top of page

April 2025 - Threat Intelligence Briefing

  • dbruem
  • May 12
  • 6 min read

Updated: Jun 6

This Month’s Key Insights:


  • QR Code Phishing is on the Rise

    • QR codes are increasingly used in phishing attacks, with attackers exploiting their convenience and users’ tendency to trust them without checking the destination. These codes can lead to malicious websites designed to steal sensitive information.

    • Insight: Businesses should emphasise user awareness, encouraging employees to be cautious of scanning QR codes from unknown or unsolicited sources. Implementing link scanning tools on mobile devices can also help detect malicious links before they can cause harm.


  • Ransomware Attacks: Insurance and Payment Pitfalls

    • Attackers are targeting companies with cyber insurance to increase ransom demands, knowing businesses may be more likely to pay. However, paying ransoms rarely results in data recovery, with only 54% of victims successfully retrieving their data.

    • Insight: Businesses should focus on prevention and resilience rather than relying on paying ransoms. Strengthen security practices, have solid backup and recovery plans, and avoid paying cybercriminals, as it rarely leads to a positive outcome.


  • Mobile Devices Remain Vulnerable

    • Samsung and Android devices have shown security gaps that can lead to data exposure or malware infections.

    • Insight: Given the rising risks to mobile security, businesses must ensure devices are properly secured with updates, mobile management tools, and awareness training.


How Sanctuary Helps:

Sanctuary specialises in helping businesses address many of these risks, including ransomware, phishing attacks, and mobile security threats, by implementing proactive security measures and enhancing organisational resilience.


  • Security Awareness & Training – Equip your team to recognise phishing and social engineering threats, such as QR code scams, with ongoing education and real-world attack simulations.


  • Mobile Protection with CyberSmart Active Protect – With mobile threats on the rise, protect your devices with continuous monitoring and vulnerability detection through Active Protect.


  • Dark Web Monitoring – Protect your business from stolen credentials and personal data by keeping an eye on the dark web for exposed information.


Have questions or concerns about your security? Let’s discuss how we can enhance your protection strategy.


All you need to know about cyber security month in one place:


Beyond digital defences: what is a human firewall in cybersecurity?

This is an article from one of our partners - CyberSmart. In it they explore what a ‘human firewall’ is and why building one is key to you and your customers’ security.


Ransomware operators are demanding more if they detect cyber insurance

Ransomware operators will demand significantly more money if they discover that the company they targeted has cyber insurance, new research has found.

The discovery was made by a Dutch police officer Tom Meurs while working on his PhD thesis, which saw him analyse 453 ransomware attacks between 2019 and 2021, discovering one of the first things threat actors do, after gaining access to the target environment, is search for documents of a cyber-insurance policy.


Report: Ransom demands shrink as firms push back

“Organisations are finally wising up. But for those still tempted to pay, this year’s results are a wake-up call: nearly half who paid got nothing in return,” said Steve Piper, CEO of CyberEdge Group.

Ransomware victims should think twice before handing cash or crypto over to their attackers, with new research finding that only half of organisations that pay ransoms to cybercriminals actually recover their data.

Fresh research from CyberEdge Group’s 2025 Cyberthreat Defense Report has found that just 54% of ransom-paying victims recovered their data, down from 73% only two years ago.


Sophisticated QR code phishing attack targeting Microsoft 365 users to steal logins

A new sophisticated phishing campaign leveraging QR codes to steal Microsoft 365 login credentials has emerged in the cybersecurity landscape.


New Credit Card Skimming Attack Leverages Chrome, Edge, & Firefox Extensions to Steal Financial Data

A sophisticated new credit card skimming operation dubbed “Roland Skimmer” has emerged, targeting users primarily in Bulgaria through malicious browser extensions.


$500,000 superannuation reality check for Australians vulnerable to cyberattacks: 'Known problem'

Aussies are being urged to change their passwords and set up multi-factor authentication after some of the country’s biggest superannuation funds were targeted in mass cyber attacks. A cyber security expert said the attacks highlighted the “weak” security measures implemented by the industry, despite calls for super funds to strengthen their defences.

Superannuation funds including AustralianSuper, Australian Retirement Trust, Hostplus, Rest and Insignia were targeted, with a handful of AustralianSuper members losing a combined $500,000 from their accounts. Hackers gained access to the accounts through “credential stuffing”, where stolen usernames and passwords - including those exposed in previous cyber attacks -are used.


Security concerns as almost a third of senior managers are not confident in their organisation’s ability to prevent a data breach

Auxilion, a leading Irish IT managed services provider, and partner HPE have announced the results of a survey which found that almost a third of senior managers are not confident of their organisation’s ability to prevent a data breach. The survey also found that 65 per cent of financial services firms were hit by a cyber breach in past year as AI trust tops security concerns.These stats were higher among SMBs (67 per cent) than larger companies (61 per cent). In terms of the biggest security concerns for the next year, trust in AI came out top (47 per cent). This was followed by ransomware (45 per cent), data mismanagement (44 per cent), dark web access (42 per cent), and data loss (41 per cent). Furthermore, some 40 per cent are concerned about deepfake content.


Inadequate cybersecurity costing UK SMEs £3.4 billion annually, survey finds

UK small and medium sized enterprises (SMEs) are incurring annual losses amounting to £3.4 billion due to inadequate cybersecurity measures, according to a new Vodafone Business report.

The report, entitled Securing Success: The Role of Cybersecurity in SME Growth, also found that the average cost of a cyber-attack for a small business is £3,398, with the figure rising to £5,001 for those with 50 or more employees. The findings highlight the necessity for businesses to safeguard against rising cyber threats, which result in financial losses each year due to data breaches, system downtime and reputational damage.


Samsung admits Galaxy devices can leak passwords through clipboard wormhole

Samsung has warned that some of its Galaxy devices store passwords in plaintext. The Korean giant’s security loophole was reported by a user using the handle “OicitrapDraz” in a post to Samsung’s community forum. “I copy passwords from my password manager all the time,” OicitrapDraz wrote on April 14. “How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.”


Actively exploited vulnerabilities patched on Android in latest security update

Google released a new update for Android, which addresses more than 60 vulnerabilities. Among them are two that are being actively exploited in the wild, and a few with acritical severity rating. In a security advisory published on the Android blog, Google said that there are indications that two flaws “may be under limited, targeted exploitation”.The vulnerabilities are tracked as CVE-2024-53150 and CVE-2024-53197 and are now patched. According to Amnesty International, the latter was used late last year to break into a Serbian youth activist’s Android phone, after being chained with two additional flaws.


Three-Quarters of IT leaders fear nation-state AI cyber threats

AI is at the top of most IT leaders' minds when asked about the cyber threats their organizations could face, according to a recent Armis survey. Almost three-quarters (74%) of respondents said that AI-powered attacks significantly threaten their organisation’s security.A similar share (73%) added that they specifically feared that nation-state hackers’ AI capabilities could enable future sophisticated cyber-attacks. The findings come from the 2025 Armis Cyberwarfare Report in which the firm surveyed more than 1800 global IT decision-makers. The examples of threats cited in the report included Russia’s integration of AI into its cyber warfare strategies and China’s DeepSeek AI model. Additionally, nearly two-thirds(64%) of IT leaders agree that generative AI (GenAI) challenges the geopolitical status quo, allowing smaller nations and non-state actors to emerge as near-peer cyber threats.


macOS Users Beware! Hackers Allegedly Offering Full System Control Malwares for Rent

A new concerning threat has emerged in the cybercriminal ecosystem targeting Apple users. A sophisticated macOS malware-as-a-service offering called “iNARi Loader” is being advertised on underground forums.

This high-priced stealer represents an alarming evolution in the growing landscape of macOS-specific malware, combining remote desktop capabilities with advanced data exfiltration techniques.

 
 
 

Kommentare

bottom of page