May 2025 - Threat Intelligence Briefing
- dbruem
- Jun 6
- 3 min read
May brought a series of significant cyber developments, with serious implications for the general public and businesses in Ireland and beyond. From ransomware attacks and global phishing trends to local reports of cyber-laundering and compliance concerns, here are the key stories – and what they mean for your business.
Cybercrime Concerns Among Irish Businesses
Over 97% of Irish compliance professionals surveyed by the Compliance Institute have either experienced or expressed concern about cybercrime. More than half reported falling victim to incidents like phishing, ransomware, or fraud in the past five years.
What it means: Cybercrime isn’t a distant threat – it’s already affecting a majority of Irish organisations. Awareness, oversight, and clear response plans are more essential than ever.
Irish Teenagers Caught in International Money Laundering Scheme
The Black Axe cybercrime gang coerced thousands of Irish teens into laundering over €84 million. Victims were recruited via Snapchat and other platforms, often manipulated with promises of easy money or through blackmail.
What it means: This is a wake-up call on the human side of cyber risk. Social media is now a frontline for cybercrime, and young people are increasingly vulnerable.
M&S Cyberattack Affects Irish Customers
A ransomware attack in April disrupted Marks & Spencer’s operations and later led to the exposure of some Irish customer data. By mid-May, the company confirmed breaches involving contact details and order history.
What it means: Trusted household names are just as exposed as anyone else. Ensure your team understands how to spot scams that exploit breaches.
Phishing and Online Scams Still Rule Globally
Interpol reaffirmed that phishing, business email compromise, and social engineering remain the most common cyber threats worldwide. Criminals are becoming more targeted and persuasive.
What it means: Even simple attacks are effective. Training and multi-layered protection should remain a top priority.
184 Million Passwords Leaked Online
Security researcher Jeremiah Fowler identified a leak involving over 184 million passwords, many tied to Google, Microsoft, and banking platforms. The leak was stored in a misconfigured, unsecured database.
What it means: Even your best passwords may already be exposed. Regular credential monitoring and strong password practices are critical.
Chrome Bug Could Let Hackers Take Control
A critical flaw in Google Chrome version 136 allows remote execution of malicious code. All users are urged to update immediately.
What it means: Security isn’t just about people – it's about keeping software up to date too. Make sure patching policies are in place.
Criminals Target Crypto Users with Facebook Ads
A sophisticated malware campaign is using Facebook ads to target crypto owners, impersonating well-known brands and using celebrities to bait users into clicking.
What it means: If your staff or clients are involved in crypto, ensure they're aware of the risks. Fake ads are getting harder to spot.
69% of Organisations Hit by Ransomware
New research from Delinea shows that 69% of global firms have experienced ransomware attacks – and many more than once. Persistent gaps in identity and access controls are a key driver.
What it means: Ransomware is no longer rare. Prevention, backup discipline, and rapid response planning are non-negotiable.
One in Four Ransomware Victims Still Lose Data
CrowdStrike research shows that even among businesses that pay the ransom, 25% never recover their data.
What it means: Paying is no guarantee of recovery. A better option is to be ready – with tested backups and a clear recovery plan.
How Sanctuary Can Help
Sanctuary helps small and mid-sized businesses strengthen their defences with:
Security Awareness Training – Monthly briefings and phishing simulations
Device Oversight – Keep systems up to date and monitor for misconfigurations
Dark Web Monitoring – Catch leaked passwords before they’re used against you
Want to improve your resilience? Let’s talk.
Comments