InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
​Ben Rothke’s review of Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr offers a sobering examination of the modern landscape of cyber conflict. The book delves into the evolving nature of cyber threats, highlighting how state-sponsored actors and criminal organizations exploit digital vulnerabilities to achieve their objectives. Carr’s analysis underscores the complexity and pervasiveness of cyber warfare in today’s interconnected world.​
Carr emphasizes that cyber warfare is not confined to isolated incidents but is a continuous and multifaceted threat. He illustrates how nations leverage cyber capabilities for espionage, sabotage, and influence operations. The book provides detailed accounts of various cyber attacks, shedding light on the tactics and motivations behind them. Carr’s insights reveal the strategic importance of cyber operations in modern geopolitical conflicts.​
One of the critical themes in Carr’s work is the attribution challenge in cyber attacks. Determining the origin of an attack is often fraught with uncertainty, complicating responses and accountability. Carr discusses the implications of this ambiguity, particularly in the context of international law and norms. The difficulty in attributing attacks hampers efforts to deter malicious actors and enforce consequences.​
Carr also explores the role of non-state actors in cyber warfare. He examines how terrorist groups, hacktivists, and criminal syndicates exploit cyberspace for their agendas. The book delves into the methods these groups use, from defacing websites to orchestrating complex cyber heists. Carr’s analysis highlights the democratization of cyber capabilities and the resulting proliferation of threats.​
The book doesn’t shy away from discussing the vulnerabilities within critical infrastructure. Carr outlines how essential services like power grids, water supplies, and transportation systems are susceptible to cyber attacks. He stresses the potential for catastrophic consequences if these systems are compromised, urging for robust security measures and contingency planning.​
Carr’s narrative also touches on the psychological and societal impacts of cyber warfare. He examines how disinformation campaigns and cyber propaganda can erode public trust and destabilize societies. The book provides examples of how such tactics have been employed to influence elections and sow discord, emphasizing the need for resilience against information warfare.​
In conclusion, Inside Cyber Warfare serves as a comprehensive guide to understanding the complexities of cyber conflict. Carr’s work is a call to action for policymakers, security professionals, and the public to recognize the gravity of cyber threats. The book advocates for international cooperation, robust cybersecurity frameworks, and public awareness to mitigate the risks posed by cyber warfare.​
“Cybercrime is now the third-largest economy in the world.”
The cybersecurity landscape in 2025 is evolving rapidly, driven by advancements in technology and increasingly sophisticated cyber threats. Organizations must prepare for a new era of cyber warfare, where AI-powered attacks, deepfake fraud, and supply chain vulnerabilities pose significant risks. Cybercriminals are leveraging automation to execute more efficient and harder-to-detect attacks, making traditional security measures insufficient. As businesses continue their digital transformation, the need for proactive and adaptive cybersecurity strategies has never been greater.
A key challenge in 2025 is the rise of AI-driven threats, where attackers use artificial intelligence to automate phishing campaigns, bypass security defenses, and create highly convincing deepfake scams. These AI-generated threats can manipulate financial transactions, impersonate executives, and spread misinformation at an unprecedented scale. Organizations must harness AI for defense, using machine learning for real-time threat detection, automated response mechanisms, and enhanced fraud prevention. The battle between offensive and defensive AI is at the heart of modern cybersecurity strategies.
Supply chain security is another critical concern. With businesses increasingly dependent on third-party vendors, cybercriminals are targeting these weaker links to infiltrate large organizations. A single compromise in a supplier’s system can have devastating ripple effects across an entire industry. To mitigate this risk, companies must implement zero-trust security models, conduct rigorous vendor risk assessments, and enforce strict access controls. Cyber resilience is no longer optional—it’s essential for survival.
Ultimately, the cybersecurity battlefield of 2025 demands a shift in mindset from reactive to proactive security. Organizations must embrace continuous monitoring, AI-driven security tools, and a culture of cyber awareness to stay ahead of evolving threats. Cybersecurity is no longer just an IT issue—it’s a business imperative that requires leadership engagement and strategic investment. Those who fail to adapt will find themselves vulnerable in an increasingly hostile digital landscape.
Cyberwar refers to the use of digital technology, including computer systems, networks, and electronic communication, as a means to conduct warfare in the virtual realm. In a cyberwar, conflicting parties leverage cyber capabilities to carry out attacks and defenses in an attempt to achieve strategic, political, or military objectives. These attacks can target a wide range of digital assets, including computer systems, networks, and information systems.
Cyberwarfare encompasses various tactics, techniques, and procedures, such as hacking, malware deployment, denial-of-service attacks, and information warfare. The goals of cyberwarfare can range from disrupting or destroying critical infrastructure to stealing sensitive information, conducting espionage, or influencing public opinion.
Key characteristics of cyberwar include its asymmetric nature, where a smaller, technologically sophisticated actor may pose a significant threat to a larger, conventionally powerful entity. Attribution, or determining the origin of cyber attacks, can be challenging, adding complexity to the dynamics of cyberwarfare.
Governments, military organizations, and other entities invest in cybersecurity measures to defend against cyber threats and protect their critical assets from potential attacks in the digital domain. The landscape of cyberwarfare is continually evolving as technology advances and new vulnerabilities emerge.
“The Cyber War Is Here” simplifies the complex world of cybersecurity, cyber risk, and the crucial relationship between corporate boards and Chief Information Security Officers (CISOs). Written by a distinguished cybersecurity expert and USAF Veteran, it emphasizes the strategic importance of cybersecurity in modern business. Marc highlights the evolving role of CISOs, emphasizing their shift from IT guardians to strategic advisors to the board. The book explores successful board-CISO interactions and the consequences of misalignment, offering a clear blueprint for effective partnership. “The Cyber War Is Here” dives into the national and economic security implications of cyber threats, stressing the critical link between cybersecurity and national defense. The book argues that strengthening digital defenses and fostering public-private sector collaboration is essential for national resilience. Designed for a broad audience, from individuals to boards of directors, CISOs, business executives, and policymakers, this book serves as a call to action for proactive cyber governance. It illuminates the interconnectedness of individual organizational security and national security, providing both a catalog of risks and strategies and a roadmap for action in the global cyber conflict arena. “The Cyber War Is Here” is a call to action for all.
A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare.
In addition, 82 percent believe geopolitics and cybersecurity are “intrinsically linked,” and two-thirds of polled organizations reported changing their security posture in response to the Russian invasion of Ukraine.
Of those asked, 64 percent believe they may have already been the target of a nation-state-directed cyberattack. Unfortunately, 63 percent of surveyed security leaders also believe that they’d never even know if a nation-state level actor pwned them.
The survey, organized by security shop Venafi, questioned 1,100 security leaders. Kevin Bocek, VP of security strategy and threat intelligence, said the results show cyberwarfare is here, and that it’s completely different to many would have imagined. “Any business can be damaged by nation-states,” he added.
According to Bocek, it’s been common knowledge for some time that government-backed advanced persistent threat (APT) crews are being used to further online geopolitical goals. Unlike conventional warfare, Bocek said, everyone is a target and there’s no military or government method for protecting everyone.
Nor is there going to be much financial redress available. Earlier this week Lloyd’s of London announced it would no longer recompense policy holders for certain nation-state attacks.
Late on Friday, Facebook agreed in principle to settle a US lawsuit seeking damages for letting third parties, including Cambridge Analytica, access the private data of users. The terms of the settlement have yet to be finalized.
Googlers uncover Charming email scraping tool
Researchers at Google’s Threat Analysis Group (TAG) have detailed email-stealing malware believed to be from Iranian APT Charming Kitten.
The tool, which TAG has dubbed Hyperscrape, is designed to siphon information from Gmail, Yahoo! and Outlook accounts. Hyperscrape runs locally on the infected Windows machine, and is able to iterate through the contents of a targeted inbox and individually download messages. To hide its tracks, it can, among other things, delete emails alerting users to possible intrusions.
Not to be confused with Rocket Kitten, another APT believed to be backed by Iran, Charming Kitten has been hijacking accounts, deploying malware, and using “novel techniques to conduct espionage aligned with the interests of the Iranian government” for years, TAG said.Â
In the case of Hyperscrape, it appears the tool is either rarely used, or still being worked on, as Google said it’s only seen fewer than two dozen instances of the software nasty, all located within Iran.
The malware is limited in terms of its ability to operate, too: it has to be installed locally on a victim’s machine and has dependencies that, if moved from its folder, will break its functionality. Additionally, Hyperscrape “requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired,” Google said.
While its use may be rare and its design somewhat restrictive, Hyperscrape is still dangerous malware that Google said it has written about to raise awareness. “We hope doing so will improve understanding of tactics and techniques that will enhance threat hunting capabilities and lead to stronger protections across the industry,” Google security engineer Ajax Bash wrote.
Security professionals can find the indicators of compromise data for Hyperscrape in Google’s report.
French agency may investigate Google – again
A French governmental agency that has twice fined Google over violations of data privacy regulations and the GDPR has been tipped off by the European Center for Digital Rights (NOYB) about another potential bad practice: dressing up adverts to look like normal email messages.
According to NOYB, Google makes ads appear in Gmail user’s inboxes that appear to be regular emails, which would be a direct violation of the EU’s ePrivacy directive, as folks may not have technically signed up or consented to see this stuff.
“When commercial emails are sent directly to users, they constitute direct marketing emails and are regulated under the ePrivacy directive,” NOYB said.
Because Google “successfully filters most external spam messages in a separate spam folder,” NOYB claims, when unsolicited messages end up in a user’s inbox it gives the impression it was something they actually signed up for, when that’s not the case.
“EU law already makes it quite clear: the use of email, for the purpose of direct marketing, requires user consent,” NOYB said, referencing an EU Court of Justice press release [PDF] from 2021 that outlines rules surrounding inbox advertising.
“It is quite simple. Spam is a commercial email sent without consent. And it is illegal. Spam does not become legal just because it is generated by the email provider,” said NOYB lawyer Romain Robert.
France’s Data Protection Authority (CNIL) has ruled in opposition to Google’s past behavior before. In February, Google was found to be breaching GDPR regulations by transmitting data to the US. Google has also been fined by the French Competition Authority for not paying French publishers when using their content.
NOYB said in its complaint [PDF] to CNIL that, because it accuses Google of violating the ePrivacy directive and not GDPR, the watchdog has no need to cooperate with, or wait for, the actions of other national data privacy authorities to decide to fine or otherwise penalize the American web giant.
Nobelium is back with a new post-compromise tool
Microsoft security researchers have described custom software being used by Nobelium, aka Cozy Bear aka the perpetrators of the SolarWinds attack, to maintain access to compromised Windows networks.
Dubbed MagicWeb by Redmond, this malicious Windows DLL, once installed by a high-privileged intruder on an Active Directory Federated Services (ADFS) server, can be used to ensure any user attempting to log in is accepted and authenticated. That’ll help attackers get back into a network if they somehow lose their initial access.
Microsoft noted that MagicWeb is similar to the FoggyWeb malware deployed in 2021, and added that “MagicWeb goes beyond the collection capabilities of FoggyWeb by facilitating covert access directly.”Â
This isn’t a theoretical malware sample, either: Microsoft said it found a real-world example of MagicWeb in action during an incident response investigation. According to Microsoft, the attacker had admin access to the ADFS system, and replaced a legitimate DLL with the MagicWeb DLL, “causing malware to be loaded by ADFS instead of the legitimate binary.”
MagicWeb is a post-compromise malware that requires the attacker to already have privileged access to their target’s Windows systems. Microsoft recommends treating ADFS servers as top tier assets and protecting them just like one would a domain controller.
Additionally, Microsoft recommends domain administrators enable Inventory Certificate Issuance policies in PKI environments, use verbose event logging, and look out for Event ID 501, which indicates a MagicWeb infection.
Redmond said organizations can also avoid a MagicWeb infection by keeping an eye out for executable files located in the Global Assembly Cache (GAC) or ADFS directories that haven’t been signed by Microsoft, and adding AD FS and GAC directories to auditing scans.
Anti-cheat software hijacked for killing AV
It turns out role-playing game Genshin Impact’s anti-cheat software can be, and is being, used by miscreants to kill antivirus on victims’ Windows computers before mass-deploying ransomware across a network.
TrendMicro said it spotted mhyprot2.sys, the kernel-mode anti-cheat driver used by Genshin, being used kinda like a rootkit by intruders to turn off end-point protection on machines. The software is designed to kill off unwanted processes, such as cheat programs.
You don’t have to have the game installed on your PC to be at risk, as ransomware slingers can drop a copy of the driver on victims’ computers and use it from there.
It has the privileges, code signing, and features needed by extortionists to make their roll out of ransomware a cinch, we’re told. TrendMicro recommends keeping a look out for unexpected installations of the mhyprot2 driver, which should show up in the Windows Event Log, among other steps detailed in the link above. ®
