Breach Breakdown - April 2025

Introducing Episode 18 of our expertly crafted series on data breaches, cyber-attacks, and more. Breach Breakdown is your go-to source for recapping incidents and staying up-to-date on the latest solutions. April saw its fair share of reported cases, with with breaches highlighting critical vulnerabilities affecting UK infrastructure and professional services:

£100,000 Daily Fines: UK's CSR Bill Targets Cyber Vulnerabilities

The UK government has revealed its Cyber Security and Resilience (CSR) Bill, introducing daily fines of £100,000 (or 10% of turnover) for organisations failing to address critical cyber threats. The bill expands regulations to include MSPs and datacenters, mandating incident reporting to regulators and the NCSC within 24 hours, followed by full reports within 72 hours. This framework is stricter than EU and US standards. The government aims to adapt regulations quickly to evolving threats, ensuring critical services remain resilient. Businesses must prioritise proactive security, employee training, and utilise NCSC resources for compliance.

Black Basta's BRUTED: Automating VPN Brute-Force Attacks

The Black Basta ransomware group has developed ‘BRUTED,’ an automated framework to brute-force edge networking devices like VPNs and firewalls. This allows them to streamline network access and scale ransomware attacks. Discovered through leaked chat logs by EclecticIQ, BRUTED has been in use since 2023, targeting products like SonicWall NetExtender, Palo Alto GlobalProtect, and Cisco AnyConnect. The framework identifies targets by enumerating subdomains and resolving IP addresses, then launches credential-stuffing attacks using password lists and generated guesses. To evade detection, BRUTED uses SOCKS5 proxies and Russian-based servers. Defences include strong passwords, MFA, monitoring for unusual login attempts, and applying the latest security updates.

FBI Warns of Online File Converter Scam

The FBI Denver is alerting the public to a scam involving free online document converters that load malware onto computers, leading to ransomware and data theft. These tools, advertised for converting or combining files, can scrape personal information, banking details, and passwords. Victims often don’t realise they’re infected until it’s too late. The FBI recommends caution when using online converters, keeping antivirus software updated, and taking immediate action to protect finances and identity if victimised.

Software Provider Fined £3M After 2022 Ransomware Attack

The ICO has fined Advanced Computer Software Group Ltd £3.07 million for failing to implement adequate security measures, such as multi-factor authentication, before a 2022 ransomware attack. The attack compromised the personal data of 79,404 individuals, including sensitive information like home entry details for care recipients. The ICO found gaps in MFA deployment, vulnerability scanning, and patch management. Advanced acknowledged the regulator’s decision and agreed to pay the reduced fine without appeal. The ICO emphasises the need for organisations to prioritise robust security measures to protect personal information.

Holiday Fraud Alert: Victims Lose Over £11 Million

New data reveals that holidaymakers lost over £11 million to fraud in 2024, with scammers luring victims with enticing deals online. Action Fraud is urging the public to be extra cautious when booking holidays, especially on social media. To avoid falling victim, research travel companies thoroughly, look for ABTA, ABTOT, or ATOL logos, and pay with a credit card for added protection. Be wary of suspicious links and unbelievably low prices. If you’ve been a victim of holiday fraud, report it to Action Fraud immediately and notify your bank. Stay vigilant and protect your dream vacation from fraudsters.

NCSC Urges Action on Next.js Vulnerability

A vulnerability has been identified affecting the Next.js web development framework. This vulnerability could allow attackers to compromise websites built using Next.js, potentially leading to data theft and other malicious activities. Website owners using Next.js should take immediate action to mitigate the risk. It is recommended to update to the latest version of Next.js and apply any available patches. Businesses should conduct thorough security audits of their Next.js applications and monitor for suspicious activity. Staying informed and proactive is crucial to defending against evolving web-based threats.