Cybersecurity Headlines - May 21, 2025

Hosted by Sarah Lane, CISO Series

1. DOJ Launches Investigation into Coinbase Cyber Attack

Timestamp: [00:00]

The U.S. Department of Justice (DOJ) has initiated a criminal investigation into a recent cyber attack targeting Coinbase, the world's largest cryptocurrency exchange. Coinbase has clarified that it is not currently under investigation but is fully cooperating with the DOJ and other law enforcement agencies.

Key Details:

• Breach Disclosure: May 11, 2025
• Compromised Data: Customer names, addresses, and emails
• Unaffected Data: Login credentials remain secure
• Estimated Financial Impact: Between $180 million and $400 million

Notable Quote: "Coinbase is committed to the security and privacy of our customers' information and is working closely with authorities to address this incident," — Sarah Lane, [00:00]

2. Dutch Government Criminalizes Cyber Espionage

Timestamp: [00:02]

In a significant move to protect national security and infrastructure, the Dutch government has passed a new law that criminalizes digital espionage. This legislation empowers authorities to prosecute individuals or entities that leak sensitive non-classified data or act on behalf of foreign interests against Dutch national security.

Key Provisions:

• Penalties: Up to 12 years imprisonment for severe offenses
• Scope: Targets actions such as attempted infrastructure sabotage and infiltration of international organizations
• Context: Aimed at countering cyber espionage threats from nations like China and Russia

Notable Quote: "This law is a robust response to the increasing cyber threats posed by state-sponsored actors aiming to destabilize our national infrastructure," — Sarah Lane, [00:02]

3. Ransomware Attack Disrupts UK Food Supply Chain

Timestamp: [00:04]

UK food distributor Peter Green Child experienced a ransomware attack on May 14, severely disrupting operations and deliveries to major supermarkets. The attack resulted in paused new orders, which could lead to significant financial losses, especially for smaller suppliers.

Implications:

• Affected Services: Operations and deliveries to major UK supermarkets
• Potential Impact: Financial losses for suppliers and disruptions in the food supply chain
• Expert Warnings: Increased cyber threats targeting the operational systems of the UK retail supply chain

Notable Quote: "The ransomware attack on Peter Green Child highlights the vulnerability of our supply chains to cyber threats, emphasizing the need for robust security measures," — Sarah Lane, [00:04]

4. Sidewinder APT Targets South Asian Ministries

Timestamp: [00:06]

The Sidewinder Advanced Persistent Threat (APT) group has launched a targeted cyber espionage campaign against government institutions in Sri Lanka, Bangladesh, and Pakistan. Utilizing old Microsoft Office vulnerabilities and custom malware, Sidewinder deploys spear phishing emails and geofenced malware payloads to infiltrate systems.

Technical Insights:

• Malware Used: Steelware bot, capable of capturing keystrokes, passwords, and screenshots
• Exploitation Methods: Outdated Office flaws and custom malware
• Targeting Precision: High degree of selectivity, reflecting methodical activity in the region

Notable Quote: "Sidewinder's continued exploits in South Asia demonstrate their sophisticated approach to cyber espionage, leveraging both old and new vulnerabilities to achieve their objectives," — Sarah Lane, [00:06]

5. SK Telecom's Three-Year Malware Breach

Timestamp: [00:08]

South Korea's SK Telecom disclosed a nearly three-year-long undetected malware breach that began in June 2022. The breach affected approximately 27 million customers by compromising sensitive SIM data, including authentication keys and contact information, thereby increasing the risk of SIM swapping attacks.

Response Measures:

• Actions Taken: Replacing SIM cards and blocking unauthorized device changes
• Responsibility: SK Telecom accepts responsibility for the damages resulting from the breach
• Investigation Findings: Identification of 25 malware types across 23 servers, with the full scope of data loss still uncertain due to limited early logging

Notable Quote: "We deeply regret the impact this breach has had on our customers and are taking comprehensive steps to mitigate the risks and prevent future incidents," — Sarah Lane, [00:08]

6. NIST and CISA Propose New Vulnerability Metric

Timestamp: [00:10]

Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have developed the Likelihood of Exploit Vulnerabilities (LEV) metric. This new metric uses mathematical models to predict the probability of vulnerability exploitation, enhancing patch prioritization alongside existing metrics like KEV and EPSS.

Key Points:

• Purpose: To identify potential overlooked threats and improve patching strategies
• Current Status: NIST is seeking industry partners to evaluate the real-world impact of LEV

Notable Quote: "The introduction of LEV represents a significant advancement in our ability to proactively address vulnerabilities before they are exploited," — Sarah Lane, [00:10]

7. Krebs on Security Suffers Massive DDoS Attack

Timestamp: [00:12]

Krebs on Security reported a near-record 6.3 TB Distributed Denial of Service (DDoS) attack on May 12. The attack, linked to the Asuru Internet of Things Botnet, lasted less than a minute and was successfully mitigated by Google's Project Shield. The Asuru botnet, associated with the alias "forky," is known for compromising hijacked IoT devices using zero-day exploits.

Current Situation:

• Attack Duration: Less than one minute
• Mitigation Success: Largest attack yet mitigated by Google’s defense mechanisms
• Perpetrator's Stance: Forky denies involvement and claims to focus on their hosting business

Notable Quote: "Despite the unprecedented scale of the attack, our defenses held strong, demonstrating the effectiveness of collaborative cybersecurity measures," — Sarah Lane, [00:12]

8. Cellcom Confirms Cyber Attack Caused Service Outages

Timestamp: [00:14]

Cellcom, a mobile carrier based in Wisconsin, has confirmed that a cyber attack was responsible for the widespread service outages beginning on May 14. The attack disrupted voice and SMS services across Wisconsin and Upper Michigan. Initially reported as a technical issue, Cellcom later acknowledged the cyber incident, assuring that no sensitive customer data was compromised.

Recovery Efforts:

• Collaboration: Working with the FBI and cybersecurity experts
• Restoration Timeline: Aiming to restore full services by the end of the week

Notable Quote: "We apologize for the inconvenience caused and are committed to restoring full service as swiftly and securely as possible," — Sarah Lane, [00:14]

9. Van Helsing Ransomware Source Code Leaked on Hacking Forum

Timestamp: [00:16]

The source code of the Van Helsing ransomware group was leaked on a hacking forum following a failed sale attempt by a former developer. Subsequently, the group released parts of the code themselves, including the Windows encryptor builder and affiliate panel. However, the full Linux builder and databases were not disclosed. Despite being incomplete, the leak poses a risk of enabling copycat attacks akin to those seen with ransomware groups like Babook, Conti, and Lockbit.

Implications:

• Available Code: Windows encryptor builder and affiliate panel
• Missing Components: Full Linux builder and databases
• Potential Risks: Increased likelihood of similar ransomware attacks emerging

Notable Quote: "The partial leak of Van Helsing's code could significantly lower the barrier to entry for aspiring cybercriminals, potentially leading to an increase in ransomware incidents," — Sarah Lane, [00:16]

For more detailed stories behind these headlines, visit CISOseries.com.