Friday 21st February 2025

Good morning, a very happy Friday to you all and thank you for joining me for the latest edition of Cyber Daily. In today’s edition, Microsoft is forcing IT teams into the cloud, a new ransomware strain is creeping through European hospitals, and Chinese hackers just pulled off a telecom heist so massive, the FBI is calling it “indiscriminate.”

Enjoy the read!

NailaoLocker: A New Ransomware Threat in Europe’s Healthcare Sector

A fresh ransomware strain, NailaoLocker, has been spotted targeting European healthcare organisations, with attacks running from June to October 2024. Hackers exploited a vulnerability in Check Point Security Gateway (CVE-2024-24919) to infiltrate networks and deploy malware associated with Chinese state-sponsored groups.

While NailaoLocker isn’t the most sophisticated ransomware—lacking security evasion features and network scanning—it still managed to encrypt files using AES-256-CTR encryption. Victims received a bizarrely long ransom note filename, directing them to contact an anonymous ProtonMail address for decryption.

Researchers speculate this could be a Chinese espionage operation moonlighting for extra cash. Unlike North Korean actors, Chinese-backed groups haven’t historically used ransomware for profit—making this a concerning tactical shift.

Microsoft to End WSUS Driver Sync—Time to Go Cloud?

Microsoft is pulling the plug on Windows Server Update Services (WSUS) driver synchronisation on April 18, 2025, urging IT admins to shift to cloud-based alternatives like Windows Autopatch, Azure Update Manager, and Microsoft Intune.

After the deadline, drivers will still be available via the Microsoft Update Catalog, but they won’t be importable into WSUS. Organisations sticking with on-prem updates will need to rely on Device Driver Packages or transition to cloud-based services.

Microsoft previously announced WSUS deprecation, meaning no new features—but for now, the system will still receive updates. The move follows Microsoft’s retirement of NTLM authentication, signaling a broader shift toward modernized security and update management.

TL;DR: If your enterprise relies on WSUS, it’s time to rethink your update strategy before April rolls around.

FBI Sounds Alarm on Massive Chinese Hack Targeting U.S. Telecoms

A cyberattack on major U.S. telecom companies, attributed to Chinese state-backed hackers Salt Typhoon, was “indiscriminate” in its scope, according to the FBI. The breach, which vacuumed up call records, law enforcement data, and even information on children, showcases China’s aggressive ambitions in cyberspace, said Cynthia Kaiser, deputy assistant director of the FBI’s cyber division.

China can now store and analyse this data forever, potentially using it for future espionage or influence campaigns. The sheer scale of the operation has reignited calls for the U.S. to launch offensive cyber operations in retaliation.

Salt Typhoon’s global hacking spree is ongoing, and the U.S. has already sanctioned a Chinese national and a cybersecurity company for their role. With bipartisan support growing for stronger cyber defenses, this breach may push Washington to take a more aggressive stance in digital warfare.