April 2025 - Threat Intelligence Briefing

This months key insights:

• Financial cyberattacks are spiking – Banking malware tripled, and crypto phishing jumped 83% year-on-year. These aren’t theoretical risks – they’re affecting real businesses and individuals.

• SMBs are vulnerable – Nearly 1 in 5 say a cyberattack would shut them down. Even losses under €10,000 can be devastating without a plan in place.

• Mobile and off-brand tech is a growing blind spot – Pre-installed malware on Android TVs, phones, and tablets is spreading silently through the supply chain.

• AI adoption is slowing due to trust issues – Privacy concerns are holding businesses back from realising AI’s potential.

• Fake CAPTCHAs and social engineering are on the rise – From “I am not a robot” scams to phishing PDFs, attackers are exploiting human trust and digital habits..

All you need to know about cyber security month in one place:

Banking malware up 3x, crypto phishing jumps 83% – Are you at risk?

Imagine checking your bank account only to find it wiped clean overnight. Or falling for what seemed like a legitimate crypto investment, only to realise it was an elaborate scam. In 2024, such scenarios became alarmingly common as financial cyberattacks skyrocketed.

https://ibsintelligence.com/ibsi-news/banking-malware-up-3x-crypto-phishing-jumps-83-are-you-at-risk/

Successful Cyberattacks Would Force 1 in 5 SMBs Out of Business, According to New VikingCloud Research

VikingCloud released new research revealing that a successful cyberattack would force nearly 1 in 5 small- and medium-sized businesses (SMBs) to close their doors. For nearly a third of SMBs, a cyberattack with minimal financial impact—less than $10,000—would cause them to shut down.

https://www.vikingcloud.com/press-news/successful-cyberattacks-would-force-1-in-5-smbs-out-of-business-according-to-new-vikingcloud-research

Legal impact on cybersecurity in 2025: new developments and challenges in the EU

2025 is shaping up to be a crucial year for the implementation of new regulations aimed at strengthening the European Union's digital resilience. Compliance with these regulations is not only a legal imperative, but also a factor that makes European companies more competitive and generates confidence among both citizens and global financial investors.

https://www.csoonline.com/article/3853199/legal-impact-on-cybersecurity-in-2025-new-developments-and-challenges-in-the-eu.html

Google issues urgent warning to delete 331 Android apps infected with malware

Google has now blocked all of the software discovered on its platform after being alerted about the issues. But those who have downloaded any of the apps in question still need to be on red alert as the Google ban won't delete the apps from devices.

https://www.dailyrecord.co.uk/news/science-technology/google-issues-urgent-warning-delete-34916561

Privacy and data integrity damaging business confidence in AI

Nearly two-thirds of businesses lack the confidence in AI to adopt the technology due to some of the related risks.

early three quarters (74%) of businesses are concerned about the privacy and data integrity risks of artificial intelligence (AI), which is slowing adoption of the technology, according to a new report.

The sixth edition of GlobalData’s Executive AI Briefing details polling by the company that found 59% of businesses to be lacking confidence in adopting the technology for their organisations. Only a fifth (21%) of respondents reported high or very high adoption of AI within their organisations.

https://www.verdict.co.uk/privacy-and-data-integrity-damaging-business-confidence-in-ai/ Warning issued about social media and email account hacking after reports jump

Social media and email account hacking reports jumped last year, according to Action Fraud data. A total of 35,434 reports were made to the fraud and cybercrime reporting service in 2024, compared with 22,530 reports made in 2023. Action Fraud has launched a campaign, supported by Meta, to encourage people to take an extra step of online protection by enabling two-step verification for each online account they have.

https://www.independent.co.uk/news/uk/home-news/meta-action-fraud-social-media-b2716259.html

Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe

Researchers at HUMAN’s Satori Threat Intelligence team worked alongside Google, Trend Micro, The Shadowserver Foundation and others to disrupt the largest botnet of infected connected TV devices – BadBox 2.0. A botnet of infected off-brand Android devices, the BadBox malware usually comes pre-loaded on TV streaming boxes, smart TVs, tablets, digital projectors, or smartphones.

In this case, threat actors also operated hundreds of versions of popular apps to serve as an alternative backdoor delivery system. Fortunately, HUMAN's researchers were able to identify and then have 24 malicious “evil twin” apps spreading this malware removed from the Google Play Store.

https://www.tomsguide.com/computing/malware-adware/over-one-million-android-devices-infected-with-password-stealing-pre-installed-botnet-malware-how-to-stay-safe

5 other thread stories this month To get the access full monthly round up Subscribe to our Monthly Newsletter

Recommendations

• Strengthen device controls and app hygiene – Audit mobile devices (especially Android) and remove any unknown or unused apps. Stick to reputable vendors and verified app stores.

• Have a recovery plan before you need one – Many smaller businesses underestimate how quickly even a minor cyber incident can spiral. A written, tested response plan doesn’t need to be complex or expensive – but it does need to exist. Know who to call, what to prioritise, and how to keep trading if systems go down. A little preparation can mean the difference between disruption and disaster.

• Make 2FA non-negotiable – Enable two-step verification on all business-critical accounts, including social media and email, as account hijacking rates surge.

• Review supplier and tech sourcing practices – Especially for smart devices and lower-cost Android hardware, which are increasingly used as attack vectors.

• Invest in training, not just tools – Most attacks rely on human error. Staff awareness remains one of the most effective defences. How Sanctuary Advisory Services Helps

Security Awareness & Training – Phishing, deepfake scams, and social engineering are among the biggest threats today. Ongoing training and real-world attack simulations help you and your team recognise and respond to these risks before they cause harm.

Mobile Protection with CyberSmart Active Protect – With mobile phishing and malware on the rise, securing smartphones and tablets is critical. Active Protect provides continuous monitoring, vulnerability detection, and compliance enforcement to keep your devices secure.

Dark Web Monitoring - Stolen credentials and personal data often end up on the dark web before being used in cyberattacks. Continuous monitoring helps detect exposed information early, so you can take action before it’s exploited.call-to-action

Subscribe to our Monthly Newsletter to access full monthly round up

Is you Business at Risk? Take our risk assessment Quiz to find out!

Find out more about Services | Find our Pricing

Sign up today

Have a safe month everyone!