As we kick off 2025, the cybersecurity landscape continues to be littered with breaches affecting everyone, from major corporations and government agencies to healthcare systems and councils. Cybercriminals have been exploiting vulnerabilities in DNS configurations and healthcare systems and even implementing phishing campaigns targeting job seekers.
This month’s roundup highlights these critical incidents and provides insight into the growing risks businesses and individuals face. We'll reveal details of these attacks and explain how you can better protect yourself from evolving cyber threats.
Mastercard recently corrected a DNS misconfiguration that persisted for nearly five years, allowing potential interception of internet traffic due to a typo in one of its records.
Mastercard uses five DNS servers provided by Akamai. These server names are supposed to end "akam.net", but one record ended "akam.ne" – the country code top-level domain for Niger. That domain name was not registered.
A security researcher discovered the error and registered the domain "akam.ne" to prevent exploitation. While Mastercard claimed there was no risk, it was argued that attackers could have intercepted data or obtained security certificates if the domain had been misused.
Despite acting responsibly and notifying Mastercard, the researcher expressed frustration over the lack of acknowledgement or reimbursement. The incident underscores how minor DNS errors can pose significant security risks and highlights the challenges of responsible vulnerability disclosure.
A cyberattack on NHS pathology provider Synnovis in June 2024 caused widespread disruption to London healthcare services, resulting in at least two patients suffering permanent health damage. The ransomware attack also postponed over 10,000 outpatient appointments and 1,700 procedures. Updated NHS data revealed two cases of severe harm, 11 moderate harm cases, and more than 120 cases of low harm, highlighting the significant impact of delayed care. Experts warn that these figures may underestimate the true extent of damage caused.
Patient safety advocates stress the need for robust recovery plans and heightened vigilance during cyber incidents, while cybersecurity experts called for a public inquiry into NHS cybersecurity. Synnovis faces scrutiny over potential patient data breaches and a reported £32.7 million financial loss in 2024, with reports suggesting the attack might have been preventable with 2FA (two-factor authentication). The incident underscores the growing threat of cyberattacks on healthcare systems and their direct risks to patient safety.
A phishing campaign has been impersonating cybersecurity firm CrowdStrike to target job seekers with fake job offer emails that infect their devices with the XMRig cryptocurrency miner. Victims are directed to a fake CrowdStrike portal to download a malicious "employee CRM application," which performs sandbox checks before deploying the mining software. The miner operates stealthily, using minimal resources to avoid detection while persisting through system reboots.
CrowdStrike advises job seekers to verify recruiter emails, avoid downloading unsolicited applications, and be cautious of offers that seem too good to be true. Employers typically do not require third-party software downloads during recruitment, emphasising the importance of vigilance against such scams.
A new variant of the Banshee Stealer malware is targeting macOS users. It steals browser credentials, cryptocurrency wallets, and sensitive data while bypassing Apple's security features. Check Point research warns that advanced encryption and social engineering make this malware a growing threat.
Experts urge macOS users to adopt stronger security measures, including endpoint protection and user education, as attackers exploit gaps in vigilance. Banshee's resurgence highlights macOS's increasing vulnerability to sophisticated cyber threats.
Gateshead Council has confirmed that a cyberattack occurred on 8th January 2025, resulting in the theft of personal data. While the full scope of affected residents is still unknown, officials are urging people to remain vigilant for phishing emails and fraudulent activity and to change passwords if they notice any suspicious behaviour. The attack has been contained, and an investigation by the North-East Regional Crime Unit is underway.
The council has reassured the public that robust security measures have limited the damage, allowing day-to-day operations to continue. It’s a reminder that we must use caution when sharing personal information and acknowledge that further issues could arise as the investigation progresses.
Blacon High School in Cheshire was forced to close temporarily after a ransomware attack on 19th January 2025. The school remained shut from 22nd-23rd January for investigation by a cybersecurity company, with the possibility of a longer closure depending on the findings.
Head Teacher Rachel Hudson confirmed that staff devices were being cleaned, and teachers would use Google Classroom to assign work to students during the closure. The school plans to reopen once it is safe and secure.
The cybersecurity challenges we face in January 2025 reflect a concerning increase in targeted attacks on essential services, including healthcare, local governments, and corporations. These incidents, from DNS misconfigurations to ransomware attacks, highlight the importance of continuous vigilance and strong security tools.
As we move through the year, businesses must remain proactive in safeguarding their data, reinforcing defences, and staying informed about the latest threats. Cybersecurity remains an ongoing effort, and staying one step ahead is crucial in this evolving digital world.
Want to read more articles like this? Visit our resources: https://www.brigantia.com/resources