Reality, so it’s constantly changing to meet customer demands and expectations. 

Luckily, the Ethereum blockchain has already hopped on the trends, which is why blockchain P2E (play-to-earn) games are now widespread. Axie Infinity, the Sandbox, and Decentraland have already amassed millions of plays worldwide, allowing gamers to earn crypto while playing fun games. Most of these games are already based on the Ethereum blockchain as the network offers developers plenty of tools and mediums, so we expect it to innovate the gaming industry further. 

****Ethereum will enhance governance through DAOs****

In centralized networks, governance is based on a single central entity that makes all the critical decisions and manages businesses. While this system can be efficient because it ensures security and compliance, it can make it difficult for networks to scale and expose organizations to resistance to change. 

That’s why many are excited about working through DAOs (decentralized autonomous organizations) on Ethereum. Decisions here are made by multiple individuals, so participants are empowered to contribute to the group’s well-being. At the same time, participants’ votes are visible on the public blockchain, encouraging users to work together in building a safe space for investors and developers. 

****Ethereum can navigate business sustainability** **

Business sustainability is the latest industry trend, as companies must keep up with customer demand for green and ethical products. However, there are various challenges along the way, especially when it comes to holding companies accountable for their impact on nature. 

That’s where the Ethereum blockchain could help bring more transparency into the business area by tracking how much energy a business consumes and the carbon emissions resulting from various manufacturing or waste management actions. Ethereum is already equipped with such technology that can help assess external information through blockchain oracles. This technology would allow smart contracts to receive and send information on energy reports from the weather, for example. 

****Ethereum will power up non-fungible tokens** **

NFTs have been trending for a while as they offer investors new opportunities to expand their portfolios in a fun way. At the same time, the underlying technology allows for tokenizing real-world assets, from parcels of land to vehicles. 

The Ethereum blockchain allowed NFTs to grow and flourish, as artists had all the tools necessary to create and share them with communities. But in the future, we expect the blockchain to make it convenient for anyone to mint and trade NFTs, as the number of users that use NFTs is expected to grow to 11.64m by 2025, according to Statista. 

****Ethereum can ensure self-sovereign identity** **

Centralized systems expose users to cybersecurity vulnerabilities, leading to identity theft and unauthorized access. Luckily, with Ethereum blockchains, users will be able to store data on the network and choose who they’re sharing it with. 

This is called self-sovereign identity (SSI), which uses blockchain technology to make data more private and offer users control over their personal information. However, this would require them to use multiple identity platforms and keep track of their data alone. 

****Is Ethereum the perfect tool for future business innovation?** **

The Ethereum blockchain is an advanced network through which developers can learn to create NFTs, dApps, DAOs, and much more. The infrastructure uses smart contracts to deploy anything on the blockchain. Therefore, we expect Ethereum to become the driving force of future decentralization and efficiency. Users on the blockchain can promote DeFi, benefit from DAO governance, and make businesses more sustainable, which will ensure empowerment and high accessibility at the same time. 

1.  Could Bitcoin Be The Future Of DeFi?
2.  Is the Blockchain Secure? Yes, and Here’s Why
3.  Accepting Ethereum (ETH) for Businesses, An Overview
4.  Exploring the Phenomenal Rise of Ethereum as a Digital Asset
5.  Ethereum’s Layer 2 Solutions Could Outrun the Main Blockchain

_Editor’s Note: The information provided in this article is for informational purposes only and should not be considered financial advice. Please conduct your own research and consult a professional advisor before making any financial decisions, including buying or investing in cryptocurrency._

Why Ethereum Will Be a Key Platform for Businesses in the Future

In Russia’s war against Ukraine, electronic warfare, including signal-jamming, anti-drone weapons, and innovative protections for critical military systems, has become a key piece of the conflict.

The Invisible Russia-Ukraine Battlefield

This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.

Roy Akerman, VP of Identity Security Strategy, Silverfort

December 20, 2024

4 Min Read

Source: Supapixx via Alamy Stock Photo

A new zero-day vulnerability in NTLM discovered by researchers at 0patch allows attackers to steal NTLM credentials by having a user view a specially crafted malicious file in Windows Explorer — no need for the user to open the file. These password hashes can be used for authentication relay attacks or for dictionary attacks on the password, both for identity takeover.

NTLM refers to a suite of old authentication protocols from Microsoft that provide authentication, integrity, and confidentiality to users. While NTLM was officially deprecated as of June, our research shows that 64% of Active Directory user accounts regularly authenticate with NTLM — evidence that NTLM is still widely used despite its known weaknesses.

The flaw is exploitable even in environments using NTLM v2, making it a significant risk to enterprises that have not yet moved to Kerberos and are still relying on NTLM. Considering Microsoft may not patch this issue for a while, enterprise defenders should take steps to mitigate the vulnerability in their environments. This Tech Tip outlines how dynamic access policies, a few hardening steps, and multifactor authentication (MFA) can help limit attempts to exploit this vulnerability. Upgrading the protocol, where possible, could eliminate the issue completely.

**What Is the NTLM Vulnerability?**

When a user views a malicious file in Windows Explorer — whether by navigating to a shared folder, inserting a USB drive containing the malicious file, or just viewing a file in the Downloads folder that was automatically downloaded from a malicious Web page — an outbound NTLM connection is triggered. This causes Windows to automatically send NTLM hashes of the currently logged-in user to a remote attacker-controlled share.

These NTLM hashes can then be intercepted and used for authentication relay attacks or even dictionary attacks, granting attackers unauthorized access to sensitive systems. Attackers can also potentially use the exposed passwords to access the organization's software-as-a-service (SaaS) environment due to the high rates of synced users.

The issue impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022.

The fundamental problem with NTLM lies in its outdated protocol design. NTLM transmits password hashes instead of verifying plaintext passwords, making it vulnerable to interception and exploitation. Even with NTLM v2, which uses stronger encryption, the hashes can still be captured and relayed by attackers. NTLM's reliance on weak cryptographic practices and lack of protection against relay attacks are key weaknesses that make it highly exploitable. Moreover, NTLM authentication does not support modern security features, such as MFA, leaving systems open to a variety of credential theft techniques, such as pass-the-hash and hash relaying.

**What Defenders Need to Do**

To mitigate this vulnerability, Microsoft has updated previous guidance on how to enable Extended Protection for Authentication (EPA) on LDAP, Active Directory Certificate Services (AD CS), and Exchange Server. On Windows Server 2022 and 2019, administrators can manually enable EPA for AD CS and channel binding for LDAP. There are scripts provided by Microsoft to activate EPA manually on Exchange Server 2016. Where possible, update to the latest Windows Server 2025 as it ships with EPA and channel binding enabled by default for both AD CS and LDAP.

Some organizations may still be dependent on NTLM due to legacy systems. Those teams should consider additional authentication layers, such as dynamic risk-based policies, for protecting existing NTLM legacy systems against exploitations.

Harden LDAP configurations. Configure LDAP to enforce channel binding and monitor for legacy clients that may not support these settings.

Check impact on SaaS. If you are unsure whether there are applications or clients in your environment that rely on NTLMv2, you can use Group Policy to enable the Network Security: Restrict NTLM: Audit incoming NTLM traffic policy setting. This will not block NTLMv2 traffic but will log all attempts to authenticate using NTLMv2 in the Operations Log. By analyzing these logs, you can identify which client applications, servers, or services still rely on NTLMv2, so you can make targeted adjustments or updates.

Using Group Policy to limit or disable NTLM authentication via the Network Security: Restrict NTLM setting will reduce the risk of fallback scenarios where NTLM is unintentionally used.

Monitor SMB traffic. Enabling SMB signing and encryption can help prevent attackers from impersonating legitimate servers and triggering NTLM authentication. Blocking outbound SMB traffic to untrusted networks will also reduce the risk of NTLM credential leakage to rogue servers. Implement network monitoring and alerting for unusual SMB traffic patterns, particularly outbound requests to unknown or untrusted IP addresses.

Leave NTLM behind. NTLM has been deprecated. Administrators should audit NTLM usage to identify which systems still rely on NTLM. Organizations should prioritize transitioning those systems away from NTLM to more modern authentication protocols, such as Kerberos. Once a more modern protocol is in place, implement MFA to add an additional layer of protection.

Taking these steps will help organizations address the fundamental flaws in NTLM and improve their security posture.

**About the Author**

VP of Identity Security Strategy, Silverfort, Silverfort

Roy Akerman is the VP of Identity Security Strategy at Silverfort and former co-founder and CEO of Rezonate. Prior to Rezonate, Roy served as VP of Product and Innovation at Cybereason, responsible for growing 3 new business lines on cloud security, mobile defense, and XDR. Roy is leading product incubations and new business initiatives, fusing the practices of advanced Technology, Psychology, and Business in forming new disruptive products and anti-disciplinary innovation teams. Akerman is blending business and innovation practices acquired in his MIT and business journey with problem-solving and tech approaches based on his Government and Military experience. Roy has 20 years of experience in Cybersecurity, as one of the senior leaders and founders of NISA - the Israeli Equivalent to the NSA/Cyber Command, retired as the chief of global cyber operations. In this role, Roy and his teams ran global counter-cyber defense operations for Israel’s Cyber Defense, built cutting-edge cyber security tech. They established partnerships and alliances with numerous states and business partners.

How to Protect Your Environment From the NTLM Vulnerability

Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment — it calls for a collaborative effort.

Adam Finkelstein, Senior Vice President of Global Client Leadership, Sygnia

December 20, 2024

5 Min Read

Source: Pablo Lagarto via Alamy Stock Photo

COMMENTARY

Cyber warfare often mirrors traditional conflict, but as global geopolitical tensions continue to rise, the landscape of nation-state cyber-threat actors has shifted significantly. Recent events have spurred altered tactics, targets, and patterns of state-sponsored cyberattacks. While historically these threat actors focused primarily on critical infrastructure and government entities like energy grids and transportation, today's nation-state threat actors have expanded their scope further into the enterprise. 

This evolving threat landscape now demands that businesses strengthen their security posture and prepare for sophisticated nation-state-level attacks. The urgency is real — just recently, adversary groups like Velvet Ant, GhostEmperor, and Volt Typhoon have been spotted targeting major organizations, attempting to exfiltrate sensitive data and wreak havoc on critical systems. It's clear nation-state threat actors are moving out of the shadows and into the spotlight, and their threats are no longer on the horizon — they are at our doorstep. 

**Expanding Targets: Enterprises Under Siege**

In the past 12 months, an escalation of traditional conflicts has driven a rise in cyberattacks. For instance, as Iran supplies more weapons to Russia, and the US and Europe continue to impose additional sanctions against the country while arming Ukraine with advanced military capabilities, we can expect to see a rise in cyberattacks across various sectors. The vulnerability of critical infrastructure to cyber threats and heightened geopolitical tensions can be seen following the 2021 Colonial Pipeline attack, where prior agreements between US President Biden and Russian President Vladimir Putin to reduce cyberattacks on critical infrastructure were quickly abandoned with the eruption of the Ukraine war. 

As organizations digitize their services and operations, the interconnected nature of global business and infrastructure — and the vast amount of sensitive data they collect and store — have also made a wider range of enterprises attractive targets to nation-state threat actors. We are seeing increasing evidence of nation-state attacks, in unsuspecting industries like law, media, telecommunications, healthcare, retail, and supply chain logistics because of the sensitive data they are handling.

These companies hold high-value intellectual property, i.e., client information, patents, and proprietary contracts, and are often connected to wider networks of affiliates and vendors. A single cyberattack could grant the "keys to kingdoms" — undetected access to hundreds of critical systems and sensitive data — which is then leveraged by government-backed entities to gain a foothold in new markets and undercut competition. 

**Mission vs. ROI: Differentiating Nation-State Threat Actors From Ransomware Groups**

The key to defending yourself against a nation-state threat is first recognizing the different motives and goals of the threat actor. Unlike ransomware groups who are predominantly driven by financial return on investment (ROI) and, therefore, opt to target hundreds of businesses, waiting for one to bite, nation-state attackers are extremely well-resourced, mission-driven, and focused on long-term goals like stealing trade secrets, military intelligence, or high-profile personal information. Other motives include misinformation operations, disruption of critical infrastructure, and state financial gain under the guise of ransomware attacks. 

**Understanding the Technical Prowess of Nation-State Actors**

Nation-state threat actors have the time, technical expertise, and perseverance to achieve their specific goals — they have planned a highly targeted operation to gain knowledge through stealthy and persistent means, often moving laterally across networks to avoid detection, and reinfiltrating networks multiple times after being eradicated. They work diligently to hide their tracks from digital forensics and will go as far as to modify security logs, disable tools, encrypt systems, and alter timestamps, making it more difficult to attribute and differentiate their group, and hamper investigations.

Chinese-Nexus threat group, deemed Velvet Ant by Sygnia, demonstrated exceptional persistence by establishing and maintaining several footholds within its victim's environment — leveraging new techniques and the use of different technologies to evade detection. One method used for this persistence was exploiting a legacy F5 BIG-IP appliance, which was exposed to the Internet and leveraged as an internal command and control (C&C) system. The primary objective of this campaign was to maintain access to the target network for espionage purposes.

Similarly, a Demodex rootkit known to be used by GhostEmperor, a sophisticated nation-state actor first identified by Kaspersky in 2001, had resurfaced in the enterprise, attempting to carry out a wide-scale attack in 2023. The threat actor compromised servers, workstations, and user accounts by deploying the advanced rootkit and leveraging open source tools available on the Internet to communicate with a network of command-and-control (C2) servers, to avoid attribution.

**Navigating a More Complex Cyber Landscape**

Detecting and combating nation-state threat actors in the enterprise is an ongoing war, not just a battle. The most cyber-mature organizations assess and safeguard critical digital assets, prioritize network visibility, and take actionable steps consistently to strengthen their cyber resilience and hygiene in advance of a cyberattack. Other examples of key strategies include:

*   Regularly rehearsing various threat scenarios to clearly define response roles, at both technical and executive levels, and ensure a seamless and coordinated approach within the most critical first 24 hours of a crisis.
    
*   Utilizing and optimizing their security stack, prioritizing investment in tools that detect anomalies and offer both a holistic and a granular view of their networks and systems — because you can't find what you can't look for.
    
*   Looking into threat detection tools with AI and automation capabilities as part of their defense strategies to reduce costs and speed up digital forensic investigations.
    

Combating nation-state threat actors at the enterprise level requires more than just cyber readiness and investment — it calls for a collaborative effort. Before a crisis occurs, organizations should proactively build relationships with government agencies and industry peers. By fostering open communication and sharing insights and experiences, businesses can strengthen the wider security community and enhance collective defenses against these sophisticated nation-state-level threats.

**About the Author**

Senior Vice President of Global Client Leadership, Sygnia

Adam Finkelstein serves as the senior vice president of global client leadership at Sygnia. With more than two decades of expertise in directing business development and overseeing extensive security initiatives on a global scale, Finkelstein advises clients worldwide, including numerous Fortune 500 and Forbes Global 2000 companies. In his role, he oversees all aspects of Sygnia's client development, working hand-in-hand to proactively enhance their cyber resilience and thwart attacks within their networks.

Tag

#ios