The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where user-supplied data is executed via ChildProcess.exec() without adequate sanitization.

Title: ABB Cylon FLXeon 9.3.4 (cert.js) Authenticated Root Remote Code Execution  
Advisory ID: ZSL-2025-5911  
Type: Local/Remote  
Impact: System Access, DoS  
Risk: (5/5)  
Release Date: 03.02.2025

**Summary**

BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boilers, chillers, cooling towers, heat pump systems, air handling units (constant volume, variable air volume, and multi-zone), rooftop units, electrical systems such as lighting control, variable frequency drives and metering.

The FLXeon Controller Series uses BACnet/IP standards to deliver unprecedented connectivity and open integration for your building automation systems. It's scalable, and modular, allowing you to control a diverse range of HVAC functions.

**Description**

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where user-supplied data is executed via ChildProcess.exec() without adequate sanitization.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

FLXeon Series (FBXi Series, FBTi Series, FBVi Series)  
CBX Series (FLX Series)  
CBT Series  
CBV Series  
Firmware: <=9.3.4

**Tested On**

Linux Kernel 5.4.27  
Linux Kernel 4.15.13  
NodeJS/8.4.0  
Express

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[20.01.2025\] Vendor releases version 9.3.5 to address this issue.  
\[03.02.2025\] Coordinated public security advisory released.

**PoC**

abb\_flxeon\_rce5.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-48841

**Changelog**

\[03.02.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon FLXeon 9.3.4 (cert.js) Authenticated Root Remote Code Execution

PRESS RELEASE

MONTREAL, January 29, 2025 (Newswire.com) - Flare, the global leader in Threat Exposure Management, has introduced Flare Academy, an educational hub featuring interactive online training offered free-of-charge to cybersecurity professionals.

Led by Flare's team of subject matter experts, Flare Academy offers a variety of online training modules on the latest cybersecurity threats to enhance the education and knowledge of cybersecurity practitioners. These sessions will highlight a variety of important topics, including investigation and intelligence gathering on cybercrime forums, techniques for deanonymizing threat actors, and ransomware analysis and infiltration.

Through interactive training sessions, security professionals can upgrade their skills and knowledge on a variety of cybercrime and cybersecurity topics, and earn CPE credits toward security certifications. And with the Flare Academy Discord Community, members can build relationships with other practitioners for continuous learning and engagement.

"Flare Academy will provide cybersecurity professionals with access to training, collaborative discussions, and cutting-edge resources," said Mathieu Lavoie, CTO & Research Team Lead at Flare. "We've launched this program with the goal of helping to empower security professionals with the training and information they need to stay ahead of threats and build a stronger, safer digital world."

A number of training modules are currently available for registration, including:

For more information about Flare Academy, and to register for upcoming modules, visit https://flare.io/trainings/.

About Flare

Flare is the leader in Threat Exposure Management, helping organizations of all sizes detect high-risk exposure found on the clear and dark web. Combining the industry's best cybercrime database with an incredibly intuitive user experience, Flare enables customers to reclaim the information advantage and get ahead of threat actors. For more information, visit https://flare.io.

You May Also Like

Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits

### Impact
This vulnerability is an **Environment Variable Injection** issue in `dotenv.stringify`, affecting `google/zx`  version **8.3.1**.

An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to **arbitrary command execution** or **unexpected behavior** in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable.

### Patches
This issue has been **patched** in version **8.3.2**. Users should **immediately upgrade** to this version to mitigate the vulnerability.

### Workarounds
If upgrading is not feasible, users can mitigate the vulnerability by **sanitizing user-controlled environment variable values** before passing them to `dotenv.stringify`. Specifically, avoid using `"`, `'`, and backticks in values, or enforce strict validation of environment variables before usage.

### References
- [Issue Report](https://github.com/google/zx/issues/)
- [Security Policy](https://github.com/google/zx/security/policy)
- [Google Vulnerability Disclosure](https://g.co/vulnz)
- [Patch](https://github.com/google/zx/pull/1094)

**Impact**

This vulnerability is an **Environment Variable Injection** issue in dotenv.stringify, affecting google/zx version **8.3.1**.

An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to **arbitrary command execution** or **unexpected behavior** in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through dotenv.stringify are particularly vulnerable.

**Patches**

This issue has been **patched** in version **8.3.2**. Users should **immediately upgrade** to this version to mitigate the vulnerability.

**Workarounds**

If upgrading is not feasible, users can mitigate the vulnerability by **sanitizing user-controlled environment variable values** before passing them to dotenv.stringify. Specifically, avoid using ", ', and backticks in values, or enforce strict validation of environment variables before usage.

**References**

*   Issue Report
*   Security Policy
*   Google Vulnerability Disclosure
*   Patch

**References**

*   GHSA-qwp8-x4ff-5h87
*   https://nvd.nist.gov/vuln/detail/CVE-2025-24959
*   google/zx#1094
*   google/zx@5ba714d
*   https://github.com/webpod/envapi/blob/v0.2.1/src/main/ts/envapi.ts#L74-L77

GHSA-qwp8-x4ff-5h87: ZX Allows Environment Variable Injection for dotenv API

Anthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.

Source: Tada Images via Shutterstock

Researchers at Anthropic, the company behind the Claude AI assistant, have developed an approach they believe provides a practical, scalable method to make it harder for malicious actors to jailbreak or bypass the built-in safety mechanisms of a range of large language models (LLMs).

The approach employs a set of natural language rules — or a "constitution" — to create categories of permitted and disallowed content in an AI model's input and output, and then uses synthetic data to train the model to recognize and apply those content classifiers.

**"Constitutional Classifiers" Anti-Jailbreak Technique**

In a technical paper released this week, the Anthropic researchers said their so-called Constitutional Classifiers approach was as effective against universal jailbreaks, withstanding more than 3,000 hours of human red-teaming by some 183 white-hat hackers through the HackerOne bug bounty program.

"These Constitutional Classifiers are input and output classifiers trained on synthetically generated data that filter the overwhelming majority of jailbreaks with minimal over-refusals and without incurring a large compute overhead," the researchers said in an related blog post. They have established a demo website where anyone with experience jailbreaking an LLM can try out their system for the next week (Feb. 3 to Feb. 10).

Related:AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

In the context of generative AI (GenAI) models, a jailbreak is any prompt or set of prompts that causes the model to bypass its built-in content filters, safety mechanisms, and ethical constraints. They typically involve a researcher — or a bad actor — crafting specific input sequences, using linguistic tricks and even role-playing scenarios to trick an AI model into escaping its protective guardrails and spewing out potentially dangerous, malicious, and incorrect content.

The most recent example involves researchers at Wallarm extracting secrets from DeepSeek, the Chinese generative AI tool that recently upended long held notions of just how much compute power is required to power an LLM. Since ChatGPT exploded on the scene in November 2022, there have been multiple other examples including one where researchers used one LLM to jailbreak a second, another involving the repetitive use of certain words to get an LLM to spill its training data and another through doctored images and audio.

**Balancing Effectiveness With Efficiency**

In developing the Constitutional Classifiers system, the researchers wanted to ensure a high rate of effectiveness against jailbreaking attempts without drastically impacting the ability for people to extract legitimate information from an AI model. One simplistic example was ensuring the model could distinguish between a prompt asking for a list of common medications or for explaining the properties of household chemicals versus a request on where to acquire a restricted chemical or purifying it. The researchers also wanted to ensure minimal additional computing overhead when using the classifiers.

Related:DeepSeek Jailbreak Reveals Its Entire System Prompt

In tests, researchers had a jailbreak success rate of 86% on a version of Claude with no defensive classifiers, compared to 4.4% on one using a Constitutional Classifier. According to the researchers, using the classifier increased refusal rates by less than 1% and compute costs by nearly 24% compared to the unguarded model.

**LLM Jailbreaks: A Major Threat**

Jailbreaks have emerged as a major consideration when it comes to making GenAI models with sophisticated scientific capabilities widely available. The concern is that it gives even an unskilled actor the opportunity to "uplift" their skills to expert-level capabilities. This can become an especially big problem when it comes to trying to jailbreak LLMs into divulging dangerous chemical, biological, radiological, or nuclear (CBRN) information, the Anthropic researchers noted.

Related:Code-Scanning Tool's License at Heart of Security Breakup

Their work focused on how to augment an LLM with classifiers that monitor an AI model's inputs and outputs and blocks potentially harmful content. Instead of using hard-coded static filtering, they wanted something that would have a more sophisticated understanding of a model's guardrails and act as a real-time filter when generating responses or receiving inputs. "This simple approach is highly effective: in over 3,000 hours of human red teaming on a classifier-guarded system, we observed no successful universal jailbreaks in our target...domain," the researchers wrote. The red-team tests involved the bug bounty hunters trying to obtain answers from Claude AI to a set of harmful questions involving CBRN risks, using thousands of known jailbreaking hacks.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Everyone's all about working in the cloud, but what's happening with these folks? What are they doing, and what do they want? Send us a cybersecurity-related caption to describe the above scene. Our favorite entry will win its wordsmith a $25 gift card.

Here are four convenient ways to submit your ideas before the Feb. 25, 2025, deadline:

*   Via social media: BlueSky (new!), Facebook, LinkedIn, and X.
    

If you win, we'll respond to you on the same platform, requesting your email address to send you the gift card.

**Last Month's Winner**

Shout out — and a $25 Amazon gift card — to Trey Rose for sending us the winning caption for January's "Greetings and Salutations" Edge cartoon. Some noteworthy contenders included "I guess that’s one way to prove you’re not a robot," "I always thought man-in-the-middle was something else," and "This has got to be your worst attempt at a Trojan Horse yet." A big thank you to all who participated.

**About the Author**

Cartoonist

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Name That Edge Toon: In the Cloud

The healthcare industry has become increasingly reliant on technology to enhance patient care, from advanced image-guided surgery to…

The healthcare industry has become increasingly reliant on technology to enhance patient care, from advanced image-guided surgery to computerized provider order entry (CPOE). However, this dependence has also made it a prime target for cybercriminals.

Hospitals, clinics, and medical practitioners handle vast amounts of sensitive data, including medical records, financial information, and administrative details. This data holds substantial value on the black market, where it is often exploited for identity theft or financial fraud.

****Ransomware Attacks on Healthcare Organizations****

In 2024, a ransomware attack on Synnovis, a pathology testing organization serving two NHS trusts in London, resulted in the theft of patient data. Hackers infiltrated the laboratory’s computer systems, making crucial medical information inaccessible. The group behind the attack later published portions of the stolen data online, including personal identifiers such as names, NHS numbers, and test codes.

This incident highlights the complexity of ransomware attacks and the ongoing risks they pose. To reduce the likelihood of similar breaches, healthcare organizations must conduct regular cybersecurity risk assessments, strengthen data protection protocols, and provide staff training to minimize human error.

****The Need for Stronger Data Protection Measures****

Many countries in Europe have strengthened data protection and cybersecurity laws in recent years, with significant implications for healthcare systems. Medical institutions regularly process highly sensitive personal data, and a lack of funding for security measures does not justify neglecting data protection responsibilities.

Personally identifiable information must be safeguarded against unauthorized access, loss, or damage. Failing to do so can have severe consequences, including a loss of trust in healthcare institutions and regulatory penalties.

****Consequences of Data Breaches in Healthcare****

Health data is classified as a special category of information under the UK GDPR, requiring stricter security measures. Organizations handling such data must conduct risk assessments before processing any information that could pose a threat to individual privacy.

Unauthorized access to patient records can lead to serious consequences, such as identity theft, financial fraud, and reputational harm for healthcare providers. Additionally, failure to comply with data protection laws can result in legal and regulatory penalties.

****How to Check If Your Health Data Has Been Leaked****

A data breach is a serious violation of privacy, often exposing individuals to fraud and scams. Cybercriminals may use stolen medical data to craft convincing phishing emails or impersonate healthcare providers in an attempt to extract further personal information.

To minimize the risk, only authorized healthcare professionals should handle sensitive medical records, and administrative staff must be reminded of their confidentiality obligations. If you suspect your information has been compromised, find out exactly what was exposed.

Since tracking all online activity is nearly impossible, your personal data may already be circulating on the dark web. To check what information about you is publicly accessible, search your full name on major search engines. A larger digital footprint increases the risk of exposure. Healthcare organizations must notify patients if their data has been compromised and provide guidance on protective measures.

****Legal Rights and Compensation for Data Breaches – You Can Sue A Healthcare Organization For Breaching Your GDPR Rights****

Under the General Data Protection Regulation (GDPR), organizations are required to implement security measures that protect against data corruption, compromise, or loss. Healthcare institutions use various cybersecurity tools, including firewalls, identity and access management systems, and encryption, to safeguard patient data.

If you have suffered from damaging consequences of a data breach, such as financial loss or privacy violations, you may be entitled to compensation. It is advisable to consult legal experts to assess the strength of your case rather than relying on online legal advice.

The GDPR allows individuals to take legal action when their data protection rights have been violated. Compensation claims are particularly relevant in cases of significant breaches, with litigation processes in the UK following a model similar to those in the United States. Victims can pursue claims individually or as part of group litigation.

****Steps to Take Immediately After a Data Breach****

The loss of personal data can be distressing, but there are steps you can take to mitigate potential harm:

*   **Check for free credit monitoring services** – Some organizations offer free credit monitoring to affected individuals. These services alert you to suspicious activity, such as new credit applications in your name.
*   **Update your passwords immediately** – If your credentials have been compromised, change your login information as soon as possible to prevent unauthorized access.
*   **Stay alert for scams** – Cybercriminals may exploit your leaked data to trick you into revealing more information or making fraudulent payments. Be wary of unexpected emails or phone calls requesting sensitive details.

Be mindful of the information you share with healthcare providers, as excessive data disclosure could increase your risk of exposure. Only provide the details necessary for your care, and stay alert about cybersecurity threats.

Image credits: Pixabay

Your Health Information Was Compromised. Now What? 

Though Windows, iOS, and macOS users won't need to make any changes, Android users are advised to remove their Defender VPN profiles.

Source: CryptoFX via Alamy Stock Photo

NEWS BRIEF

Microsoft is notifying users that it will no longer support the Privacy Protection VPN feature within the Microsoft Defender app. The feature will be removed on Feb. 28.

Microsoft Defender checks files or apps downloaded and installed on a device for any malicious software, as well as runs scans of files already on a system. It works alongside third-party anti-malware solutions and is included as part of a Microsoft 365 Personal or Family subscription.

Microsoft plans to eliminate only the VPN feature and will still provide device protection, identity theft monitoring, and credit monitoring in the US.

The support update document announcing the change did not have a lot of detail but stated that removing the privacy protection benefit will allow the company to "invest in new areas that will better align to customer needs." The document also notes the company routinely evaluates the effectiveness of its features.

Though Windows, iOS, and macOS users won't have to take any action, Microsoft provided instructions for Android users to follow because the VPN profile must be removed from devices manually.

"Not removing the Defender VPN profile on your Android device will not cause any impact to your device but it's recommended to remove it as it won't be used by Defender to provide protection," Microsoft stated.

Android users can follow the steps below to remove their Defender VPN profiles:

3.  Users should see a "Microsoft Defender" VPN profile in the list of VPN profiles if they've onboarded to privacy protection.
    
4.  Click on the "Info" icon and remove the profile.
    

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Microsoft Sets End Date for Defender VPN

Adversaries looking to ride the DeepSeek interest wave are taking advantage of developers in a rush to deploy the new technology, by using AI-generated malware against them.

Source: ifeelstock via Alamy Stock Photo

Researchers have found malicious DeepSeek-impersonating packages planted in the Python Package Index (PyPi); the code is actually loaded with infostealers. Experts warn that's probably not the only platform loaded with fake, malicious DeepSeek packages, and that developers should proceed with care.

Researchers with Positive Technologies discovered the malicious packages, labeled "deepseekai" and "deepseeek," trying to trick developers into thinking they were legit.

"The attack targeted developers, machine learning \[ML\] engineers, and ordinary AI enthusiasts who might be interested in integrating DeepSeek into their systems," the Positive Technologies researchers wrote in an analysis.

The account behind the attack, "bvk," was created in June 2023 and sat dormant until the campaign sprang to life on Jan. 29, according to the report. When executed, the researchers noted both "deepseeek" and "deepseekai" drop infostealers to steal sensitive data, including API keys, database credentials, and permissions.

The malicious PyPi packages have been deleted, but there's evidence they were downloaded 36 times using the pip package manager and the bandersnatch mirroring tool, and 186 times using the browser, the researchers reported.

"Sometimes API keys aren’t leaked, they’re just plain stolen," Tim Erlin, vice president of product at Wallarm says. "This incident is a good example of attackers taking advantage of the prevailing news cycle. Anytime you’re doing something popular, whether clicking on a link or installing a PyPi package, it’s best to approach the task with a healthy dose of skepticism."

Related:'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks

That mindset can help developers avoid making similar cybersecurity slip-ups, according to Mike McGuire, senior security solutions manager with Black Duck.

"In their eagerness to leverage DeepSeek in their tasks, many developers missed the 'red flag' that they were downloading packages from an account with a limited, poor reputation, and had their environment variables and secrets compromised as a result," McGuire says.

Ironically given how advanced DeepSeek's capabilities are touted to be, the attack itself was a fairly low-tech affair, Michael Lieberman, CTO at Kusari, notes.

"Typosquatting attacks are popular because they work," Kusari points out. "It's easy for a developer to mistype a word or use something with a similar-sounding name and suddenly their application is pulling in malicious code. Popular or trendy technologies are at particular risk since the pool of potential victims is larger."

Related:DeepSeek Jailbreak Reveals Its Entire System Prompt

**Adversaries Using AI to Write Code Faster Too**

In a novel twist, the researchers found evidence the threat actors used AI to write the malicious code.

"There are clear indications that the compromised code was written with AI assistance, providing a real-world example of AI being used for malicious intent," Wallarm's Erlin says.

Erlin adds that developers should expect similar malicious packages to be scattered among various platforms.

"Developers, with malintent or not, are heavily invested in using AI to be more efficient." he adds. "AI lets developers write more code, faster. We should expect to see the volume of malicious code expand at the same rate as code in general."

To protect their environments from these threats, Raj Mallempati, CEO of BlueFlag Security, says developers need to implement strong security practices throughout the software development lifecycle (SDLC). That means using software composition analysis (SCA) tools, as well as automated vulnerability scanning, limiting the use of unverified packages in developer environments, and threat intelligence monitoring.

"This recent incident underscores the need for developers to specifically protect against threats like OSS typosquatting," Mallempati explains. "Double checking package names and verifying package sources that come from DeepSeek will be key here. As well, developers should enable dependency scanning tools like Github dependabot to ensure they are not downloading malicious packages."

Related:Code-Scanning Tool's License at Heart of Security Breakup

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, they continued to thrive in a record-breaking year for ransomware.

Source: VectorFusionArt via Shutterstock

A surge in ransomware groups in 2024 left companies facing increased attacks, even as law enforcement ramped up investigations against well-known groups such as LockBit, and dismantled popular cybercriminal services, such as phishing-as-a-service provider LabHost and the encrypted messaging platform Ghost.

A pair of new studies outlines the state of play. Overall, more than 75 ransomware groups were actively compromising targets in 2024, compared to only 43 the prior year, according to a recent Rapid7 analysis. As a result, more than half of organizations suffered a successful attack, and the majority of those impacted shut down some operations leading to significant revenue loss, according to a large survey of IT and cybersecurity practitioners conducted by the Ponemon Institute.

As long as extortion continues to be profitable, organizations will have to contend with significant threats, says Trevor Dearing, director of critical infrastructure solutions at Illumio, a zero-trust security firm and sponsor of the Ponemon report.

"When some of those gangs were taken down, there was a dip in activity, but they get very quickly replaced, and that's the challenge," he says. "It's a battle that is is worth fighting and it does slow them down, but this is only part of the response we have to have."

Related:1-Click Phishing Campaign Targets High-Profile X Accounts

The pace of compromises appears to be only accelerating, with about 15% more ransomware attacks in 2024, compared to the previous year, according to data collected by both NCC Group and Rapid7. Their tallies differed slightly, but trended in the same direction. And last month, the number of successful attacks claimed by ransomware groups averaged 18 per day, up from less than 15 in December, according to Rapid7's data.

RansomHub, LockBit, and Play were the most prolific ransomware groups in 2024, as measured by the number of breach posts. Source: Author based on Rapid7 data

Overall, cybercriminals compromised nearly 6,000 victims, posting their information to public data-leak sites, with well-known ransomware groups — such as RansomHub, LockBit, and Play — making tens of millions of dollars each in ransom payments from victims, even as fewer victims paid lower average ransoms, the company found.

**Laying Down the Law on Cybercrime**

The ransomware gains came despite increased law enforcement activity. In September, European law enforcement disrupted the Ghost encrypted communications platform used by organized crime groups. In November, Canadian authorities arrested the hacker behind the compromise of 165 firms' Snowflake instances, who had demanded ransoms ranging from $300,000 to $5 million. And, in December, Israeli law enforcement arrested a 51-year-old LockBit developer in Israel.

Related:Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

While law enforcement efforts are having an impact on cybercriminal operations, their efforts appear to be fracturing the ecosystem, as more groups and a greater number of providers offer cybercriminal services, says Christiaan Beek, senior director of threat analytics for Rapid7.

"Law enforcement is really fighting hard to take on the biggest groups \[that are causing businesses\] a lot of problems, and we highly applaud those initiatives," he says. "But the money is really attracting people, and especially if you are in certain countries where you're hard to catch or protected by the government ... then \[becoming a ransomware operator\] almost feels like a safe option."

**Paying Ransoms Is No Guarantee of Cyber Safety**

Estimates of the ransom amounts paid by companies varied significantly, with ransomware specialist Coveware estimating that the victims paid a median of $200,000 in Q3 2024, while a survey of more than 2,500 companies conducted by the Ponemon Institute estimated the average ransom demanded to be $1.2 million.

And those figures do not include investigation and clean up costs, Illumio's Dearing says.

"There was almost a doubling in the \[share of companies\] that lost significant revenue, and that reflects something that we're seeing across the board — both from financially motivated ransomware attackers, nation-states, or hacktivists — they are just trying to disrupt things," he says, adding, "Organizations need to think a lot more about incident response, about containing attacks, about trying to make sure that they actually stay in business if there's an attack."

Related:PrintNightmare Aftermath: Windows Print Spooler Is Better. What's Next?

The survey also found that paying a ransom rarely solves the problem of lost data nor ends the targeting by attackers. Half of all companies (51%) suffered a ransomware attack in 2024, but less than half received a decryption key, and the attacker demanded more money in a third of cases. In the end, only 13% of companies eventually recovered all of their data, according the Ponemon Institute report.

**Plan for Alternate Operations for Business Continuity**

Early detection and a plan to continue operations in the face of disruption matter most when it comes to minimizing the impact of a cyberattack. Of the companies that did not pay a ransom, nearly half had backups from which they could recover data, while a similar number deemed the data not important enough to pay the ransom.

In the best case scenario, companies can quickly move to cloud operations — or another plan for business continuity — giving them the best chance of recovering without drastic impacts, Rapid7's Beek says.

"We saw one company flip the switch, and suddenly the whole business was running on cloud resources while they were restoring the day-to-day operations," he says. "So the ransomware incident hardly impacted the business."

Companies that have a lack of visibility into — and a lack of security controls protecting — their networks face the most damaging disruption, says Illumio's Dearing.

"Things that allow lateral movement within organizations — like unpatched systems and weak passwords and open RDP ports — help attackers," he says. "So there's an amount of basics that companies need to take."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Ransomware Groups Weathered Raids, Profited in 2024

Children love online gaming, and it’s no surprise they do it, considering it offers them fun and interactive…

Children love online gaming, and it’s no surprise they do it, considering it offers them fun and interactive experiences that entertain them in a way nothing else can. However, as a parent, you are concerned for their safety because online gaming comes with particular risks. You are probably aware that your kids are exposed to privacy issues, cyberbullying, or in-game purchases that can have a negative impact on their wellbeing. 

You want to protect your children from all dangers, and when it comes to online threats, you can achieve this by identifying the risks and teaching them how to stay safe when gaming. This blog explores the ways in which you can help your children stay safe while enjoying their favourite online games. 

****First, understand what risks are associated with online gaming****

If your kids have just started playing online games, you might not be aware of the complexity of digital threats they are exposed to. For example, cyberbullying is one of the greatest issues of the moment because your children can receive hurtful comments or get caught in hurtful actions without their consent.

It’s vital to stay in touch with what happens in the gaming world so you can prevent your children from getting exposed to harmful interactions that might affect their emotional and mental health. Also, it’s important to know that online predators take advantage of games to manipulate young players. 

Your kids’ privacy is also at risk when playing online games because the majority of platforms require them to provide personal information. Make sure you educate yourself on the signs of a data breach. You can find information at sources like Data Breach Compensation Expert.

In addition, online games allow players to message each other, which could transform into a privacy issue if your kids share their sensitive information. You should monitor the settings of your children’s gaming so you can ensure they don’t engage in behaviours that put their privacy at risk. When you understand the risks associated with online gaming, you can prepare strategies to protect them. 

In-game purchases could also become dangerous when your kids buy something without discussing it with you first. Some online platforms encourage children to spend money on upgrading their characters or purchasing items that could help them advance in a game. You should always know what games your children play and familiarize yourself with their requirements to prevent taking any financial risk. 

****Teach your children how to stay safe online****

As mentioned earlier, one of the greatest dangers when your kids are playing online games is that they might be tempted or convinced to share sensitive information. Online gaming platforms facilitate engagement with other players, so they discuss with strangers, who might not have genuine intentions and ask them to reveal their real name, address, or other details. Children don’t realize the risks they expose themselves to when they tell strangers their real names, school addresses, or phone numbers, and it’s your role to explain why these are private details they shouldn’t share with someone they met online. 

When discussing the importance of online privacy with your kids, try to keep things simple. Explain in words they understand, and follow up with them regularly to find out what kind of activities they engage in online. 

****Use parental control options****

You already know that most apps include parental control features, and if you haven’t used them until now, you might want to have a look into them because they enable you to protect your kids online. Parental control options allow you to manage your children’s interactions and prevent unwanted purchases. You’ll find it easier to enforce some proper gaming safety rules, so learn how to set them up in the games your kids play, and keep excessive spending and cybercriminals at bay. 

Most games come with built-in parental control features, making it easy to set up parental control. When your child plays games on Xbox or PlayStation, you can block the games you don’t find educative, stop purchases, and limit screen time. Both Xbox and PlayStation let parents setup parental controls.

Make sure you also keep a close eye on their chat activity and restrict who they can manage to prevent them from interacting with people who might harm them. You can limit friend requests and turn off chatting with users they don’t know. 

****Encourage them to discuss with you about their gaming activities****

One of the most effective ways to keep your children safe online is to discuss with them openly about their gaming activities. Start by taking an interest in the games they like, ask them questions, and spend time in the same room they are playing, so you can learn more about the game. Make sure they feel comfortable sharing with you their gaming experiences, and whether they made online friends or chatted with someone new recently. 

A simple question such as “Did something unusual happen today when you were playing?” could help you uncover suspicious behaviour. 

****Make sure they play age-appropriate games****

It’s paramount to ensure your kids play age-appropriate games when making efforts to protect them from online threats. Games are designed for each age group for a reason: young children aren’t ready to fully understand some behaviours. For them, some level of violence might turn harmful, and it’s best to prevent their access. Check the list of games your kids want to play, and add to their library only those they are mature enough to play. This will also ensure a more enjoyable experience for them because it is tailored to their preferences and skills. 

****Set a good example****

Kids aren’t the only ones who play online games. They might have inherited the passion from one of their parents, and if this is the case, you should provide them with a good example. They are always watching what you do, so regardless of whether you’re playing games on your computer or Xbox, you should always show respect toward other players, have healthy gaming habits, and communicate responsibly. 

It’s your responsibility to keep your kids safe when they play online games. This article provides you with a couple of recommendations, but we encourage you to educate yourself about the subject. 

Image source: Unsplash

Latest News