Tag: news

In the ever-evolving world of cybercrime, attackers are now turning your phone’s contact list into a weapon. A newly discovered Android malware called Crocodilus is tricking users by injecting fake contact names like “Bank Support” or “Customer Care” — so when the scammer calls, your phone shows a trusted identity.

It’s one of the most deceptive phishing techniques we’ve seen yet.

Let’s break down how this attack works, what makes it dangerous, and what you can do to defend your device.

What Is Crocodilus and How Does It Work?

Originally known for targeting cryptocurrency wallets, Crocodilus has now upgraded its game. Instead of simply stealing data, it manipulates what you see and believe.

Here’s how the scam unfolds:

• The malware silently adds fake contacts to your phone labeled “Customer Service,” “Your Bank,” or “Fraud Support.”
• When scammers call, the name appears legitimate, so victims are more likely to trust and engage.
• During the call, they request bank verification, crypto wallet credentials, or direct you to “fix” a fake security issue—ultimately stealing your money or access credentials.

It’s social engineering meets malware—and it’s frighteningly effective.

How Far Has It Spread?

While Crocodilus originated in Turkey, it has already made its way to:

• Europe
• South America
• The United States

Its primary distribution method? Sideloaded apps—often promoted through Facebook ads, shady websites, or Telegram channels.

Key targets:

• Users installing apps outside of the Google Play Store
• Crypto wallet holders
• Mobile banking users
• Android users without active mobile security

Why It’s So Dangerous

• It uses your own trust against you — people rarely doubt names in their contact list.
• The attack feels personal — unlike phishing emails, this scam comes via a real phone call.
• Future-proof threat — Experts warn that this technique may soon extend to email contact lists, making phishing emails appear to come from someone you trust.

How to Protect Yourself from Fake Contact Malware

You don’t need to be a tech expert to stay safe. These simple precautions go a long way:

1. Review Your Contact List

Regularly scan your contact list. If you see entries you don’t remember adding, especially those with names like “Bank,” “Fraud Department,” or “Helpdesk,” delete them immediately.

2. Avoid Sideloading Apps

Never install Android apps from unofficial sources or ads. Stick to the Google Play Store, which has more rigorous vetting.

3. Verify Callers Independently

If you receive a call from “Bank Support,” hang up and call the real number listed on your bank’s website. Never share credentials over an unsolicited call.

4. Use Mobile Security Software

Install a trusted antivirus or mobile security app that scans for malware behavior, including unauthorized contact list modifications.

5. Watch for Future Evolutions

As this tactic gains traction, be alert to similar methods via email or messaging platforms that impersonate trusted senders.

Final Thoughts: Trust, But Verify—Always

Crocodilus isn’t just another mobile virus—it’s a clever blend of psychological manipulation and malware engineering. By pretending to be someone you know, this threat sidesteps the usual red flags and catches users completely off-guard.

This attack is proof that cybersecurity is no longer just about software vulnerabilities—it’s about defending perception and behavior.

Stay Ahead with Peris.ai Cybersecurity

At Peris.ai, we help businesses and users alike detect emerging threats like Crocodilus before they cause damage. Our mobile-focused protection strategies combine AI-driven threat detection, real-time alerting, and behavioral analysis to keep your digital life safe—even from the threats hiding behind familiar names.

Visit peris.ai to explore expert advice, tools, and updates on the latest mobile malware threats. Stay informed. Stay secure.

What started as an internet novelty has become a serious security risk. Deepfakes—realistic synthetic audio and video generated by AI—have infiltrated the corporate world. Once used for entertainment or misinformation, these technologies are now being weaponized to impersonate executives, manipulate employees, and steal millions.

A recent publication in the Journal of Cybersecurity and Privacy underscores how deepfake technology has evolved from viral content to strategic, targeted attacks within enterprises. From fabricated CEO calls to synthetic video messages, attackers are crafting believable personas to deceive, defraud, and disrupt.

As AI tools become more accessible, the question isn’t if you’ll face a deepfake—it’s when. And more importantly: will you be able to spot it?

How Deepfakes Are Exploited in Corporate Attacks

Modern cybercriminals aren’t breaking down firewalls—they’re walking through the front door with a cloned voice or a fake executive on screen.

• Executive Impersonation During Calls Attackers use AI-generated voice and video to pose as CEOs or department heads, convincingly instructing employees to authorize wire transfers, update vendor information, or share confidential credentials.
• Financial Fraud at Scale There are documented cases where a synthetic voice led to a $243,000 loss. In another case, a manipulated video triggered a $25 million wire transfer, demonstrating just how convincing and catastrophic these scams can be.
• Exploiting Human Trust, Not Just Systems Even well-trained employees can be deceived when instructions appear to come from a trusted leader. This form of attack bypasses traditional phishing red flags and highlights a new dimension of social engineering.
• Low Barrier to Entry for Attackers Deepfake creation tools are now widely accessible—many are free, open-source, and require minimal technical expertise. With just a few voice samples scraped from online meetings or public videos, attackers can convincingly mimic leadership figures.

Why Traditional Security Fails to Catch Deepfakes

Despite the growing threat, most organizations remain underprepared, relying on legacy security systems that are not designed to detect AI-generated deception.

Limited Deepfake-Specific Detection Conventional security tools such as antivirus software and anti-phishing filters focus on malicious code—not on audio patterns, facial distortions, or synthetic anomalies in media.

Employee Training Gaps Most cybersecurity awareness programs focus on traditional phishing and malware. Few prepare staff—especially those in finance, HR, and legal—for deepfake scenarios that imitate authority figures in real time.

False Positives & Integration Issues Early deepfake detection tools can generate false alarms or may not integrate seamlessly with enterprise platforms like Zoom, Teams, or Slack—making widespread adoption difficult.

Lack of a Standardized Defense Framework To address this gap, researchers have proposed the PREDICT lifecycle—a structured model for organizational readiness against synthetic fraud:

• Policies
• Readiness
• Education
• Detection
• Incident Response
• Continuous Improvement
• Testing

This lifecycle provides a comprehensive, strategic approach to deepfake resilience, going beyond technical controls to include governance, training, and validation.

Best Practices to Defend Against Deepfake Fraud

Mitigating deepfake threats requires a multi-layered strategy, combining AI-driven tools with policy reform and cultural change.

Recommended Actions:

• Deploy AI-Based Detection Systems Use specialized solutions that analyze facial micro-expressions, voice frequency mismatches, lip-sync discrepancies, and metadata inconsistencies in real time.
• Integrate Deepfake Awareness into Security Training Expand cybersecurity education to include deepfake-specific red flags. Conduct scenario-based roleplays with finance, HR, and executive assistants—those most likely to be targeted.
• Revise and Expand Incident Response Plans Ensure your IR playbooks include procedures for verifying suspicious executive communications and handling deepfake incidents—complete with escalation protocols and verification layers.
• Adopt a Zero Trust Framework Shift to a security model that assumes no identity or request is inherently trustworthy. Enforce strict identity validation and multi-factor authentication across all communication channels.
• Join Threat Intelligence and Sharing Networks Collaborate with cybersecurity vendors, peer organizations, and law enforcement to stay ahead of evolving deepfake tactics and receive early warnings about new attack vectors.
• Stay Aligned with AI and Data Privacy Regulations Review internal policies on the use of synthetic media and biometric data. Compliance with emerging standards—such as content authentication and traceability—will be essential for trust and legal defense.

Final Thoughts: Don’t Wait for a Deepfake to Reach Your Inbox

The rise of AI-powered impersonation has redefined cybersecurity’s weakest link: trust. Deepfakes don’t exploit software vulnerabilities—they exploit human relationships and organizational structure. If your people aren’t prepared, no firewall will protect you.

The cost of inaction is high—financially, operationally, and reputationally.

Now is the time to:

• Audit and secure communication channels
• Expand your awareness programs to include synthetic fraud
• Deploy detection capabilities beyond legacy systems
• Strengthen executive authentication and verification processes

Want to Stay Ahead of the AI Threat Curve?

Peris.ai Cybersecurity helps organizations build resilience against the evolving threat landscape—from synthetic fraud and deepfakes to phishing and ransomware. Whether you need detection tools, simulation training, or strategic response frameworks, Peris.ai supports every layer of your cybersecurity maturity.

Visit peris.ai to explore deepfake detection strategies, incident response models, and tailored solutions for modern threats.

Peris.ai Takes the Spotlight at the World AI Cannes Festival 2025

Cannes, France – February 15, 2025 – Peris.ai Cybersecurity has been awarded the prestigious Banking & Finance Award at the World AI Cannes Festival (WAICF) 2025, recognizing its groundbreaking AI-driven cybersecurity solutions for financial institutions. This honor solidifies Peris.ai’s position as a leader in the cybersecurity industry, leveraging hyperautomated AI security to combat modern cyber threats.

The Cannes Neurons Awards, a highlight of WAICF, celebrate excellence in AI-driven innovation across key global industries. Peris.ai was recognized for its proactive threat detection and real-time response capabilities, helping banks and financial institutions safeguard digital assets against evolving cyber threats.

“This award is a testament to our commitment to revolutionizing cybersecurity with AI-driven automation. We’re proud to provide financial institutions with advanced, scalable security solutions that proactively detect and neutralize cyber threats,” said a spokesperson from Peris.ai.

AI-Driven Cybersecurity: The Peris.ai Edge

Peris.ai Cybersecurity offers a comprehensive suite of AI-powered security solutions, including its flagship Brahma Fusion platform. This hyperautomated, modular cybersecurity solution provides real-time monitoring, automated response mechanisms, and AI-driven playbook creation, ensuring that financial institutions remain resilient against emerging cyber risks.

Key Features of Peris.ai’s AI-Driven Security Solutions:

• Brahma Fusion – A scalable, low-code security orchestration platform for automated threat detection and response.
• Enterprise-Grade Modules – Includes BimaRED (Attack Surface Management), BimaEDR (Endpoint Detection Response), BimaNDR (Network Detection Response), BimaXDR (Extended Detection Response), INDRA (Intelligent Data Threat Reconnaissance), and ORION (Malware Lab Simulation), for complete threat reconnaissance, detection, and remediation.
• AI-Enhanced Security Playbooks – Automates security operations, reducing human workloads by 35% and integrating with 100++ cybersecurity vendors.
• 24/7 Anomaly Detection – Provides real-time threat intelligence, ensuring proactive defense.

With banks and financial institutions facing rising cyber risks, Peris.ai’s award-winning AI-powered security framework is designed to detect and mitigate sophisticated cyberattacks, from fraud and phishing attempts to large-scale financial breaches.

Learn more: Peris.ai Cybersecurity | Brahma Fusion

WAICF 2025: A Global Hub for AI Excellence

Held in Cannes from February 13-15, 2025, the World AI Cannes Festival (WAICF) is a premier AI event, attracting over 12,000 attendees, 320 speakers, and 250 exhibitors. The festival serves as a global platform for tech leaders, startups, and industry experts to showcase innovations that shape the future of AI.

This year’s WAICF featured The Cannes Neurons Awards, celebrating breakthrough AI applications in banking, healthcare, manufacturing, retail, and sustainability. The Banking & Finance Award presented to Peris.ai was handed over by Francesca Rossi, AI Ethics Global Leader at IBM, highlighting the significance of cybersecurity in the financial sector.

Other Cannes Neurons 2025 Award Winners:

Manufacturing Award – KinetixPro (Google DeepMind)
Retail Award – Gotcha (Université de Montréal)
Healthcare Award – Nucs AI (Ellison Institute of Technology)
AI For Good Award – LivNSense GreenOps (International Telecommunication Union)
Battle of the Titans – Tomorrow.io (Allianz Accelerator)

The Cannes Neurons Gala Dinner, an invitation-only event, served as the grand finale where winners across these categories were officially announced.

Explore WAICF: World AI Cannes Festival | Cannes Neurons Awards

Peris.ai’s Expanding Role in AI Cybersecurity

Beyond the financial sector, Peris.ai Cybersecurity provides AI-powered security solutions for industries including technology, government, healthcare, manufacturing, insurance, and retail. With its agentic AI and automation-driven security model, Peris.ai is setting new standards in cyber defense and risk mitigation.

As cyber threats continue to evolve, Peris.ai remains committed to building the future of AI-driven cybersecurity, ensuring businesses, governments, and financial institutions stay ahead of cybercriminals.

“We’re just getting started. The future of cybersecurity is AI-powered, and Peris.ai is leading the way,” the company stated.

Stay updated on Peris.ai’s latest innovations: Peris.ai Cybersecurity

About WAICF

WAICF (World AI Cannes Festival) is a leading global event showcasing the latest in artificial intelligence, automation, and digital transformation. With over 10,000 attendees and 250 sessions, WAICF is where AI innovators, industry leaders, and emerging startups converge to explore AI’s impact on society and business.

About Peris.ai Cybersecurity

Peris.ai is a hyperautomated AI-driven cybersecurity platform delivering proactive threat detection, real-time response, and enterprise-grade security solutions. With Brahma Fusion and its cutting-edge security modules, Peris.ai is redefining how businesses defend against cyber threats.

Learn more: Peris.ai Cybersecurity | Brahma Fusion

Cyber threats are evolving rapidly, and Zero-Click Hacks have emerged as one of the most dangerous attack methods, particularly targeting WhatsApp users worldwide. Unlike traditional phishing scams, these attacks require no user interaction—meaning you don’t have to click a link, download a file, or install malware for hackers to gain access. This makes them extremely difficult to detect and prevent.

Recent reports confirm that nearly 90 WhatsApp users across multiple countries have already been targeted, raising serious concerns about privacy, device security, and the sophistication of cybercriminals.

What is a Zero-Click Hack?

Zero-Click Hacks exploit software vulnerabilities in messaging apps, operating systems, and multimedia processing frameworks.

How Do These Attacks Work?

• Hackers identify flaws in WhatsApp or other apps that allow them to execute malicious code remotely.
• A seemingly harmless message, call, or media file is sent to the target.
• The device processes the message without any user interaction, giving the hacker access to:Private messages and call logsMicrophone and cameraStored passwords and sensitive dataLocation and browsing history
• Since the victim never clicks on anything, traditional cybersecurity awareness—like avoiding suspicious links—does not prevent these attacks.

Why is This So Dangerous?

• These attacks are stealthy and nearly undetectable by conventional security tools.
• No visible signs—the user does not realize they have been hacked until after damage is done.
• Hackers can remain hidden inside a device for long periods, collecting sensitive information.

The WhatsApp Security Breach

WhatsApp recently revealed that hackers exploited vulnerabilities in the app to infiltrate users’ devices without their knowledge.

Key Facts About the Breach

• Attackers used spyware from an Israeli firm, Paragon Solutions, to target journalists, activists, and high-profile individuals.
• No user interaction was required—victims were compromised the moment they received a malicious WhatsApp message.
• WhatsApp has since taken legal action against spyware developers and pledged to strengthen its security measures.

Even though WhatsApp has addressed the issue, zero-click vulnerabilities continue to exist, making it crucial for users to take their own security precautions.

How to Stay Safe from Zero-Click Attacks

Zero-click attacks are difficult to detect, but you can minimize risk by taking proactive security measures.

Update Your Apps and Operating System

• Always install the latest security patches for WhatsApp, iOS, and Android to prevent hackers from exploiting known vulnerabilities.
• Enable automatic updates so that critical security fixes are installed as soon as they become available.

Monitor Device Behavior for Unusual Activity

• Watch for unexpected battery drain—a common sign of spyware running in the background.
• Be cautious if your apps crash frequently or if your phone slows down without explanation.
• Look for strange messages or calls from unknown numbers, as these could be attempts to trigger a vulnerability.

Restrict App Permissions

• Limit WhatsApp’s access to your microphone, camera, and storage unless necessary.
• Regularly review and adjust app permissions to minimize the risk of unauthorized access.

Use Additional Security Features

• Enable two-factor authentication (2FA) on WhatsApp for an added layer of security.
• Consider using encrypted messaging alternatives that offer stronger privacy protection.

Report Suspicious Activity

• If you suspect an attack, report it to WhatsApp support and your local cybersecurity authorities.
• Be cautious of unexpected messages, video calls, or media files from unknown contacts.

The Fight Against Cyber Threats

As cybercriminals refine their methods, staying informed and adopting stronger security practices is critical. Zero-click hacks are just one example of how hackers are evolving their tactics to bypass traditional defenses.

What’s Next in Cybersecurity?

• Tech companies must continually update and patch vulnerabilities.
• Users must take proactive steps to secure their accounts and devices.
• Cybersecurity experts must develop advanced detection and response systems to mitigate threats like zero-click exploits.

Final Thoughts: Strengthen Your Security with Peris.ai

Zero-click hacks prove that traditional cybersecurity awareness is no longer enough. Even the most cautious users can fall victim to attacks that require no interaction. Taking proactive steps today can save you from major security risks in the future.

At Peris.ai, we provide cutting-edge cybersecurity solutions to help individuals and businesses stay ahead of evolving threats.

Stay protected against the latest cyber threats—visit Peris.ai today.

#PerisAI #Cybersecurity #ZeroClickHacks #WhatsAppSecurity #YouBuild #WeGuard

In an innovative twist to cyberattacks, hackers have started exploiting emojis, symbols pervasive in digital communication, to conduct command and control (C2) operations. This method, which uses emojis to execute malicious commands, represents a significant evolution in how cybercriminals can manipulate seemingly innocuous characters to breach security protocols.

Understanding Emoji-Based Command and Control

Emojis have transcended their original purpose of enhancing digital conversations to become tools in the hands of cybercriminals. A recent investigation by Volexity uncovered that a hacking group repurposed Discord, a popular communication platform, to orchestrate cyberattacks using emojis. This technique was employed in multiple espionage campaigns, effectively masking malicious activities behind everyday symbols.

Case Study: Digomoji Malware Attack

The Digomoji malware incident serves as a prime example of this new cyber threat. Originating from Pakistan, this malware targeted the Indian government through phishing emails and malicious documents. Once installed, Digomoji set up a unique Discord channel for each victim to funnel sensitive information back to the attackers.

How It Works:

• Emoji Commands: Hackers utilize specific emojis to issue commands to the malware, simplifying the process of directing malicious activities remotely.
• Operational Emojis: ‍♂️ (Man Running): Executes commands on the infected device. (Camera with Flash): Captures and sends screenshots.⏰ (Clock): Signals a processed command.✅ (Check Mark Button): Confirms successful execution.
• Extended Commands: (Pointing Down): Downloads files.☝️ (Pointing Up): Uploads files to the infected device. (Pointing Right): Transfers files to external storage. (Pointing Left): Moves files to another sharing service. (Fire): Searches for files with specific extensions. (Fox): Compresses browser profiles. (Skull): Terminates the malware process.

Defending Against Emoji-Based Cyberattacks

Despite ongoing efforts to mitigate such threats, including Discord’s actions against malicious servers, Digomoji showcases resilience by continually updating its mechanisms to evade detection. Its capabilities extend to network scanning, data tunneling, and masquerading as legitimate software updates to exfiltrate passwords.

Proactive Measures to Enhance Security

• Regular Software Updates: Maintaining the latest software versions is crucial in protecting against vulnerabilities that could be exploited by such sophisticated attacks.
• Robust Antivirus Solutions: Employ comprehensive antivirus software across all devices, including specialized solutions for platforms with specific restrictions, like iOS.
• Email and Communication Vigilance: Exercise caution with incoming emails and messages, particularly those that press for urgent actions or contain unexpected links and attachments.

Conclusion

The advent of using emojis in cyberattacks is a testament to the adaptability and ingenuity of cybercriminals. It highlights the necessity for continuous vigilance and updated security measures in an ever-evolving digital threat landscape. By staying informed and proactive, organizations can safeguard against not just current but also future cybersecurity challenges.

Stay proactive, stay secure with Peris.ai.

For more insights and detailed cybersecurity guidance, please visit our website at peris.ai.

Your Peris.ai Cybersecurity Team #YouBuild #WeGuard

Recently, a shocking incident occurred that resulted in the disruption of immigration services and various other public services. The disruption stemmed from a cyberattack carried out by Brain Cipher Ransomware.

The Pusat Data Nasional (PDN) was the main target of this attack since June 20. The cyberattack has crippled essential services like immigration services, leading to another impact on 210 instantiations. Although some services have been restored, the impact is still felt.

The Badan Siber dan Sandi Negara (BSSN) and related institutions immediately responded to this incident. Emergency measures were taken by sending an assistance team to the data center in Surabaya. The PDNS was built as an alternative because the main Pusat Data Nasional (PDN) is not yet completed.

The responsible party for this attack demanded a ransom of USD 8 million (approximately Rp 131 billion) to restore access to the system.

For context, PDN is managed by Telkom Group through Telkom Sigma. Telkom Indonesia’s Network & IT Solution Director, Herlan Wijanarko, confirmed the ransom demand. However, the compensation process is still under evaluation.

Brain Cipher Ransomware: An Overview

In parallel with the recent events, the Brain Cipher Ransomware is an emerging threat actor currently focusing on organizational targets. The following analysis details the methods, indicators of compromise (IOCs), and tactics used by this ransomware group.

Method of Delivery: Phishing

Brain Cipher Ransomware is delivered primarily through phishing campaigns. These campaigns often use deceptive emails to trick recipients into downloading and executing malicious files.

Indicators of Compromise (IOCs)

• MD5: 448f1796fe8de02194b21c0715e0a5f6
• SHA1: 935c0b39837319fda571aa800b67d997b79c3198
• SHA256: eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12
• SSDEEP: 3072
  /5qUpfDT6zT73Ew8Ym9wV9JyknP7SAy
• IP Addresses: 199.232.214.172 (US), 224.0.0.252
• Web: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
• Email: brain.support@cyberfear.com
• VirusTotal: VirusTotal Link

MITRE ATT&CK 

Execution

• T1059.003: Windows Command Shell
• T1204.002: User Execution Malicious File

Privilege Escalation

• T1548.002: Bypass User Account Control

Defense Evasion

• T1548.002: Bypass User Account Control

Credential Access

• T1539: Steal Web Session Cookies
• T1555.003: Credentials from Web Browsers
• T1552.001: Credentials in Files

Discovery

• T1012: Query Registry
• T1082: System Information Discovery
• T1518: Software Discovery

Impact

• T1486: Data Encryption for Impact

Detailed Analysis

The Brain Cipher Ransomware employs sophisticated techniques to infiltrate, propagate, and encrypt data within targeted networks. Its primary delivery method is through phishing emails, which often contain malicious attachments or links leading to malware downloads.

Once inside a network, the ransomware utilizes various tactics to escalate privileges, evade defenses, and gain access to sensitive information. For instance, it uses Windows Command Shell for execution and bypasses user account control for privilege escalation.

The ransomware’s discovery tactics include querying the registry, discovering system information, and software discovery. These actions allow the ransomware to map out the infected environment and identify high-value targets for encryption.

Credential access is a significant aspect of Brain Cipher’s methodology. It steals web session cookies, credentials from web browsers, and credentials stored in files, providing the attackers with the necessary information to further infiltrate the network or exfiltrate data.

Finally, the ransomware’s impact tactic is data encryption, which renders the victim’s data inaccessible until a ransom is paid. This tactic is effective in causing significant disruption to organizational operations, as seen in the recent attack on Indonesia’s National Data Center.

Mitigation and Response

To mitigate the threat posed by Brain Cipher Ransomware and similar attacks, organizations should adopt a multi-layered security approach. This includes:

• Email Security: Implementing robust email security solutions to detect and block phishing attempts.
• User Training: Regularly training employees to recognize and report phishing emails.
• Endpoint Security: Deploying advanced endpoint protection to detect and prevent malware execution.
• Network Segmentation: Segregating critical systems and data to limit the spread of ransomware.
• Backup Solutions: Maintaining regular backups of critical data and ensuring that backups are stored securely and offline.
• Incident Response Planning: Developing and regularly updating incident response plans to ensure a swift and effective response to ransomware attacks.

Enhancing Your Cybersecurity with Peris.ai

As cyber threats continue to evolve, it becomes increasingly important for organizations to stay ahead of potential attacks. Peris.ai offers advanced cybersecurity solutions designed to anticipate and defend against such threats. One such measure is Peris.ai’s Phisland, a sophisticated phishing simulator designed to safeguard your digital frontier.

What is Ganesha – Phisland?

Phisland is a comprehensive phishing simulator that provides your organization with the tools to stay ahead of cyber threats. By simulating phishing attacks via email, websites, and WhatsApp, Phisland helps enhance your team’s security awareness and overall cybersecurity posture.

How does it work?

Realistic Simulations: Phisland offers a suite of realistic phishing simulations that mimic real-world attacks. By tracking user interactions with these simulations, Phisland enables organizations to identify vulnerabilities and opportunities for improvement in real-time.

Enhance Security Awareness: Phisland stands out with its ability to analyze and interpret user responses intelligently. Through advanced algorithms and customizable analytics, Phisland distills vast amounts of data into actionable intelligence, helping organizations create targeted and effective strategies to enhance their security awareness and resilience against cyber threats.

Embrace Phisland to proactively strengthen your cybersecurity measures and protect your organization from potential phishing attacks.

Conclusion

The recent ransomware attack on Indonesia’s National Data Center underscores the escalating threat of ransomware and the profound impact such incidents can have on public services. The emergence of threats like Brain Cipher Ransomware further emphasizes the necessity for robust cybersecurity measures to guard against evolving cyber threats.

Organizations must remain vigilant, continually updating their security practices and staying informed about the latest threat intelligence to effectively combat ransomware attacks.

For comprehensive solutions to enhance your cybersecurity posture and protect against these threats, visit Peris.ai Cybersecurity. Explore our wide range of products and services designed to keep your organization secure in an ever-changing digital landscape. Don’t wait—safeguard your digital assets with Peris.ai today!

***

Authored by Deden Gobel, CTO, and Feri Harjulianto, CISO, from Peris.ai Cybersecurity.

In the dynamic realm of digital security, Singapore stands out as a bastion of innovation and reliability. The 2024 rankings of top cybersecurity firms by GoodFirms spotlight the critical role these entities play in fortifying digital assets—from personal blogs to expansive eCommerce sites. As enterprises and governmental agencies alike strive for cutting-edge defenses, the importance of choosing a trusted cybersecurity partner has never been more apparent.

Peris.ai Cybersecurity is proud to be recognized by GoodFirms in their latest review of elite cybersecurity providers in Singapore. This acknowledgment is a testament to our commitment to delivering state-of-the-art security solutions tailored to our clients’ unique needs.

Featured at the Forefront: Peris.ai Cybersecurity

At Peris.ai Cybersecurity, we’re not just participants in the industry; we lead by innovation. Our Security-as-a-Service platform, BIMA, integrates advanced technologies like EDR (Endpoint Detection and Response), NDR (Network Detection and Response), XDR (Extended Detection and Response), and SIEM (Security Information and Event Management) to provide a comprehensive security posture that’s both proactive and reactive.

Our solutions are designed for scalability and flexibility, ensuring they meet the demands of both burgeoning startups and established enterprises. With Peris.ai, clients gain more than a service provider—they gain a partner dedicated to their security and success.

Why Choose Peris.ai?

• Advanced Integration: BIMA is built to seamlessly integrate into existing IT environments, enhancing both security and performance without disrupting ongoing operations.
• Proactive Defense: Our tools are designed to predict, prevent, and mitigate risks before they impact your business.
• Expertise and Experience: Our team comprises seasoned experts in cybersecurity, constantly evolving with the landscape to thwart even the most sophisticated threats.

Learn More About Our Peers

The GoodFirms article also highlights other distinguished firms, such as IT Block Pte. Ltd., known for its robust IT support, and Connectivity Global Pte. Ltd., which specializes in AI-driven email security solutions. Each firm brings unique strengths to the table, contributing to Singapore’s reputation as a cybersecurity hub.

For those interested in a comprehensive overview of the top cybersecurity providers in Singapore, we recommend reading the detailed reviews on the GoodFirms website.

Conclusion

Choosing the right cybersecurity partner is crucial in today’s digital age. At Peris.ai Cybersecurity, we are dedicated to providing unparalleled security solutions that safeguard your digital assets while empowering your business growth. Trust us to be your guide in navigating the complexities of cybersecurity.

Stay secure with Peris.ai, a leader in cybersecurity innovation.

Overview of Medusa’s Return

The Medusa banking trojan, known for its disruptive attacks on Android devices, has re-emerged after nearly a year of dormancy. Now rebranded as TangleBot, this Android malware-as-a-service (MaaS) is targeting users across multiple countries with sophisticated new features and operational tactics.

Detailed Examination of Medusa’s Evolution

Medusa Malware Resurgence:

• Origin: Initially discovered in 2020, Medusa has evolved into a more sophisticated threat.
• Capabilities: Includes keylogging, controlling screens, and manipulating SMS.
• Recent Activity: Identified in ongoing campaigns since May 2023, showcasing its persistent threat.

Targeted Regions:

• Countries Affected: France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey are currently in the crosshairs of these renewed attacks.

Enhancements in Medusa’s Arsenal:

• Reduced Permissions: The new variants are designed to require fewer permissions, making them less noticeable but equally potent.
• Advanced Features: Capabilities such as full-screen overlays, screenshot capturing, and unauthorized SMS sending enhance its intrusiveness.
• Operational Shifts: The use of centralized infrastructure to fetch command and control (C2) URLs from social media and the strategic reduction of its footprint on devices underscore a tactical evolution.

Campaign and Malware Details

Recent Campaign Insights:

• Timeline: Notable activity has been tracked back to July 2023, indicating a well-planned resurgence.
• Smishing Tactics: Predominantly spread through SMS phishing, enticing users to install malware-laden dropper apps.
• Botnets and Fake Apps: Attributed to five botnets (UNKN, AFETZEDE, ANAKONDA, PEMBE, and TONY), using deceptive apps mimicking legitimate services like Chrome browser and 5G connectivity.

Notable Malware Functions:

• Removed Commands: Streamlining by removing 17 older commands.
• New Commands:
  • 'destroyo': Targets and uninstalls specific applications.
  • 'permdrawover': Manipulates system permissions.
  • 'setoverlay': Deploys a black screen overlay to conceal malicious activities.
  • 'take_scr': Captures screenshots.
  • 'update_sec': Manages security settings.

Staying Protected: Tips and Strategies

Vigilance with Links and Downloads:

• Avoid unfamiliar links and unsolicited downloads to protect against malware infiltration.

Robust Security Practices:

• Two-Factor Authentication (2FA): Enhance account security to mitigate unauthorized access risks.
• Regular Updates: Keep your device and applications fortified with the latest security patches.

Proactive Security Measures:

• Antivirus Software: Employ reputable antivirus solutions tailored for Android devices.
• Permission Awareness: Scrutinize app permissions, especially those requesting Accessibility Services, to prevent undue access.

Conclusion: Medusa’s Persistent Threat

The revival of Medusa as TangleBot with enhanced malicious capabilities is a stark reminder of the evolving landscape of cyber threats. By understanding the specifics of these threats and adopting comprehensive cybersecurity measures, users can safeguard their digital lives against such sophisticated malware.

Stay Proactive in Your Cybersecurity Efforts

For ongoing updates and more detailed cybersecurity insights, ensure to visit our website at peris.ai.

Stay vigilant, stay secure.

Your Peris.ai Cybersecurity Team#YouBuild #WeGuard

Google’s latest innovation in search technology, the Search Generative Experience (SGE), has introduced AI-generated quick summaries and site recommendations to streamline user queries. However, recent observations by SEO consultant Lily Ray, backed by findings from BleepingComputer, have raised serious concerns. The SGE is inadvertently promoting websites involved in malware distribution and various online scams, including fake giveaways and tech support fraud.

The Unintended Consequences of AI-Enhanced Search Results

Earlier this month, Google began integrating SGE into its search mechanisms, aiming to enhance the user experience by providing concise AI-driven responses to queries. However, it soon became apparent that this feature might be suggesting sites that lead users into traps set by cybercriminals. The domains often share similarities such as the .online TLD, identical HTML templates, and a pattern of redirects, indicating their role in a coordinated SEO poisoning campaign designed to manipulate search engine results.

How Scammers Exploit SGE Recommendations

When users follow links recommended by SGE, they are often taken through a series of redirects, ending up on sites that deploy aggressive tactics such as fake captchas or misleading YouTube pages. These sites typically coax users into enabling browser notifications, which then serve as a conduit for delivering incessant spam directly to their desktops.

The Dangers of Browser Notification Spam

Once enabled, these notifications bombard users with misleading ads promoting tech support scams, counterfeit giveaways, and other dubious content. For instance, alerts claiming to be from McAfee may warn users of non-existent viruses, urging them to download software that is actually just a ploy to generate affiliate revenue for the fraudsters.

Complex Web of Deception and Financial Motives

Some of the scams further exploit user trust by promising high-value items like an Apple iPhone 15 Pro through fake Amazon loyalty programs. These schemes are particularly insidious as they harvest personal information for sale to other scammers or direct marketers, amplifying the victim’s risk exposure.

SGE’s Challenges and Google’s Response

Google has acknowledged the issue, noting that while they continuously enhance their spam-fighting capabilities, spammers are also evolving their strategies. This ongoing “cat and mouse” game makes it difficult to completely safeguard SGE from being manipulated. Despite this, Google has taken steps to remove known malicious entries and continues to refine its systems to better detect and exclude harmful content.

Protecting Yourself from Malicious Search Results

As users navigate this new AI-enhanced search landscape, vigilance is essential. Users should be wary of unsolicited browser notifications and suspicious links, even if they appear in Google’s search results. Here’s how you can manage unwanted notifications in Google Chrome:

1. Open Chrome and go to Settings > Content > Notifications.
2. Under “Allowed to send notifications,” review the list of sites.
3. Click the three dots next to any suspicious URLs and select ‘Remove’ to stop the notifications.

In light of these developments, Peris.ai Cybersecurity encourages users to exercise increased caution and to critically evaluate the credibility of websites and the legitimacy of online offers. As AI continues to reshape how we interact with digital content, staying informed about potential security threats and understanding how to mitigate them is crucial. By doing so, users can safeguard their digital experience against the evolving tactics of cybercriminals.