Major Incidents and Breaches

  • Blue Shield of California Data Breach: The health data of 4.7 million members was exposed to Google’s analytics and ad platforms due to a misconfiguration, affecting sensitive personal and medical information. Additional healthcare sector breaches have been reported to regulators, indicating a concerning trend.
  • National Labor Relations Board (NLRB) Data Exfiltration: A whistleblower alleges that significant volumes of sensitive agency data were siphoned by individuals associated with the Department of Government Efficiency (DOGE).
  • Marks & Spencer Cyber Incident: Marks & Spencer is investigating a cyber incident that has impacted some customer operations.
  • FBI Cybercrime Losses: The FBI reported $16.6 billion in cybercrime-related losses in 2024, a 33% increase year-over-year, marking the highest annual losses recorded.

Newly Discovered Vulnerabilities

  • ASUS Server Vulnerability (CVE-2024-54085): ASUS released patches for a critical AMI bug that could allow attackers to hijack and potentially brick servers.
  • Kubernetes Permissions Risk: Research highlights that Kubernetes pods are often provisioned with excessive permissions, increasing risk of lateral movement and privilege escalation.

Notable Threat Actor Activity

  • Lazarus Group (North Korea): Operation SyncHole is a new campaign using watering hole attacks to exploit vulnerabilities in South Korean software, targeting specific user groups.
  • DPRK Crypto Theft: North Korean threat actors stole $137 million from TRON blockchain users in a single-day phishing attack, reflecting ongoing targeting of Web3 and cryptocurrency sectors.
  • North Korean Deepfakes in Recruitment: North Korean operatives are using deepfake technology to impersonate IT job candidates and infiltrate Western organisations.
  • Iran-Linked UNC2428: Deployed MURKYTOUR backdoor via fake job-themed social engineering campaigns targeting Israeli entities.
  • Russian State-Linked Activity:
    • Microsoft OAuth Abuse: Russian actors are exploiting Microsoft OAuth to target Ukraine allies and human rights organisations, aiming for unauthorised Microsoft 365 access via messaging apps like Signal and WhatsApp.
    • Android Malware Targeting Russian Military: New spyware-laden versions of the Alpine Quest mapping app are being distributed to Russian military personnel, likely for intelligence gathering.
  • Asian Organised Crime: ‘Industrial-scale’ scam centres in Asia are expanding globally, blending cybercrime with financial fraud and traditional organised crime tactics.
  • Japan Credential Theft: Attackers are using phishing sites mimicking securities firms to steal credentials and conduct unauthorised stock trades.

Trends, Tools, and Tactics

  • Ransomware Evolution:
    • Ransomware remains the dominant threat for SMBs, responsible for over 90% of incident response cases for medium businesses and 70% for small businesses in 2024.
    • Groups such as DragonForce and Anubis are innovating with new affiliate business models and ransomware-as-a-service offerings to scale operations and profits.
  • Phishing Tactics:
    • Phishing detection is increasingly ineffective, with attacks often evading traditional filters, proxies, and even MFA, making each incident akin to a zero-day.
    • Attackers are shifting towards identity-based phishing rather than exploiting software vulnerabilities.
    • Browser-based, real-time detection is emerging as a more effective countermeasure.
    • Employee awareness training, particularly phishing simulations, is widely recognised (90% approval in surveys) as improving security posture.
  • Privacy and Security Enhancements:
    • WhatsApp introduced Advanced Chat Privacy, preventing chat exports and auto-downloads to better protect sensitive conversations.
  • AI Security: Research proposes using hypervisors to isolate and regulate the behaviour of potentially malicious AI systems in critical sectors.

Regulatory and Policy Developments

  • FTC on AI Regulation: The US Federal Trade Commission signals a cautious approach, aiming to avoid excessive regulation that could hinder AI innovation.
  • CISA Energy Sector Collaboration: CISA, DHS S&T, INL, and LSU are working with the energy industry to bolster incident response and operational technology (OT) cybersecurity.
  • Cloudflare Internet Shutdown Trends: Government-imposed internet shutdowns dropped to zero in Q1 2025, indicating a shift in government tactics for information control.

Industry Developments

  • Microsoft Security Culture: Microsoft reports ongoing efforts to prioritise and embed security within its corporate culture, including linking security to employee performance reviews.