A yearslong influence operation by Iran has been stoking the flames of social, cultural, and political unrest in Israel.The scheme has had three distinct phases. The first, which began three years ago, pitted Israel’s ultra-Orthodox and LGBTQ+ communities against one another. The next focused on embittered political discourse between the left and right. The third campaign, still ongoing, is focused on Israel’s war with Hamas.In its new report, Recorded Future’s Insikt Group determined — based on behavioral and contextual evidence and overlaps with prior reporting from Microsoft, Israel’s Shin Bet internal security service, and the newspaper Haaretz — that the operation is perpetrated by a likely Iranian state-backed advanced persistent threat (APT) it calls “Emerald Divide” (aka Storm-1364).Three Years of Iranian Influence Ops in IsraelLike Russia and China, Iran seeks to capitalize on existing divides to foment unrest in its enemy nation.Emerald Divide’s efforts began in 2021, using generative AI and social media to impersonate rabbis. For example, the group created a YouTube channel on behalf of the well-known Rabbi Shlomo Amar, mixing real videos of the man with faked speeches about homosexuality and women over still imagery. Emerald Divide then used accounts purporting to align with the LGBT+ movement to post fake criticisms of the fake rabbi comments it itself generated. This counterfeit echo chamber purportedly inspired one individual to display an Emerald Divide poster in Tel Aviv’s busy Rabin Square.Emerald Divide sensed an opportunity in 2023 when Israelis took to the streets by the hundreds of thousands to protest backslides for the judicial system. It shifted to focus on the political left versus right, with a campaign similar to the first —social media accounts to support both sides — save for a few additions. Notably, this operation harvested protestors’ personally identifying information (PII) by directing them to fill out a Google form. “Protests are expanding and continue to grow and we need new partners! Want to cooperate for a better future of the country? Please fill out the form,” the form read.Emerald Divide’s most recent, ongoing campaign, like so many other influence operations since Oct. 7, focuses on Israel’s war with Hamas. It has repurposed some of the same Telegram accounts used for the first two operations, this time to sow distrust in and anger towards the government.Iran vs. Russia: Quality vs. QuantityUnlike Russia’s armies of uncountable social media bots, Emerald Divide currently maintains what’s called a coordinated inauthentic behavior (CIB) network of just more than 250 online accounts, including seven primary Telegram accounts. This isn’t because of some major takedown: In its history, it has used only 16 such primary accounts.”When it comes to overall size and scale of the operation, we wouldn’t consider it small by any means,” says Sean Minor, team lead for influence operations research in Insikt Group. “But it’s certainly not a massive campaign like we’ve seen from other nation-states.”In some ways, this more focused approach has proved fruitful. One of Emerald Divide’s ongoing accounts, “Tears of War,” enjoys an audience of around 2,000 subscribers. And, Minor says, the fact that a follower posted one of its posters in a public square signals that this group is achieving more than most. “It’s a little bit different from other campaigns we’ve seen, which are a bit more ephemeral — we can’t really tie them to physical action by the target audience. This one seems a little different,” he says.Whether by quantity or quality, these influence operations may only grow stronger as governments and organizations struggle with real, practical steps to stop them.”It starts with awareness and then from awareness. Governments can engage private companies to discuss what they’re seeing and increase their collaboration,” Minor says. “Hopefully, this broadens the aperture and provides more organizations the ability to track whether or not this network will change over time, which we assess that it will, as it has in the past.”

PRESS RELEASEMountain View, Calif. – May 8th, 2024 – Cyolo, the secure remote access company for operational technology (OT) and industrial control systems (ICS), today announced a strategic partnership with Dragos, a global leader in cybersecurity for ICS/OT. Under the umbrella of Cyolo’s CyoloVerse  partner program,  Cyolo’s PRO Secure Remote Access Platform will work with Dragos’s industry-leading OT cybersecurity platform. This collaboration will provide organizations with a robust and interoperable solution to protect their critical infrastructure against cyber threats.New technology implementations in ICS/OT environments pose unique risks for critical infrastructure. Today’s risks include lack of support for modern authentication or connectivity methods in traditional environments, connecting existing infrastructure with highly vulnerable end-of-life operating systems, or risk of breaches from third-party remote access.This interoperability is designed to provide OT customers visibility and management of their asset inventory and enhance asset vulnerability detection and remediation capabilities through a seamless secure controlled access platform.  “Cyolo ICS/OT security and safety expertise are changing the way organizations understand secure remote access,” said Matt Cowell, VP of Business Development at Dragos. “With our companies’ complementary capabilities and unique strengths, we can manage security through the different layers of the operational environment and protect a wider array of organizations across critical infrastructure. Ultimately reducing risk as they expand connectivity.” Bringing the Cyolo PRO platform alongside the Dragos OT-native network visibility and monitoring offerings gives an unparalleled advantage. The Dragos Platform enables organizations to scale protection, the threat intelligence to keep on top of current threats, and the tools to respond quickly to incidents. With Cyolo’s robust role-based access, application, and policy control, in the future the Dragos Platform will be able to manage Cyolo’s Identity-based parameters (users, applications, resources, policy) in accordance with SOC / IR policies and guidelines.Together Cyolo and Dragos deliver a comprehensive ICS/OT security framework based on the five critical controls of effective ICS/OT security:ICS incident response—which integrates operational insights into incident handling, enhancing system integrity and recovery (Dragos)Defensible architecture—ensuring robust visibility, segmentation, and enforcement mechanisms to bridge technological and human aspects of security (Dragos and Cyolo PRO)ICS network visibility monitoring—employing continuous monitoring and protocol-aware tools to detect and address potential vulnerabilities (Dragos)Remote Access Security—ensuring safe and secure stringent access control in the face of evolving hybrid work environments (Cyolo PRO).Risk-based vulnerability management—prioritizing and addressing vulnerabilities based on their potential to pose significant operational risks, thereby ensuring proactive prevention, response, and recovery actions (Dragos and Cyolo PRO).The solution plans to integrate Cyolo PRO and the Dragos Platform through an API architecture or operator console. It will deliver unsurpassed visibility and control of critical digital assets through secure identity-based access. Together, both companies will deliver simpler, stronger, and more efficient security controls that lay the foundation for Zero Trust (NIST 800-207).“With this industry leading partnership, Cyolo joins Dragos to address security and operational challenges impacting OT environments,” said Joe O’Donnell, EVP Corporate Development and OT GM at Cyolo. “The interoperability of the Dragos Platform and Cyolo PRO provides OT practitioners and industrial organizations with the full spectrum of cybersecurity services across the 5 ICS/OT Critical Controls. The timing could not be better as the world aggressively embraces Industry 4.0.” Dino Busalachi, CTO and Co-Founder at Velta Technology – a joint partner – also highlighted that “In light of the surge in cyber threats, the growing adoption of Industry 4.0, and the inherent risks within OT environments, Velta Technology understands the critical need to partner with Cyolo and Dragos. Their joint solutions will provide our customers in the industrial sector with a tailored approach that strengthens their access security and elevates their overall security posture.”Dragos and Cyolo respond to the need for secure industrial networks without disrupting operations, compromising safety or risking non-compliance.The Dragos Platform offers the most effective industrial cybersecurity technology, giving customers visibility into their ICS/OT assets, vulnerabilities, threats, and response actions. The strength behind the Dragos Platform comes from Dragos’s ability to codify industry-leading OT threat intelligence, and insights from the Dragos services team into the software. About Cyolo Cyolo helps OT and ICS organizations stay secure and productive in an era of distributed workforces and unprecedented cyber threats. Cyolo’s platform enables all users, including employees, third parties, and remote or on-site workers, to connect to their working environments seamlessly and securely via modern identity-based authentication. With one unified solution that integrates with your existing tech stack, Cyolo makes securely connecting people to their work simple. To learn more, visit https://cyolo.io

PRESS RELEASELONDON and SALT LAKE CITY, May 8, 2024 /PRNewswire/ — Netcraft, the global leader in digital risk protection and threat intelligence, announced its new Conversational Scam Intelligence platform at RSAC in San Francisco, which builds on Netcraft’s intentional approach to using AI to stay ahead of criminals and protect client brands and customers.The FBI reports that US losses to investment and “pig-butchering” scams were $4.6 Billion in 2023, a 38% increase over 2022. Through carefully constructed generative AI, the Conversational Scam Intelligence platform enables Netcraft and its customers to disrupt these nefarious scam attempts at scale, uncovering the underlying financial account networks and deploying countermeasures against criminal infrastructure.By engaging criminals identified through its proprietary threat intelligence in private message threads, Netcraft’s AI exposes the scam in its entirety, extracting critical insight that can be used to disrupt and prevent future attacks. This innovative approach helps protect against tactics like pig-butchering, where scammers leverage direct messages, a previously undetectable threat source, to lure victims into sending money to fraudulent schemes.Early results show a significant impact, accurately identifying the hidden financial infrastructure used in pig-butchering scam attempts, including thousands of criminal-controlled bank accounts, mule accounts, crypto wallet addresses, etc. Leveraging this evidence, Netcraft’s customers can flag or block payments to and from compromised accounts before any transaction has occurred, mitigating risk exposure for banking providers around the globe.”Conversational scams through email, SMS, and other channels have become an acute pain point for financial institutions and individuals worldwide,” said Ryan Woodley, Netcraft CEO. “Our innovative approach leverages the thoughtful use of AI, extensive cloaking techniques, and proactive countermeasures, providing a potent blend of data extraction and criminal disruption.”The regulatory landscape is shifting: US senators are pushing for greater accountability for financial institutions, and the UK now requires institutions to bear a 50:50 financial risk for fraudulent push payments. In response, banking leaders must deploy new strategies to react to current threats and intercept criminal behavior. Critical interventions like the use of AI to increase visibility and deploy proactive countermeasures provide a valuable new tool for anti-fraud, payment risk, and security teams worldwide.AI, machine learning, and 70,000+ human-written rules are at the core of Netcraft’s detection, disruption, and takedown services. Leveraging advances in generative AI to anticipate – and prevent – criminal behavior was a natural next step.”At Netcraft, we’ve been leveraging AI for many years to effectively automate the end-to-end process of taking down criminal infrastructure. With continued innovations in generative AI we were keen to identify mechanisms to leverage this innovative technology,” stated Robert Duncan, Netcraft VP of Product Strategy. “We’re excited about how Conversational Scam Intelligence will lead to positive outcomes for our banking partners and ultimately counteract criminal behavior.”ResourcesAbout Netcraft Netcraft is the global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks. Its mission is to detect and disrupt cybercrime at scale through constant innovation, extensive automation, AI and machine learning, and the world’s most extensive threat detection data set, delivering a safer online experience for everyone. Headquartered in the UK, Netcraft is the trusted cybersecurity partner for four of the world’s largest companies, eleven of the largest banks, and governments of eight of the largest economies in the world. Netcraft’s comprehensive threat feeds, early fraud detection capabilities, and swift automated takedowns are unparalleled in the industry, scaling to perform takedowns for nearly one-third of the world’s phishing sites, having blocked more than 215 million malicious sites. For more information, visit www.netcraft.com.