SUMMARY A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds…

****SUMMARY****

*   Sensitive data for 800,000 Volkswagen Group EVs was exposed on an unsecured cloud server.

*   The data leak, discovered by a whistle-blower, included GPS data and vehicle status, enabling owner tracking.

*   Affected users included politicians, police, and intelligence employees, with most vehicles in Europe.

*   The data leak revealed personal routines and locations, posing serious privacy risks.

*   The issue stemmed from Cariad’s system misconfiguration, which has since been addressed.

A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds of thousands of Volkswagen Group electric vehicle owners. The investigation found that sensitive location data for 800,000 vehicles, including those from Volkswagen, Audi, SEAT, and Skoda, was left exposed on an unsecured cloud server for months. 

The vulnerability was discovered by an anonymous whistle-blower and reported to the Chaos Computer Club (CCC), a prominent European hacker association. The exposure included personal data, including GPS coordinates and vehicle status, including detailed information about VW ID.3 and ID.4 owners stored on an unsecured Amazon cloud server. This allowed anyone with the right know-how to track the movements and habits of affected owners. 

https://berlin-ak.ftp.media.ccc.de//congress/2024/h264-hd/38c3-598-deu-Wir\_wissen\_wo\_dein\_Auto\_steht\_-\_Volksdaten\_von\_Volkswagen.mp4

Reportedly, the impacted EVs were located worldwide with the majority found in Germany and other parts of Europe. The affected owners not just include ordinary citizens but also prominent figures like German politicians, police officers, and even suspected intelligence service employees just like in October 2023 when a third-party contractor exposed over 500,000 Irish Police vehicle seizure records.  

This exposure extended far beyond simple vehicle location tracking. By linking vehicle data with other personal information, the researchers were able to gain unprecedented insights into the daily lives of affected owners.

For example, according to Spiegel’s report, it was able to track the movements of two German politicians with alarming precision, pinpointing their locations at various locations including a retirement home and military barracks, and profiling a mayor with her car tracking her movements from her work to her physical therapist.

That’s not all! Spiegel discovered terabytes of data on Amazon cloud storage, including the precise location of 460,000 vehicles, which could reveal crucial details of their owners. Moreover, the data also included information about the Hamburg police department’s electric cars, politicians, business leaders, Federal Intelligent Services employees, and the US Air Force’s Ramstein Air Base drivers.

The root of this security failure lies within Cariad, the Volkswagen Group’s software division. The company confirmed that a misconfiguration within their systems allowed unauthorized access to the sensitive data.

While Cariad insists that no financial or personally identifiable information was compromised, the potential for misuse of the exposed location data remains a significant threat. Cybercriminals could exploit this information for a variety of malicious purposes, including targeted stalking, blackmail, and even physical attacks.  

The CCC promptly contacted Lower Saxony’s State Data Protection Officer, Federal Ministry of the Interior, and other security bodies, and gave VW Group and Cariad 30 days to address the issue before going public. Cariad’s technical team promptly and responsibly blocked unauthorized access to customer data.

1.  **Cicada3301 Ransomware Hits French Peugeot Dealership**
2.  **Fuel Industry Software Provider Exposes SSNs and PII Data**
3.  **Builder.ai Database Exposes 1.29 TB of Unsecured Records**
4.  **Microsoft Power Pages Expose Millions of Records Globally**
5.  **13GB Data of Automobile Insurance Giant AA Exposed Online**

Exposed Cloud Server Tracks 800,000 Volkswagen, Audi, and Skoda EVs

From Elon Musk and Donald Trump to state-sponsored hackers and crypto scammers, this was the year the online agents of chaos gained ground.

For its entire existence as a global medium, the internet's evolution has been caught in a tug of war, pulled by opposing forces: on one side, moderation and control; on the other, disruption and anarchy.

This year, the most prominent actors weighing in on the side of disruption were familiar faces: The reckless oligarchs, cybercriminals, scammers, and state-sponsored hackers who made the internet feel particularly dangerous in 2024 were, to some degree, the same forces destabilizing the online world in 2023. But perhaps more than in any other recent year, those agents of chaos seemed to persist in the face of opposition, to grow in their influence—and to win.

From Elon Musk's completed remake of X in his own tech-bro image to Trump's disinformation-fueled campaign, to Russia's ongoing cyberattacks against Ukraine, to China's relentless onslaught of digital intrusions and crypto scammers' global spread, the online experience of 2024 was messy, hazardous, and Hobbesian. And for the most part, the people who made it that way are poised to exert even more influence over the year to come.

As we do every year, WIRED has assembled a list of the most dangerous people, groups, and organizations on the internet. Here are our picks for 2024.

**Elon Musk**

After years of evolution from entrepreneur to edgelord, Musk seemed to reach his final form this year in the run-up to November's US election. Once a technologist with ambiguous politics who occasionally pursued public arguments against scuba divers, Musk now uses his megaphone of 200-million-plus followers on X, the social media platform he fully controls, to broadcast an unrelenting stream of anti-regulation, anti-immigrant, anti-transgender, anti-press, anti-progressive talking points. He's amplified and repeated disinformation, like claims after the disastrous damage done by Hurricanes Helene and Milton that the Federal Emergency Management Agency (FEMA) was hoarding supplies or had spent its budget on migrants instead of needy Americans. He's repeated debunked theories about voter fraud and immigrants swinging elections. In at least one case, he's even seemed to drop a reference that suggest support for the QAnon movement, which maintains bizarre theories about satanic pedophile rings that only Donald Trump can destroy.

Meanwhile, Musk continues to push his AI startup, xAI, toward one of the most no-holds-barred visions of what that technology can make possible, with little regard for safety or preventing its use for disinformation. The company this year launched new image-generation capabilities in its Grok tool that were immediately used to create images of copyrighted characters, celebrities, and political figures in compromising or sexual positions. Musk himself at one point posted an AI-generated deepfake of Kamala Harris that mocked her with her own voice—with no annotation that it was not authentic—that received 150 million views.

More than any particular political message or technology he's pushed, however, the danger Musk represents is simply that the richest man in the world can buy one of the internet's most vital media platforms, then use it, along with hundreds of millions of dollars in donations, to elect the president of his choosing and shape US policy. After Trump's election, Musk was rewarded with hundreds of billions more in net worth. The system, in other words, is working—for oligarchs like Elon Musk.

**Donald Trump**

For the next four years, Donald Trump will once again be the most powerful single person in the world. This year, he was just a very loud one. On social media platforms like X—where Musk reinstated Trump's account despite a 2021 ban following his incitement of the January 6 storming of the US Capitol—and Trump's own Truth Social, he lit fires with false claims that arguably helped fuel his path to political victory. Like Musk, he made and repeated falsehoods such as FEMA spending its budget on immigrants rather than hurricane victims, or that immigrants were stealing and eating pets. By converting Robert F. Kennedy Jr. from a third-party candidate to an endorsing ally, Trump also reciprocally endorsed RFK Jr.'s long-running stream of anti-vaccine misinformation, rhetoric that has led to childhood vaccine rates now dipping to a lower level than before the Covid-19 pandemic.

Once his second term in office begins, Trump is poised to use digital surveillance to carry out a highly disruptive and even vindictive agenda: He's promised mass deportations of millions of immigrants starting on day one of his administration, and he's vowed to target political opponents and journalists with prosecution. There's little doubt that Trump will top this list in 2025. But in 2024, his words alone represent a clear and present danger.

**Volt Typhoon**

In the cybersecurity world, the last months of 2024 have been dominated by warnings from public officials about a Chinese state-sponsored hacking group known as Salt Typhoon, which has penetrated at least eight telecoms, in some cases accessing the real-time calls and texts of Americans. But in the midst of that cyberespionage scandal, a different, far more dangerous digital threat from China still quietly looms: A Chinese state-sponsored group called Volt Typhoon spent much of 2024 continuing its stealthy campaign to breach US critical infrastructure facilities—not to spy on communications, but to prepare for a potential cyberattack. While headlines about Volt Typhoon have largely dissipated since it was first called out and named by Microsoft in May of 2023, officials warn that the group continues to “pre-position” itself inside of networks that appear to be chosen for maximum disruption, perhaps timed to a Chinese invasion of Taiwan. Given that Chinese head of state Xi Jinping has told his country's military to be prepared for that invasion by 2027, now is the time to head off the digital salient of what could be a world-shaking future war.

**Sandworm**

While Volt Typhoon prepares, Sandworm attacks. The Russian hacking group, a unit of the country's GRU military intelligence agency, has in fact carried out many of the most disruptive cyberattacks of the past decade. Those attacks—mostly in Ukraine—include at least three blackouts triggered by its hacking, the destructive NotPetya malware that spread around the globe and inflicted $10 billion in damage, and countless data-destroying breaches that the group has carried out since the beginning of Russia's full-scale invasion of Ukraine in 2022. In 2024, as Russia fought Ukraine to a stalemate or regained territory in the east of the country, Sandworm continued to project its power beyond that front: Security firm StrikeReady discovered Sandworm targeting Ukraine's energy sector again this fall, perhaps in preparation for another round of electrical utility hacking, either to carry out its own attacks or as reconnaissance for the Russian military's now-annual physical bombing of Ukraine's grid.

**Israeli Military and Intelligence**

Last year, WIRED named both the IDF and Hamas on this list, a nod to each side's use of the internet in its propaganda efforts in the war in Gaza following Hamas' October 7 attack. This year, with Israel's adversaries in that conflict like Hamas and Hezbollah significantly weakened and in retreat, it's the Israeli forces that remain on the offensive. Israel's military continues to use AI tooling to identify targets for bombs as its strikes have killed tens of thousands of Gazan civilians and leveled entire cities in the territory. Israeli missiles continue to intermittently knock out Gaza's communications infrastructure, destroying 80 percent of the country's top telecom's cell towers and leading to information blackouts amid the destruction and starvation of that now year-plus siege. Add to all of that a still-mysterious Israeli supply chain attack that hid lethal explosives in pagers and walkie-talkies in an effort to target Hezbollah operatives, which led to immediate distrust of all communications devices in the country, and Israel's government forces remain an internet apex predator by any definition.

**Black Cat/AlphV/RansomHub**

Ransomware in 2024 was, again, one of the most abhorrent forms of cybercrime to blight the internet. But few ransomware attacks in history have been quite as dangerous and damaging as the one that targeted UnitedHealthcare subsidiary Change Healthcare early this year, carried out by a ransomware group known as Black Cat or AlphV. Even after extracting a $22 million ransom from the company—a payment processor that handles around 40 percent of all health care insurance claims across the US—the hackers' disruption of Change's network continued to prevent the company from completing payments to pharmacies, clinics, health care practices, and hospitals across the country for weeks, causing some to even go out of business. Then, as if it hadn't inflicted enough chaos, AlphV ran off with Change's ransom money instead of sharing it with a group of hackers with whom it had partnered to infiltrate the company. That led the jilted hackers to share the data stolen from Change Healthcare with another, newer ransomware crew called RansomHub, which extorted the company a second time—an unprecedented health care cybersecurity debacle.

**The Com**

Even in an age of state-sponsored Chinese cyberspies, Russian hacker saboteurs, and ransomware gangs, nihilistic young hackers remain a constant in the darker corners of the internet. And few of those corners are as dark as the ones frequented by the Com. The loose movement of online trolls and criminals who operate under the Com banner in channels on Telegram and Discord, many just in their teens, engage in some of the most despicable digital crimes possible, from petty crypto theft and ransomware to sextortion, harassment, and the creation and trade of child sexual abuse material. This year, several members of a Com subgroup of ransomware hackers known as Scattered Spider were arrested, following their alleged high-profile 2023 attacks on companies including Caesar's Entertainment and MGM Resorts. But other members of the group are allegedly responsible for the serial breaches of well over a hundred customers of the cloud provider Snowflake. It's a safe bet that the Com will continue to serve as a haven for plenty more criminal acts to come.

**Data Brokers**

Once, privacy fears centered on government agencies like the FBI and NSA and their ability to carry out mass surveillance worldwide. Now, increasingly, we give away that same surveillance data en masse to companies you've never heard of. This year, it came to light that several data brokers collect and then sell access to Americans' highly granular location data pulled from their phones. Surveillance services like Babel Street's LocateX allegedly can—and do—track visitors to sensitive locations abortion clinic or mosques. A data broker called Near Intelligence left a vast cache of location data exposed online, revealing the movements of hundreds of visitors to sex trafficker Jeffrey Epstein's island in the Caribbean. Reporting on both companies has demonstrated how much private location data our devices leave behind as revelatory digital detritus, and how the possession of that data now extends far beyond government agencies to little-known firms with highly questionable privacy and security practices.

**Character.AI**

If 2023 was the year that AI tools future-shocked the internet with their seemingly abrupt rise to prominence, 2024 was the year that those tools became normalized, quietly settling into common use in spite of all their alleged flaws and ethical problems. Yet those issues are still there, and perhaps no startup better exemplifies them than Character.AI, an AI firm backed by $2.7 billion in investment from Google. According to lawsuits filed in Texas and Florida against the company, its chatbots have encouraged children to engage in self-harm and violence against their parents, and allegedly contributed to 14-year-old dying by suicide. Other chatbots hosted by the company have allegedly coached kids into developing eating disorders, role-playing as school shooters, and even seemed to be sexually grooming them. Despite repeatedly vowing to implement age restrictions, no meaningful age safeguards appear to have been added even now, according to news outlet Futurism. If this is the future of artificial intelligence, the AI era is going to be a dark age indeed.

**Crypto Scammers**

The crypto-based investment scams known as “pig butchering”—a term experts now say should be retired because it can further harm victims—pulled in a staggering $37 billion in 2023, and likely more in 2024. The victims of that explosively growing form of crimes aren't just those who fall for its scams and lose their life savings, but also many of the perpetrators of the scams themselves: As many as 200,000 people have been enslaved in compounds across Southeast Asia and forced to carry out the fraud schemes. In some cases, they've been kept in electrified shackles and faced threats of cattle prods and beatings from the gangs overseeing their work. This year, the dystopia those scammers have ushered in has begun to spread worldwide, with operations cropping up in the Middle East, Eastern Europe, Latin America, and West Africa. The targets of their fraud, of course, are even more global. Crypto scams have already become a top-tier form of cybercrime, and there's no end in sight to the expansion of this predatory underworld industry.

The Most Dangerous People on the Internet in 2024

Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.

Source: Tero Vesalainen via Shutterstock

If incidents this year are any indication, deepfakes and “harvest now, decrypt later” attacks spurred by the growing adoption of quantum computing projects are among the many concerns that organizations in the Asia-Pacific (APAC) region will need to deal with in 2025.

Over the past year, cybercriminals operating in the APAC region have increasingly leveraged AI to launch sophisticated campaigns — such as AI-generated phishing emails, adaptive malware, and deepfakes. The attacks have undermined trust in critical communications and exacerbated social tensions, says Clement Lee, security architect and evangelist at Check Point Software Technologies, Asia Pacific.

**An Increase in Deepfakes & Quantum Computing-Related Cyberattacks**

"This was starkly demonstrated during recent elections seen across APAC: in India where deepfakes fueled widespread disinformation; in Indonesia, where a doctored deepfake video aimed to stir anti-China sentiment; and in Hong Kong, a finance worker who was duped into sending $25 million by a deepfake impersonation of company executives," Lee says. As these tactics start extending from political spheres into the corporate realm, businesses must adopt AI-driven security defenses to counter them, Lee notes.

Simon Green, president of Asia, Pacific, and Japan at Palo Alto Networks, described the APAC region as being on the cusp of a "perfect storm of AI-driven cyber threats" heading into 2025. Attacks featuring deepfake audio and video will likely be the most visible manifestations of the trend, he noted.

Related:Middle East Cyberwar Rages On, With No End in Sight

"We can expect deepfakes to be used alone or as part of a larger attack much more often in 2025," Green said. The use of audio deepfakes in particular is likely to increase over the next 12 month, as technology for highly credible voice cloning becomes more easily accessible.

**AI-Focused Cybersecurity Preparations**

Expect also to see more organizations in the APAC region looking for ways to better protect their data as they implement AI-enabled projects.

"Our customers are asking how they can get more value out of their data, while maintaining robust security, especially as they look to benefit from GenAI products like Microsoft Copilot," adds Max McNamara, vice president and managing director Australia and New Zealand at AvePoint.

"This starts with having secure, accessible data, ensuring you can scale with solutions that don't compromise your security posture, and rigorously adhering to increasingly complex regulatory standards," he says. APAC organizations will increasingly be looking to ensure their data is not just accessible, but also fundamentally secure within their borders, he notes.

Related:'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

"Our customers are asking how they can get more value out of their data, while maintaining robust security, especially as they look to benefit from GenAI products like Microsoft Copilot," McNamara says, adding that this starts with having secure, accessible data, ensuring you can scale with solutions that don't compromise your security posture, and rigorously adhering to increasingly complex regulatory standards.

**Quantum Projects Will Drive Increase in Harvest Now, Decrypt Later Attacks**

The growing number of quantum computing projects in the APAC region is likely going to fuel an increase in "harvest now, decrypt later" attacks as well. Such attacks involve adversaries collecting and storing currently encrypted data with the intention of decrypting it in the future, when quantum computers become powerful enough to break today's encryption standards. The attacks pose a significant threat to sensitive information that needs to remain secure for extended periods of time.

According to Fortune Business Insights, Asia Pacific is the fastest growing quantum computing market in the world, with multiple companies including IBM, Microsoft, Google, Alibaba, Baidu, JSR, and D-Wave systems currently involved in large regional quantum software and hardware projects. One example is a new quantum computing cloud platform that Alibaba has deployed in collaboration with the Chinese Academy of Sciences. Some quantum projects in the APAC region are happening at a national level, such as India's US-funded National Mission on Quantum Technologies & Applications, and Singapore's Quantum Engineering Programs.

Related:Governments, Telcos Ward Off China's Hacking Typhoons

"The advent of quantum computing threatens to render current encryption standards obsolete, risking exposure of sensitive data and compromising critical infrastructure," Lee says. "Quantum-resistant cryptography will gain traction as organizations prepare for future decryption threats."

Organizations in the APAC region should expect increased interest in harvest now, decrypt later attacks from a wide range of adversaries, including nation-state-backed threat actors, according to Palo Alto Networks' Green. The attacks will pose a threat to governments and businesses, civilian and military communications, critical infrastructure, and organizations developing quantum projects, Green said. Organizations concerned about the trend should develop a quantum resistant road map that includes deployment of quantum resistant tunnelling, stronger crypto libraries and quantum key distribution, according to Palo Alto Networks.

Richard Sorosina, chief technology security officer and vice president of solution architecture at Qualys' EMEA & APAC operations, believes that the fast-evolving and increasingly sophisticated nature of the APAC threat landscape will likely accelerate ongoing consolidation of security capabilities at many organizations in the region. He expects organizations will increasingly move toward a unified security platform approach that will provide both a centralized view of risk across the organization and mechanisms to remediate that risk when found. Many of these efforts will be "driven by a need to reduce complexity, increase operational efficiency, enhance detection and response capabilities, and reduce overall cost," Sorosina says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Deepfakes, Quantum Attacks Loom Over APAC in 2025

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,…

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions, use secure downloads, and trust verified tools to enjoy safe, uninterrupted gameplay.

The holiday season is a time of joy for gamers, with more free time to play, exciting events, and in-game promotions. However, this festive period comes with higher risks of cyberattacks than any other period of the year.

Studies by Wowvendor, a company dealing in WoW services, indicate that hackers increase their activity by 50% during the holidays and especially prey on gamers via malware and phishing. This article will detail these risks and give some useful advice on how to enjoy gaming without compromising your account security.

****The Rise of Cyber Threats During Holidays****

The gaming community gets busy during the holidays. Unfortunately, cybercriminals find this an attractive target. The key reasons for increased risks are as follows:

*   **Increased player traffic** – A large consumer base of online gaming creates, in turn, more opportunities for hackers to exploit vulnerabilities.
*   **Attractive holiday promotions** – Many players get tricked into fake giveaways and deals, without knowing it compromises their data security.
*   **Malware in pirated games** – Most of the time, hackers put harmful software inside cracked versions of popular titles.

For instance, cybersecurity companies have informed that the number of phishing emails with “in-game rewards notifications” and “discount offers” have spiked around the times of past holiday seasons. These examples of threats put the importance of vigilance during peak gaming hours deeper into focus.

****Common Cyber Threats to Gamers****

Cyber threats range from gaming cyber attacks and data security incidents to DDoS attacks. This will likely impact some players more and possibly their performance during peak gaming periods. Understanding these dangers can help players stay protected:

****Fake add-ons, mods and Phishing schemes** **

Hacks through counterfeit mods are common in games such as World of Warcraft. Hackers distribute these infected mods using counterfeit mods and give the malware the chance to steal login credentials or infect the device they’re playing on. Additionally, fraudulent links and websites trick people into providing personal information or downloading malicious software.

****DDoS attacks** **

The gaming industry is seeing a lot of DDoS attacks (distributed denial of service attacks), wherein hacker group gets a network of infected devices (botnet) that perform a network DDoS attack to inundate a game server or a group of players with a massive amount of traffic. This overload disrupts the server or network connection and has broken the game so that normal users can’t even get in.

These attacks send many requests and place a heavy load onto the server. Hackers aim at certain players’ IP addresses and try to degrade their connection, or that of the player behind it, to give themselves an in-game advantage. This type of targeted interference disrupts competitive gameplay and can negatively impact a game’s experience for the player.

Additionally, the number of ransomware attacks against gaming accounts has risen as well. They involve locking players out of their accounts and asking for payment to access them. When you are faced with unfamiliar software or links, it’s best to stay awake and alert to risks.

****Best Practices for Secure Gaming****

A large number of cyber attacks on gamers can stem from unauthorized downloads, according to leading cyber security firm Kaspersky. To enjoy your games safely during the holidays, follow these cybersecurity tips:

*   **Download software from official sources** — Do not download games or updates from untrusted websites — they can hide malware.
*   **Use two-factor authentication (2FA)** — It simply gives you extra protection for your gaming accounts.
*   **Verify promotional offers** — Don’t accept offers that are simply too good even to be true. There are always official channels for you to confirm their legitimacy.
*   **Avoid cracked games** — First and foremost pirated games are illegal, and they’re dangerous for security reasons too.

Working with your use of strong, unique passwords across all your accounts, these measures can go a long way toward mitigating your risk of being victimized in this way.

****The Role of Gaming Companies****

Leading gaming companies have stepped up their efforts to combat cyber threats. Their initiatives include:

*   **Enhanced security systems** – AI detecting and blocking unusual activity on gaming networks.
*   **Regular updates and patches** – Time and time again, developers release updates to patch vulnerabilities, and protect players with updates.
*   **Player education** – Many platforms offer users a way of recognizing and preventing scammers.

For instance, World of Warcraft’s creators, Blizzard Entertainment, is constantly monitoring its ecosystem for threats and expelling them while at the same time urging players to use solutions, for example, 2FA. Machine learning has been introduced into other companies, such as Valve and Riot Games, in an attempt to detect possible hacking through in-game behaviours.

****Advanced Cybersecurity Tools for Gamers****

Gamers now have access to cutting-edge cybersecurity solutions tailored to safeguard their online experience:

*   **Gaming-optimized VPNs** – VPN services will make sure that you have safe, encrypted connections while reducing latency and optimizing the routing of the server. It shields against DDoS attacks and keeps the gameplay smooth.
*   **Anti-phishing extensions** – Google Safe Browsing and Microsoft Defender SmartScreen are tools that actively block malicious sites and alert players that a phishing page is attempting to lure them into a trick.
*   **Behavioural analytics and anti-cheat systems** – Dedicated platforms use machine learning to analyze login patterns and in-game behaviour, detecting anomalies like hacking or unauthorized access.
*   **DDoS mitigation services** – Distribution denial-of-service attacks that cause gaming servers to stop working are identified and neutralized by Cloudflare, Akamai Prolexic, and other companies that protect gaming servers so that gamers can continue enjoying online sessions uninterrupted.

With these state-of-the-art tools, gamers will be protected from changing threats, which will protect gaming for the holidays and beyond.

****Stay on the Safe Side****

The holiday season is a wonderful opportunity to connect with your favourite games and communities. While cyber threats do increase during this period, staying informed and adopting secure practices can protect your gaming experience. From using official platforms to enabling two-factor authentication, every step you take helps reduce risks.

Gaming companies are also playing their part by providing services and insights that enhance player safety. By working together and staying alert, gamers can fully embrace the holiday spirit, free from cybersecurity concerns.

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Winos4.0 Malware Targeting Windows via Fake Gaming Apps
5.  Gcore Thwarts 500 Million PPS DDoS Attack on Gaming Company

Secure Gaming During the Holidays

The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?

Source: Marko Aliaksandr via Shutterstock

The quest to create a useful quantum computer reached a significant milestone at the end of 2024 with Google's announcement of its Willow chip. The chip promises reduced noise and fewer errors as the number of qubits grows — a necessary step to advance toward advanced quantum computing. Despite some debate on when these systems will actually become available, experts still advise making plans and migrating to post-quantum technologies.

The shift from today's technology, where adding more qubits adds more noise, to a future where increasing the number of qubits exponentially reduces the amount of noise — an achievement known as "threshold scalability" — conquers a major impediment to quantum computers. Creating a 1,000-qubit quantum computer requires foundational advancements beyond today's noisy intermediate-scale quantum (NISQ) computers to create reliable logical qubits that can be used in easily scaled architectures.

The Google announcement marks "a significant leap forward," says Karl Holmqvist, founder and CEO at Lastwall, an identity services provider focused on quantum resilience.

"Companies should be starting to get concerned about a usable quantum computer now," Holmqvist says. "This is not because there is proof of a cryptographically relevant quantum computer yet. It is because there are active campaigns that are currently taking place to capture encrypted data and store it until there is a system that can break our asymmetric encryption."

Related:Dark Reading Confidential: Quantum Has Landed, So Now What?

The threat posed by quantum computers seems to be becoming more real every day. In addition to Google's Willow chip announcement, Microsoft announced in November that it had reached a 24-qubit milestone with Atom Computing using lasers, while Japanese researchers from the Riken Quantum Computer Research Center announced a "general-purpose" optical quantum computer.

The future implications could be dire. The Hudson Institute, a free-market think tank, warns that quantum computers pose a systemic cyber-risk to financial systems; it published two papers describing risks of disruption to the US financial system and cryptocurrencies.

**Less Than a Decade Away?**

Quantum computing is one of those technologies that many have perennially predicted is only a decade away. Currently, the median estimate among experts is that within 15 years, a quantum computer will be able to break RSA-2048 in 24 hours, according to the "Quantum Threat Timeline Report 2024."

The middle-of-the-road estimate of when quantum computers will pose an encryption threat is less than 15 years. Source: Global Risk Institute

While many experts see the possibility of a useful quantum computer in less than a decade — based on three key areas: hardware progression, error correction, and algorithm development — useful quantum computers still have a long way to go before they become possible. For example, while Google's work on Willow is a major step toward making error correction — mainly a theoretical field before this decade — more achievable in larger quantum computing chips, achieving this step is just the second milestone out of six listed on its quantum computer road map.

Related:Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target

In addition, gauging the risk is difficult, with terms such as "threshold scalability" and "quantum supercomputers" muddying the waters, says Rebecca Krauthamer, co-founder and CEO of QuSecure.

"There's so much complicated vocabulary when it comes to quantum, the thing that people need to look out for is when they start seeing quantum computers beginning to solve problems that they recognize," Krauthamer says. "So whether it's improved battery technology, or route optimization for self-driving cars, or optimized portfolio management, or breaking encryption — that's the time everybody should have already migrated to post-quantum technologies, and not just post-quantum but crypto-agile management of cryptography."

Yet the lack of significant benefits for the private sector could put a damper on development. The Boston Consulting Group, for example, points out that quantum computing programs have had difficulty converting effort into value.

"Quantum computing today provides no tangible advantage over classical computing in either commercial or scientific applications," BCG stated in a July analysis. "Though experts agree that there are clear scientific and commercial problems for which quantum solutions will one day far surpass the classical alternative, the newer technology has yet to demonstrate this advantage at scale."

**Experts Still Urge Preparation**

In addition, the point at which nation-states could use quantum computers to break encryption could be sooner, increasing the risk for some industries. Quantinuum, for example, accelerated its road map for fully fault-tolerant quantum computing to 2030 and warns that quantum secure solutions will likely be necessary before 2035.

"Given where we stand today, the need to complete migration to PQC \[post-quantum computing\] to effectively protect sensitive data needs to be prioritized," says Duncan Jones, head of cybersecurity for Quantinuum.

Quantinuum expects incremental advances in the next few years. That includes improvements in error correction and qubit scaling, continued research into applications such as quantum decryption, and, as a result, greater adoption of PQC technologies, such as post-quantum encryption, quantum key distribution, and quantum random number generation (QRNG), says the company's Jones.

"Organizations implementing quantum-safe strategies today should focus on PQC migration while ensuring their cryptographic foundations are as strong as possible through the use of QRNGs," he says. "This approach provides immediate security benefits while preparing for future quantum-safe technologies."

Google acknowledges that while its error correction breakthrough is significant, there is a difference between theory and practice.

"We still have a long way to go before we reach our goal of building a large-scale, fault-tolerant quantum computer," two members of the Google Quantum AI team stated in a blog post. "The engineering challenge ahead of us is immense."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Quantum Computing Advances in 2024 Put Security In Spotlight

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as detailed by Dr. Jason Clark in "10 Emerging Vulnerabilities Every Enterprise Should Know," a Dark Reading webinar — as they continuously rise and develop in 2025.

**Zero-Day Exploits**

Zero-days and their increase in volume across the cybersecurity landscape is a particularly concerning trend, as there is no patch for these bugs when they're discovered. Attackers are also able to exploit systems using these vulnerabilities undetected, as safeguards have not been put in place by organizations or enterprises yet.

High-profile zero-day vulnerabilities include Log4Shell, tracked as CVE-2021-44228, a critical RCE bug within Log4j's Java Naming and Directory Interface (JNDI). By exploiting the vulnerability, attackers were able to easily take control of vulnerable systems, a considerable threat as Log4j is used in nearly every Java application.

Other vulnerabilities include PrintNightmare and Proxyshell, both remote execution flaws that were exploited quickly and widely, according to Clark.

"The rise in zero-day exploits is partly driven by just more sophisticated threat actors," Clark said in the Dark Reading webinar. "This can include things like nation-states and also using them in targeted attacks."

Chad Graham, cyber incident response team (CIRT) manager at Critical Start, however, believes that advancements with AI will change the landscape in 2025.

"Both attackers and defenders will rely on AI-driven tools to automate the search for hidden software flaws," Graham says. "This shift will likely result in a more dynamic cybersecurity landscape, where continuous innovation and adaptation become the norm."

**Supply Chain Attacks**

Supply chain attacks remain an active threat and tend toward the severe as their impact cascades on to multiple parties: customers, suppliers, and other third parties. Attackers exploit a trusted resource and ultimately gain access to not just one organization, but multiple. These kinds of threats remain concerning as organizations depend more and more on outsourcing services.

The best known example is the SolarWinds breach, which impacted the SolarWinds Orion system, at the hands of a group known as Nobelium. More than 30,000 organizations — including state and federal agencies — used the Orion network management system, resulting in the backdoor malware compromising thousands of data, network, and systems.

Tracked as CVE-2020-10148 with a CVSS score of 9.8, the authentication bypass bug allowed an unauthenticated attacker to execute API commands. The attackers in question were advanced persistent threat (APT) actors who infiltrated into the SolarWinds’ supply chain to insert a backdoor.

"The complexity of modern supply chains makes it challenging to secure all the dependencies," Clark said in the webinar. "This underscores the need for rigorous third-party risk management."

In the year ahead, Dana Simberkoff, chief risk, privacy, and information security officer at AvePoint, believes that there will be a sharpened focus on supply chains and third-party risk management.

"The CrowdStrike incident wasn't just a wake-up call — it was a stark reminder that in our interconnected ecosystem, one weak link can trigger a catastrophic chain reaction," Simberkoff says.

**Remote Work Infrastructure Exploits**

Since 2020 and the COVID-19 pandemic, organizations have leaned into remote and hybrid work offerings, increasing the risk of cybersecurity threats and becoming a significant concern. Attackers focus on vulnerabilities that allow users to engage in remote work such as VPNs, remote desktop protocols (RDPs), and phishing attacks through platforms such as Zoom and Microsoft Teams.

There have been several notable incidents in which VPNs and RDPs were leveraged, allowing threat actors to gain access to enterprise systems and networks. In addition, remote workers are often operating from less secure environments, causing an uptick in phishing attacks as the threat actors try to take advantage of these blind spots.

"The shift to remote work has expanded the overall attack surface, Clark said in the webinar. "Remote workers often need more security controls than those that are working \[onsite\], which can lead to significant vulnerabilities."

Recent examples of vulnerabilities remote and hybrid work vulnerabilities include CVE-2024-38199, a remote code execution vulnerability (RCE) in the Windows or Line Printer Deamon (LPD) Service, and CVE-2024-21433, a Windows Print Spooler elevation of privilege vulnerability.

"Remote work infrastructure will continue to be a prime target for cybercriminals in 2025, with an increase in sophisticated attacks on cloud services, VPNs, and collaboration tools," says Stephen Kowski, field CTO at SlashNext Email Security+. "We'll likely see more AI-powered threats designed to bypass traditional security measures, exploiting vulnerabilities in interconnected devices and home networks."

**Exploitation of AI and Machine Learning Systems**

With the rise of AI and its increasing use amid the public, comes widespread risk of exploitation from attackers. Clark noted of adversarial attacks, data poisoning, and model inversion attacks that are at the forefront of emerging threats for AI and machine learning (ML) systems in particular. 

The nature of some ML systems requires feeding a system information for the best results, the system becoming more familiar with the user over time. When attacks target these systems, it can lead to unauthorized access to sensitive data stored and processed within these tools, as well as incorrect predictions or biased decisions.

"AI models will be key areas of exploitation in 2025," says Rom Carmel, co-founder and CEO at Apono. "As AI and machine learning become integral to identity verification systems, attackers will find ways to poison AI models or bypass them."

AI can also simply be manipulated for malicious ends, as seen when an AI deepfake robocall was created to impersonate US President Joe Biden to encourage individuals not to vote in the New Hampshire's Democratic primary, an event that could have had severe consequences on the US electoral process.

"The threat landscape is evolving with the rapid adoption of AI and ML," Clark said in the webinar. "Attackers increasingly focus on these systems to undermine their reliability and exploit vulnerability."

**Cloud Misconfigurations**

As organizations continue to shift their operations to the cloud, it will continue to emerge as a space for threat actors to thrive, often due to the cloud simply not being set up correctly.

Common examples of threats that circulate within the cloud are publicly accessible S3 buckets, misconfigured security groups in AWS, and exposed databases.

"Cloud misconfigurations can have severe impacts related to data breaches, unauthorized access to critical systems, financial loss, and reputational damage," Clark said. He added that the complexity of these environments is going to increase leading to more frequent configuration errors.

In the past, Amazon and Microsoft cloud environments have exposed customer data, such as viewing habits, names, email addresses, email content, and phone numbers. The leaks aren't due to vulnerabilities but misconfigurations ranging from insecure read-and-write permissions to inaccurate access lists and misconfigured policies.

"To successfully prevent cloud breaches in 2025, companies need to focus on three key areas: visibility, access control, and continuous monitoring," says Jason Soroko, senior fellow at Sectigo. "Cloud environments are dynamic, so your security needs to be dynamic too."

**IoT Device Vulnerabilities**

IoT devices are allowing for emerging threats to thrive, being easy targets for threat actors to exploit, whether it be due to weak default passwords, lack of encryption, or insecure firmware.

Common attacks that IoT devices face are data theft, network breaches, and distributed denial-of-service (DDoS) attacks. A recent example emerged in the Common Unix Printing System (CUPS) for managing printers and print jobs. The series of vulnerabilities, tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177 could allow bad actors to stage DDoS attacks within seconds for less than 1 cent while using an available cloud platform.

"Just the sheer volume of connected devices really exacerbates the threat," Clark noted in the webinar. "Securing these devices becomes really challenging due to their diversity and often limited processing power for adding security features."

And as the use of IoT, OT, and 5G networks continues to rise, organizations will need cyber threat intelligence (CTI) to extend beyond traditional IT environments, says Callie Guenther, senior manager, cyber threat research at Critical Start. "This expansion, which will continue throughout 2025, will add complexity to CTI, requiring more granular insights and specific intelligence data."

**Cryptographic Weaknesses**

According to Clark, cryptographic weaknesses continue to pose a significant threat because these kinds of vulnerabilities undermine the foundation of secure communication and data protection. These weaknesses often manifest in one of two ways: flaws in encryption algorithms, or how the algorithms are implemented.

"The rising threat is kind of compounded by the fact that as computational capability advances, that previously secure crypto standard now becomes increasingly more vulnerable," Clark said in the webinar.

He recommended regularly updating cryptographic libraries, and enforcing strong encryption protocols to avoid exploitation attempts like man-in-the middle attacks, data integrity issues, and the exposed sensitive information.

Just recently, Acros Security discovered a vulnerability, similar to CVE-2024-38030, that enables an attack in which a vulnerable device is coerced into sending NTLM hashes, which is the cryptographic version of a user's password, to a threat actor.

"We have never before required from \[cloud service providers\] such granular and detailed information on the type of encryption in use, but customers (government and non-government customers alike) will require this level of detail to ensure their encryption standards are being met," says Philip George, executive technical strategist at InfoSec Global Federal.

**API Security Gaps**

More organizations are relying on APIs to connect systems; however, these APIs are at risk when they have flaws in the design or the implementation of the APIs. Attackers are able to breach systems through unauthorized access, allowing them to manipulate certain restricted actions.

A notable example of this is the exposure of user data through Facebook’s API, though these flaws are also abundant in other sectors such as healthcare or financial services. 

Gaps in API security ultimately serve as a launchpad, often for data breaches which can lead to the loss of sensitive information, unauthorized transactions, reputational damage, and significant financial loss.

"The threat is escalating as API is becoming more prevalent, increasing the number of potential attack surfaces," Clark said. "To mitigate these risks, it's essential to secure your API endpoints, enforce robust authentication mechanisms, and regularly update and audit API access."

A Docusign API was recently used in a wide-scale phishing campaign due to its "API-friendly environment," which is beneficial for businesses but also provides a way for bad actors to conduct malicious operations. The flaw could ultimately could have led to instances of fraud, though there are ways for users to avoid and detect such API abuse.

In the coming year, the cyber landscape will continue to evolve, API being in the forefront of these changes.

"We anticipate a rise in sophisticated API attacks using automation, artificial intelligence, and advanced evasion techniques to exploit vulnerabilities and bypass traditional security measures," says Eric Schwake, director of cybersecurity strategy at Salt Security. "One significant risk will stem from the exploitation of API misconfigurations, which often occur due to the fast pace of development and deployment. This situation will challenge organizations to adopt a more proactive and comprehensive approach to API security."

**Ransomware Evolution**

"We could do a whole webinar on ransomware," Clark said in the webinar, which raises the question: Can ransomware even be considered an emerging threat? 

The answer is yes, though ransomware attacks have become one of the most disruptive and costly cyberattacks out there largely due to their rapid evolution.

One of the most notable ransomware attacks occurred on Colonial Pipeline, which shut down its entire operations for the first time, leading to fuel shortages and four states on the East Coast declaring a state of emergency. The ransomware attack prompted action from national security and the executive branch and forced a reevaluation of the nation's critical infrastructure security.

Threat actors know they can win big when demanding ransoms from organizations, such as those in the healthcare sector, which will pay these high prices in order to help patients in need.

"As these attacks are becoming more targeted and, frankly, aggressive, it's crucial to start to implement backup strategies that are robust, strengthen your overall incident response plans, and continuously educate your employees on recognizing and avoiding things like phishing attempts that can often serve as an entry point for ransomware," Clark said in the webinar.

Backups may not always be an option, according to Brandon Williams, chief technology officer at Conversant Group.

"Some threat actors have moved to deleting data as part of their normal motions," he says. "If this gains traction in 2025, organizations will not have a method to recover by simply paying a ransom and hoping to get a working decryption tool. The only method of recovery will be backups; however, data shows that backups do not typically survive these breaches."

**5G Network Vulnerabilities**

5G networks are being rapidly deployed, and with them come threat actors' awareness and exploitation of its vulnerabilities. Attackers are increasingly able to target 5G infrastructure with ease, and these open the door for even bigger threats such as large-scale DDoS attacks, unauthorized data access, and disruption of our critical services.

"As we consider the rising threat, the global rollout of 5G brings an increasing number of connected devices," Clark said in the webinar. "The rising number amplifies their attack risk, particularly given their reliance on cloud-native infrastructures."

At Black Hat 2024 in Las Vegas, seven Penn State University researchers detailed how mobile devices are at risk of data theft and denial of service due to 5G technology vulnerabilities. Threat actors use these resources simply by providing someone with an Internet connection, allowing easy access to spying, phishing, and more. 

"Vulnerabilities such as lack of initial broadcast message authentication, spectrum slicing, silent downgrade, and unsecured DNS paging currently affect 5G networks," says Mayuresh Dani, manager, security research, at Qualys Threat Research Unit. "In the year to come, these will continue affecting 5G networks and vulnerabilities in unsecured base stations will multiply snooping attacks."

Emerging Threats &amp; Vulnerabilities to Prepare for in 2025

From Chinese cyberspies breaching US telecoms to ruthless ransomware gangs disrupting health care for millions of people, 2024 saw some of the worst hacks, breaches, and data leaks ever.

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—the malicious rampages had very real consequences for people's privacy, safety, and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complicated—and potentially explosive—year in cyberspace. But first, here's WIRED's look back on this year's worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert, and stay safe out there.

**China's Salt Typhoon Telecom Breaches**

Espionage operations are a fact of life, and relentless Chinese campaigns have been a constant in cyberspace for years now. But the China-linked espionage group Salt Typhoon carried out a particularly noteworthy operation this year, infiltrating a slew of US telecoms including Verizon and AT&T (plus others around the world) for months. And US officials told reporters earlier this month that many victim companies are still actively attempting to remove the hackers from their networks.

The attackers surveilled a small group of people—less than 150 by current count—but they include individuals who were already subject to US wiretap orders as well as state department officials and members of both the Trump and Harris presidential campaigns. Additionally, texts and calls from other people who interacted with the Salt Typhoon targets were inherently also caught up in the espionage scheme.

**Snowflake Customer Breaches**

Throughout the summer, attackers were on a tear, breaching prominent companies and organizations that were all customers of the cloud data storage company Snowflake. The spree barely qualifies as hacking, since cybercriminals were simply using stolen passwords to log in to Snowflake accounts that didn't have two-factor authentication turned on. The end result, though, was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another prominent victim, the telecom giant AT&T, said in July that “nearly all” records relating to its customers' calls and texts from a seven-month stretch in 2022 were stolen in a Snowflake-related intrusion. The security firm Mandiant, which is owned by Google, said in June that the rampage impacted roughly 165 victims.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all of their users. In November, suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for allegedly leading the hacking spree. He was indicted by the US Department of Justice for the Snowflake tear and faces extradition to the US. John Erin Binns, who was arrested in Turkey for an indictment related to a 2021 breach of the telecom T-Mobile, was also indicted on charges related to the Snowflake customer breaches.

**Change Healthcare Ransomware Attack**

At the end of February, the medical billing and insurance processing company Change Healthcare was hit with a ransomware attack that caused disruptions at hospitals, doctor's offices, pharmacies, and other health care facilities around the US. The attack is one of the all-time largest breaches of medical data, impacting more than 100 million people. The company, which is owned by UnitedHealth, is a dominant medical billing processor in the US. It said days after the attack started that it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the assault.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions, and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat at the beginning of March in an attempt to contain the situation. The payment seemingly emboldened attackers to hit health care targets at an even greater rate than usual. With ongoing, rolling notifications to more than 100 million victims—with more still being discovered—lawsuits and other blowback has been mounting. This month, for example, the state of Nebraska sued Change Healthcare, alleging that “failures to implement basic security protections” made the attack much worse than it should have been.

**Russia's Midnight Blizzard Hit Microsoft**

Microsoft said in January that it had been breached by Russia's “Midnight Blizzard” hackers in an incident that compromised company executives' email accounts. The group is tied to the Kremlin's SVR foreign intelligence agency and is specifically linked to SVR's APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft's research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

**National Public Data**

The background check company National Public Data suffered a breach in December 2023, and data from the incident started showing up for sale on cybercriminal forums in April 2024. Different configurations of the data cropped up again and again over the summer, culminating in public confirmation of the breach by the company in August. The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Since National Public Data didn't confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Though the breach was significant, the true number of impacted individuals seems to be, mercifully, much lower. The company reported in a filing to officials in Maine that the breach affected 1.3 million people. In October, National Public Data's parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach as well as a number of lawsuits that the company is facing over the incident.

**Honorable Mention: North Korean Cryptocurrency Theft**

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

The Worst Hacks of 2024

Thousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization

****SUMMARY****

*   **30,000 Public Workspaces Exposed:** CloudSEK identifies massive data leaks from Postman workspaces.

*   **Sensitive Data at Risk:** Leaks include API keys, tokens, and administrator credentials.

*   **Major Platforms Affected:** GitHub, Slack, and Salesforce among the impacted services.

*   **Key Causes:** Misconfigured access, plaintext storage, and public sharing of collections.

*   **Mitigation Steps:** Use environment variables, rotate tokens, and adopt secret management tools.

On December 23, 2024, CloudSEK’s TRIAD team identified critical security vulnerabilities and risks from the misuse of **Postman Workspaces**, a popular cloud-based API development and testing platform.

In their year-long investigation, researchers found over 30,000 publicly accessible workspaces leaking sensitive information about third-party APIs, including access tokens, refresh tokens, and third-party API keys, posing severe risks to businesses and individuals alike.

Via CloudSec

According to the company’s **report** shared with Hackread.com, leaked data spanned organizations across various industries, from small businesses to large enterprises, impacting major platforms like **GitHub**, **Slack**, and **Salesforce**. Critical sectors affected included healthcare, athletic apparel, and financial services, exposing organizations to numerous threats and security risks.

Researchers noted that common practices leading to these data leaks include inadvertent sharing of Postman collections, misconfigured access controls, syncing with publicly accessible repositories, and storing sensitive data in plaintext without encryption.

These vulnerabilities can lead to severe consequences. The leaked data, which included administrator credentials, payment processing **API keys**, and access to internal systems, can lead to financial and reputational damage for the affected organizations. 

Sensitive data exposure within Postman can have significant consequences for both individual developers and entire organizations. Reportedly, top API services like api.github.com, slack.com, and hooks.slack.com have the most exposed secrets. High-profile services like Salesforce.com, login.microsoftonline.com, and graph.facebook.com have also been exposed.  

Leaked Credentials of ZenDesk and leaked Razorpay API key (Via CloudSec)

A leaked API key or access token can provide attackers with direct access to critical systems and data, potentially leading to data breaches, unauthorized system access, and increased phishing and social engineering attacks.

Postman often stores sensitive information like API keys, secrets, and PII for authentication and communication with APIs. To ensure data safety, organizations should use environment variables wisely, limit permissions, avoid long-lived tokens, use external secrets management, and double-check before sharing any collection or environment. 

**CloudSEK** responsibly reported most identified incidents to affected organizations, helping mitigate risks. To prevent such exposures, CloudSEK urges organizations to adopt more reliable security measures, such as using environment variables to avoid hardcoding sensitive data, limiting permissions, rotating tokens frequently, leveraging secrets management tools, and double-checking collections before sharing.

Moreover, Postman has **implemented** a secret-protection policy to prevent sensitive data from being exposed in public workspaces following the disclosure of these findings. The policy alerts users if secrets are detected, offers resolutions, and facilitates transitions to private or team workspaces.

**“**Starting this month, we are removing public workspaces with known exposed secrets from the Public API Network. As we roll out this policy change, owners of public workspaces containing secrets will be notified and have the opportunity to remove their exposed secrets before that workspace is removed from the network,” the company noted.

1.  **The Most Common API Vulnerabilities**
2.  **OwnCloud “graphapi” App Flaw Exposes Sensitive Data**
3.  **Urlscan.io API Inadvertently Leaked Sensitive Data and URLs**
4.  **Automotive Industry Exposed to Have Major API Vulnerabilities**
5.  **Millions impacted as payment API flaws exposed transaction keys**

Postman Workspaces Leak 30000 API Keys and Sensitive Tokens

Plus: Google’s U-turn on creepy “fingerprint” tracking, the LockBit ransomware gang’s teased comeback, and a potential US ban on the most popular routers in America.

It’s been a busy year in cybersecurity, but it’s not over yet. This week, we revealed how hackers figured out how to “jailbreak” digital license plates—which are legally issued in at least a couple of states and are valid across the US—allowing them to change the license plate number to basically anything. That means someone with this capability can avoid tolls and tickets, or even change their plate to be the same as their enemy.

While the company that makes the plates, Reviver, makes clear that doing this would be both illegal and a terms-of-service violation, we’re guessing that the people who want to hide their car’s credentials so they can speed all over town aren’t too concerned about that.

Staff at the Cybersecurity and Infrastructure Security Agency are preparing for an uncertain future. Several CISA employees told WIRED that they’re afraid the incoming Trump administration will scrap key programs that they say are keeping Americans safe from cyberattacks and other threats—or that the agency itself could be dismantled.

In recent years, financial scams that involve bilking people out of their cryptocurrency holdings have come to be known by an eye-catching, catch-all name: “pig butchering.” But it’s time for a rebrand, according to officials at Interpol. The term, which is a translation from Chinese and refers to the slow process of fattening up a pig before slaughtering it, was likely created by the scammers themselves. As such, its use could further degrade victims of these scams or shame them into not reporting a crime.

Doing crimes in public is, apparently, all the rage. We took a deep dive into the world of drug dealers who are advertising their goods on open web platforms like Instagram, X, and Snapchat. The practice isn’t new, but authorities in Europe say it’s growing more popular.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**FAA Bans Drones Over Parts of NJ and NY but “Has Not Identified Anything Anomalous”**

The US Federal Aviation Administration said on Thursday that it was temporarily banning drone flights over dozens of critical infrastructure and utility sites in New Jersey and New York “at the request of federal security partners.” The restrictions are set to last 30 days. The announcement comes as panic over reported mysterious drone sightings in the two states has surged in recent weeks. The FAA said in a joint statement with the US Department of Homeland Security, Department of Defense, and FBI on Wednesday that the US government has not found evidence of malicious or unexplained aircraft.

"Having closely examined the technical data and tips from concerned citizens, we assess that the sightings to date include a combination of lawful commercial drones, hobbyist drones, and law enforcement drones, as well as manned fixed-wing aircraft, helicopters, and stars mistakenly reported as drones,” the agencies wrote. "We have not identified anything anomalous and do not assess the activity to date to present a national security or public safety risk over the civilian airspace in New Jersey or other states in the northeast.”

The agencies said that the FBI has received more than 5,000 tips about reported drone sightings in recent weeks that have generated about 100 leads investigated by local, state, and federal officials. None have proved to be problematic or concerning. The mass hysteria is itself creating dangerous conditions, though. The FAA warned on Wednesday that there has been a significant uptick in people pointing lasers at aircraft, which is illegal because it can be dangerous and distracting for pilots.

**Google U-Turn Allows Creepy “Fingerprint” Tracking Next Year**

Back in 2019, Google made its position on the online tracking method called fingerprinting pretty clear. “Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected,” the company said in a blog post. “We think this subverts user choice and is wrong.”

That viewpoint appears to have changed. This week, Google announced that, starting in February 2025, advertisers would be allowed to use fingerprinting. The method is largely hidden and allows online activity to be tracked by building up a profile using characteristics from your device—for instance, your phone type, language settings, timezone, can be combined with other information unique to your setup and identify you.

Google indicated the change in new advertising policies, which will go into force next year. The current version of the policy says fingerprinting is not allowed, while that reference has been scrubbed from the new version. The change drew instant criticism, with the UK’s data regulator, the Information Commissioner’s Office (ICO), saying that “fingerprinting is not a fair means of tracking users online” and it called the U-turn “irresponsible.” The ICO said it is talking to Google about the shift.

**LockBit Teases Potential Comeback as Alleged Developer Faces US Extradition**

Early this year, the notorious Lockbit ransomware group was thoroughly dismantled by a law enforcement operation, called Operation Cronos. The group’s website was taken over, details of its members and their cyberattacks extracted, decryption tools released, and its alleged Russian mastermind identified.

Now, the US government is attempting to extradite Rostislav Panev, an Israeli citizen who it suggested worked as a LockBit developer between 2019 and 2024. According to Ynet news, Panev was arrested in August and it is alleged that he received more than $230,000 in Bitcoin and developed ransomware tools from the gang. According to a complaint unsealed by US officials, Panev said he was regularly paid $10,000 per month for software development. Panev’s lawyers deny the claims.

At the same time, the organizers of the LockBit ransomware claim that they have created a new “4.0” version of their tools and will be “launching” them in February. A post on LockBit’s reincarnated dark-web sites urged potential hackers to sign up. As with many cybercrime groups, LockBit has lied about its activities in the past, and following the humiliation of its disruption, many other cybercriminals may not trust its tattered brand.

**One of America’s Most Popular Router Manufacturers May Be Banned**

Chinese technology company and router maker TP-Link could be banned in the US, a report from The Wall Street Journal this week claimed. Officials at the Defense, Commerce, and Justice departments have launched investigations into the company over potential cybersecurity and national security concerns around its routers. The Commerce Department has reportedly subpoenaed TP-Link, which has more than 60 percent of the US retail market for routers. A ban could reportedly happen next year.

While TP-Link is a Chinese company, its products are sold in the US by a separate California-based business. In October, Microsoft said that TP-Link routers “make up most” of a network of compromised devices that it has detected being used in Chinese hacking campaigns. The news of the potential ban follows the previous bans of Huawei and ZTE equipment and comes as TikTok will challenge its ban before the US Supreme Court in early January.

Mystery Drone Sightings Lead to FAA Ban Despite No Detected Threats

This Tech Tip outlines what enterprise defenders need to do to protect their enterprise environment from the new NTLM vulnerability.

Roy Akerman, VP of Identity Security Strategy, Silverfort

December 20, 2024

4 Min Read

Source: Supapixx via Alamy Stock Photo

A new zero-day vulnerability in NTLM discovered by researchers at 0patch allows attackers to steal NTLM credentials by having a user view a specially crafted malicious file in Windows Explorer — no need for the user to open the file. These password hashes can be used for authentication relay attacks or for dictionary attacks on the password, both for identity takeover.

NTLM refers to a suite of old authentication protocols from Microsoft that provide authentication, integrity, and confidentiality to users. While NTLM was officially deprecated as of June, our research shows that 64% of Active Directory user accounts regularly authenticate with NTLM — evidence that NTLM is still widely used despite its known weaknesses.

The flaw is exploitable even in environments using NTLM v2, making it a significant risk to enterprises that have not yet moved to Kerberos and are still relying on NTLM. Considering Microsoft may not patch this issue for a while, enterprise defenders should take steps to mitigate the vulnerability in their environments. This Tech Tip outlines how dynamic access policies, a few hardening steps, and multifactor authentication (MFA) can help limit attempts to exploit this vulnerability. Upgrading the protocol, where possible, could eliminate the issue completely.

**What Is the NTLM Vulnerability?**

When a user views a malicious file in Windows Explorer — whether by navigating to a shared folder, inserting a USB drive containing the malicious file, or just viewing a file in the Downloads folder that was automatically downloaded from a malicious Web page — an outbound NTLM connection is triggered. This causes Windows to automatically send NTLM hashes of the currently logged-in user to a remote attacker-controlled share.

These NTLM hashes can then be intercepted and used for authentication relay attacks or even dictionary attacks, granting attackers unauthorized access to sensitive systems. Attackers can also potentially use the exposed passwords to access the organization's software-as-a-service (SaaS) environment due to the high rates of synced users.

The issue impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022.

The fundamental problem with NTLM lies in its outdated protocol design. NTLM transmits password hashes instead of verifying plaintext passwords, making it vulnerable to interception and exploitation. Even with NTLM v2, which uses stronger encryption, the hashes can still be captured and relayed by attackers. NTLM's reliance on weak cryptographic practices and lack of protection against relay attacks are key weaknesses that make it highly exploitable. Moreover, NTLM authentication does not support modern security features, such as MFA, leaving systems open to a variety of credential theft techniques, such as pass-the-hash and hash relaying.

**What Defenders Need to Do**

To mitigate this vulnerability, Microsoft has updated previous guidance on how to enable Extended Protection for Authentication (EPA) on LDAP, Active Directory Certificate Services (AD CS), and Exchange Server. On Windows Server 2022 and 2019, administrators can manually enable EPA for AD CS and channel binding for LDAP. There are scripts provided by Microsoft to activate EPA manually on Exchange Server 2016. Where possible, update to the latest Windows Server 2025 as it ships with EPA and channel binding enabled by default for both AD CS and LDAP.

Some organizations may still be dependent on NTLM due to legacy systems. Those teams should consider additional authentication layers, such as dynamic risk-based policies, for protecting existing NTLM legacy systems against exploitations.

Harden LDAP configurations. Configure LDAP to enforce channel binding and monitor for legacy clients that may not support these settings.

Check impact on SaaS. If you are unsure whether there are applications or clients in your environment that rely on NTLMv2, you can use Group Policy to enable the Network Security: Restrict NTLM: Audit incoming NTLM traffic policy setting. This will not block NTLMv2 traffic but will log all attempts to authenticate using NTLMv2 in the Operations Log. By analyzing these logs, you can identify which client applications, servers, or services still rely on NTLMv2, so you can make targeted adjustments or updates.

Using Group Policy to limit or disable NTLM authentication via the Network Security: Restrict NTLM setting will reduce the risk of fallback scenarios where NTLM is unintentionally used.

Monitor SMB traffic. Enabling SMB signing and encryption can help prevent attackers from impersonating legitimate servers and triggering NTLM authentication. Blocking outbound SMB traffic to untrusted networks will also reduce the risk of NTLM credential leakage to rogue servers. Implement network monitoring and alerting for unusual SMB traffic patterns, particularly outbound requests to unknown or untrusted IP addresses.

Leave NTLM behind. NTLM has been deprecated. Administrators should audit NTLM usage to identify which systems still rely on NTLM. Organizations should prioritize transitioning those systems away from NTLM to more modern authentication protocols, such as Kerberos. Once a more modern protocol is in place, implement MFA to add an additional layer of protection.

Taking these steps will help organizations address the fundamental flaws in NTLM and improve their security posture.

**About the Author**

VP of Identity Security Strategy, Silverfort, Silverfort

Roy Akerman is the VP of Identity Security Strategy at Silverfort and former co-founder and CEO of Rezonate. Prior to Rezonate, Roy served as VP of Product and Innovation at Cybereason, responsible for growing 3 new business lines on cloud security, mobile defense, and XDR. Roy is leading product incubations and new business initiatives, fusing the practices of advanced Technology, Psychology, and Business in forming new disruptive products and anti-disciplinary innovation teams. Akerman is blending business and innovation practices acquired in his MIT and business journey with problem-solving and tech approaches based on his Government and Military experience. Roy has 20 years of experience in Cybersecurity, as one of the senior leaders and founders of NISA - the Israeli Equivalent to the NSA/Cyber Command, retired as the chief of global cyber operations. In this role, Roy and his teams ran global counter-cyber defense operations for Israel’s Cyber Defense, built cutting-edge cyber security tech. They established partnerships and alliances with numerous states and business partners.

Tag

#microsoft