Tuesday Morning Threat Report: March 18, 2025
Where the news is always bad, but the analysis is always good.
Good morning everybody! Happy Tuesday!
X suffers an outage from a DDoS attack, malware hosted on GitHub infects millions, and Chinese hackers breach utilities in Massachusetts. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
Cyberattack Causes Outage For X: On March 10, X (formerly Twitter) experienced widespread outages. Elon Musk, the platform’s owner, claimed the disruptions were caused by a “massive cyberattack” carried out by an advanced hacking group or a nation-state. Meanwhile, Dark Storm, a pro-Palestine hacking group, has claimed responsibility for the attack.
2024 Fraud Losses Set Record: The Federal Trade Commission reported that $12.5 billion was lost to fraud in 2024 — a record high and a 25% increase from 2023. Young adults aged 20 to 29 were disproportionately impacted, making up 44% of all victims.
Apple Patches WebKit Vulnerability: A vulnerability in Apple’s WebKit browser engine has been actively exploited in a sophisticated hacking campaign. Apple has released a patch to address and fix the issue.
1M Devices Infected With Malware From GitHub: Microsoft Threat Intelligence reports that one million devices have downloaded malware hosted on GitHub, Microsoft’s code-sharing platform. The malware was distributed through links on illegal movie streaming sites that redirected users to malicious files on GitHub.
AI-Written Code Repos Stealing Credentials: Researchers at Trend Micro have observed that malicious source code generated by AI is being uploaded to GitHub. Although the code is promoted as a free tool, downloading it also installs malware on the user’s system.
LockBit Developer Extradited To The U.S.: Rostislav Panev, a Russian-Israeli developer suspected of being involved with the LockBit hacking gang, was arrested in Israel in August 2024. He has since been extradited to the United States to stand trial for his alleged cybercrimes.
AI Voice Cloning Products Lack Proper Protections: Consumer Reports found that, out of six AI voice cloning companies they tested, four lacked sufficient safeguards to prevent their services from being misused for malicious purposes.
E2EE Coming For RCS!: End-to-End Encryption (E2EE) is planned for a future update of the RCS messaging protocol. RCS, which is intended to replace SMS, is the protocol used when an iPhone and an Android device exchange messages.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
Mobile Messaging Upgrade: Rich Communication Services (RCS) is a modern messaging protocol designed to replace traditional SMS (Short Message Service) and MMS (Multimedia Messaging Service) by offering more advanced features like high-resolution image and video sharing, group chats, typing indicators, read receipts, and improved security. Historically, when iPhone users texted with Android users, images sent would be lower quality and features such as “read receipts” would not be available. Due to pressure from regulators, Apple has adopted RCS, which has enabled a better experience for iPhone users when texting people with non-Apple devices.
SMS, the previous default mode for texts between different device types, is not a secure messaging protocol. SMS messages are not encrypted, which means they risk being surveilled and stolen. At minimum, your cell phone network could be reading your texts, but in many countries, governments also surveil SMS messages.
Due to SMS’s lack of security, many secure messaging apps have emerged — including iMessage, WhatsApp, and Signal. All three of these apps use the internet to send text messages. Using the internet allows for the messages to be end-to-end encrypted (E2EE). E2EE means that when an iPhone user texts another iPhone user over iMessage, even Apple has no idea what message was sent. Due to the encryption, the only parties who can view that message are the sender and the receiver. Currently, E2EE is being planned to be added in an upgrade to the RCS protocol. This will likely bother governments, as it makes spying on their citizens harder, but it will be a big win for privacy. Allowing people to securely message each other, without needing a specialized app, will make private communication more accessible and universal — enabling anyone with a phone to have the same level of security and privacy that was once limited to third-party apps.
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
Electric Utility Hacked By Volt Typhoon: Volt Typhoon, a China-based hacking group that targets critical infrastructure, was found to have breached the Littleton Electric Light and Water Departments (LELWD) in Massachusetts. According to cybersecurity researchers at Dragos, the hackers maintained access to LELWD’s systems for over 300 days.
New York Sues Allstate: New York State has sued Allstate for failing to properly protect customer data. The lawsuit stems from data breaches in 2021 and 2022 that led to the theft of license plate information for more than 165,000 New Yorkers.
New Malware Uncovered: Researchers at Lookout Threat Lab have discovered a new Android malware called “KoSpy.” Believed to be developed in North Korea, KoSpy is designed to steal messaging and location data from infected devices.
GitLab Vulnerability Allows Attackers To Login: GitLab’s latest update addresses several critical vulnerabilities that have been patched. These flaws could have allowed attackers to impersonate other users and gain unauthorized access to their accounts.
Ivanti Vulnerabilities Added To KEV: Three security vulnerabilities in Ivanti’s Endpoint Manager have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. These flaws can enable attackers to gain complete control over any server running unpatched Ivanti software.
Side Winder Ramps Up Attacks: SideWinder, a hacking group that targets military and government organizations, has developed an updated attack toolkit. This new version is better at evading detection and more effective at spying on its victims.
FBI Encourages MFA To Stop Medusa Ransomware: The FBI is urging the adoption of multifactor authentication (MFA) to thwart Medusa ransomware. First detected in June 2021, Medusa has compromised hundreds of victims over the past four years.
Microsoft Patches 56 Vulnerabilities: In its March “Patch Tuesday” security update, Microsoft released fixes for 56 vulnerabilities. Among them, six were already being actively exploited by hackers in real-world attacks.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
