Cybersecurity

The Covert Wars

Leon SCOTT

7 min read
The Covert Wars

The following post is not indicative of my posture in relation to what is going on in the Levant. I am sharing it to show that hot wars are always accompanied by cyber wars as explained in the following.

I would have thought it obvious but apparently it is not. You don't even need a war (Ukraine) - the Taiwan Strait, and South China Sea is another example.

International cyber attack is affecting hundreds of websites worldwide and in Israel
New campaign exploits fake CAPTCHA mechanisms to infect computers with sophisticated malware, allowing for information theft, digital currency mining and ransomware activation; No Israeli government systems have been affected, but officials believe the number of compromised websites is far higher than the few hundred identified
ynetnewsRaphael Kahan

I would not touch WordPress with a barge pole. Although extremely popular for hosting complicated and major websites it has in IMHO gained a reputation of the same level as Fortinet as being seriously problematic in relation to cybersecurity.

Authorities urged website owners to keep WordPress plugins and versions up to date and to monitor cybersecurity advisories. Users, meanwhile, were warned to complete CAPTCHA checks only inside their browser and to avoid any suspicious requests to run commands or perform external actions.
Thousands of attacks a day: Inside Israel’s cyber war against Iran and Hezbollah
As the cannons fall silent, a parallel covert war rages—sophisticated, relentless and equally perilous; welcome to the battlefield of cyberwarfare
ynetnewsTal Shahaf
The numbers are jaw-dropping. Since the start of the war, Israel has faced thousands of attempted cyberattacks every day. Most of them are not critical, but they certainly show the extent of this covert war, which is being pursued alongside the overt one.

My firewall stops roughly 1000 unsolicated probes a day. This is considered normal although through baselining (getting and idea of what your network normally does during the course of a day - you can soon see deviations.

Some of that traffic is also self inflicted. I employ a service to probe my gateway looking for ports that should not be there. Cybersecurity - many layers of defense and monitoring.

However outbound blocks are considerably higher normally involved with privacy related content generated by mobile phone apps, operating system metadata and bloody ad systems.

🛡️ Cybersecurity

Cybersecurity is the comprehensive practice of safeguarding digital systems, networks, data, and services from unauthorized access, disruption, manipulation, or destruction. It encompasses a multi-layered framework of technologies, policies, procedures, and human behaviors designed to ensure:

  • Confidentiality: Ensuring sensitive data is only accessible to authorized entities.
  • Integrity: Protecting data and systems from unauthorized alteration or corruption.
  • Availability: Guaranteeing reliable access to systems and data when needed.

🔍 Key Facets of Cybersecurity

DomainDescription
Technical ControlsFirewalls, intrusion detection/prevention systems, encryption, endpoint protection, secure coding, and container hardening.
Operational SecurityAccess controls, patch management, incident response, backup strategies, and business continuity planning.
Governance & ComplianceAlignment with standards (e.g. ISO 27001, NIST, ACSC Essential Eight), legal obligations, audit trails, and risk registers.
Human FactorsSecurity awareness training, phishing resistance, insider threat mitigation, and behavioral protocols.
Threat IntelligenceMonitoring emerging threats, analyzing attack vectors, and adapting defenses proactively.
Security ArchitectureDesigning systems with layered defenses, segmentation, and zero-trust principles.
Privacy & EthicsProtecting personal data, ensuring ethical use of surveillance tools, and maintaining public trust.

As, you can see the field is vast, with staff involved within it often burning out after a few years in the role.

Here is another example that entered my feed.

SoupDealer Malware Bypasses Every Sandbox, AV’s and EDR/XDR in Real-World Incidents
SoupDealer Java loader evades all defenses, targeting Windows users in Türkiye via phishing, loading payloads in memory over Tor.
CybersecurityNewsTushar Subhra Dutta
In early August 2025, cybersecurity teams in Türkiye observed a new, highly evasive Java‐based loader that slipped past every public sandbox, antivirus solution, and even enterprise EDR/XDR platforms.
Once confirmed, it downloads Tor, schedules persistent tasks, and establishes a covert C2 channel over the Tor network.

Egress firewall would have slowed this along with the other defenses of education, not allowing parked, or new domains and a few more. This article basically tells me a great deal.

Full report is here

SCENE 1: SoupDealer - Technical Analysis of a Stealth Java Loader Used in Phishing Campaigns Targeting Türkiye
Technical Analysis of a Stealth Java Loader Used in Phishing Campaigns Targeting Türkiye

Any business, IMHO that is not running an IDS/IPS system on its gateways, (a networking device that acts as a critical entry and exit point between two distinct networks - internet & LAN), are not exercising wisdom.

The gateway should also have an intelligence feed to ensure it is aware of all the domains and suspect IPs at a given moment in time. Such feeds are normally free although integration into your gateway can be problematic, and normally results in a fee (probably why open-source solutions such as OPNsense, PiHole and other solutions are gaining traction)

Then there was this

The GitHub Prompt Injection Data Heist | Docker
Attackers can exploit GitHub issues to hijack AI assistants and exfiltrate private data. Discover how Docker’s OAuth safeguards against cross-repository data theft.
DockerAjeet Singh Raina
Every Horror Story shows how security problems actually hurt real businesses. These aren’t theoretical attacks that only work in labs. These are real incidents. Hackers broke into actual companies, stole important data, and turned helpful AI tools into weapons against the teams using them.

Then there was this little recap:


https://thehackernews.com/2025/08/weekly-recap-nfc-fraud-curly-comrades-n.html

It doesn't matter who you are, where you are. You just need to be found vulnerable.

This is why there are probably hundreds of start-ups in this sector looking for the solution, of which AI is seen as the solution. Blackhat 2025 USA went to great lengths to investigate and discuss this along with AI's involvement in coding.

I won't share links here, but I read a great many of them, and you just need to do a search. In summary - lots of problems.

The article “Tight Cybersecurity Budgets Accelerate the Shift to AI-Driven Defense” by Kevin Townsend on Security Week:

This article explores how shrinking cybersecurity budgets—driven by global economic pressures and shifting federal policies—are accelerating the adoption of AI-driven defense strategies. Drawing on recent reports from IANS and Swimlane, it highlights:

  • Budget Contraction: Cybersecurity budget growth has slowed dramatically, from 17% in 2022 to just 4% in 2025, due to geopolitical instability, inflation, and policy uncertainty.
  • Operational Strain: Reduced funding is causing staff shortages, delayed initiatives, and increased risk exposure, forcing teams to prioritize narrowly and automate aggressively.
  • AI Adoption: Organizations are leaning into agentic AI tools for routine tasks like alert triage and threat detection, despite concerns about expanding the attack surface and diminishing human expertise.
  • Global Ripple Effects: UK firms are reassessing relationships with US cybersecurity vendors, with many shifting toward EU-based suppliers amid geopolitical tensions.

Imagine you're a business owner let's say in Perth. You have managed through hard work to build up a collection of medical centers say north of the river.

These medical centers are spread across geographic locations, have a mix of backbone architectures and equipment, have subcontractors working within them (pathology etc..) a mix of staff with various awareness of cybersecurity risks and knowledge. Do you employ a dedicated IT team or do you outsource. Most businesses outsource. Then there is cybersecurity insurance which requires a list of conditions to be met to remain valid, normally requiring documentation and auditing, legislative requirements and so on. The endpoints all run software provided by another party and supported by them, leading to other questions and who is responsible for what, the operating systems themselves, access to USB ports, unauthorized software, patching regimes, data backup. The list goes on and on.

If you get it wrong and all your patients personal information ends up on the dark web - the proverbial will hit the fan, a class action will probably result and not only is your business more than likely back to pen and paper, the cost of investigating what went wrong, external experts, reporting to federal authorities, loss of reputation, loss of clientele, their fury, and legal costs. Fun huh.

Many years ago, I never really thought about how my personal information was stored in some service or organization that is involved in my life. Today, you bet I do.

Cybersecurity or a poor application of it can bring entire countries to their knees, along with corporations, family businesses that may be into their 3 or 4th generations, and last but not least - you. Wake up in the morning and your bank accounts are emptied; your superannuation has a zero balance. Someone is running around passing themselves off as you because your identity has been stolen.

When is the last time your mobile phone got a security update, what apps are you running, what version of Windows, MacOS are you using. Do you even know.

Interesting don't you think.

#enoughsaid