CTRL + ALT + SEC

Tag: ransomware

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison

This case highlights a serious insider threat incident with significant potential consequences. Michael Scheuer, a former Disney World employee, conducted a series of cyberattacks against his former employer, demonstrating a disturbing level of knowledge about the company’s systems. His actions went beyond mere vandalism, as he manipulated allergen information on restaurant menus, creating a dangerous situation that could have resulted in severe harm or even death for customers with allergies. This element of the attack underscores the malicious intent and the potential for real-world harm that can arise from disgruntled employees with system access.

The incident also reveals the complexity and scope of modern cyberattacks. Scheuer’s actions included manipulating menu information, altering wine region details to reference mass shooting locations, and launching denial-of-service attacks. This multi-faceted approach demonstrates the potential for a single individual to disrupt operations, spread misinformation, and target individuals within an organization. The FBI’s involvement and the subsequent prosecution emphasize the severity of these crimes and the importance of robust cybersecurity measures to protect against both external and internal threats.

Ultimately, this case serves as a stark reminder of the importance of robust cybersecurity practices, including access control, monitoring, and incident response. The fact that Scheuer had the knowledge and access to carry out these attacks highlights the need for organizations to carefully manage employee access to sensitive systems, especially during and after termination. The potential for significant financial damage (as indicated by the restitution order) and the severe criminal penalties underscore the legal and financial ramifications of such cybercrimes.

Projects
- TryHackMe – Networking Secure Protocols – Complete
- TryHackMe – Tcpdump: The Basics – In Progress
Whitepapers
- 2025 Verizon DBIR – Read my breakdown here.
- The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Videos

Articles
- China Names and Shames US Hackers, Calls Out 3 Alleged NSA Agents – Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
- Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos – “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.
- DeepSeek Breach Opens Floodgates to Dark Web – The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
- Blue Shield of California leaked health data of 4.7 million members to Google – Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google’s analytics and advertisement platforms.
- FBI: US lost record $16.6 billion to cybercrime in 2024 – The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.
- Cyberattack Knocks Texas City’s Systems Offline – The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
- SK Telecom reveals cyberattack, customer USIM data stolen could be used in attacks – Scope and scale of SK Telecom attack still being investigated
- Verizon discovers spike in ransomware and exploited vulnerabilities – Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.
- Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison – When a former Disney World employee was accused of changing the menus at Disney World restaurants, it made headlines. And in January, when he admitted to changing the menus — including information about allergy information that could have created serious health risks for diners — that also made headlines. Now Michael Scheuer, who faced 10 years in prison for fraud and an additional subsequent two years in prison for aggravated identity theft, has been sentenced.
Podcasts
April 28, 2025
The 2025 Data Breach Investigations Report Has Arrived!
It’s here! The Verizon’s 18th annual Data Breach Investigations Report (DBIR)! Whether you’re a seasoned cybersecurity professional or new to the field, this report offers a comprehensive look at the cybercrime landscape and provides insights to help protect your organization.

Listen to an AI created overview:

A Legacy of Insight: The DBIR and VERIS

For nearly two decades, the DBIR has served as a vital resource for understanding the trends and patterns in data breaches and security incidents. What sets this report apart is its breadth of data collection, drawing on anonymized cybersecurity incident data from almost a hundred data contributors globally, including incident response firms, forensics companies, law enforcement, and cyber insurance providers. This collaborative effort aims to get closer to the “Truth” of what is happening in the threat landscape.

A critical foundation for the DBIR’s statistical analysis is the Vocabulary for Event Recording and Incident Sharing (VERIS) framework. This year marks the 15th anniversary of the VERIS framework, which was introduced in 2010 and has become essential for collecting and analyzing incident data from disparate sources. Organizations across industries and the Public Sector leverage versions of VERIS for security incident recording and risk management. The report sections are often structured around the four main components of the VERIS framework: Actors, Actions, Assets, and Attributes.

Navigating the Latest Findings

The 2025 DBIR analyzed more than 12,000 breaches and 22,052 security incidents. The analysis in this edition primarily focuses on incidents that took place between November 1, 2023, and October 31, 2024. The report is organized into sections covering overall results and analysis, incident classification patterns, specific industries, focused analysis on small- and medium-sized businesses (SMBs) and the Public Sector, and regional analysis.

Key Takeaways from the 2025 DBIR

This year’s report highlights several overarching themes and persistent challenges in the threat landscape. Here are some of the top takeaways:
- Third-Party Involvement is Soaring: A significant theme woven throughout this year’s report, and even featured on the cover, is the increasing role of third parties in breaches. The report found some form of third-party involvement in 30% of all analyzed breaches, a notable increase from roughly 15% last year. System Intrusion is the most prevalent pattern seen in breaches involving a third party. Managing credentials in environments you don’t control and considering vendor security limitations are crucial. Organizations are advised to make positive security outcomes from vendors an important part of procurement and have plans for repeat offenders.
- Top Incident Classification Patterns: For 2025 data, the most prevalent Incident Classification Patterns in breaches were System Intrusion (53%), followed by Miscellaneous Errors (12%), Social Engineering (17%), Basic Web Application Attacks (12%), and Privilege Misuse (6%).
- Ransomware Remains a Scourge: Ransomware continues to be a major problem, growing yet again as a percentage of breaches. It accounts for 75% of breaches within the System Intrusion pattern. Ransomware affects organizations across all industries and does not discriminate based on industry vertical. The most prevalent discovery method for ransomware breaches is Actor disclosure, where the threat actor notifies the victim (and often others) by dropping a ransom note.
- The Enduring Problem of Stolen Credentials: Credential abuse is consistently identified as a top initial access vector. The Basic Web Application Attacks pattern heavily involves the Use of stolen credentials (88%), sometimes alongside brute force attacks. The report delves into the ecosystem of stolen credentials available via infostealers and online marketplaces. An estimated 30% of compromised systems found in these marketplaces are believed to be Enterprise-licensed devices. Data suggests that leveraging stolen credentials from infostealers is a key tactic used by some ransomware operators; for instance, 54% of ransomware victims examined had their domains in infostealer logs or marketplace postings, with 40% of those logs containing corporate email addresses.
- Edge Device Vulnerabilities Exploited Rapidly: Exploitation of vulnerabilities, particularly those targeting edge devices, is a growing concern. While organizations are prioritizing patching these edge vulnerabilities (54% are fully remediated compared to 38% for all CISA KEVs and 9% for all vulnerabilities identified in scans), the threat is the speed of exploitation. The median time for a vulnerability in the sampled edge device subset to be mass exploited after its CVE publication was zero days.
- The Human Element Persists: The human element continues to play a significant role in breaches. Beyond traditional phishing and pretexting, the report notes the emergence of Prompt bombing, where users are bombarded with MFA login requests, showing up in over 20% of Social attacks this year. User awareness and security training focused on reporting suspect social attacks remain one of the most important controls.
- Generative AI’s Emerging Role: While GenAI hasn’t revolutionized the threat landscape overnight, there is evidence of its use by threat actors, as reported by the AI platforms themselves. Notably, the amount of synthetically generated text in malicious emails has doubled over the past two years. Corporate data leakage is a concern, as employees access GenAI systems on corporate devices, often outside of integrated authentication systems.
- SMBs are Not Exempt from Ransomware: Contrary to a common misconception, ransomware groups actively target small- and medium-sized businesses just like large organizations, adjusting their ransom demands accordingly. SMBs may also be less likely to have robust backups. A single breach at a small entity, depending on the data they handle, can have a massive impact on data victims.
- Public Sector Faces Persistent Threats: The Public Sector continues to face significant challenges. Ransomware remains a major threat, involved in 30% of breaches across all levels of government. Miscellaneous Errors, such as Misdelivery, are also persistent issues. The top three patterns in Public Sector breaches remain consistent over time regardless of the size of the attacked entity.
To effectively achieve a reasonable level of security in our interconnected world, collaboration, transparency, and increased information sharing are essential. This report is a testament to the hard work and collaboration of human threat intelligence professionals and contributing organizations.

Explore the full report for detailed analysis, industry-specific insights, regional breakdowns, and valuable mitigation strategies.

Download the Verizon 2025 Data Breach Investigations Report today!
April 24, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/17/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Networking Essentials – In Progress
Videos

Articles
- ClickFix Attack Compromises 100+ Car Dealership Sites – The ClickFix attack tactic seems to be gaining traction among threat actors.
- Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
- Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying – An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft, which apparently considers this a low priority.
- 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft – ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
- Capital One hacker Paige Thompson got too light a sentence, appeals court rules – Two of the three judges said five years’ probation and time served didn’t match the severity of the crime, among other reasons for overturning the sentence.
- Pennsylvania State Education Association data breach impacts 500,000 individuals – A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.
- Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up
Podcasts
- Smashing Security 408: A gag order backfires, and a snail mail ransom demand – ‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture
March 24, 2025