Company hacked via webcam, Toronto Zoo update, federal contractor obligations - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines Summary
Hosted by CISO Series – March 7, 2025

On this episode of Cyber Security Headlines, host Steve Prentiss delves into a series of critical developments in the information security landscape. From innovative ransomware tactics and significant data breaches to legislative updates and emerging security features, the episode provides a comprehensive overview of the latest threats and defenses shaping the cyber world.

1. Ransomware Group Akira Exploits Webcam Vulnerabilities to Bypass EDR

Steve Prentiss opens the episode by discussing a sophisticated attack method employed by the notorious ransomware group, Akira. According to findings from cybersecurity firm SRM, Akira managed to circumvent the victim's Endpoint Detection and Response (EDR) solution by exploiting vulnerabilities in a webcam.

"Akira then scanned the network for other devices that could be used to encrypt the files and found a webcam and a fingerprint scanner." (00:00)

The attackers initially infiltrated the corporate network through an exposed remote access solution and leveraged Anydesk to exfiltrate data for a double extortion scheme. When their attempts to deploy encryptors on Windows were thwarted by the EDR, Akira pivoted to less secure devices. The webcam, running on a Linux-based OS without an EDR agent, allowed the group to gain remote shell access and unauthorized video feed viewing. Despite available patches for the webcam's vulnerabilities, Akira successfully encrypted files across the victim's network, highlighting the critical importance of timely patch management.

2. Toronto Zoo Data Breach Update

The episode revisits the January 2024 data breach at the Toronto Zoo, attributing the incident to the Akira ransomware group. Officials have confirmed that personal data of all General Admission Ticket holders and Zoo members from 2000 to April 2023 were compromised. This breach included Personally Identifiable Information (PII) and credit card details such as the last four digits and expiration dates.

"Details of all current and former staff members going back to 1989 were also stolen in the heist, which has been attributed to Akira." (00:00)

The breach underscores the extensive reach of Akira and the enduring impact of their cyberattacks on organizations and individuals alike.

3. Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025

Steve highlights a significant legislative move with the introduction of the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025. This bill mandates that federal contractors implement vulnerability disclosure policies (VDPs) aligned with NIST guidelines. It involves consultations between the Office of Management and Budget (OMB), CISA, the Office of the National Cyber Director, and other relevant departments. The Defense Department is also required to adhere to these policies.

"Contractors, given the vast amount of sensitive data they handle, are prime targets for cyber threats." (00:00)

Supported by industry leaders such as HackerOne, Microsoft, and Trend Micro, the bill aims to bolster the cybersecurity posture of companies contracted with the federal government, ensuring adherence to best practices and reducing potential vulnerabilities.

4. Arrests in Taylor Swift Ticket Resale Scheme

The episode details the arrest of two Queens, New York residents for their involvement in a high-profile ticket reselling scam targeting popular events. Charged with grand larceny, computer tampering, and conspiracy, the individuals exploited their access to StubHub's system through their employer, Sutherland Global Services.

"Between June 2022 and July 2023, they resold tickets on StubHub for a profit of $635,000." (00:00)

Their scheme primarily targeted tickets for the Taylor Swift Eras tour, Adele, Ed Sheeran, NBA games, and the US Open tennis, highlighting the intersection of cybercrime and the lucrative secondary ticket market.

5. Cyber Attack on Retirement Plan Administrator Affects Public School Employees

In December 2024, Carruth Compliance Consulting, an administrator for retirement plans, fell victim to a cyberattack attributed to the Skira Team. This breach exposed the personal and financial information of over 40,000 teachers and public school employees across the United States.

"A new cybercriminal operation named Skira Team took credit for the attack, claiming to have stolen data from 36 public schools." (00:00)

The incident emphasizes the vulnerability of third-party service providers and the cascading effects of breaches on numerous institutions and individuals relying on their services.

6. Expanded Cyber Role for NTIA Amid Telecom Attacks

Steve discusses a bipartisan bill that passed a key House committee, aiming to enhance the National Telecommunications and Information Administration's (NTIA) role in cybersecurity. The bill proposes the establishment of an Office of Policy Development and Cybersecurity within the NTIA, reinforcing its advisory capacity on telecommunications and information policy issues.

"Jennifer McClellan connects it directly to the ongoing Salt typhoon attacks." (00:00)

This legislative effort responds to increasing telecom-related cyber threats, ensuring that the NTIA is better equipped to address and mitigate emerging cyber challenges.

7. 1Password Introduces Location-Based Passwords

In a move to enhance user experience and security, 1Password has launched a new feature called location-based passwords. This functionality allows users to associate specific physical locations with their password items, enabling automatic categorization within the app's Home tab.

"The intention of the feature is to simplify the list of available passwords without searching." (00:00)

For instance, users can have their health card data appear automatically when at a doctor's office or travel documents when at an airport, streamlining access to essential information based on physical context.

8. Acceleration of Cybercriminal Activities in the Past Year

Concluding the episode, Steve reports on alarming trends in cybercriminal behavior. Security firms CrowdStrike and ReliaQuest have independently observed that ransomware groups have significantly reduced the time required to achieve lateral movement within targeted environments—from an average of 62 minutes in 2023 to just 48 minutes in the past year. The fastest reported breakout time is a mere 51 seconds.

"These adversaries are using different techniques, different capabilities, they're doing it faster and they're iterating faster than many of the enterprises that they're targeting." (00:00) – Adam Myers, CrowdStrike

This rapid escalation in attack speed underscores the necessity for organizations to continuously evolve their defense mechanisms to stay ahead of increasingly agile and sophisticated threat actors.

Conclusion

Steve Prentiss offers a thorough examination of the evolving cybersecurity threats and defenses shaping 2025. From Akira's innovative attack vectors and significant data breaches to legislative advancements and enhanced security features, the episode serves as an essential briefing for professionals aiming to navigate the complex cyber landscape. For more detailed stories behind these headlines, listeners are encouraged to visit CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Steve Prentiss
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Friday, March 7, 2025. I'm Steve Prentiss. Ransomware Group Gang passes EDR via a Webcam the cybersecurity firm SRM discovered the unusual attack method conducted by the Akira ransomware gang during a recent incident response to one of their clients. The gang had initially accessed the victim's corporate network by way of an exposed remote access solution, and then they used Anydesk to steal data for use as part of a double extortion attack. Attempts to deploy encryptors on Windows were blocked by the victim's EDR solution. Akira then scanned the network for other devices that could be used to encrypt the files and found a webcam and a fingerprint scanner. The attackers chose the webcam because it was vulnerable to remote shell access and unauthorized video feed viewing. It also ran on a Linux based operating system compatible with Akira's Linux encryptor and did not have an EDR agent. The SRM team speaking to Bleeping Computer said Akira was subsequently able to encrypt files across the victim's network even though there were patches available for the webcam's flaws, meaning that the attack, or at least this vector, was avoidable. End Quote Toronto Zoo updates January 2024 attack damage following up on the story we covered in January of 2024 and also featuring Akira, officials say that everyone who purchased a General Admission Ticket or Zoo membership between the year 2000 and April 2023 had their personal data stolen in the heist, and that includes pii, but also for people who made credit card transactions between January 2022 and April 2023. Card details such as the last four digits of the number and and expiration dates were also lifted. Details of all current and former staff members going back to 1989 were also stolen in the heist, which has been attributed to Akira. House bill requires federal contractors to implement vulnerability disclosure policies the bill is named the Federal Contractor Cybersecurity Vulnerability reduction Act of 2025 and it instructs the Office of Management and Budget to consult with cisa, the Office of the National Cyber Director, NIST and other relevant departments, and require federal contractors to have a VDP vulnerability disclosure policy that is consistent with NIST guidelines. The same is required of the Defense Department. A letter signed by representatives of proponents of the bill, including HackerOne, Microsoft, Infoblox, Rapid7, Trend Micro, Tenable and Schneider Electric, state that contractors, given the vast amount of sensitive data they handle are prime targets for cyber threats. As a result, the bill ensures all companies contracting with the federal government adhere to security best practices. End quote. Two Arrested for Taylor Swift Ticket Resale Scheme Two residents of Queens, New York are now facing grand larceny, computer tampering and conspiracy charges for their role in ticket reselling scam. Queens District Attorney Melinda Katz stated that the pair, along with another accomplice, worked for the contractor, Kingston, Jamaica based Sutherland Global services, and between June 2022 and July 2023 used their access to StubHub's system to find a backdoor into a secure area of the network where already sold tickets were given a URL and queued to be emailed to the purchaser for download. The co conspirators took possession of these tickets and then resold them on StubHub for a profit of $635,000. Most of these tickets were for the Taylor Swift Eras tour with others for Adele, Ed Sheeran, NBA games and US Open tennis. Thanks to this week's episode sponsor ThreatLocker. ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attack and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com that is thr e a t l o c k e r.com Public school employees Impacted by Cyber Attack on Retirement Plan Administrator the attack, which occurred in December 2024, targeted an administrator for retirement plans and this has exposed the information of more than 40,000 teachers and school employees of public schools across the U.S. the victim organization Carruth Compliance Consulting, that is Carruth provides third party administrative services to public school districts and non profit organizations for their 403 and 457 retirement savings plans. A new cybercriminal operation named Skira Team took credit for the attack on Thursday, claiming to have stolen data from 36 public schools. Congress Sees a Bigger Cyber Role for NTIA Amid Telecom Attacks A bipartisan bill cleared a key House panel on Tuesday, one that aims to create a more cyber focused role for the federal agency focused on wireless networks, the National Telecommunications and Information Administration. Under this bill, the ntia, which already advises the President on telecommunications and information policy issues, would establish an Office of Policy Development and cybersecurity. Jennifer McClellan, one of two representatives championing the bill, connects it directly to the ongoing Salt typhoon attacks. 1Password introduces location based passwords this new feature allows users to add a specific physical location to password items, allowing them to automatically appear in a new nearby section of the app's Home tab. The intention of the feature is to simplify the list of available passwords without searching, such as health card data while at the doctor's office or travel documents while at the airport. Locations can be added to new or existing items saved in one password Cybercriminals sped up their attacks last year Two security companies, CrowdStrike and ReliaQuest, are reporting separately that in the past year, ransomware groups achieved lateral movement within an average of 48 minutes after gaining initial access to targeted environments, with the fastest breakout time recorded being 51 seconds. This is an improvement for the threat actors from 2023, when the average breakout time for interactive cybercrime intrusions was 62min. Adam Myers, senior vice president of counter adversary operations at Crowdstrike, in making his company's announcement, added, not only are these adversaries using different techniques, different capabilities, they're doing it faster and they're iterating faster than many of the enterprises that they're targeting. End quote. It's Friday, and as usual, we have a busy day of live streams today. It starts at 1pm Eastern with Super Cyber Friday, where the topic will be hacking the commodification of cybercrime, an hour of critical thinking about how your security program changes when the entry barrier goes away. Then at 3:30pm Eastern, we have our Week in Review show. Brett Perry, CISO@ DOT Foods, will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentiss reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.