Threat Report 24.02.25

This week, our report covers many incidents—from record-breaking breach attempts targeting major cryptocurrency platforms to significant software vulnerabilities affecting industry leaders.?

1. Bybit’s Record-Breaking Security Incident

Bybit, a cryptocurrency exchange, has confirmed an unprecedented series of 146 security breach attempts. This record-breaking occurrence highlights the determined efforts of cybercriminals to target financial platforms. This highlights the necessity for robust security protocols.

How the Incident Unfolded:

• Cyber adversaries identified and exploited vulnerabilities, persistently attempting to breach Bybit’s infrastructure.
• The attack, detected over a short span, has set a new benchmark for the frequency of such incidents.

Potential Impact:

• Heightened risk of unauthorised access to sensitive financial data.
• Increased likelihood of credential compromise and potential financial loss.

Recommendations:

? Adopt robust multi-factor authentication and maintain vigilant continuous monitoring. ? Undertake a comprehensive security audit and patch any identified vulnerabilities. ? Educate staff on recognising phishing attempts and other social engineering tactics.

?

2. OpenAI Bans Accounts Misusing ChatGPT

OpenAI has taken the decisive step of banning several accounts that were misusing its ChatGPT service. This proactive measure aims to reduce the risk of generative AI being exploited for harmful purposes.

What Happened:

OpenAI identified several accounts involved in unauthorised activities, leading to decisive measures to uphold the integrity and secure use of its AI services. Among the disrupted networks were:

1. Task Scam – A cluster of accounts, likely originating from Cambodia, that misused ChatGPT to translate comments between Urdu and English. This was part of a scheme to entice victims into completing simple online tasks (e.g., liking videos or writing reviews) in exchange for a fictitious commission. Victims were then required to pay upfront fees to continue, resulting in financial losses.

2. Youth Initiative Covert Influence Operation – A network of accounts that leveraged ChatGPT to produce English-language articles for a website called Empowering Ghana and post social media comments aimed at swaying the Ghana presidential election.

These incidents underscore the growing sophistication of AI-driven scams and influence operations. While generative AI holds immense potential for legitimate applications, its misuse for fraud, deception, and political manipulation remains a significant challenge. OpenAI’s proactive actions highlight the critical need for ongoing vigilance in monitoring and mitigating AI-enabled threats.

?

3. Apple Drops iCloud’s Advanced Data Feature

Apple has decided to stop offering its Advanced Data Protection (ADP) feature for iCloud in the United Kingdom. This change comes after the government demanded that Apple create a way (a "backdoor") to access encrypted user data.

ADP is an optional setting that ensures only your trusted devices hold the keys needed to unlock your iCloud data—this includes backups, photos, notes, reminders, Safari bookmarks, voice memos, and data from Apple’s own apps. Essentially, with ADP, only you can decrypt your information because it uses end-to-end encryption (E2EE).

Most users, however, don’t even realise this feature exists or know how to enable it. In fact, Apple doesn’t turn ADP on by default, meaning the majority of iCloud users still rely on Apple's standard encryption, where the keys are stored in Apple's own data centres. Without ADP, Apple has the ability to access user data and comply with legal requests, whereas E2EE ensures that only the user—not even Apple—can decrypt their files.

Apple is disappointed that UK customers will no longer have this extra layer of security, especially when data breaches are on the rise. For users who already enabled ADP, the feature must be manually turned off because Apple cannot disable it automatically.

This decision follows recent reports that the U.K. government ordered Apple to build a backdoor into its system, allowing authorities to access any user’s iCloud data. Under the Investigatory Powers Act (often called the Snoopers' Charter), the U.K. Home Office now wants full access to encrypted information—not just help in breaking into one account.

What does this mean for users? Without ADP, users must trust Apple to safeguard their encryption keys, making their data more accessible to law enforcement, hackers, or even internal threats. While standard encryption still offers protection, it’s not as secure as true end-to-end encryption, where only the user holds the decryption keys. If Apple is forced to create a backdoor for one government, it sets a dangerous precedent—other countries may demand the same, further eroding privacy.

Recently, U.S. Senator Ron Wyden and Congressman Andy Biggs sent a letter urging the U.K. to cancel this order, warning that it could harm the privacy and security of both Americans and the U.S. government.

?

4. FunkSec: The Alleged AI-Driven Ransomware Group

Recent research by Checkpoint indicates that FunkSec, a ransomware group, is reportedly leveraging artificial intelligence to enhance its cyber extortion efforts. This strategic use of AI has the potential to significantly amplify the scale and complexity of future cyber threats.

How the Incident Unfolded:

• Detailed analysis suggests that FunkSec is utilising AI algorithms to refine targeting and automate attack processes.
• The report indicates that this novel approach may render traditional defences less effective.

Potential Impact:

• Increased ransomware demands and accelerated spread of malware.
• Heightened risk for organisations lacking threat detection and response mechanisms.

Recommendations: ? Ensure regular data backups and employ robust encryption practices. ? Conduct regular employee training on recognising and responding to ransomware threats.

?

5. Ivanti Directory Traversal Flaw and Proof-of-Concept Exploit

A critical directory traversal vulnerability in Ivanti’s software has been disclosed, with a proof-of-concept exploit now in circulation. This flaw potentially enables unauthorised access to sensitive system data and internal networks.

How the Incident Unfolded:

• Cyber adversaries have demonstrated a method to exploit the directory traversal weakness, allowing them to bypass standard access controls.
• The exposure of this vulnerability has raised significant concerns among security professionals.

Potential Impact:

• Increased risk of unauthorised data access and potential lateral movement within affected networks.
• A substantial threat to organisations relying on Ivanti’s solutions for system management.

Recommendations: ? Apply the latest security patches and updates from Ivanti without delay. ? Monitor system logs for any suspicious activities that might indicate exploitation attempts. ? Conduct a thorough vulnerability assessment to ascertain exposure and mitigate risks.

?

6. Exploitation of a Recently Patched Vulnerability in Palo Alto Firewalls

A recently patched vulnerability in Palo Alto firewalls has already been exploited by threat actors. This incident serves as a reminder of the rapid pace at which cybercriminals operate.

How the Incident Unfolded:

• Threat actors exploited the vulnerability before widespread patch adoption, thereby compromising firewall integrity.
• The breach emphasises the critical window between vulnerability disclosure and patch implementation.

Potential Impact:

• Compromised network defences, leading to unauthorised access and potential data breaches.
• Increased urgency for organisations to adopt a proactive patch management strategy.

Recommendations: ? Immediately review and apply any pending security updates from Palo Alto Networks. ? Enhance network monitoring to detect any unusual or unauthorised access attempts. ? Review firewall configurations and conduct regular penetration tests to assess vulnerabilities.

?

Stay Informed and Secure

Stay informed and secure with Periculo’s Weekly Threat Feed, offering insights into emerging cyber threats. Our updates deliver essential information on the latest vulnerabilities, attacks, and security trends, empowering you to safeguard your business and make well-informed decisions.

Sign up today.