Cyber Security Headlines – September 22, 2025

Host: Steve Prentiss
Podcast: CISO Series
Main Theme:
A roundup of the latest and most pressing stories in global cybersecurity, focusing on significant attacks, technical vulnerabilities, criminal tactics, and the evolving threat landscape, with updates and expert commentary.

Key Discussion Points & Insights

1. European Airport Cyberattack Causes Mass Disruption

Incident Summary:
Major airports—including London Heathrow, Berlin, and Brussels—experienced widespread disruption due to a cyberattack taking down the airport check-in and baggage systems.
Technical Impact:
- The attack targeted the Muse software platform, used for shared check-in and boarding gate management.
- Staff reverted to “pen and paper”; numerous flights canceled.
- Software developed by Collins Aerospace, owned by RTX Corporation (formerly Raytheon).
Operational Fallout:
- Ongoing restoration efforts.
- Significant passenger delays and travel chaos.
Quote:

"[The attack] took out the airport's check in and baggage systems, forcing staff to resort to pen and paper... and many travelers to wait or make other plans." – Steve Prentiss [00:19]

2. SMS Scammers Deploy Fake Cell Towers in Global Scheme

Technique:
Scammers use portable SMS “blaster” devices, effectively mobile fake cell towers, to push out up to 100,000 phishing SMS messages per hour to all nearby phones.
Exploitation:
- Active in Asia Pacific, Western Europe, South America.
- Does not require knowledge of phone numbers; works by simulating a cell tower to force phone connection.
Challenges:
- Legitimate cell carriers claim “no power or ability to prevent this.”
Quote:

"The SMS blaster simulates a cell tower, essentially forcing any phone in its vicinity to connect with it." – Steve Prentiss [01:30]

3. Mal Terminal: GPT-4 Powered Ransomware & Reverse Shells

Research Insight:
SentinelOne identifies Mal Terminal, an early malware embedding large language model capabilities.
Capabilities:
- Dynamically generates ransomware code or a reverse shell using OpenAI GPT-4.
- Described as the first of its class (“LLM-embedded malware”).
Current Status:
- No evidence of deployment in the wild; potentially just a proof-of-concept or Red Team tool.
Quote:

"It uses OpenAI GPT4 to dynamically generate ransomware code or a reverse shell." – Steve Prentiss [02:43]

4. Scattered Spider: $115M Extorted Despite Arrests

Criminal Success:
The Scattered Spider group extorted at least $115 million over three years, even after multiple arrests and pretending to go dark.
Methods:
- Social engineering: calling a company's help desk for password resets.
- Account takeover, data theft, and then encrypting critical systems.
High Profile Ransoms:
- Individual ransoms reached $25M and $36.2M.
Quote:

"The scattered spider method remains consistent: calling a victim's company's help desk, asking for a password reset, then taking over an administrative account..." – Steve Prentiss [04:20]

5. FBI Warns of Fake FBI Reporting Sites

Spoofing Attack:
- Cybercriminals have created fraudulent versions of the FBI Internet Crime Complaint Center (IC3) site.
- Sites use typo-squatting and mimic FBI design, even reproducing official scam warnings.
Risks:
These sites could be used to scam or steal personal data from visitors.
Quote:

"...in one instance, the fake site includes an FBI warning, the same one as on the legitimate IC3 site, warning of scammers impersonating FBI IC3 employees..." – Steve Prentiss [05:21]

6. Critical Vulnerability in GoAnywhere MFT Revealed

Vulnerability:
- Maximum severity flaw in GoAnywhere MFT's license servlet (file transfer tool).
- Allows remote command injection due to deserialization of untrusted data.
- Exploitable in low-complexity, no-user-interaction attacks.
Patch Released:
Users urged to update.
Quote:

"The flaw... can be exploited remotely in low complexity attacks that don't require user interaction." – Steve Prentiss [06:00]

7. ChatGPT Trick Can Circumvent CAPTCHA Protections

Innovation:
Dorian Schultz (SPLX) demonstrated that by framing the context as “fake” CAPTCHAs and leveraging prior conversations, GPT-4 can solve a variety of real captchas (except complex image-based ones).
Implication:
Another step in making captchas potentially obsolete, and a new vector for automated account abuses.
Quote:

"Shultz first describes how he convinced ChatGPT4O that the exercise... was designed to only identify fake CAPTCHAs... sufficient to allow the application to solve some real one click captchas." – Steve Prentiss [06:45]

8. Jaguar Land Rover Shutdown: Modern Factory Vulnerabilities

Incident:
Prolonged outage at Jaguar Land Rover (JLR) exposes risks of interconnected, high-efficiency smart factories.
Cause:
- Outsourced IT operations to Tata Consultancy Services, including SAP factory system upgrades.
- When an intrusion was discovered, JLR couldn't isolate or segment its factory systems, forcing a full shutdown.
Lesson:
Over-connection increases exposure:

"...the fact that everything is connected in JLR's systems appears to have become a vulnerability." – Steve Prentiss [07:19]

Notable Quotes & Memorable Moments

“Forcing staff to resort to pen and paper…” – Steve Prentiss (on airport cyberattack) [00:23]
“The SMS blaster simulates a cell tower…” – Steve Prentiss [01:30]
“It uses OpenAI GPT4 to dynamically generate ransomware code or a reverse shell.” – Steve Prentiss [02:43]
“The scattered spider method remains consistent: calling a victim's company's help desk…” – Steve Prentiss [04:20]
“...the fact that everything is connected in JLR's systems appears to have become a vulnerability.” – Steve Prentiss [07:19]

Timestamps for Key Segments

Major Airport Cyberattack: [00:06] – [01:18]
SMS Fake Cell Tower Scam: [01:18] – [02:17]
GPT-4 Malware (Mal Terminal): [02:17] – [03:24]
Scattered Spider Extortion: [03:24] – [04:58]
Fake FBI Reporting Sites: [05:07] – [05:51]
GoAnywhere MFT Critical Flaw: [05:51] – [06:18]
ChatGPT CAPTCHA Circumvention: [06:18] – [06:54]
Jaguar Land Rover Factory Incident: [06:54] – [07:49]

Summary Tone & Takeaways

The episode maintains a brisk, factual tone, emphasizing the escalating creativity and sophistication of threat actors. Across sectors—aviation, telecommunications, AI, manufacturing, and law enforcement—attackers leverage social engineering, hardware exploits, and vulnerabilities in ubiquitous software. The stories serve as sobering reminders: modern convenience and interconnection increase risk, and defensive strategies must continually evolve to meet changing threats.

Cyber Security Headlines – September 22, 2025

Key Discussion Points & Insights

1. European Airport Cyberattack Causes Mass Disruption

Incident Summary:
Major airports—including London Heathrow, Berlin, and Brussels—experienced widespread disruption due to a cyberattack taking down the airport check-in and baggage systems.
Technical Impact:
- The attack targeted the Muse software platform, used for shared check-in and boarding gate management.
- Staff reverted to “pen and paper”; numerous flights canceled.
- Software developed by Collins Aerospace, owned by RTX Corporation (formerly Raytheon).
Operational Fallout:
- Ongoing restoration efforts.
- Significant passenger delays and travel chaos.
Quote:

"[The attack] took out the airport's check in and baggage systems, forcing staff to resort to pen and paper... and many travelers to wait or make other plans." – Steve Prentiss [00:19]

2. SMS Scammers Deploy Fake Cell Towers in Global Scheme

Technique:
Scammers use portable SMS “blaster” devices, effectively mobile fake cell towers, to push out up to 100,000 phishing SMS messages per hour to all nearby phones.
Exploitation:
- Active in Asia Pacific, Western Europe, South America.
- Does not require knowledge of phone numbers; works by simulating a cell tower to force phone connection.
Challenges:
- Legitimate cell carriers claim “no power or ability to prevent this.”
Quote:

"The SMS blaster simulates a cell tower, essentially forcing any phone in its vicinity to connect with it." – Steve Prentiss [01:30]

3. Mal Terminal: GPT-4 Powered Ransomware & Reverse Shells

Research Insight:
SentinelOne identifies Mal Terminal, an early malware embedding large language model capabilities.
Capabilities:
- Dynamically generates ransomware code or a reverse shell using OpenAI GPT-4.
- Described as the first of its class (“LLM-embedded malware”).
Current Status:
- No evidence of deployment in the wild; potentially just a proof-of-concept or Red Team tool.
Quote:

"It uses OpenAI GPT4 to dynamically generate ransomware code or a reverse shell." – Steve Prentiss [02:43]

4. Scattered Spider: $115M Extorted Despite Arrests

Criminal Success:
The Scattered Spider group extorted at least $115 million over three years, even after multiple arrests and pretending to go dark.
Methods:
- Social engineering: calling a company's help desk for password resets.
- Account takeover, data theft, and then encrypting critical systems.
High Profile Ransoms:
- Individual ransoms reached $25M and $36.2M.
Quote:

"The scattered spider method remains consistent: calling a victim's company's help desk, asking for a password reset, then taking over an administrative account..." – Steve Prentiss [04:20]

5. FBI Warns of Fake FBI Reporting Sites

Spoofing Attack:
- Cybercriminals have created fraudulent versions of the FBI Internet Crime Complaint Center (IC3) site.
- Sites use typo-squatting and mimic FBI design, even reproducing official scam warnings.
Risks:
These sites could be used to scam or steal personal data from visitors.
Quote:

"...in one instance, the fake site includes an FBI warning, the same one as on the legitimate IC3 site, warning of scammers impersonating FBI IC3 employees..." – Steve Prentiss [05:21]

6. Critical Vulnerability in GoAnywhere MFT Revealed

Vulnerability:
- Maximum severity flaw in GoAnywhere MFT's license servlet (file transfer tool).
- Allows remote command injection due to deserialization of untrusted data.
- Exploitable in low-complexity, no-user-interaction attacks.
Patch Released:
Users urged to update.
Quote:

"The flaw... can be exploited remotely in low complexity attacks that don't require user interaction." – Steve Prentiss [06:00]

7. ChatGPT Trick Can Circumvent CAPTCHA Protections

Innovation:
Dorian Schultz (SPLX) demonstrated that by framing the context as “fake” CAPTCHAs and leveraging prior conversations, GPT-4 can solve a variety of real captchas (except complex image-based ones).
Implication:
Another step in making captchas potentially obsolete, and a new vector for automated account abuses.
Quote:

"Shultz first describes how he convinced ChatGPT4O that the exercise... was designed to only identify fake CAPTCHAs... sufficient to allow the application to solve some real one click captchas." – Steve Prentiss [06:45]

8. Jaguar Land Rover Shutdown: Modern Factory Vulnerabilities

Incident:
Prolonged outage at Jaguar Land Rover (JLR) exposes risks of interconnected, high-efficiency smart factories.
Cause:
- Outsourced IT operations to Tata Consultancy Services, including SAP factory system upgrades.
- When an intrusion was discovered, JLR couldn't isolate or segment its factory systems, forcing a full shutdown.
Lesson:
Over-connection increases exposure:

"...the fact that everything is connected in JLR's systems appears to have become a vulnerability." – Steve Prentiss [07:19]

Notable Quotes & Memorable Moments

“Forcing staff to resort to pen and paper…” – Steve Prentiss (on airport cyberattack) [00:23]
“The SMS blaster simulates a cell tower…” – Steve Prentiss [01:30]
“It uses OpenAI GPT4 to dynamically generate ransomware code or a reverse shell.” – Steve Prentiss [02:43]
“The scattered spider method remains consistent: calling a victim's company's help desk…” – Steve Prentiss [04:20]
“...the fact that everything is connected in JLR's systems appears to have become a vulnerability.” – Steve Prentiss [07:19]

Timestamps for Key Segments

Major Airport Cyberattack: [00:06] – [01:18]
SMS Fake Cell Tower Scam: [01:18] – [02:17]
GPT-4 Malware (Mal Terminal): [02:17] – [03:24]
Scattered Spider Extortion: [03:24] – [04:58]
Fake FBI Reporting Sites: [05:07] – [05:51]
GoAnywhere MFT Critical Flaw: [05:51] – [06:18]
ChatGPT CAPTCHA Circumvention: [06:18] – [06:54]
Jaguar Land Rover Factory Incident: [06:54] – [07:49]

wavePod

European airport cyberattack, SMS celltower scam, GPT4-powered ransomware

Powered by Wave AI

Summary

Cyber Security Headlines – September 22, 2025

Key Discussion Points & Insights

1. European Airport Cyberattack Causes Mass Disruption

2. SMS Scammers Deploy Fake Cell Towers in Global Scheme

3. Mal Terminal: GPT-4 Powered Ransomware & Reverse Shells

4. Scattered Spider: $115M Extorted Despite Arrests

5. FBI Warns of Fake FBI Reporting Sites

6. Critical Vulnerability in GoAnywhere MFT Revealed

7. ChatGPT Trick Can Circumvent CAPTCHA Protections

8. Jaguar Land Rover Shutdown: Modern Factory Vulnerabilities

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Summary Tone & Takeaways

Summary

Cyber Security Headlines – September 22, 2025

Key Discussion Points & Insights

1. European Airport Cyberattack Causes Mass Disruption

2. SMS Scammers Deploy Fake Cell Towers in Global Scheme

3. Mal Terminal: GPT-4 Powered Ransomware & Reverse Shells

4. Scattered Spider: $115M Extorted Despite Arrests

5. FBI Warns of Fake FBI Reporting Sites

6. Critical Vulnerability in GoAnywhere MFT Revealed

7. ChatGPT Trick Can Circumvent CAPTCHA Protections

8. Jaguar Land Rover Shutdown: Modern Factory Vulnerabilities

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Summary Tone & Takeaways