The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.
"This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our

New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

This week on the Lock and Code podcast, we speak with Anna Brading and Mark Stockley about whether anywhere is safe from AI slop.

_This week on the Lock and Code podcast…_

You can see it on X. You can see on Instagram. It’s flooding community pages on Facebook and filling up channels on YouTube. It’s called “AI slop” and it’s the fastest, laziest way to drive engagement.

Like “click bait” before it (“You won’t believe what happens next,” reads the trickster headline), AI slop can be understood as the latest online tactic in getting eyeballs, clicks, shares, comments, and views. With this go-around, however, the methodology is turbocharged with generative AI tools like ChatGPT, Midjourney, and MetaAI, which can all churn out endless waves of images and text with little restrictions.

To rack up millions of views, a “fall aesthetic” account on X might post an AI-generated image of a candle-lit café table overlooking a rainy, romantic street. Or, perhaps, to make a quick buck, an author might “write” and publish an entirely AI generated crockpot cookbook—they may even use AI to write the glowing reviews on Amazon. Or, to sway public opinion, a social media account may post an AI-generated image of a child stranded during a flood with the caption “Our government has failed us again.”

There is, currently, another key characteristic to AI slop online, and that is its low quality. The dreamy, Vaseline sheen produced by many AI image generators is easy (for most people) to spot, and common mistakes in small details abound: stoves have nine burners, curtains hang on nothing, and human hands sometimes come with extra fingers.

But little of that has mattered, as AI slop has continued to slosh about online.

There are AI-generated children’s books being advertised relentlessly on the Amazon Kindle store. There are unachievable AI-generated crochet designs flooding Reddit. There is an Instagram account described as “Austin’s #1 restaurant” that only posts AI-generated images of fanciful food, like Moo Deng croissants, and Pikachu ravioli, and Obi-Wan Canoli. There’s the entire phenomenon on Facebook that is now known only as “Shrimp Jesus.”

If none of this is making much sense, you’ve come to the right place.

Today, on the Lock and Code podcast with host David Ruiz, we’re speaking with Malwarebytes Labs Editor-in-Chief Anna Brading and ThreatDown Cybersecurity Evangelist Mark Stockley about AI slop—where it’s headed, what the consequences are, and whether anywhere is safe from its influence.

Tune in today to listen to the full conversation.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 Is nowhere safe from AI slop? (Lock and Code S05E27) 

Palo Alto, Calif., USA, 30th December 2024, CyberNewsWire

**Palo Alto, Calif., USA, December 30th, 2024, CyberNewsWire**

SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store.

On December 25th, 2024, a malicious version of Cyberhaven’s browser extension was published on the Chrome Store that allowed the attacker to hijack authenticated sessions and exfiltrate confidential information. The malicious extension was available for download for more than 30 hours before being removed by Cyberhaven. The data loss prevention company declined to comment on the extent of the impact when approached by the press, but the extension had over 400,000 users on the Chrome Store at the time of the attack.

Unfortunately, the attack took place as SquareX’s researchers had identified a similar attack with a video demonstrating the entire attack pathway just a week before the Cyberhaven breach. The attack begins with a phishing email impersonating Chrome Store containing a supposed violation of the platform’s “Developer Agreement”, urging the receiver to accept the policies to prevent their extension from being removed from Chrome Store. Upon clicking on the policy button, the user gets prompted to connect their Google account to a “Privacy Policy Extension”, which grants the attacker access to edit, update and publish extensions on the developer’s account.

Fig 1. Phishing email targeting extension developers

Fig 2. Fake Privacy Policy Extension requesting access to “edit, update or publish” the developer’s extension

Extensions have become an increasingly popular way for attackers to gain initial access. This is because most organizations have limited purview on what browser extensions their employees are using. Even the most rigorous security teams typically do not monitor subsequent updates once an extension is whitelisted.

SquareX has conducted extensive research and demonstrated at DEFCON 32, how MV3-compliant extensions can be used to steal video stream feeds, add a silent GitHub collaborator, and steal session cookies, among others. Attackers can create a seemingly harmless extension and later convert it into a malicious one post-installation or, as demonstrated in the attack above, deceive the developers behind a trusted extension to gain access to one that already has hundreds of thousands of users. In Cyberhaven’s case, attackers were able to steal company credentials across multiple websites and web apps through the malicious version of the extension.

Given that developer emails are publicly listed on Chrome Store, it is easy for attackers to target thousands of extension developers at once. These emails are typically used for bug reporting. Thus, even support emails listed for extensions from larger companies are usually routed to developers who may not have the level of security awareness required to find suspicion in such an attack. As per SquareX’s attack disclosure and the Cyberhaven breach that occurred within the span of less than two weeks, the company has strong reason to believe that many other browser extension providers are being attacked in the same way. SquareX urges companies and individuals alike to conduct a careful inspection before installing or updating any browser extensions.

Fig 3. Contact details of extension developers are publicly available on Chrome Store

SquareX team understands that it can be non-trivial to evaluate and monitor every single browser extension in the workforce amidst all the competing security priorities, especially when it comes to zero-day attacks. As demonstrated in the video, the fake privacy policy app involved in Cyberhaven’s breach was not even detected by any popular threat feeds.

SquareX’s Browser Detection and Response (BDR) solution takes this complexity off security teams by:

*   Blocking OAuth interactions to unauthorized websites to prevent employees from accidentally giving attackers unauthorized access to your Chrome Store account
*   Blocking and/or flagging any suspicious extension updates containing new, risky permissions
*   Blocking and/or flagging any suspicious extensions with a surge of negative reviews
*   Blocking and/or flagging installations of sideloaded extensions
*   Streamline all requests for extension installations outside the authorized list for quick approval based on company policy 
*   Full visibility on all extensions installed and used by employees across the organization

> SquareX’s founder Vivek Ramachandran warns: “Identity attacks targeting browser extensions similar to this OAuth attack will only become more prevalent as employees rely on more browser-based tools to be productive at work. Similar variants of these attacks have been used in the past to steal cloud data from apps like Google Drive and One Drive and we will only see attackers get more creative in exploiting browser extensions. Companies need to remain vigilant and minimize their supply chain risk without hampering employee productivity by equipping them with the right browser native tools.”

**About SquareX:**

SquareX helps organizations detect, mitigate, and threat-hunt client-side web attacks happening against their users in real-time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware, and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

With SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, and enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach

Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.

Source: Artur Szczybylo via Alamy Stock Photo

From the growing sophistication of zero-day exploits to the entrenchment of nation-state and cybercriminal alliances, 2024 delivered more evidence of how quickly the threat landscape continues to evolve. The year reinforced hard truths about the persistence of attackers and the systemic challenges of defense. We look back on some of the events that defined 2024 and the tactical insights that security teams can apply to stay ahead in the ongoing battle in 2025.

**Surging Zero-Day Exploits and Nation-State Collaboration**

Threat researchers continued to see a year-over-year increase of zero days. Recent analysis by Mandiant of 138 vulnerabilities that were disclosed in 2023 found the majority (97) were exploited as zero-days — an increase from 2022. Tom Kellermann, senior vice president of cyber strategy at Contrast Security, expects that number to increase in 2024.

The growth is a direct result of geopolitical tensions, he says. Nation-state actors, particularly China, are exploiting these types of vulnerabilities at unprecedented rates.

"The Chinese specifically have been doing tremendous research into exploiting zero-days and discovering them," Kellermann says. "I think everyone's kind of on their back foot when dealing with this because traditional cybersecurity defenses can't thwart those attacks."

The rise in these kinds of attacks includes a new trend in 2024: collaboration or coordination between nation-states and cybercrime rings, says Stephan Jou, senior director of security analytics at OpenText Cybersecurity.

"In this model, an attack with nation-state characteristics is launched at the same time, or followed closely by, an attack on the same target by an independent for-profit threat actor. Russia, for example, has been seen to collaborate with malware-as-a-service gangs, including Killnet, LokiBot, Gumblar, Pony Loader, and Amadey. China has entered similar relationships with the Storm-0558 and Red Relay cybercrime rings, typically to support its geopolitical agenda in the South China Sea."

Chester Wisniewski, global field CTO at Sophos, says China-sponsored attackers have developed assembly-line zero-day exploits shared through state-mandated disclosure laws. Attackers initially used zero-days in targeted attacks, then escalated them to widespread exploitation to cover their tracks. Proactive patch management and collaboration between vendors and organizations to mitigate threats is critical, he says.

"The real problem is this accumulation of stuff that's not getting patched," Wisniewski says. "We just keep launching more equipment out there onto the Internet. And it's getting more and more polluted, and nobody's responsible for taking care of it."

Jou agrees and says the lesson here is that defense against even sophisticated attacks comes back to the same basics: patch management, endpoint protection, email security, awareness training, and backup and disaster recovery planning.

"By ensuring that these unglamorous but essential best practices are in place, security teams can rob threat actors of many of their favorite tactics to abuse networks and businesses," he says.

**Resiliency Planning Needs More Focus**

Ransomware attacks in 2024 highlighted the fragility of supply chains and business continuity. Ransomware operators are now targeting service providers and supply chain networks, Wisniewski says. A cyberattack on Ahold Delhaize, the parent company of major US supermarket chains, including Stop & Shop, Hannaford, Food Lion, and Giant Food, disrupted services across its network in November, impacting more than 2,000 stores. For several days, customers had issues with online grocery delivery, offline websites, and limited pharmacy services.

Improving business continuity strategies to include modern segmentation tools can help minimize operational disruptions during incidents, Wisniewski says.

"When one part of a supply chain goes down, it impacts thousands of businesses," he says. "This amplifies the economic and operational pressure to comply with attackers' demands. You can't plan never to fail, but you can plan to fail gracefully."

Another headline-making business continuity incident this year was the CrowdStrike outage. In July, the company released a faulty software update that affected approximately 8.5 million devices running the Windows operating system. The glitch triggered widespread system crashes that resulted in multiple disruptions, particularly in the travel industry. Delta Air Lines was forced to cancel thousands of flights due to system disruptions. 

The event dominated news cycles for several days. In its wake, analysts pointed to the critical need for better process adherence and visibility. But Dror Liwer, cofounder of Coro, says it also highlights a need for security leaders to  effectively communicate with diverse stakeholders — whether technical teams, business executives, or external parties — when managing the fallout of a large-scale incident.

**Critical Infrastructure Is a Growing Target**

Attacks on critical infrastructure reached new levels in 2024. In September, the Cybersecurity and Infrastructure Security Agency (CISA) issued a notice that government-run water systems were at risk of attack by nation-states after officials reported a cybersecurity issue at a facility in Arkansas City, Kansas, which was forced to switch to manual operations while the situation was resolved.

Barry Mainz, CEO of Forescout, says cyberattacks are evolving to target critical services, like municipal water authorities and airport landing systems. This year made it clear that attackers are shifting their focus from well-protected facilities to more vulnerable upstream systems, like water supplies and power grids, he says.

"If you just zoom out a bit and look at where the vulnerabilities are, the bad actors are saying, 'Well, it's a lot harder now since people are spending money to secure certain IT functions. We're going to go down the food chain a little bit,'" Mainz says.

One of the key challenges in securing critical infrastructure is the inherent complexity of operational environments. Many industrial systems operate using legacy equipment that was never designed with cybersecurity in mind. In addition, there is often a lack of visibility into connected devices within these environments, which can make detecting threats extremely difficult.

"I think the lesson is we've got to invest in a cybersecurity strategy for not only IT systems but \[operational technology\] systems," Mainz says. "And also we need to think structurally about how we manage those systems because the people that actually manage those OT systems, they're not IT professionals.”

A better approach, he says, involves adopting advanced monitoring and threat detection tools as well as fostering collaboration between IT and OT teams. By breaking down silos and improving communication, organizations can better address the unique security requirements of critical infrastructure. Mainz pointed to the importance of government and private-sector partnerships in bolstering defenses.

**Telecom Can't Be Trusted**

We wrap up 2024 with news that Salt Typhoon, a cyber-espionage group allegedly linked to the Chinese government, has successfully infiltrated telecommunications networks in multiple countries. In the US alone, FBI officials say at least eight major telecom companies, including AT&T, Verizon, and Lumen Technologies, were compromised. The group gained access to sensitive data, such as call logs, unencrypted text messages, and, in some cases, live call audio. The FBI recommended that Americans use encrypted messaging apps, like Signal and WhatsApp, to ensure their communications stay hidden.

The ongoing issues around nation-state attackers and their use of telecom is one of his biggest worries heading into 2025, Kellermann says. He also points to T-Mobile's acquisition of Sprint in 2020, which he says is concerning because "Sprint used to be the classified backbone network of the US government." This means that if there are security vulnerabilities within T-Mobile's infrastructure, they could potentially compromise sensitive government communications or systems that were part of Sprint's legacy network. 

"I think the people are ignoring that and are not paying attention fully," he says.

**About the Author**

Contributing Writer, Dark Reading

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

What Security Lessons Did We Learn in 2024?

From Elon Musk and Donald Trump to state-sponsored hackers and crypto scammers, this was the year the online agents of chaos gained ground.

For its entire existence as a global medium, the internet's evolution has been caught in a tug of war, pulled by opposing forces: on one side, moderation and control; on the other, disruption and anarchy.

This year, the most prominent actors weighing in on the side of disruption were familiar faces: The reckless oligarchs, cybercriminals, scammers, and state-sponsored hackers who made the internet feel particularly dangerous in 2024 were, to some degree, the same forces destabilizing the online world in 2023. But perhaps more than in any other recent year, those agents of chaos seemed to persist in the face of opposition, to grow in their influence—and to win.

From Elon Musk's completed remake of X in his own tech-bro image to Trump's disinformation-fueled campaign, to Russia's ongoing cyberattacks against Ukraine, to China's relentless onslaught of digital intrusions and crypto scammers' global spread, the online experience of 2024 was messy, hazardous, and Hobbesian. And for the most part, the people who made it that way are poised to exert even more influence over the year to come.

As we do every year, WIRED has assembled a list of the most dangerous people, groups, and organizations on the internet. Here are our picks for 2024.

**Elon Musk**

After years of evolution from entrepreneur to edgelord, Musk seemed to reach his final form this year in the run-up to November's US election. Once a technologist with ambiguous politics who occasionally pursued public arguments against scuba divers, Musk now uses his megaphone of 200-million-plus followers on X, the social media platform he fully controls, to broadcast an unrelenting stream of anti-regulation, anti-immigrant, anti-transgender, anti-press, anti-progressive talking points. He's amplified and repeated disinformation, like claims after the disastrous damage done by Hurricanes Helene and Milton that the Federal Emergency Management Agency (FEMA) was hoarding supplies or had spent its budget on migrants instead of needy Americans. He's repeated debunked theories about voter fraud and immigrants swinging elections. In at least one case, he's even seemed to drop a reference that suggest support for the QAnon movement, which maintains bizarre theories about satanic pedophile rings that only Donald Trump can destroy.

Meanwhile, Musk continues to push his AI startup, xAI, toward one of the most no-holds-barred visions of what that technology can make possible, with little regard for safety or preventing its use for disinformation. The company this year launched new image-generation capabilities in its Grok tool that were immediately used to create images of copyrighted characters, celebrities, and political figures in compromising or sexual positions. Musk himself at one point posted an AI-generated deepfake of Kamala Harris that mocked her with her own voice—with no annotation that it was not authentic—that received 150 million views.

More than any particular political message or technology he's pushed, however, the danger Musk represents is simply that the richest man in the world can buy one of the internet's most vital media platforms, then use it, along with hundreds of millions of dollars in donations, to elect the president of his choosing and shape US policy. After Trump's election, Musk was rewarded with hundreds of billions more in net worth. The system, in other words, is working—for oligarchs like Elon Musk.

**Donald Trump**

For the next four years, Donald Trump will once again be the most powerful single person in the world. This year, he was just a very loud one. On social media platforms like X—where Musk reinstated Trump's account despite a 2021 ban following his incitement of the January 6 storming of the US Capitol—and Trump's own Truth Social, he lit fires with false claims that arguably helped fuel his path to political victory. Like Musk, he made and repeated falsehoods such as FEMA spending its budget on immigrants rather than hurricane victims, or that immigrants were stealing and eating pets. By converting Robert F. Kennedy Jr. from a third-party candidate to an endorsing ally, Trump also reciprocally endorsed RFK Jr.'s long-running stream of anti-vaccine misinformation, rhetoric that has led to childhood vaccine rates now dipping to a lower level than before the Covid-19 pandemic.

Once his second term in office begins, Trump is poised to use digital surveillance to carry out a highly disruptive and even vindictive agenda: He's promised mass deportations of millions of immigrants starting on day one of his administration, and he's vowed to target political opponents and journalists with prosecution. There's little doubt that Trump will top this list in 2025. But in 2024, his words alone represent a clear and present danger.

**Volt Typhoon**

In the cybersecurity world, the last months of 2024 have been dominated by warnings from public officials about a Chinese state-sponsored hacking group known as Salt Typhoon, which has penetrated at least eight telecoms, in some cases accessing the real-time calls and texts of Americans. But in the midst of that cyberespionage scandal, a different, far more dangerous digital threat from China still quietly looms: A Chinese state-sponsored group called Volt Typhoon spent much of 2024 continuing its stealthy campaign to breach US critical infrastructure facilities—not to spy on communications, but to prepare for a potential cyberattack. While headlines about Volt Typhoon have largely dissipated since it was first called out and named by Microsoft in May of 2023, officials warn that the group continues to “pre-position” itself inside of networks that appear to be chosen for maximum disruption, perhaps timed to a Chinese invasion of Taiwan. Given that Chinese head of state Xi Jinping has told his country's military to be prepared for that invasion by 2027, now is the time to head off the digital salient of what could be a world-shaking future war.

**Sandworm**

While Volt Typhoon prepares, Sandworm attacks. The Russian hacking group, a unit of the country's GRU military intelligence agency, has in fact carried out many of the most disruptive cyberattacks of the past decade. Those attacks—mostly in Ukraine—include at least three blackouts triggered by its hacking, the destructive NotPetya malware that spread around the globe and inflicted $10 billion in damage, and countless data-destroying breaches that the group has carried out since the beginning of Russia's full-scale invasion of Ukraine in 2022. In 2024, as Russia fought Ukraine to a stalemate or regained territory in the east of the country, Sandworm continued to project its power beyond that front: Security firm StrikeReady discovered Sandworm targeting Ukraine's energy sector again this fall, perhaps in preparation for another round of electrical utility hacking, either to carry out its own attacks or as reconnaissance for the Russian military's now-annual physical bombing of Ukraine's grid.

**Israeli Military and Intelligence**

Last year, WIRED named both the IDF and Hamas on this list, a nod to each side's use of the internet in its propaganda efforts in the war in Gaza following Hamas' October 7 attack. This year, with Israel's adversaries in that conflict like Hamas and Hezbollah significantly weakened and in retreat, it's the Israeli forces that remain on the offensive. Israel's military continues to use AI tooling to identify targets for bombs as its strikes have killed tens of thousands of Gazan civilians and leveled entire cities in the territory. Israeli missiles continue to intermittently knock out Gaza's communications infrastructure, destroying 80 percent of the country's top telecom's cell towers and leading to information blackouts amid the destruction and starvation of that now year-plus siege. Add to all of that a still-mysterious Israeli supply chain attack that hid lethal explosives in pagers and walkie-talkies in an effort to target Hezbollah operatives, which led to immediate distrust of all communications devices in the country, and Israel's government forces remain an internet apex predator by any definition.

**Black Cat/AlphV/RansomHub**

Ransomware in 2024 was, again, one of the most abhorrent forms of cybercrime to blight the internet. But few ransomware attacks in history have been quite as dangerous and damaging as the one that targeted UnitedHealthcare subsidiary Change Healthcare early this year, carried out by a ransomware group known as Black Cat or AlphV. Even after extracting a $22 million ransom from the company—a payment processor that handles around 40 percent of all health care insurance claims across the US—the hackers' disruption of Change's network continued to prevent the company from completing payments to pharmacies, clinics, health care practices, and hospitals across the country for weeks, causing some to even go out of business. Then, as if it hadn't inflicted enough chaos, AlphV ran off with Change's ransom money instead of sharing it with a group of hackers with whom it had partnered to infiltrate the company. That led the jilted hackers to share the data stolen from Change Healthcare with another, newer ransomware crew called RansomHub, which extorted the company a second time—an unprecedented health care cybersecurity debacle.

**The Com**

Even in an age of state-sponsored Chinese cyberspies, Russian hacker saboteurs, and ransomware gangs, nihilistic young hackers remain a constant in the darker corners of the internet. And few of those corners are as dark as the ones frequented by the Com. The loose movement of online trolls and criminals who operate under the Com banner in channels on Telegram and Discord, many just in their teens, engage in some of the most despicable digital crimes possible, from petty crypto theft and ransomware to sextortion, harassment, and the creation and trade of child sexual abuse material. This year, several members of a Com subgroup of ransomware hackers known as Scattered Spider were arrested, following their alleged high-profile 2023 attacks on companies including Caesar's Entertainment and MGM Resorts. But other members of the group are allegedly responsible for the serial breaches of well over a hundred customers of the cloud provider Snowflake. It's a safe bet that the Com will continue to serve as a haven for plenty more criminal acts to come.

**Data Brokers**

Once, privacy fears centered on government agencies like the FBI and NSA and their ability to carry out mass surveillance worldwide. Now, increasingly, we give away that same surveillance data en masse to companies you've never heard of. This year, it came to light that several data brokers collect and then sell access to Americans' highly granular location data pulled from their phones. Surveillance services like Babel Street's LocateX allegedly can—and do—track visitors to sensitive locations abortion clinic or mosques. A data broker called Near Intelligence left a vast cache of location data exposed online, revealing the movements of hundreds of visitors to sex trafficker Jeffrey Epstein's island in the Caribbean. Reporting on both companies has demonstrated how much private location data our devices leave behind as revelatory digital detritus, and how the possession of that data now extends far beyond government agencies to little-known firms with highly questionable privacy and security practices.

**Character.AI**

If 2023 was the year that AI tools future-shocked the internet with their seemingly abrupt rise to prominence, 2024 was the year that those tools became normalized, quietly settling into common use in spite of all their alleged flaws and ethical problems. Yet those issues are still there, and perhaps no startup better exemplifies them than Character.AI, an AI firm backed by $2.7 billion in investment from Google. According to lawsuits filed in Texas and Florida against the company, its chatbots have encouraged children to engage in self-harm and violence against their parents, and allegedly contributed to 14-year-old dying by suicide. Other chatbots hosted by the company have allegedly coached kids into developing eating disorders, role-playing as school shooters, and even seemed to be sexually grooming them. Despite repeatedly vowing to implement age restrictions, no meaningful age safeguards appear to have been added even now, according to news outlet Futurism. If this is the future of artificial intelligence, the AI era is going to be a dark age indeed.

**Crypto Scammers**

The crypto-based investment scams known as “pig butchering”—a term experts now say should be retired because it can further harm victims—pulled in a staggering $37 billion in 2023, and likely more in 2024. The victims of that explosively growing form of crimes aren't just those who fall for its scams and lose their life savings, but also many of the perpetrators of the scams themselves: As many as 200,000 people have been enslaved in compounds across Southeast Asia and forced to carry out the fraud schemes. In some cases, they've been kept in electrified shackles and faced threats of cattle prods and beatings from the gangs overseeing their work. This year, the dystopia those scammers have ushered in has begun to spread worldwide, with operations cropping up in the Middle East, Eastern Europe, Latin America, and West Africa. The targets of their fraud, of course, are even more global. Crypto scams have already become a top-tier form of cybercrime, and there's no end in sight to the expansion of this predatory underworld industry.

The Most Dangerous People on the Internet in 2024

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,…

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions, use secure downloads, and trust verified tools to enjoy safe, uninterrupted gameplay.

The holiday season is a time of joy for gamers, with more free time to play, exciting events, and in-game promotions. However, this festive period comes with higher risks of cyberattacks than any other period of the year.

Studies by Wowvendor, a company dealing in WoW services, indicate that hackers increase their activity by 50% during the holidays and especially prey on gamers via malware and phishing. This article will detail these risks and give some useful advice on how to enjoy gaming without compromising your account security.

****The Rise of Cyber Threats During Holidays****

The gaming community gets busy during the holidays. Unfortunately, cybercriminals find this an attractive target. The key reasons for increased risks are as follows:

*   **Increased player traffic** – A large consumer base of online gaming creates, in turn, more opportunities for hackers to exploit vulnerabilities.
*   **Attractive holiday promotions** – Many players get tricked into fake giveaways and deals, without knowing it compromises their data security.
*   **Malware in pirated games** – Most of the time, hackers put harmful software inside cracked versions of popular titles.

For instance, cybersecurity companies have informed that the number of phishing emails with “in-game rewards notifications” and “discount offers” have spiked around the times of past holiday seasons. These examples of threats put the importance of vigilance during peak gaming hours deeper into focus.

****Common Cyber Threats to Gamers****

Cyber threats range from gaming cyber attacks and data security incidents to DDoS attacks. This will likely impact some players more and possibly their performance during peak gaming periods. Understanding these dangers can help players stay protected:

****Fake add-ons, mods and Phishing schemes** **

Hacks through counterfeit mods are common in games such as World of Warcraft. Hackers distribute these infected mods using counterfeit mods and give the malware the chance to steal login credentials or infect the device they’re playing on. Additionally, fraudulent links and websites trick people into providing personal information or downloading malicious software.

****DDoS attacks** **

The gaming industry is seeing a lot of DDoS attacks (distributed denial of service attacks), wherein hacker group gets a network of infected devices (botnet) that perform a network DDoS attack to inundate a game server or a group of players with a massive amount of traffic. This overload disrupts the server or network connection and has broken the game so that normal users can’t even get in.

These attacks send many requests and place a heavy load onto the server. Hackers aim at certain players’ IP addresses and try to degrade their connection, or that of the player behind it, to give themselves an in-game advantage. This type of targeted interference disrupts competitive gameplay and can negatively impact a game’s experience for the player.

Additionally, the number of ransomware attacks against gaming accounts has risen as well. They involve locking players out of their accounts and asking for payment to access them. When you are faced with unfamiliar software or links, it’s best to stay awake and alert to risks.

****Best Practices for Secure Gaming****

A large number of cyber attacks on gamers can stem from unauthorized downloads, according to leading cyber security firm Kaspersky. To enjoy your games safely during the holidays, follow these cybersecurity tips:

*   **Download software from official sources** — Do not download games or updates from untrusted websites — they can hide malware.
*   **Use two-factor authentication (2FA)** — It simply gives you extra protection for your gaming accounts.
*   **Verify promotional offers** — Don’t accept offers that are simply too good even to be true. There are always official channels for you to confirm their legitimacy.
*   **Avoid cracked games** — First and foremost pirated games are illegal, and they’re dangerous for security reasons too.

Working with your use of strong, unique passwords across all your accounts, these measures can go a long way toward mitigating your risk of being victimized in this way.

****The Role of Gaming Companies****

Leading gaming companies have stepped up their efforts to combat cyber threats. Their initiatives include:

*   **Enhanced security systems** – AI detecting and blocking unusual activity on gaming networks.
*   **Regular updates and patches** – Time and time again, developers release updates to patch vulnerabilities, and protect players with updates.
*   **Player education** – Many platforms offer users a way of recognizing and preventing scammers.

For instance, World of Warcraft’s creators, Blizzard Entertainment, is constantly monitoring its ecosystem for threats and expelling them while at the same time urging players to use solutions, for example, 2FA. Machine learning has been introduced into other companies, such as Valve and Riot Games, in an attempt to detect possible hacking through in-game behaviours.

****Advanced Cybersecurity Tools for Gamers****

Gamers now have access to cutting-edge cybersecurity solutions tailored to safeguard their online experience:

*   **Gaming-optimized VPNs** – VPN services will make sure that you have safe, encrypted connections while reducing latency and optimizing the routing of the server. It shields against DDoS attacks and keeps the gameplay smooth.
*   **Anti-phishing extensions** – Google Safe Browsing and Microsoft Defender SmartScreen are tools that actively block malicious sites and alert players that a phishing page is attempting to lure them into a trick.
*   **Behavioural analytics and anti-cheat systems** – Dedicated platforms use machine learning to analyze login patterns and in-game behaviour, detecting anomalies like hacking or unauthorized access.
*   **DDoS mitigation services** – Distribution denial-of-service attacks that cause gaming servers to stop working are identified and neutralized by Cloudflare, Akamai Prolexic, and other companies that protect gaming servers so that gamers can continue enjoying online sessions uninterrupted.

With these state-of-the-art tools, gamers will be protected from changing threats, which will protect gaming for the holidays and beyond.

****Stay on the Safe Side****

The holiday season is a wonderful opportunity to connect with your favourite games and communities. While cyber threats do increase during this period, staying informed and adopting secure practices can protect your gaming experience. From using official platforms to enabling two-factor authentication, every step you take helps reduce risks.

Gaming companies are also playing their part by providing services and insights that enhance player safety. By working together and staying alert, gamers can fully embrace the holiday spirit, free from cybersecurity concerns.

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Winos4.0 Malware Targeting Windows via Fake Gaming Apps
5.  Gcore Thwarts 500 Million PPS DDoS Attack on Gaming Company

Secure Gaming During the Holidays

An overview of incidents and news surrounding Artificial Intelligence in 2024.

A popular saying is: “To err is human, but to really foul things up you need a computer.”

Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence (AI).

And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then it’s that when humans and AI cooperate, amazing things can happen. But amazing is not always positive.

There have been some incidents in the past year that have made many people even more afraid of AI than they already were.

We started off 2024 with a warning from the British National Cyber Security Centre (NCSC) telling us it expects AI to heighten the global ransomware threat.

A lot of AI related stories this year dealt with social media and other public sources that were scraped to train an AI model.

For example, X was accused of unlawfully using the personal data of 60 million+ users to train its AI called Grok. Underlining that fear, we saw a hoax go viral on Instagram Stories that told people they could stop Meta from harvesting content by copying and pasting some text.

Facebook had to admit that it scrapes the public photos, posts and other data from the accounts of Australian adult users to train its AI models, which no doubt contributed to Australia’s ban on social media for children under the age of 16.

As with many developing technologies, sometimes the race to stay ahead is more important than security. This was best demonstrated when an AI companion site called Muah.ai got breached and details of all its users’ fantasies were stolen. The hacker described the platform as “a handful of open-source projects duct-taped together.”

We also saw an AI supply-chain breach when a chatbot provider exposed 346,000 customer files, including ID documents, resumes, and medical records.

And if the accidents didn’t scare people off, there were also some outright scams targeting people that were eager to use some of the popular applications of AI. A free AI editor lured victims into installing an information stealer which came in both Windows and MacOS flavors.

We saw further refinement of an ongoing type of AI-supported scam known as deepfakes. Deepfakes are AI-generated realistic media, created with the aim of tricking people into thinking the content of the video or image actually happened. Deepfakes can be used in scams and in disinformation campaigns.

A deepfake of Elon Musk was named the internet’s biggest scammer as it tricked an 82-year-old into paying $690,000 through a series of transactions. And AI-generated deepfakes of celebrities, including Taylor Swift, led to calls for laws to make the creation of such images illegal.

Video aside, we reported on scammers using AI to fake the voices of loved ones to tell them they’ve been in an accident. Reportedly, with the advancements in technology, only one or two minutes of audio—perhaps taken from social media or other online sources—are needed to generate a convincing deepfake recording.

Voice recognition doesn’t always work the other way around though. Some AI models have trouble understanding spoken words. McDonalds ended its AI drive through order taker experiment with IBM after too many incidents, including customers getting 260 Chicken McNuggets or bacon added to their ice cream.

To sign off on a positive note, a mobile network operator is using AI in the battle against phone scammers. AI Granny Daisy uses several AI models that work together listening to what scammers have to say, and then responding in a lifelike manner to give the scammers the idea they are working on an “easy” target. Playing on the scammers’ biases about older people, Daisy usually acts as a chatty granny while at the same time wasting the scammers’ time that they can’t use to work on real victims.

What do you think? Do the negatives outweigh the positives when it comes to AI, or is it the other way round? Let us know in the comments section.

 2024 in AI: It&#8217;s changed the world, but it’s not all good 

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as detailed by Dr. Jason Clark in "10 Emerging Vulnerabilities Every Enterprise Should Know," a Dark Reading webinar — as they continuously rise and develop in 2025.

**Zero-Day Exploits**

Zero-days and their increase in volume across the cybersecurity landscape is a particularly concerning trend, as there is no patch for these bugs when they're discovered. Attackers are also able to exploit systems using these vulnerabilities undetected, as safeguards have not been put in place by organizations or enterprises yet.

High-profile zero-day vulnerabilities include Log4Shell, tracked as CVE-2021-44228, a critical RCE bug within Log4j's Java Naming and Directory Interface (JNDI). By exploiting the vulnerability, attackers were able to easily take control of vulnerable systems, a considerable threat as Log4j is used in nearly every Java application.

Other vulnerabilities include PrintNightmare and Proxyshell, both remote execution flaws that were exploited quickly and widely, according to Clark.

"The rise in zero-day exploits is partly driven by just more sophisticated threat actors," Clark said in the Dark Reading webinar. "This can include things like nation-states and also using them in targeted attacks."

Chad Graham, cyber incident response team (CIRT) manager at Critical Start, however, believes that advancements with AI will change the landscape in 2025.

"Both attackers and defenders will rely on AI-driven tools to automate the search for hidden software flaws," Graham says. "This shift will likely result in a more dynamic cybersecurity landscape, where continuous innovation and adaptation become the norm."

**Supply Chain Attacks**

Supply chain attacks remain an active threat and tend toward the severe as their impact cascades on to multiple parties: customers, suppliers, and other third parties. Attackers exploit a trusted resource and ultimately gain access to not just one organization, but multiple. These kinds of threats remain concerning as organizations depend more and more on outsourcing services.

The best known example is the SolarWinds breach, which impacted the SolarWinds Orion system, at the hands of a group known as Nobelium. More than 30,000 organizations — including state and federal agencies — used the Orion network management system, resulting in the backdoor malware compromising thousands of data, network, and systems.

Tracked as CVE-2020-10148 with a CVSS score of 9.8, the authentication bypass bug allowed an unauthenticated attacker to execute API commands. The attackers in question were advanced persistent threat (APT) actors who infiltrated into the SolarWinds’ supply chain to insert a backdoor.

"The complexity of modern supply chains makes it challenging to secure all the dependencies," Clark said in the webinar. "This underscores the need for rigorous third-party risk management."

In the year ahead, Dana Simberkoff, chief risk, privacy, and information security officer at AvePoint, believes that there will be a sharpened focus on supply chains and third-party risk management.

"The CrowdStrike incident wasn't just a wake-up call — it was a stark reminder that in our interconnected ecosystem, one weak link can trigger a catastrophic chain reaction," Simberkoff says.

**Remote Work Infrastructure Exploits**

Since 2020 and the COVID-19 pandemic, organizations have leaned into remote and hybrid work offerings, increasing the risk of cybersecurity threats and becoming a significant concern. Attackers focus on vulnerabilities that allow users to engage in remote work such as VPNs, remote desktop protocols (RDPs), and phishing attacks through platforms such as Zoom and Microsoft Teams.

There have been several notable incidents in which VPNs and RDPs were leveraged, allowing threat actors to gain access to enterprise systems and networks. In addition, remote workers are often operating from less secure environments, causing an uptick in phishing attacks as the threat actors try to take advantage of these blind spots.

"The shift to remote work has expanded the overall attack surface, Clark said in the webinar. "Remote workers often need more security controls than those that are working \[onsite\], which can lead to significant vulnerabilities."

Recent examples of vulnerabilities remote and hybrid work vulnerabilities include CVE-2024-38199, a remote code execution vulnerability (RCE) in the Windows or Line Printer Deamon (LPD) Service, and CVE-2024-21433, a Windows Print Spooler elevation of privilege vulnerability.

"Remote work infrastructure will continue to be a prime target for cybercriminals in 2025, with an increase in sophisticated attacks on cloud services, VPNs, and collaboration tools," says Stephen Kowski, field CTO at SlashNext Email Security+. "We'll likely see more AI-powered threats designed to bypass traditional security measures, exploiting vulnerabilities in interconnected devices and home networks."

**Exploitation of AI and Machine Learning Systems**

With the rise of AI and its increasing use amid the public, comes widespread risk of exploitation from attackers. Clark noted of adversarial attacks, data poisoning, and model inversion attacks that are at the forefront of emerging threats for AI and machine learning (ML) systems in particular. 

The nature of some ML systems requires feeding a system information for the best results, the system becoming more familiar with the user over time. When attacks target these systems, it can lead to unauthorized access to sensitive data stored and processed within these tools, as well as incorrect predictions or biased decisions.

"AI models will be key areas of exploitation in 2025," says Rom Carmel, co-founder and CEO at Apono. "As AI and machine learning become integral to identity verification systems, attackers will find ways to poison AI models or bypass them."

AI can also simply be manipulated for malicious ends, as seen when an AI deepfake robocall was created to impersonate US President Joe Biden to encourage individuals not to vote in the New Hampshire's Democratic primary, an event that could have had severe consequences on the US electoral process.

"The threat landscape is evolving with the rapid adoption of AI and ML," Clark said in the webinar. "Attackers increasingly focus on these systems to undermine their reliability and exploit vulnerability."

**Cloud Misconfigurations**

As organizations continue to shift their operations to the cloud, it will continue to emerge as a space for threat actors to thrive, often due to the cloud simply not being set up correctly.

Common examples of threats that circulate within the cloud are publicly accessible S3 buckets, misconfigured security groups in AWS, and exposed databases.

"Cloud misconfigurations can have severe impacts related to data breaches, unauthorized access to critical systems, financial loss, and reputational damage," Clark said. He added that the complexity of these environments is going to increase leading to more frequent configuration errors.

In the past, Amazon and Microsoft cloud environments have exposed customer data, such as viewing habits, names, email addresses, email content, and phone numbers. The leaks aren't due to vulnerabilities but misconfigurations ranging from insecure read-and-write permissions to inaccurate access lists and misconfigured policies.

"To successfully prevent cloud breaches in 2025, companies need to focus on three key areas: visibility, access control, and continuous monitoring," says Jason Soroko, senior fellow at Sectigo. "Cloud environments are dynamic, so your security needs to be dynamic too."

**IoT Device Vulnerabilities**

IoT devices are allowing for emerging threats to thrive, being easy targets for threat actors to exploit, whether it be due to weak default passwords, lack of encryption, or insecure firmware.

Common attacks that IoT devices face are data theft, network breaches, and distributed denial-of-service (DDoS) attacks. A recent example emerged in the Common Unix Printing System (CUPS) for managing printers and print jobs. The series of vulnerabilities, tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 could allow bad actors to stage DDoS attacks within seconds for less than 1 cent while using an available cloud platform.

"Just the sheer volume of connected devices really exacerbates the threat," Clark noted in the webinar. "Securing these devices becomes really challenging due to their diversity and often limited processing power for adding security features."

And as the use of IoT, OT, and 5G networks continues to rise, organizations will need cyber threat intelligence (CTI) to extend beyond traditional IT environments, says Callie Guenther, senior manager, cyber threat research at Critical Start. "This expansion, which will continue throughout 2025, will add complexity to CTI, requiring more granular insights and specific intelligence data."

**Cryptographic Weaknesses**

According to Clark, cryptographic weaknesses continue to pose a significant threat because these kinds of vulnerabilities undermine the foundation of secure communication and data protection. These weaknesses often manifest in one of two ways: flaws in encryption algorithms, or how the algorithms are implemented.

"The rising threat is kind of compounded by the fact that as computational capability advances, that previously secure crypto standard now becomes increasingly more vulnerable," Clark said in the webinar.

He recommended regularly updating cryptographic libraries, and enforcing strong encryption protocols to avoid exploitation attempts like man-in-the middle attacks, data integrity issues, and the exposed sensitive information.

Just recently, Acros Security discovered a vulnerability, similar to CVE-2024-38030, that enables an attack in which a vulnerable device is coerced into sending NTLM hashes, which is the cryptographic version of a user's password, to a threat actor.

"We have never before required from \[cloud service providers\] such granular and detailed information on the type of encryption in use, but customers (government and non-government customers alike) will require this level of detail to ensure their encryption standards are being met," says Philip George, executive technical strategist at InfoSec Global Federal.

**API Security Gaps**

More organizations are relying on APIs to connect systems; however, these APIs are at risk when they have flaws in the design or the implementation of the APIs. Attackers are able to breach systems through unauthorized access, allowing them to manipulate certain restricted actions.

A notable example of this is the exposure of user data through Facebook’s API, though these flaws are also abundant in other sectors such as healthcare or financial services. 

Gaps in API security ultimately serve as a launchpad, often for data breaches which can lead to the loss of sensitive information, unauthorized transactions, reputational damage, and significant financial loss.

"The threat is escalating as API is becoming more prevalent, increasing the number of potential attack surfaces," Clark said. "To mitigate these risks, it's essential to secure your API endpoints, enforce robust authentication mechanisms, and regularly update and audit API access."

A Docusign API was recently used in a wide-scale phishing campaign due to its "API-friendly environment," which is beneficial for businesses but also provides a way for bad actors to conduct malicious operations. The flaw could ultimately could have led to instances of fraud, though there are ways for users to avoid and detect such API abuse.

In the coming year, the cyber landscape will continue to evolve, API being in the forefront of these changes.

"We anticipate a rise in sophisticated API attacks using automation, artificial intelligence, and advanced evasion techniques to exploit vulnerabilities and bypass traditional security measures," says Eric Schwake, director of cybersecurity strategy at Salt Security. "One significant risk will stem from the exploitation of API misconfigurations, which often occur due to the fast pace of development and deployment. This situation will challenge organizations to adopt a more proactive and comprehensive approach to API security."

**Ransomware Evolution**

"We could do a whole webinar on ransomware," Clark said in the webinar, which raises the question: Can ransomware even be considered an emerging threat? 

The answer is yes, though ransomware attacks have become one of the most disruptive and costly cyberattacks out there largely due to their rapid evolution.

One of the most notable ransomware attacks occurred on Colonial Pipeline, which shut down its entire operations for the first time, leading to fuel shortages and four states on the East Coast declaring a state of emergency. The ransomware attack prompted action from national security and the executive branch and forced a reevaluation of the nation's critical infrastructure security.

Threat actors know they can win big when demanding ransoms from organizations, such as those in the healthcare sector, which will pay these high prices in order to help patients in need.

"As these attacks are becoming more targeted and, frankly, aggressive, it's crucial to start to implement backup strategies that are robust, strengthen your overall incident response plans, and continuously educate your employees on recognizing and avoiding things like phishing attempts that can often serve as an entry point for ransomware," Clark said in the webinar.

Backups may not always be an option, according to Brandon Williams, chief technology officer at Conversant Group.

"Some threat actors have moved to deleting data as part of their normal motions," he says. "If this gains traction in 2025, organizations will not have a method to recover by simply paying a ransom and hoping to get a working decryption tool. The only method of recovery will be backups; however, data shows that backups do not typically survive these breaches."

**5G Network Vulnerabilities**

5G networks are being rapidly deployed, and with them come threat actors' awareness and exploitation of its vulnerabilities. Attackers are increasingly able to target 5G infrastructure with ease, and these open the door for even bigger threats such as large-scale DDoS attacks, unauthorized data access, and disruption of our critical services.

"As we consider the rising threat, the global rollout of 5G brings an increasing number of connected devices," Clark said in the webinar. "The rising number amplifies their attack risk, particularly given their reliance on cloud-native infrastructures."

At Black Hat 2024 in Las Vegas, seven Penn State University researchers detailed how mobile devices are at risk of data theft and denial of service due to 5G technology vulnerabilities. Threat actors use these resources simply by providing someone with an Internet connection, allowing easy access to spying, phishing, and more. 

"Vulnerabilities such as lack of initial broadcast message authentication, spectrum slicing, silent downgrade, and unsecured DNS paging currently affect 5G networks," says Mayuresh Dani, manager, security research, at Qualys Threat Research Unit. "In the year to come, these will continue affecting 5G networks and vulnerabilities in unsecured base stations will multiply snooping attacks."

Emerging Threats &amp; Vulnerabilities to Prepare for in 2025

From Chinese cyberspies breaching US telecoms to ruthless ransomware gangs disrupting health care for millions of people, 2024 saw some of the worst hacks, breaches, and data leaks ever.

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—the malicious rampages had very real consequences for people's privacy, safety, and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complicated—and potentially explosive—year in cyberspace. But first, here's WIRED's look back on this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert, and stay safe out there.

**China's Salt Typhoon Telecom Breaches**

Espionage operations are a fact of life, and relentless Chinese campaigns have been a constant in cyberspace for years now. But the China-linked espionage group Salt Typhoon carried out a particularly noteworthy operation this year, infiltrating a slew of US telecoms including Verizon and AT&T (plus others around the world) for months. And US officials told reporters earlier this month that many victim companies are still actively attempting to remove the hackers from their networks.

The attackers surveilled a small group of people—less than 150 by current count—but they include individuals who were already subject to US wiretap orders as well as state department officials and members of both the Trump and Harris presidential campaigns. Additionally, texts and calls from other people who interacted with the Salt Typhoon targets were inherently also caught up in the espionage scheme.

**Snowflake Customer Breaches**

Throughout the summer, attackers were on a tear, breaching prominent companies and organizations that were all customers of the cloud data storage company Snowflake. The spree barely qualifies as hacking, since cybercriminals were simply using stolen passwords to log in to Snowflake accounts that didn't have two-factor authentication turned on. The end result, though, was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another prominent victim, the telecom giant AT&T, said in July that “nearly all” records relating to its customers' calls and texts from a seven-month stretch in 2022 were stolen in a Snowflake-related intrusion. The security firm Mandiant, which is owned by Google, said in June that the rampage impacted roughly 165 victims.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all of their users. In November, suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for allegedly leading the hacking spree. He was indicted by the US Department of Justice for the Snowflake tear and faces extradition to the US. John Erin Binns, who was arrested in Turkey for an indictment related to a 2021 breach of the telecom T-Mobile, was also indicted on charges related to the Snowflake customer breaches.

**Change Healthcare Ransomware Attack**

At the end of February, the medical billing and insurance processing company Change Healthcare was hit with a ransomware attack that caused disruptions at hospitals, doctor's offices, pharmacies, and other health care facilities around the US. The attack is one of the all-time largest breaches of medical data, impacting more than 100 million people. The company, which is owned by UnitedHealth, is a dominant medical billing processor in the US. It said days after the attack started that it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the assault.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions, and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat at the beginning of March in an attempt to contain the situation. The payment seemingly emboldened attackers to hit health care targets at an even greater rate than usual. With ongoing, rolling notifications to more than 100 million victims—with more still being discovered—lawsuits and other blowback has been mounting. This month, for example, the state of Nebraska sued Change Healthcare, alleging that “failures to implement basic security protections” made the attack much worse than it should have been.

**Russia's Midnight Blizzard Hit Microsoft**

Microsoft said in January that it had been breached by Russia's “Midnight Blizzard” hackers in an incident that compromised company executives' email accounts. The group is tied to the Kremlin's SVR foreign intelligence agency and is specifically linked to SVR's APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

**National Public Data**

The background check company National Public Data suffered a breach in December 2023, and data from the incident started showing up for sale on cybercriminal forums in April 2024. Different configurations of the data cropped up again and again over the summer, culminating in public confirmation of the breach by the company in August. The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Since National Public Data didn't confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Though the breach was significant, the true number of impacted individuals seems to be, mercifully, much lower. The company reported in a filing to officials in Maine that the breach affected 1.3 million people. In October, National Public Data's parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach as well as a number of lawsuits that the company is facing over the incident.

**Honorable Mention: North Korean Cryptocurrency Theft**

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

The Worst Hacks of 2024

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams. Learn risks, real-world examples, and preventive measures for safer browsing.

Did you know that over 80% (PDF) of cyberattacks exploit online platforms, including search engines? These indispensable tools guide billions of users to the content they seek, but their trustworthiness can be weaponized.

Cybercriminals are exploiting search engine optimization (SEO) techniques to distribute malware, launch phishing attacks, and spread harmful content. This practice, known as SEO poisoning, manipulates search results to lure unsuspecting users into clicking on malicious links.

Recent reports indicate a significant rise in SEO poisoning attacks. Between August 2023 and January 2024, there was a 60% increase in malware detections stemming from malicious search results. Such trends highlight the growing sophistication of these tactics and the critical need for vigilance among businesses and individuals alike.

****What is SEO Poisoning?****

SEO poisoning is a malicious strategy where cybercriminals manipulate search engine algorithms to rank harmful websites prominently in search results. These websites often contain malware, phishing schemes, or scams designed to steal sensitive information.

Attackers capitalize on high-demand keywords tied to trending topics or urgent events, such as natural disasters, major product launches, or public health crises. By employing techniques like keyword stuffing, spammy backlinks, and deceptive content, they make their sites appear legitimate and lure unsuspecting users.

****Key Risks of SEO Poisoning:****

*   **Malware Distribution:** Clicking on infected links can install ransomware, spyware, or other malware.
*   **Phishing Scams:** Users are tricked into providing sensitive data like passwords or credit card information.
*   **Reputation Damage:** Legitimate businesses can lose credibility if associated with malicious links.

One example is the surge of Gootloader malware in early 2023. Attackers targeted niche search terms, such as _“implied employment agreement,”_ to redirect users to infected websites. These attacks emphasize how even low-competition search terms can become cybercriminals’ playgrounds.

****Real-World Examples of SEO Manipulation****

SEO manipulation has been used in several high-profile attacks, exploiting the trust users place in search results:

*   **Fake Antivirus Software:** Users searching for free antivirus tools were directed to malicious sites posing as trusted providers. These fake programs encrypted files and demanded ransom payments, exploiting users’ trust in well-known antivirus brands like Avast, Bitdefender and Malwarebytes. Fake antivirus websites have been known to impersonate popular security providers to deceive users.

*   Holiday Shopping Scams: During peak shopping seasons, cybercriminals created fake e-commerce sites targeting popular products. These fraudulent sites were designed to rank high in search results, allowing attackers to trick users into entering their payment information, which the criminals then stole.

*   **Software Search Exploitation:** In 2023, searches for popular tools like Blender 3D led users to fraudulent sites offering infected downloads. Such campaigns highlight the dangers of SEO poisoning when targeting trusted software.

These examples show how attackers exploit trust in search results and highlight the importance of vigilance, particularly during periods of heightened online activity.

****Protecting Against SEO-Based Threats****

Although SEO poisoning is a persistent threat, proactive measures can help both businesses and individual users reduce the risks.

****For Businesses****

Businesses must safeguard their websites and digital presence from exploitation. Trusted SEO providers can optimize websites while identifying and mitigating vulnerabilities, such as fake backlinks or unauthorized content changes, often exploited in SEO poisoning campaigns.

According to Stellar SEO, a custom SEO services provider, exploiting SEO-related vulnerabilities has even been adopted by top-tier groups such as the Chinese DragonRank, which was recently discovered manipulating search engines to redirect users to malicious websites.

****For Users****

Users can protect themselves by adopting proactive online habits:

*   **Verify the Source:** Always inspect URLs carefully before clicking, especially when searching for trending or high-demand topics.
*   **Use Trusted Security Tools:** Antivirus software and browser extensions can help identify and block harmful sites. For example, providers like _Kaspersky_ have shown how cybercriminals exploit marketing strategies to launch attacks.
*   **Stay Informed:** Awareness of the latest cybersecurity trends is crucial for recognizing and avoiding malicious tactics.

By combining secure SEO strategies with vigilance, businesses and users can significantly reduce their exposure to SEO poisoning threats.

****How Search Engines Are Combating SEO Poisoning****

Search engines like Google and Bing constantly update their algorithms to detect and penalize malicious websites. These updates target behaviors such as keyword stuffing, suspicious backlinking patterns, and misleading content.

****Key Defensive Measures Include:****

*   **Machine Learning Algorithms:** These tools analyze billions of web pages for signs of malicious intent.
*   **Safe Browsing Technology:** Platforms like Google warn users about harmful websites before they can be accessed.
*   **Domain Reputation Systems:** Search engines evaluate the trustworthiness of domains to demote those linked to malicious activity.

Despite these efforts, cybercriminals continue to evolve their techniques, creating sophisticated tactics to bypass detection. For instance, in November 2024, attackers exploited niche search queries like _“Are Bengal cats legal in Australia“_ to lure users to malicious websites. Such incidents underscore the importance of proactive measures by users and businesses to complement automated systems. Recognizing and avoiding malicious links remains a shared responsibility.

****Conclusion****

SEO poisoning is a growing threat at the intersection of cybersecurity and digital marketing. By exploiting legitimate SEO techniques, cybercriminals deceive users, distribute malware, and undermine trust in search engines.

For businesses, partnering with trusted providers of custom SEO services ensures websites are optimized securely, preventing vulnerabilities that attackers might exploit. For users, adopting habits like verifying sources, using reliable security tools, and staying informed about emerging threats is essential for staying safe online.

Every time you search online, consider the risks that lurk behind seemingly trustworthy links. By remaining vigilant and proactive, we can protect our digital spaces and maintain trust in the tools that shape our online world. 

1.  **Google Algorithm Updates vs SEO Strategies**
2.  **Best SEO Experts to Follow on Twitter (X) in 2025**
3.  **How to Improve SEO with Enhanced Web Security**
4.  **Link Farming: SEO Boost or Cybersecurity Threat?**
5.  **Fake GlobalProtect VPN Downloads Spread WikiLoader Malware**

Tag

#mac