From Chinese cyberspies breaching US telecoms to ruthless ransomware gangs disrupting health care for millions of people, 2024 saw some of the worst hacks, breaches, and data leaks ever.

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—the malicious rampages had very real consequences for people's privacy, safety, and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complicated—and potentially explosive—year in cyberspace. But first, here's WIRED's look back on this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert, and stay safe out there.

**China's Salt Typhoon Telecom Breaches**

Espionage operations are a fact of life, and relentless Chinese campaigns have been a constant in cyberspace for years now. But the China-linked espionage group Salt Typhoon carried out a particularly noteworthy operation this year, infiltrating a slew of US telecoms including Verizon and AT&T (plus others around the world) for months. And US officials told reporters earlier this month that many victim companies are still actively attempting to remove the hackers from their networks.

The attackers surveilled a small group of people—less than 150 by current count—but they include individuals who were already subject to US wiretap orders as well as state department officials and members of both the Trump and Harris presidential campaigns. Additionally, texts and calls from other people who interacted with the Salt Typhoon targets were inherently also caught up in the espionage scheme.

**Snowflake Customer Breaches**

Throughout the summer, attackers were on a tear, breaching prominent companies and organizations that were all customers of the cloud data storage company Snowflake. The spree barely qualifies as hacking, since cybercriminals were simply using stolen passwords to log in to Snowflake accounts that didn't have two-factor authentication turned on. The end result, though, was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another prominent victim, the telecom giant AT&T, said in July that “nearly all” records relating to its customers' calls and texts from a seven-month stretch in 2022 were stolen in a Snowflake-related intrusion. The security firm Mandiant, which is owned by Google, said in June that the rampage impacted roughly 165 victims.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all of their users. In November, suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for allegedly leading the hacking spree. He was indicted by the US Department of Justice for the Snowflake tear and faces extradition to the US. John Erin Binns, who was arrested in Turkey for an indictment related to a 2021 breach of the telecom T-Mobile, was also indicted on charges related to the Snowflake customer breaches.

**Change Healthcare Ransomware Attack**

At the end of February, the medical billing and insurance processing company Change Healthcare was hit with a ransomware attack that caused disruptions at hospitals, doctor's offices, pharmacies, and other health care facilities around the US. The attack is one of the all-time largest breaches of medical data, impacting more than 100 million people. The company, which is owned by UnitedHealth, is a dominant medical billing processor in the US. It said days after the attack started that it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the assault.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions, and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat at the beginning of March in an attempt to contain the situation. The payment seemingly emboldened attackers to hit health care targets at an even greater rate than usual. With ongoing, rolling notifications to more than 100 million victims—with more still being discovered—lawsuits and other blowback has been mounting. This month, for example, the state of Nebraska sued Change Healthcare, alleging that “failures to implement basic security protections” made the attack much worse than it should have been.

**Russia's Midnight Blizzard Hit Microsoft**

Microsoft said in January that it had been breached by Russia's “Midnight Blizzard” hackers in an incident that compromised company executives' email accounts. The group is tied to the Kremlin's SVR foreign intelligence agency and is specifically linked to SVR's APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

**National Public Data**

The background check company National Public Data suffered a breach in December 2023, and data from the incident started showing up for sale on cybercriminal forums in April 2024. Different configurations of the data cropped up again and again over the summer, culminating in public confirmation of the breach by the company in August. The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Since National Public Data didn't confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Though the breach was significant, the true number of impacted individuals seems to be, mercifully, much lower. The company reported in a filing to officials in Maine that the breach affected 1.3 million people. In October, National Public Data's parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach as well as a number of lawsuits that the company is facing over the incident.

**Honorable Mention: North Korean Cryptocurrency Theft**

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

The Worst Hacks of 2024

As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.

Source: Golden Dayz via Shutterstock

Rising Internet adoption and digital transformation initiatives are exposing organizations in Africa to a growing range of cyber threats.

One manifestation of the trend is a steady increase in distributed denial-of-service (DDoS) attacks on organizations in a handful of North African countries — which also happen to be the ones with the highest Internet penetration rates in the region.

**Surge in DDoS Activity**

A recent analysis of threat activity data during the first half of 2024 by Netscout showed a 30% increase in DDoS attacks in the Middle East and Africa overall compared with the previous quarter. Countries that experienced the largest growth in DDoS attacks included Algeria, Morocco, Tunisia, and Egypt.

Morocco, which has a 90% Internet penetration rate, reported 61,000 DDoS attacks during the first half of 2024, which was the highest number of DDoS attacks in the region during the period. A plurality of the attacks — 16,461 — targeted wireless telecom producers in the region; more than 6,000 were directed at wired telecom companies; and the rest affected organizations across multiple industry sectors.

Organizations in Egypt, another country in the region with a high Internet penetration rate, collectively experienced some 45,108 DDoS attacks in the first half of the year, with wired telecom carriers being the most frequently targeted entities, followed by wireless carriers and educational institutions. Netscout found some of the highest bandwidth attacks during the time period in Egypt, with the biggest one clocking in at a hefty 332.96 Gbit/s.

Related:China's 'Evasive Panda' APT Debuts High-End Cloud Hijacking

The story with Tunisia, which experienced 4,511 DDoS attacks in the first six months, was similar in terms of victimology: most victims were wired or wireless telecom providers. However, Netscout found threat actors deploying a larger number of DDoS attacks against Tunisian organizations than organizations in other countries. The largest such attack type involved a startling 27 vectors, including Apple Remote Management Service, Connection-less Lightweight Directory Access Protocol (CLDAP) , Constrained Application Protocol (COAP), and Domain Name System (DNS) amplification techniques for significantly increasing the power of an attack.

**Geopolitical Tensions, "Online-Ness" Drive Cyber Activity**

"These attacks can be attributed in part to businesses in countries such as Morocco, Tunisia, Egypt, Libya, and Algeria increasing their online presence over the past year," says Richard Hummel, director of threat intelligence at Netscout. "While digital transformation is generally a cause for celebration, unfortunately, it also means that more devices and services can be disrupted by attacks."

Related:'SloppyLemming' APT Abuses Cloudflare Service in Pakistan Attacks

A larger attack surface, however, is not the only reason for the increased DDoS activity in Africa and the Middle East, Hummel says. "Geopolitical tensions in these regions are also fueling a surge in hacktivist activity as real-world political disputes spill over into the digital world," he says. "Unfortunately, hacktivists often target critical infrastructure like government services, utilities, and banks to cause maximum disruption."

And DDoS attacks are by no means the only manifestation of the new threats that organizations in Africa are having to contend with as they broaden their digital footprint.

**Growing Cyber-Espionage, Cybercrime Risks**

The Africa Center for Strategic Studies in a recent report assessed that the increasing spread of IT, communications, and related technologies in the region is rapidly amplifying and altering threats against organizations — and raising national security challenges in the process. The center, which is a US Department of Defense institution, expects that over the next few years organizations in Africa will have to contend with a many of the same cyber threats that entities in other regions of the world have had to contend with for years.

Related:IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims

One of them is cyber espionage. "Cyberspace has fundamentally changed the methods and means through which states gather information on one another and their citizens," the Africa Center report noted. "Though the most significant cyberespionage concerns in Africa have centered around China, espionage and surveillance capabilities are rapidly diffusing across the continent."

Attacks on critical infrastructure and financially motived attacks by organized crime are other looming concerns. In the center's assessment, Africa's government networks and networks belonging to the military, banking, and telecom sectors are all vulnerable to disruptive cyberattacks. Exacerbating the concern is the relatively high potential for cyber incidents resulting from negligence and accidents.

Organized crime gangs — the scourge of organizations in the US, Europe, and other parts of the world, present an emerging threat to organizations in Africa, the Center has assessed.  "Growing internet penetration rates in Africa has both led to new kinds of cyber-dependent criminal activities, such as business email compromise or romance scams, as well transformed the financing and market dynamics of more traditional organized crime networks." Supply chain attacks are another major and emerging concern, especially given the high reliance on foreign suppliers among organizations in Africa.

Agnidipta Sarkar, vice president and CISO advisory at ColorToken, says organizations in Africa are going to come under growing pressure to implement defenses against new cyber threats, even as they embark on their digital transformation journey.

"The ability to continue business operations, despite cyberattacks, will encourage investments in the region," he predicts. "Effectively reporting breaches will emerge as a highly sought-after capability for CISOs, especially \[for\] those who can."

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

DDoS Attacks Surge as Africa Expands Its Digital Footprint

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams. Learn risks, real-world examples, and preventive measures for safer browsing.

Did you know that over 80% (PDF) of cyberattacks exploit online platforms, including search engines? These indispensable tools guide billions of users to the content they seek, but their trustworthiness can be weaponized.

Cybercriminals are exploiting search engine optimization (SEO) techniques to distribute malware, launch phishing attacks, and spread harmful content. This practice, known as SEO poisoning, manipulates search results to lure unsuspecting users into clicking on malicious links.

Recent reports indicate a significant rise in SEO poisoning attacks. Between August 2023 and January 2024, there was a 60% increase in malware detections stemming from malicious search results. Such trends highlight the growing sophistication of these tactics and the critical need for vigilance among businesses and individuals alike.

****What is SEO Poisoning?****

SEO poisoning is a malicious strategy where cybercriminals manipulate search engine algorithms to rank harmful websites prominently in search results. These websites often contain malware, phishing schemes, or scams designed to steal sensitive information.

Attackers capitalize on high-demand keywords tied to trending topics or urgent events, such as natural disasters, major product launches, or public health crises. By employing techniques like keyword stuffing, spammy backlinks, and deceptive content, they make their sites appear legitimate and lure unsuspecting users.

****Key Risks of SEO Poisoning:****

*   **Malware Distribution:** Clicking on infected links can install ransomware, spyware, or other malware.
*   **Phishing Scams:** Users are tricked into providing sensitive data like passwords or credit card information.
*   **Reputation Damage:** Legitimate businesses can lose credibility if associated with malicious links.

One example is the surge of Gootloader malware in early 2023. Attackers targeted niche search terms, such as _“implied employment agreement,”_ to redirect users to infected websites. These attacks emphasize how even low-competition search terms can become cybercriminals’ playgrounds.

****Real-World Examples of SEO Manipulation****

SEO manipulation has been used in several high-profile attacks, exploiting the trust users place in search results:

*   **Fake Antivirus Software:** Users searching for free antivirus tools were directed to malicious sites posing as trusted providers. These fake programs encrypted files and demanded ransom payments, exploiting users’ trust in well-known antivirus brands like Avast, Bitdefender and Malwarebytes. Fake antivirus websites have been known to impersonate popular security providers to deceive users.

*   Holiday Shopping Scams: During peak shopping seasons, cybercriminals created fake e-commerce sites targeting popular products. These fraudulent sites were designed to rank high in search results, allowing attackers to trick users into entering their payment information, which the criminals then stole.

*   **Software Search Exploitation:** In 2023, searches for popular tools like Blender 3D led users to fraudulent sites offering infected downloads. Such campaigns highlight the dangers of SEO poisoning when targeting trusted software.

These examples show how attackers exploit trust in search results and highlight the importance of vigilance, particularly during periods of heightened online activity.

****Protecting Against SEO-Based Threats****

Although SEO poisoning is a persistent threat, proactive measures can help both businesses and individual users reduce the risks.

****For Businesses****

Businesses must safeguard their websites and digital presence from exploitation. Trusted SEO providers can optimize websites while identifying and mitigating vulnerabilities, such as fake backlinks or unauthorized content changes, often exploited in SEO poisoning campaigns.

According to Stellar SEO, a custom SEO services provider, exploiting SEO-related vulnerabilities has even been adopted by top-tier groups such as the Chinese DragonRank, which was recently discovered manipulating search engines to redirect users to malicious websites.

****For Users****

Users can protect themselves by adopting proactive online habits:

*   **Verify the Source:** Always inspect URLs carefully before clicking, especially when searching for trending or high-demand topics.
*   **Use Trusted Security Tools:** Antivirus software and browser extensions can help identify and block harmful sites. For example, providers like _Kaspersky_ have shown how cybercriminals exploit marketing strategies to launch attacks.
*   **Stay Informed:** Awareness of the latest cybersecurity trends is crucial for recognizing and avoiding malicious tactics.

By combining secure SEO strategies with vigilance, businesses and users can significantly reduce their exposure to SEO poisoning threats.

****How Search Engines Are Combating SEO Poisoning****

Search engines like Google and Bing constantly update their algorithms to detect and penalize malicious websites. These updates target behaviors such as keyword stuffing, suspicious backlinking patterns, and misleading content.

****Key Defensive Measures Include:****

*   **Machine Learning Algorithms:** These tools analyze billions of web pages for signs of malicious intent.
*   **Safe Browsing Technology:** Platforms like Google warn users about harmful websites before they can be accessed.
*   **Domain Reputation Systems:** Search engines evaluate the trustworthiness of domains to demote those linked to malicious activity.

Despite these efforts, cybercriminals continue to evolve their techniques, creating sophisticated tactics to bypass detection. For instance, in November 2024, attackers exploited niche search queries like _“Are Bengal cats legal in Australia“_ to lure users to malicious websites. Such incidents underscore the importance of proactive measures by users and businesses to complement automated systems. Recognizing and avoiding malicious links remains a shared responsibility.

****Conclusion****

SEO poisoning is a growing threat at the intersection of cybersecurity and digital marketing. By exploiting legitimate SEO techniques, cybercriminals deceive users, distribute malware, and undermine trust in search engines.

For businesses, partnering with trusted providers of custom SEO services ensures websites are optimized securely, preventing vulnerabilities that attackers might exploit. For users, adopting habits like verifying sources, using reliable security tools, and staying informed about emerging threats is essential for staying safe online.

Every time you search online, consider the risks that lurk behind seemingly trustworthy links. By remaining vigilant and proactive, we can protect our digital spaces and maintain trust in the tools that shape our online world. 

1.  **Google Algorithm Updates vs SEO Strategies**
2.  **Best SEO Experts to Follow on Twitter (X) in 2025**
3.  **How to Improve SEO with Enhanced Web Security**
4.  **Link Farming: SEO Boost or Cybersecurity Threat?**
5.  **Fake GlobalProtect VPN Downloads Spread WikiLoader Malware**

SEO Poisoning: How Cybercriminals Are Turning Search Engines into Traps

A US court ruled against NSO Group, an Israeli spyware maker, finding them liable for hacking WhatsApp users. The ruling has major implications for the surveillance technology industry."

****SUMMARY****

*   **NSO Group Held Accountable:** A U.S. court ruled against NSO Group for hacking WhatsApp accounts, violating U.S. law and its terms of service.

*   **Pegasus Spyware Abuse:** NSO exploited a WhatsApp flaw to install Pegasus spyware on 1,400 devices, targeting activists, journalists, and officials.

*   **WhatsApp Lawsuit Victory:** WhatsApp sued NSO in 2019 after discovering the spyware attack, marking a major win for privacy rights.

*   **Court Rejects NSO’s Defense:** The court dismissed NSO’s claims of immunity, holding it liable despite its stated anti-terrorism purpose.

*   **Spyware Industry Implications:** The ruling sets a precedent for accountability, boosting privacy advocacy efforts against invasive technologies.

The Israeli spyware company NSO Group has been held liable for compromising the accounts of hundreds of WhatsApp users, marking a significant legal victory for Meta Platforms.

****The Ruling****

In a landmark ruling, U.S. District Judge Phyllis Hamilton found the NSO Group responsible for hacking and breaching the world’s leading messaging app WhatsApp’s terms of service, compromising the accounts of hundreds of its users. 

According to court documents (PDF), the NSO Group exploited a vulnerability in the messaging app to install its powerful Pegasus spyware on at least 1,400 devices. This spyware, known for its ability to infiltrate phones and extract sensitive data, was allegedly used to target journalists, human rights activists, political dissidents, and government officials, raising serious concerns about privacy and human rights.

****Background Details****

For your information, WhatsApp filed the lawsuit in 2019, accusing NSO Group of accessing its servers without authorization to deploy Pegasus. It was reported by Hackread.com that the NSO Group was suspected of exploiting a new “MMS Fingerprint” attack on WhatsApp, exposing device information without user interaction. 

Hackread.com also reported earlier this year that WhatsApp discovered the vulnerability in May 2019, which let attackers install Pegasus spyware on users’ devices. The flaw was then used to target government officials and activists globally. WhatsApp sued NSO Group for the exploitation 

The Israeli firm, which claims its technology is used to combat terrorism and crime, argued that its actions were justified and that it should be shielded from liability. However, the court rejected these arguments, finding that it was responsible for the breach and that its actions violated US law.

This ruling has major implications for the spyware industry, which operates in a legal gray area. It establishes a precedent that companies like NSO Group can be held accountable for the misuse of their technology, even if they claim to be providing services to legitimate government agencies. The decision is also a major victory for privacy advocates, who have long warned about the dangers of invasive surveillance technologies.

WhatsApp hailed the ruling as a “huge win for privacy,” emphasizing that it would continue to work to protect user communications from such attacks. 

“We spent five years presenting our case because we firmly believe that spyware companies could not hide behind immunity or avoid accountability for their unlawful actions,” Will Cathcart, the head of WhatsApp stated.

1.  **ChatGPT’s Training Methods Challenged in Lawsuit**
2.  **Apple loses lawsuit against cyber security startup Corellium**
3.  **Amazon Files Lawsuits Against Fraudsters Over Fake Reviews**
4.  **YouTube MP3 Converter Site Shut Down After Labels Win Lawsuit**
5.  **Dutch Watchdog Sues Adobe Over Mass Collection of Citizen Data**

WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group

Fintech thrives on innovation, but cybersecurity requires a proactive approach. AI, predictive intelligence, and tailored strategies safeguard against…

Fintech thrives on innovation, but cybersecurity requires a proactive approach. AI, predictive intelligence, and tailored strategies safeguard against risks, ensuring trust, resilience, and growth.

Let’s be honest, there are moments when the fintech industry seems like the Wild West. Risk is rising along with innovation. We’re creating amazing things like smooth mobile payments, blazing-fast cryptocurrency transactions, and AI-powered lending systems. Still, hackers are just as creative and are always using new methods to take advantage of weaknesses.

Furthermore, reactive cybersecurity, which involves rushing to address issues after they arise, is just insufficient in this digital gold rush. Riding a bucking bronco and attempting to herd cats is like that. Even while you may capture a few, most will undoubtedly escape, leaving you pummeled and injured.

“In the fintech world, reactive cybersecurity is like trying to outrun a wildfire with a garden hose,” says Maksym Ishchenko, Founder/CEO of Azerux. “It’s simply not sustainable. Proactive security is about building a firebreak preventing the fire from ever starting in the first place.”

****The High Cost of Playing Catch-Up****

Remember Equifax? The significant data breach in 2017 was an avoidable failure brought on by a known vulnerability that was not fixed, not an unanticipated act of God. The outcome was billions in penalties, legal action, and a permanently damaged reputation.

The list of businesses hampered by reactive security measures is endless and includes Target, Yahoo, and Marriott. The absence of aggressive defences drove these titans to their knees; they were not little players.

These breaches have consequences that go beyond financial ones. It has to do with trust. It’s very hard to get back once that’s gone. Investors pause, customers go away, and regulatory scrutiny increases. This vicious loop has the potential to swiftly derail even the most promising fintech endeavors.

“It’s a fundamental shift in mindset,” says Azerux CEO. “We’re not just talking about technology; we’re talking about building a culture of proactive security. It’s about anticipating problems before they arise, and that requires more than just software.”

****Azerux: Building a Fortress, Not Patching Holes****

Azerux gets it. By offering complete, individualized cybersecurity solutions designed to prevent, not just respond to, cybersecurity threats, they specialize in building that stronghold. Their emphasis on preventing DDoS attacks is especially important for finance since a single, well-planned assault has the potential to knock down a whole business.

How do they do it? It’s not a magic bullet, but a multi-layered strategy:

*   **Predictive threat intelligence**: Azerux uses sophisticated threat intelligence to foresee assaults rather than passively waiting for them to occur. Imagine having a spy network that continuously scans the digital underworld to spot new dangers and weaknesses before they ever propagate.

*   **AI-powered threat detection**: Forget clunky, outdated antivirus software. Azerux uses artificial intelligence (AI) to evaluate vast volumes of data in real-time, spotting suspicious patterns and minute irregularities that conventional systems often miss. This makes it possible to identify and react to even the most complex threats quickly. It’s similar to having a highly skilled security guard who can identify problems before they become serious crises.

*   **Multi-layered DDoS mitigation**: Azerux doesn’t rely on a single solution to protect against DDoS attacks. To successfully neutralize assaults of any size, they use a layered defense that combines application-level security, sophisticated filtering algorithms, and automated response systems. Massive volumes of harmful traffic may be absorbed by them, protecting genuine users in the process. It is very difficult for attackers to get past the defenses, much like having many overlapping security checkpoints.

*   **Customized security architectures**: Azerux recognizes that one size doesn’t fit all. They provide a custom-fit security solution that tackles vulnerabilities particular to their operations by customizing their solutions to each client’s demands and risk profile. It’s comparable to creating a custom suit of armor, offering optimal defense where it’s most required.

*   **Expert support & training**: Azerux offers more than simply technology; they also provide knowledge. Working directly with customers, their team of seasoned cybersecurity experts offers continuing assistance, instruction, and direction to guarantee that security procedures are successfully put into place and kept up to date. 

****Beyond the Technology: A Culture of Proactive Security****

Azerux’s strategy focuses on creating a culture of security rather than simply technology. This includes thorough training for staff members on optimal security procedures and phishing awareness, which helps lower the possibility of human error, a startlingly frequent source of breaches.

“Proactive cyber security is a marathon, not a sprint,” adds Ishchenko. “It requires constant vigilance, adaptation, and a commitment to continuous improvement.”

Reactive security is a risk you cannot afford in the high-stakes, fast-paced world of fintech. The cost of a single major breach, financial losses, reputational damage, legal battles; far outweighs the investment in a proactive approach. One sturdy castle at a time, businesses like Azerux are constructing the financial security of the future.

1.  **Fortifying FinTech: Building Resilient APIs for Security**
2.  **Biggest Crypto Scam Tactics in 2024 and How to Avoid Them**
3.  **Navigating the Complex World of Capital Markets with Technology**
4.  **Digital Transformation in the Financial Industry: The Role of Fintech**
5.  **Role of Blockchain, Smart Contracts in Securing Digital Transactions**

The Fintech Wild West: Why Preventive Cybersecurity Is Essential for Survival

AI voice cloning and deepfakes are supercharging scams. One method to protect your loved ones and yourself is to create secret code words to verify someone’s identity in real time.

Scammers are out of control. Every year, fraudsters and cybercriminals make billions by tricking people into parting with their cash. Romance fraud, business email compromise, investment scams, sextortion—the list of ways criminals prey on people is virtually endless and constantly changing.

Add to that impersonation scams, where a criminal pretends to be someone known to their target and extracts money. There have been increasing calls for people, and particularly families, to create passphrases or passwords with each other. At the start of December, the FBI issued a recommendation that people create a “secret word or phrase with your family to verify their identity,” and British bank Starling has also published guidelines on creating safe phrases with others.

It’s a simple, if not new, approach—one that can potentially be effective. For instance, if you receive a message or call from your “son” or “daughter,” and they’re urgently asking for money to get out of a jam, asking them to provide a pre-agreed passphrase can reveal whether it’s really them.

“Fraudsters will use manipulation tactics to put the victim in a vulnerable state where they act out of panic, urgency, or a strong desire,” says Erin Englund, a director of threat analytics at fraud-detection firm BioCatch. “Having a passphrase or similarly prepared strategy enables victims to quickly validate legitimacy of an unusual interaction and take control.”

The calls to create family passwords or passphrases have come because scammers are increasingly adopting AI. Machine learning has allowed criminals to create deepfake videos impersonating people and to clone voices with only a few seconds of audio. Scammers have used these voice clones to pretend family members have been kidnapped and demand ransom payments for their release.

“AI is creating a large amount of risk for businesses and families,” says Rachel Tobac, CEO of SocialProof Security. Tobac says companies she has worked with have been on the receiving end of AI voice-cloned calls, which also use spoofed phone numbers, that try to impersonate business executives.

“I also hear about a few families every day who have received AI phone-call attacks voice-cloning a nephew, grandchild, or sibling in hysterics about being kidnapped or being involved in a car accident where they hit someone pregnant and need money for legal fees and bail,” Tobac says.

**Making a Good Family Password**

As with your online passwords, there are things you should and shouldn’t do when it comes to creating a shared passphrase. For starters, you shouldn’t make a passphrase the same as any of your passwords, and they shouldn’t be things a scammer could easily find—such as street names, birthdays, pets, or other personal information that may be shared online.

“Consider anything that you or your loved ones post online as data available to scammers,” Englund says. “Even if you keep all social media private, your data is available to your connections and followers who can be hacked.”

A good family passphrase, according to Starling Bank’s advice, could be anything that is unique, easy to remember, and can ideally be “shared with friends and family in person.” The guidelines give some hypothetical examples, such as a short phrase like “cheese puffs” or “rainbows and dragons,” or a mnemonic like ABC, which stands for “ants bake cakes.”

“Avoid joking about your code word in your text messages, social media posts, et cetera,” Tobac says. “We see folks make a family code word and then it’s hashtagged in their Instagram post. That's not a great idea—it’s got to be kept private.”

Tobac says that while family passwords can be useful, it’s crucial to be aware of their potential limitations. “We have to remember how human beings actually act in an emergency,” she says. For instance, if someone has really been in a car accident, Tobac says, it’s likely adrenaline would kick in and they may not remember a passphrase.

Tobac recommends using a method she calls “Being Politely Paranoid,” which at its simplest is trying to verify the identity of the person who is contacting you by a second method. “If you receive a call from a nephew who says they are in an accident and need money for legal fees, you can say, ‘100 percent I can help you. I just texted you a word, go ahead and read that out to me.’”

Ultimately, nobody is infallible to scamming, even if they know the steps they should take when receiving a potentially suspicious call or message. “If you do fall victim to a scam, report it to your bank or the authorities,” Englund says. “Often victims feel shame and fault and do not report scams. There are options available to protect yourself and get resolution.”

You Need to Create a Secret Password With Your Family

Thousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization

****SUMMARY****

*   **30,000 Public Workspaces Exposed:** CloudSEK identifies massive data leaks from Postman workspaces.

*   **Sensitive Data at Risk:** Leaks include API keys, tokens, and administrator credentials.

*   **Major Platforms Affected:** GitHub, Slack, and Salesforce among the impacted services.

*   **Key Causes:** Misconfigured access, plaintext storage, and public sharing of collections.

*   **Mitigation Steps:** Use environment variables, rotate tokens, and adopt secret management tools.

On December 23, 2024, CloudSEK’s TRIAD team identified critical security vulnerabilities and risks from the misuse of **Postman Workspaces**, a popular cloud-based API development and testing platform.

In their year-long investigation, researchers found over 30,000 publicly accessible workspaces leaking sensitive information about third-party APIs, including access tokens, refresh tokens, and third-party API keys, posing severe risks to businesses and individuals alike.

Via CloudSec

According to the company’s **report** shared with Hackread.com, leaked data spanned organizations across various industries, from small businesses to large enterprises, impacting major platforms like **GitHub**, **Slack**, and **Salesforce**. Critical sectors affected included healthcare, athletic apparel, and financial services, exposing organizations to numerous threats and security risks.

Researchers noted that common practices leading to these data leaks include inadvertent sharing of Postman collections, misconfigured access controls, syncing with publicly accessible repositories, and storing sensitive data in plaintext without encryption.

These vulnerabilities can lead to severe consequences. The leaked data, which included administrator credentials, payment processing **API keys**, and access to internal systems, can lead to financial and reputational damage for the affected organizations. 

Sensitive data exposure within Postman can have significant consequences for both individual developers and entire organizations. Reportedly, top API services like api.github.com, slack.com, and hooks.slack.com have the most exposed secrets. High-profile services like Salesforce.com, login.microsoftonline.com, and graph.facebook.com have also been exposed.  

Leaked Credentials of ZenDesk and leaked Razorpay API key (Via CloudSec)

A leaked API key or access token can provide attackers with direct access to critical systems and data, potentially leading to data breaches, unauthorized system access, and increased phishing and social engineering attacks.

Postman often stores sensitive information like API keys, secrets, and PII for authentication and communication with APIs. To ensure data safety, organizations should use environment variables wisely, limit permissions, avoid long-lived tokens, use external secrets management, and double-check before sharing any collection or environment. 

**CloudSEK** responsibly reported most identified incidents to affected organizations, helping mitigate risks. To prevent such exposures, CloudSEK urges organizations to adopt more reliable security measures, such as using environment variables to avoid hardcoding sensitive data, limiting permissions, rotating tokens frequently, leveraging secrets management tools, and double-checking collections before sharing.

Moreover, Postman has **implemented** a secret-protection policy to prevent sensitive data from being exposed in public workspaces following the disclosure of these findings. The policy alerts users if secrets are detected, offers resolutions, and facilitates transitions to private or team workspaces.

**“**Starting this month, we are removing public workspaces with known exposed secrets from the Public API Network. As we roll out this policy change, owners of public workspaces containing secrets will be notified and have the opportunity to remove their exposed secrets before that workspace is removed from the network,” the company noted.

1.  **The Most Common API Vulnerabilities**
2.  **OwnCloud “graphapi” App Flaw Exposes Sensitive Data**
3.  **Urlscan.io API Inadvertently Leaked Sensitive Data and URLs**
4.  **Automotive Industry Exposed to Have Major API Vulnerabilities**
5.  **Millions impacted as payment API flaws exposed transaction keys**

Postman Workspaces Leak 30000 API Keys and Sensitive Tokens

"Zero trust" doesn't mean "zero testing."

Source: Alexander Yakimov via Alamy Stock Photo

COMMENTARY

Despite never-ending data breaches and ransomware attacks, too many companies still rely on the outdated "trust but verify" cybersecurity strategy. This approach assumes that any user or device inside a company's network can be trusted once it has been verified. The approach has clear weaknesses: Many businesses are putting themselves at additional risk by verifying once, then trusting forever.

There was a time when trust but verify made sense, namely when networks were self-contained and well-defined. But at some point, perhaps due to the overwhelming volume of devices on a network, the number of patches needing to be applied, user demands, and resource constraints in the cybersecurity team, things began to slip. Initial verification meant the asset was trusted, but no additional verification ever took place.

**The User Example of Trust Without Ongoing Verification**

It's easy to see how this happens with users. A user typically goes through a background check when they join the company, but once onboarded, despite any number of changes in their lives that could affect their trustworthiness, we allow them to access our systems and data without further verification. 

In the majority of cases, the absence of further verification does not cause damage. However, if the user decides to act against the best interest of their employer, the results can be catastrophic. The more sensitive the information the individual has access to, the greater the risk. This is why individuals with security clearances are regularly re-vetted, and security personnel may conduct regular finance checks to identify any issues early and intervene to mitigate possible damage.

In organizations that follow a trust-but-verify approach, two personas stand out: those that have considered the risk of one-time asset verification acceptable; and — the minority — those that try to manage the risk with a re-verification program. A shift in persona from the former to the latter usually only occurs after a breach, a crisis in availability, or another "career limiting disaster."

The reality is that there are simply not enough hours in the day for security practitioners to do all of the things that must be done. Have security patches been correctly applied to all vulnerable devices? Are all third-party security assessments properly analyzed? Do all Internet of Things (IoT) devices really belong on the network? Are managed security services performing as expected? 

Compromising one of these trusted devices means being granted trust to move laterally across the network, accessing sensitive data and critical systems. Organizations likely will not know the extent of their exposure until something goes wrong. 

**The Costly Consequences of Insufficient Verification**

When these breaches are eventually discovered, the costs begin to mount. Companies face not only the direct costs of incident response, but potentially also regulatory fines, class-action lawsuits, lost customers, and lasting damage to their brand reputation. Relatively small incidents can cost millions of dollars, while large incidents regularly cost billions.

In addition to these direct costs, insufficient verification also leads to more frequent and expensive compliance audits. Regulators and industry bodies are increasingly demanding that companies demonstrate robust identity and access management controls, for example under the European Union's upcoming Digital Operational Resilience Act (DORA), as well as continuous monitoring and validation of user and device activity. Certifications and accreditations can no longer be accepted at face value. 

**The Path Forward: Adopt a Zero-Trust Approach**

Instead of trusting after verification, businesses should instead allow only what the business needs, for as long as it needs it. Never trust, always verify. This is how a zero-trust architecture operates.

Every user, device, and application that attempts to make a connection, regardless of its location, is scrutinized and validated, dramatically limiting the potential damage from a successful compromise. A zero-trust architecture replaces firewalls and VPNs, so there are fewer devices to maintain, and a reduced attack surface means fewer opportunities for attackers to gain a foothold.

Zero trust doesn't mean zero testing; testing should form an integral part of any IT and cybersecurity strategy. However, it does mean the likelihood of a major failure stemming from trust being extended to users, devices, or applications that do not deserve it, is a thing of the past. 

**About the Authors**

Vice President, Cybersecurity Advocacy, Zscaler

Rob Sloan is vice president, cybersecurity advocacy, for Zscalera. He is a cybersecurity, risk, and technology expert with broad business skills and management responsibility. Prior to joining Zscaler, he served as research director at Dow Jones and The Wall Street Journal, where he led a research team focused on cybersecurity, AI, and sustainability issues, and wrote a weekly column to help board directors navigate cyber-risk. Before the WSJ, Rob worked as response director for a specialist IT security consultancy in London and built a team focused on detecting, investigating, and protecting against cyber intrusions and responding to incidents, especially state-sponsored attacks. Rob began his career working for the UK government in defense and foreign affairs, looking at some of the earliest state sponsored cyberattacks against the government, military, and critical national infrastructure networks.

VP & CISO in Residence, Zscaler

Sam Curry is VP and chief information security officer (CISO) in residence at Zscaler. He began his career in signals and cryptanalysis and was the first employee at Signal 9 Solutions, a small start-up that invented the personal firewall, executed the first commercial implementation of Blowfish, and devised early symmetric key VPN technology. Sam served as chief security architect there and as head of product for McAfee before holding several positions at RSA (the Security Division of EMC), including head of RSA labs at MIT and chief technology officer (CTO) and Distinguished Engineer for EMC. After seven years with RSA, Curry acted as SVP and CISO at Microstrategy, CSO and CTO for Arbor Networks, and as chief security officer (CSO) for Cyberreason. Sam holds 17 active patents in cybersecurity and a master’s degree in counterterrorism, and sits on two boards of directors. In addition, he teaches courses at Harvard (online), Wentworth Technology Institute, and Nichols College. He is also a Fellow at the National Security Institute at George Mason University.

Too Much 'Trust,' Not Enough 'Verify'

The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.

Source: Artistdesign.13 via Shutterstock

A pair of attacks revealed by researchers this year underscored the fragility of the Domain Name System (DNS) and the security extensions (DNSSEC) that were adopted to help secure the world's internet infrastructure.

For the past year, Internet infrastructure firms and software makers have worked to patch DNS servers for a critical set of flaws in DNSSEC. Originally discovered more than a year ago by four researchers at Goethe-Universität Frankfurt and Technische Universität Darmstadt, the so-called KeyTrap denial-of-service (DoS) attack could trick DNS servers into spending hours attempting to validate signatures on specially created DNSSEC packets, according to their presentation at the Black Hat Europe 2024 conference earlier this month.

The researchers notified major Internet providers of the issues late last year and worked with them to produce patches earlier this year, but the flaws in DNSSEC are systematic, says Haya Schulmann, a professor of computer science at Goethe-Universität Frankfurt and one of the researchers involved in the work.

"I would not say that the core of the problem has been resolved," she says. "There are patches which mitigate the most severe problems, but the core issue is yet to be addressed."

The KeyTrap security weaknesses were not the only DNS attacks to surface in 2024. In May, a team of Chinese researchers revealed that they had discovered three logic vulnerabilities in DNS that allowed three types of attacks: DNS cache poisoning, DoS, and resource consumption. Dubbed TuDoor, the attack affected some 24 different DNS software codebases, the researchers stated in a summary of their work.

Related:Millions of Pen Tests Show Companies' Security Postures Are Getting Worse

The discovery of the two classes of DNS and DNSSEC flaws highlight that security and availability are often at odds with each other, and that the Internet as a whole still has areas of fragility.

"The Internet was an experimental research project which gradually evolved, and it started with very few networks and gradually evolved to support this huge commercial platform — of course, it's fragile," Schulmann says. "It's a wonder that it works."

**'Accept Liberally, Send Conservatively' Falls Down**

The design philosophy of much of the Internet boils down to a principle espoused by computer scientist Jonathan Postel, which the German researchers paraphrased as: "Be liberal in what you accept and conservative in what you send." The principle aims to improve robustness by calling for software to be "written to deal with every conceivable error, no matter how unlikely; sooner or later a packet will come in with that particular combination of errors and attributes, and unless the software is prepared, chaos can ensue," according to RFC 1122, "Requirements for Internet Hosts -- Communications Layers."

Related:Time to Get Strict With DMARC

However, other critiques have found that tolerating the unexpected often leads to harmful consequences. Rigorous standards can slowly decay and suffer feature creep when software is too liberally accepting, especially when the protocols are not adequately maintained, software engineers Martin Thomson and David Schninazi argue in RFC 9413.

"Careless implementations, lax interpretations of specifications, and uncoordinated extrapolation of requirements to cover gaps in specification can result in security problems," they wrote. "Hiding the consequences of protocol variations encourages the hiding of issues, which can conceal bugs and make them difficult to discover."

The German university researchers exploited the expansion of DNSSEC's acceptance of various cryptographic algorithms to developed an attack vector that allowed them to create an off-path attack — in other words, they did not need to control a router or DNS server that processed a DNSSEC transaction. By sending DNSEC packets containing hundreds of cryptographic signatures and hundreds of keys, they forced DNS servers to try to validate all the combinations — all because the servers supported a wide variety of cryptographic methods.

"When you have cryptography, there are challenges and complexity that start when you need to deploy multiple algorithms," Schulmann says. "You have to sign using all these algorithms, and every resolver has to validate the algorithms and identify which ones were sent ... and validate the signature, and that is the problem."

**DNSSEC Pushes Its Limits**

Fixing the DNSSEC weakness required the digital equivalent of chewing gum and baling wire. Cloudflare, for example, placed limits on the maximum numbers of keys its servers will accept when requests cross zones, such as .com delegating a response to cloudflare.com, the firm stated.

Yet, there is no simple fix, so Internet infrastructure companies have had to be agile as well.

"Even with this limit already in place and various other protections built for our platform, we realized that it would still be computationally costly to process a malicious DNS answer from an authoritative DNS server," Cloudflare stated in its analysis and response memo on the issue. "We added metrics which will allow us to detect attacks attempting to exploit this vulnerability." The company also placed additional limits on requests.

There are currently more than 30 RFCs related to DNSSEC, underscoring the need for defenders to repeatedly patch the standard to adapt to attackers' tactics. Developers have to be closely involved with the infrastructure operators and researchers in the community to make sure that they are building their software to the highest standard.

"In our research, we see that the more functionality you have, the more features you add, then the more bugs and the more problems you have — and all of those can be exploited to launch attacks," she says. "Routing networks, DNS, and other systems — they are no different."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server.

This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0.

Users are recommended to upgrade to version 1.5.0, which fixes the issue.

**Apache HugeGraph-Server: Fixed JWT Token (Secret)**

Moderate severity GitHub Reviewed Published Dec 24, 2024 to the GitHub Advisory Database • Updated Dec 26, 2024

Tag

#git