Cybersecurity News
Record $16B Lost to Cybercrime in the US, FBI Report Reveals
The FBI has released its annual Internet Crime Complaint Center (IC3) report, revealing that the United States lost over $16 billion to cybercrime in 2024, Cybernews reported. That’s a staggering 33% increase from the previous year.
According to the FBI report, most victims were targeted through phishing, extortion, and data breaches. Once victims were targeted, cybercriminals primarily used investment fraud schemes, compromised business email addresses, and fake tech support scams to exploit them financially.
Call center scams generated the highest losses at $1.9 billion, with “grandparent scams” emerging as a troubling trend. These schemes involve criminals impersonating family members to request money from victims.
California suffered the most significant financial impact with $2.5 billion in losses, followed by Texas ($1.3 billion) and Florida ($1 billion). The most vulnerable demographic continues to be adults over 60, who reported nearly $5 billion in losses. That’s significantly more than the $22.5 million reported by those under 20.
This information is pertinent to organizations, as human errors like clicking on a malicious link or providing sensitive information to scammers can compromise a company’s network.
DoJ Data Security Program Takes Effect, Restricting International Data Sharing
The Department of Justice’s Data Security Program (DSP) went into effect on April 8th with limited enforcement for the first 90 days. Designed to block nation-state adversaries from accessing US government data, the program outlines restrictions and regulations preventing foreign adversaries from using commercial activities to obtain sensitive US government-related data, including geolocation, biometric, health, and financial information.
According to a report by DarkReading, the program presents data-sharing challenges for companies, but it also provides them with government-approved draft language that they can build into vendor agreements.
Organizations are now prohibited from engaging in “covered data transactions” with “countries of concern.” These include China, Russia, Iran, North Korea, Cuba, and Venezuela. This compliance challenge extends throughout the supply chain, so businesses must evaluate vendors and engage in third-party risk management to determine if those outside the organization are sharing data with covered entities.
The program was developed in response to the “urgent threat” posed by AI and large language models that can process massive amounts of sensitive data. Cybersecurity experts warn that these capabilities could potentially enable foreign adversaries to commit espionage, conduct surveillance, or develop military capabilities.
Citing one cybersecurity expert, the report provides the following guidance for companies: “Organizations should examine their holdings, how they can monitor and track data transfers, and understand who they’re [sic] third parties are.”
Consequences for non-compliance go “beyond fines,” presenting reputational and operational risks to companies.
Ransomware Attacks Double in Q1 2025, Fortune 500 Companies Targeted
Ransomware attacks have seen a dramatic surge in the first quarter of 2025, with 2,028 known victims, Cybernews reported. That’s more than double the 1,005 attacks recorded in Q1 2024.
Despite international crackdowns and high-profile arrests, ransomware operations are becoming smarter, faster, and more aggressive. The number of active ransomware gangs has increased to 65 groups, up from 47 in the same period last year, with 14 new or rebranded groups emerging.
Cl0p, the Russian-linked gang known for the MOVEit and Fortra GoAnywhere hacks, has claimed the most victims (360). This gang has displaced LockBit, which fell from 219 attacks in Q1 2024 to just 23 this quarter.
Cybercriminals have shown particular attention to the manufacturing and retail sectors. Fortune 500 companies are increasingly in the crosshairs of these sophisticated attacks.
According to the report, these were the biggest ransomware targets in Q1 2025:
- Sam’s Club – $84.3 billion
- HCA Healthcare – $69.6 billion
- Pinduoduo – $53.955 billion
- HP – $53.3 billion
- Nippon Steel – $59 billion
- Sodexo – $26.14 billion
- Leonardo – $18.45 billion
- Assa Abloy – $13.35 billion
- MinebeaMitsumi – $9.81 billion
- Marelli – $105.69 million
Cybersecurity Tips
The Hacker News Breaks Down 5 Cybersecurity Vulnerabilities You Shouldn’t Overlook
In a recent article, The Hacker News explores how seemingly minor vulnerabilities can rapidly escalate into major cybersecurity incidents when exploited by skilled attackers. The piece highlights five real-world vulnerabilities.
1. Stealing AWS Credentials with SSRF
A home-moving app running on AWS was vulnerable to Server-Side Request Forgery (SSRF). Attackers exploited the app’s webhook functionality to redirect requests to AWS’s metadata service, exposing sensitive AWS credentials.
With these credentials, attackers could enumerate permissions and attempt further cloud environment compromise. Enforcing IMDSv2, a best practice for AWS metadata service access, could have prevented the breach.
2. From Exposed .git Repo to Full Database Access
An unintentionally exposed .git repository belonging to a public web app allowed attackers to review source code and discover an authentication bypass. This type of repository keeps track of changes made to files in a project, creating a history. The exposure led to access to a management tool and, subsequently, a blind SQL injection vulnerability.
Exploiting this flaw granted access to a university’s sensitive database, showing how small misconfigurations can escalate into significant data exposure risks.
3. Remote Code Execution via ExifTool
A document signing application used ExifTool, a utility with a history of critical vulnerabilities. Attackers uploaded a malicious PDF exploiting CVE-2021-22204, achieving remote command execution as the www-data user.
This foothold could be leveraged to escalate privileges and move laterally across the network, potentially causing widespread damage.
4. Site-Wide Account Takeover from Self-XSS and Cache Poisoning
An auction application contained a self-XSS vulnerability. This was initially considered low risk because attackers could not force victims to send malicious headers.
However, this could be combined with a cache-poisoning flaw, in which invalid entries are placed into a cache and later assumed to be valid, then used. This way, attackers could serve persistent XSS payloads to all users, enabling site-wide account hijacking-including admin accounts.
5. Sensitive Data Exposure Through IDOR
APIs in several applications were vulnerable to Insecure Direct Object Reference (IDOR). Attackers could simply modify identifiers in API requests to access or manipulate data belonging to other users, such as user profiles, CVs, or order information.
This highlights how basic authorization flaws can lead to large-scale data breaches.
No Vulnerability is “Low Risk”
If overlooked, vulnerabilities like these can provide attackers with a foothold, which can lead to a severe breach. Regular, comprehensive cybersecurity assessments and adherence to best practices are essential to mitigate such risks.
Thanks for Reading
That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.
