AXIS Cyber Risk Advisory INCYTE Newsletter
Newsworthy and Noteworthy
From ‘Contact Us’ to Compromise
ZipLine, a unique phishing campaign is exploiting “Contact Us” web forms to infiltrate U.S. enterprises. In targeting industrial manufacturing and supply chain critical firms, threat actors hijack human trust, engaging in multiple weeks of business-themed email exchanges to ultimately deliver malware threatening operational continuity, data integrity, and long-term unauthorized access to sensitive systems.
Learn more about this sophisticated campaign MixShell Malware Campaign Targets Industrial Sector with Stealthy In-Memory Attacks
For more information on how the attack unfolds ZipLine Phishing Campaign Targets U.S. Manufacturing - Check Point Research
Trusted Cloud Access Becomes Hacker’s Backdoor
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) is exploiting trusted relationships with cloud providers to access downstream customer networks and data, heightening exposure to espionage threats in industries like government, technology, and legal services that rely heavily on cloud infrastructure and SaaS providers.
Uncover key tactics and recommended defenses in the full article Bleeping Computer
Invisible Commands: Hijacking AI Summaries to Spread Ransomware
Cybercriminals are embedding hidden instructions in emails and web content to trick AI summarization tools into delivering steps to execute ransomware, increasing risk for enterprises utilizing AI-powered email clients, browser extensions, and productivity platforms.
Read more for key takeaways and proactive mitigation strategies Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware
AI vs. AI: When Hackers Move Faster Than Defenders
Originally designed to empower defenders, HexStrike AI’s autonomous agents were leveraged by cybercriminals just hours after being released to exploit newly released zero-day vulnerabilities in minutes instead of days. Companies should urgently patch and harden systems to mitigate exposure, as this speed gives attackers a strategic advantage, outpacing traditional defense methods.
For more details, read the full article Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation - Infosecurity Magazine
This material is provided for informational purposes only and is not an offer to sell, or a solicitation to buy, any particular insurance product or service for a particular insured. It is intended for licensed insurance professionals. Cyber incident examples may be based on actual cases, composites of actual cases or hypothetical claim scenarios and are provided for illustrative purposes only. Facts may have been changed to protect the confidentiality of the parties. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued, and applicable law.
The practices, services or service provider(s) discussed herein are suggested as risk mitigation or incident response resources only. Use of any practice, service or service provider does not guarantee the performance or quality of the services provided, including the avoidance of loss, the fulfilment of any obligations under any contract, or compliance with any law, rule, or regulation. AXIS is not responsible for the effectiveness of a cyber risk management program and encourages each policyholder, together with advice from their professional insurance advisor, to perform its own independent evaluation of any practice, service or service provider as part of its overall risk management strategy.
For information about our products and underwriting companies, please see https://www.axiscapital.com/product-information