Bi-weekly Cyber Landscape Reviews - March 25th 2025

Ransomware/Malware  

Report shows rise in ransomware activity  

A new report analyzing data from ransomware leak sites, shows that more organizations were targeted by ransomware groups using familiar tactics like exploiting weak VPN credentials and bypassing multi-factor authentication (MFA). The importance of businesses adopting strong cybersecurity practices, such as MFA, and continues to assist policyholders through pre-breach services, real-time monitoring, and 24/7 access to specialists. 

 
BlackLock Hacked 

Security researchers from Resecurity successfully exploited a vulnerability in the BlackLock ransomware group's dark web site, uncovering critical information about their operations and victims. By accessing the group's data leak site, researchers gathered details on planned attacks, victim identities, and the ransomware group's infrastructure. They alerted potential targets in advance, preventing further data leaks. The breach exposed operational failures within BlackLock, including exposed credentials and a history of data leaks. Researchers also discovered links between BlackLock and rival DragonForce, suggesting possible internal conflicts or a takeover. This hack has severely damaged BlackLock’s reputation and operational capabilities. 

RedCurl Moves to Ransomware 

RedCurl, a Russian-speaking hacking group previously known for corporate espionage, has shifted its tactics by deploying ransomware for the first time. The group, active since 2018, is now using a newly discovered ransomware strain called QWCrypt in attacks targeting organizations. This move marks a significant departure from their traditional espionage methods, which involved stealing sensitive data. In the latest attack, RedCurl used a multi-stage infection process, including spear-phishing emails with fake CVs and exploiting vulnerabilities to gain access. The ransomware targets virtual machines, crippling infrastructure and potentially disrupting all hosted services. The use of existing ransom notes and lack of a dedicated leak site raises questions about the group's true intentions behind this new approach. 

Cyberattack/Data Breach  

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities 

GreyNoise has issued a warning about a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities, with at least 400 IPs actively exploiting multiple SSRF CVEs across platforms since March 9, 2025. The attacks have targeted countries including the United States, Germany, Singapore, India, Lithuania, Japan, and Israel. The attacks suggest structured exploitation or pre-compromise intelligence gathering, with attackers likely using automation. Users are advised to apply patches, limit outbound connections, and monitor suspicious activity. 

New Research in Vehicle Charging Systems Cyber Attacks   

As electric vehicle (EV) adoption increases, cybersecurity threats targeting electric vehicle supply equipment (EVSE) and the broader EV ecosystem have become a growing concern. This research explores the use of a remaining useful life (RUL) approach to predict the impact of cyber attacks on EVSE, utilizing a generative adversarial network (GAN) to enhance cybersecurity strategies. The study aims to proactively identify potential attacks, reducing both economic and reputational damage. It tests the effectiveness of this approach against various attack scenarios, including network and host attacks on EV chargers in different states, using deep learning models such as GRUs, LSTMs, RNNs, CNNs, and MLPs. The results show that the GAN-GRU model provides the highest accuracy, while the GAN-CNN model offers the best performance in terms of error consistency. Overall, integrating GAN into these models improves predictive accuracy and helps detect cyber threats in advance, minimizing error rates. 

Phishing/Scams 

FBI Warns iPhone, Android Users of “Smishing” Texts 

The FBI has issued a warning about a growing wave of "smishing" scams targeting iPhone and Android users. These attacks involve fraudulent text messages designed to steal personal and financial information, often by tricking recipients into clicking malicious links. Initially focused on fake toll payment notifications, the scam has expanded to include fake delivery alerts. Cybercriminals have registered over 10,000 domains to facilitate these attacks, and many of the fraudulent links redirect to foreign websites. The FBI advises users to delete suspicious messages immediately, avoid clicking on links, and verify any claims through official channels. The Federal Trade Commission also urges vigilance and reporting of such scams to prevent financial and identity theft. 

Artificial Intelligence  

High School Students Use AI-Based Software to Curb Breaches  

High school students at Pattonville High School developed an AI-powered app called "Ducky" to combat cybersecurity breaches. The app includes features like detecting phishing emails, fact-checking social media posts and articles, and offering an AI chatbot to enhance students' cybersecurity knowledge. This innovative tool earned the team a $10,000 prize at the World Wide Technology Tech Student Forum. The project highlights how AI is increasingly shaping the way students and teachers engage with cybersecurity, while also addressing the growing need for digital literacy and protection against cyber threats in schools. 

AI Cyber Threats on the Rise 

A recent report highlights the increasing threat of AI-driven cyberattacks in New Zealand, with 28% of businesses identifying it as a top concern. Despite this, AI-related breaches account for only 6% of reported incidents. The report underscores the rise of sophisticated email phishing attacks facilitated by AI, which has lowered the barriers for cybercriminals. Additionally, shadow AI, where employees use unsanctioned AI tools, has emerged as a significant risk. While AI can enhance cybersecurity through better threat detection, the report stresses that many businesses remain unprepared, with gaps in essential cybersecurity practices like penetration testing and employee training. To mitigate these risks, businesses are urged to adopt a strategic, proactive cybersecurity approach, with a focus on AI risks and robust identity management.