Weekly Intelligence Briefing: 29th April 2025

The Plain English Version

Hello there! Welcome back to our weekly translation of digital nightmares into something approaching understandable English. Pour yourself something fortifying as we explore how various bits of technology tried to ruin everyone's week.

🛒 British Icons Under Attack: M&S Hit Hard

Marks & Spencer has joined the increasingly un-exclusive club of "Retailers Who've Had Their Systems Compromised":

• Online orders suspended after a cyber-attack by something called "Scattered Spider" (sadly not a new arachnid-themed Percy Pig variety)
• Contactless payments disrupted in stores (forcing shoppers to experience the forgotten trauma of inserting their cards and - gasp - remembering PINs)
• Customer refunds issued to those affected (perhaps the only time getting your money back from a retailer doesn't spark joy)

They're not alone in their suffering – Hitachi Vantara also had to take servers offline following an "Akira" ransomware attack. Not to be confused with the classic anime film, though both do feature systems going horribly wrong.

💉 Critical Infrastructure: Healthcare & Manufacturing in the Crosshairs

The people who should be focusing on keeping us alive and making useful things are instead dealing with digital headaches:

• FBI reports 9% surge in ransomware attacks targeting critical infrastructure
• Manufacturing sector increasingly targeted by sophisticated attacks
• Healthcare organisations remain primary targets (because attacking people trying to save lives is apparently still fashionable among cyber-criminals)
• SAP NetWeaver vulnerability affecting over 1,200 servers (which is tech-speak for "a really important business system has a serious security problem")

📱 When Text Messages Attack: SMS Gateway Problems

It turns out those text messages about your parcel delivery might be more sinister than you thought:

• SMS gateway exploitation has emerged as a significant route for spam distribution
• Attackers targeting Teltonika Networks SMS Gateways rather than using legitimate services
• Direct infrastructure exploitation rather than the usual password-stealing approach
• Review SMS gateway security if your business sends text messages to customers (and don't we all these days?)

🤖 AI Security: When Containing Artificial Intelligence Becomes Essential

The "teaching computers to think" project continues to need increasingly robust guardrails:

• Researchers propose "Guillotine" - a breakthrough system designed to contain potentially dangerous AI through multiple isolation layers
• Palo Alto Networks acquired AI security firm Protect AI (for a sum that would make your eyes water)
• IBM committed $150 billion for US investment in quantum innovation and security (that's billion with a "b")
• 59% of organisations struggle to spot deepfake attacks according to the 2025 LevelBlue Futures Report (and the other 41% are probably just unaware they've been fooled)

What You Actually Need To Do

🚨 Do These Today (We Mean It)

1. Update systems affected by CISA's latest warnings - particularly Broadcom Brocade Fabric OS and Commvault Web Server
2. Patch SAP NetWeaver installations - there's an actively exploited vulnerability affecting over 1,200 servers
3. Review your VPN logging policies - especially in light of the Windscribe case (they were acquitted, but best not to tempt fate)
4. Check for Linux security blind spots - particularly related to something called "io_uring exploitation" (a new technical nasty)

⚠️ Do These This Week

1. Audit SMS gateway configurations if you use them for customer communications
2. Update incident response plans to include specific procedures for ransomware attacks
3. Evaluate Linux security controls - a concerning new threat called "Curing rootkit" can bypass traditional detection methods
4. Review payment system security - especially contactless systems (as M&S discovered the hard way)

🔔 Schedule These Soon

1. Develop AI-powered deepfake detection capabilities - only 32% of organisations feel prepared for synthetic identity attacks
2. Strengthen critical infrastructure protection - especially in manufacturing and healthcare
3. Implement edge device security assessment - VPN and edge devices accounted for 22% of security breaches last year
4. Create an accelerated patch management programme - particularly for edge devices and VPN systems

What's Actually Happening Out There

Ransomware Trends

The digital extortion business continues to thrive:
- Marks & Spencer hit by Scattered Spider ransomware affecting online and in-store systems
- Hitachi Vantara forced to take servers offline following Akira ransomware
- FBI reports significant surge in attacks targeting critical infrastructure
- Manufacturing, healthcare, government facilities, financial services, and IT sectors are primary targets

AI Security Developments

The battle between helpful and harmful AI intensifies:
- Guillotine research proposes hardware-level containment strategies for advanced AI systems
- Major investments in AI security from industry leaders like IBM, Palo Alto Networks
- 59% of organisations struggle to identify deepfake attacks
- Only 32% feel prepared for synthetic identity attacks

Emerging Attack Techniques

The criminals continue to get more creative:
- Steganography evolving as a method for concealing malicious payloads in digital photographs
- SMS gateway exploitation emerging as a significant vector for spam distribution
- Linux "Curing rootkit" exploiting io_uring to bypass traditional detection methods
- VPN and edge device vulnerabilities accounting for 22% of security breaches

Special Focus: The Rising Threat of Steganography

This week saw concerning developments in "steganography" – the art of hiding malicious code inside seemingly innocent files like photographs or documents.

What Is It?: Steganography is essentially digital hide-and-seek, where attackers conceal harmful code within ordinary-looking files. Unlike encryption, which makes it obvious something is hidden (but makes it unreadable), steganography makes the very existence of the secret data difficult to detect.

Why You Should Care: Security tools are designed to spot obviously suspicious files. When malicious code is hidden inside what appears to be a harmless holiday photo or corporate PowerPoint, it can easily slip past defences.

Recent Developments: New examples show attackers hiding complete attack tools inside digital photographs and other media files, effectively making them invisible to standard security controls.

What To Do About It:
- Ensure your security teams are aware of these techniques
- Consider implementing more advanced file inspection tools
- Be suspicious of unexpected image files, even from apparently trusted sources
- When in doubt, don't open it (the digital equivalent of "if it smells off, don't eat it")

Startling Stat of the Week

This week's "well that's concerning" award goes to: VPN and edge device vulnerabilities accounted for 22% of all security breaches, nearly eight times the amount from the previous year.

Translation: All those services that connect your remote workers to your systems have become eight times more likely to be the weak point in your defences. No pressure.

As always, if you need help implementing any of these recommendations or just want to vent about the relentless pace of digital security threats, we're available at intelligence@isoserious.com

Stay secure,

ISO Serious

P.S. We're delighted to report that our email server has recovered from its existential crisis and is now dutifully delivering these digests once more. We're sorry for the disruption but pleased to be back in your inbox – though judging by this week's news, perhaps blissful ignorance wasn't so bad after all.