Major Incidents or Breaches

  • Hawaiian Airlines has confirmed a cyber incident linked to the cybercrime group Scattered Spider, which has expanded operations to target airlines following high-profile breaches at WestJet and insurers.

  • Over 27% of UK businesses experienced cyber incidents in the past year, a significant increase from 16%. Vulnerable smart buildings and IoT systems pose significant risk factors, with 73% of leaders anticipating further disruptions.

  • Nearly 16 billion login credentials have been leaked online, highlighting ongoing issues with password hygiene and the reuse of credentials.

Notable Threat Actor Activity

  • Using sophisticated social engineering, Scattered Spider continues to target the airline sector, bypassing MFA protections to gain initial access.

  • Hacktivist groups, including Mr. Hamza, Mysterious Team Bangladesh, and Keynous+, led an 800% surge in DDoS attacks targeting U.S. financial, manufacturing, and government sectors, amid rising tensions in the Middle East.

  • Iranian-linked actors have increased phishing, DDoS, and website defacements against U.S. banks, defence contractors, and critical infrastructure in response to geopolitical events.

  • Salt Typhoon exploited vulnerabilities in Cisco IOS XE devices to compromise at least one major Canadian telecom provider, indicating broader espionage efforts.

  • North Korea’s TA444 (Bluenoroff/Lazarus) group remains active with spear-phishing and deploying cryptocurrency-stealing malware against financial institutions and crypto-related businesses.

Trends, Tools, or Tactics of Interest

  • Attackers are increasingly using generative AI to craft convincing phishing messages and enhance the effectiveness of social engineering.

  • Ransomware groups like LockBit and BianLian continue leveraging commoditised malware and RDP access to target critical infrastructure and businesses.

  • State-backed actors from Iran and China intensify espionage through supply-chain compromises and stealthy reconnaissance operations.

  • Security researchers highlight risks posed by autonomous AI-driven cyber weapons capable of targeted, large-scale infrastructure attacks.

Regulatory or Policy Developments

  • The Royal Institution of Chartered Surveyors issued warnings about outdated operational technology (e.g., Windows 7 systems, IoT devices) in smart buildings, calling for urgent cybersecurity upgrades.

  • DHS and CISA urged U.S. organisations across sectors to prepare for increased cyber aggression linked to Iran-related geopolitical tensions.

  • Major cybersecurity vendors, including Microsoft, CrowdStrike, Google, and Palo Alto Networks, are moving toward standardised naming conventions to improve clarity and information sharing.