Europol shuts down DDoS-for-hire services, CrowdStrike lays off 500 workers, GOV.UK embraces passkeys - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines – May 8, 2025

Hosted by Sarah Lane from the CISO Series

1. Europol Shuts Down DDoS-for-Hire Services

Overview: Europol has successfully dismantled six prominent Distributed Denial of Service (DDoS) for-hire platforms implicated in global cyberattacks targeting schools, businesses, and government websites. The operations shut down include CFX API, CFX Security, NeoPress, Jetstress, Quickdown, and Zap Cut. These services enabled users to launch cyberattacks for as little as €10 through user-friendly interfaces.

Key Actions:

Arrests and Seizures: Polish authorities apprehended four suspects, and U.S. law enforcement agencies seized nine related domains.
Operational Tactics: Quickdown, one of the targeted services, utilized a combination of botnets and dedicated servers to scale its attack capabilities effectively.

Notable Quote: Sarah Lane mentions at [02:15]：“Quickdown was particularly sophisticated, combining botnets with dedicated servers to amplify the scale of their operations significantly.”

2. CrowdStrike Announces Layoffs of 500 Employees

Overview: CrowdStrike, a leading cybersecurity firm, has announced the layoff of approximately 500 employees, constituting about 5% of its workforce. This strategic move is part of the company's efforts to achieve a $10 billion annual recurring revenue target.

Strategic Shift:

Leadership Statement: CEO George Kurtz addressed the staff, emphasizing that the layoffs would enable the company to "move faster and maintain its cybersecurity leadership."
Background Challenges: The company recently faced criticism following a defective software update that disrupted 8.5 million Windows devices worldwide.

Notable Quote: At [05:40], George Kurtz stated, “This adjustment is crucial for us to accelerate our growth trajectory and uphold our position as a cybersecurity leader in the industry.”

3. GOV.UK Embraces Passkeys for Enhanced Security

Overview: The UK government is transitioning from SMS-based two-factor authentication to passkeys across all gov.uk services by the end of 2025. This initiative aims to bolster security measures and streamline user experience.

Implementation Details:

National Cybersecurity Center's Role: The center is deploying passkey support on its platform.
Adoption in Key Sectors: The National Health Service (NHS) has already integrated passkeys into its systems.
International Standards Compliance: This move aligns with the UK's membership in the FIDO Alliance, promoting passwordless authentication standards.

Notable Quote: Sarah Lane reports at [09:25], “Replacing SMS-based authentication with passkeys not only enhances security but also reduces friction for users, paving the way for a smoother digital experience.”

4. Masimo Suffers Cyber Attack Affecting Order Fulfillment

Overview: Masimo, a manufacturer of patient monitoring devices, is investigating a cyberattack that occurred in April, disrupting its manufacturing systems and hindering order fulfillment capabilities.

Impact and Response:

System Breach: The attack targeted on-premises systems, with no evidence of breach into cloud infrastructure.
Mitigation Efforts: Masimo is collaborating with law enforcement and cybersecurity experts to address the breach.
Financial Outlook: The company does not anticipate the incident to affect its 2025 earnings guidance.

Notable Quote: At [12:50], a Masimo spokesperson asserted, “Our priority is to restore full operational capacity swiftly while ensuring that our financial projections remain on track.”

5. Autokit WordPlus Plugin Under Exploit Attack

Overview: The Autokit WordPlus plugin, boasting over 100,000 installations, is currently under attack due to two critical vulnerabilities. These flaws allow unauthenticated attackers to escalate privileges, posing significant security risks.

Details of the Exploits:

Vulnerability Origins: Missing security checks in the plugin's codebase.
Attack Timeline: Exploits began around May 2, with widespread exploitation commencing on May 4.
Recommended Actions: Users are advised by Wordfence to update to version 1.0.83 immediately to mitigate potential threats.

Notable Quote: Sarah Lane highlights at [15:10], “The absence of proper checks in the Autokit WordPlus plugin has exposed users to severe privilege escalation risks, necessitating urgent updates.”

6. CISA Alerts on Targeted Attacks Against Oil Infrastructure

Overview: The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI, EPA, and DOE, has issued warnings about increased cyber threats targeting industrial control systems within the U.S. oil and natural gas sectors.

Recommended Security Measures:

System Isolation: Infrastructure operators are urged to disconnect public-facing Operational Technology (OT) systems.
Authentication Enhancements: Implementation of strong credentials and VPNs fortified with phishing-resistant Multi-Factor Authentication (MFA).
Network Segregation: Separation of OT networks from other networks to contain potential breaches.
Fail-Safe Protocols: Emphasis on testing manual fail-safes and coordinating with third-party providers for system-specific protections.

Notable Quote: At [18:35], a CISA representative emphasized, “Implementing these security measures is imperative to safeguard critical infrastructure from increasingly sophisticated cyber threats.”

7. Telemessage’s Insecure Chat Logs Spark Investigation

Overview: Telemessage, a federal contractor providing a modified version of Signal known as tmsgnl, has come under scrutiny after security researchers discovered that the app stores plaintext chat logs. This revelation contradicts the company's claims of offering end-to-end encryption.

Security Breaches:

Source Code Analysis: Researcher Misha Lee found vulnerabilities in the Android source code that allowed unauthorized access to text messages.
Data Leaks: The company experienced two separate hacks, resulting in the exposure of sensitive data.
Operational Suspension: In response to these breaches, Telemessage has suspended its services.

Political Repercussions: Senator Ron Wyden has called for a Department of Justice (DOJ) investigation, labeling the app as a potential national security threat due to its insecure design and alleged foreign affiliations.

Notable Quote: Sarah Lane reports at [21:50], “The discovery of plaintext chat logs in Telemessage’s app not only undermines user trust but also raises significant national security concerns given its use by senior US officials.”

8. Poland Accuses Russia of Election Interference

Overview: Poland's Digital Affairs Minister, Christoph G, has accused Russia of conducting an unprecedented campaign aimed at disrupting Poland's upcoming presidential election. The alleged interference includes disinformation campaigns and cyberattacks targeting critical infrastructure.

Scope of Attacks:

Increase in Activity: The minister reported that cyberattacks have more than doubled this year.
Legal Measures: Polish authorities have warned that Polish citizens aiding Russian efforts will face criminal charges.
Regional Context: Similar accusations have surfaced in Romania, where pro-Kremlin hackers targeted government websites during recent elections.

Russia’s Stance: The Russian government has categorically denied all allegations of election interference in both Poland and Romania.

Upcoming Elections: Poland's presidential election is scheduled for May, with a possible runoff on June 1st.

Notable Quote: At [25:20], Minister Christoph G stated, “The scale and persistence of these attacks are unprecedented, and we are taking decisive action to safeguard our democratic processes.”

Conclusion

This episode of Cyber Security Headlines provided a comprehensive overview of significant cybersecurity events, ranging from international law enforcement actions against DDoS-for-hire services to critical infrastructure threats and political cyber interference. Host Sarah Lane effectively highlighted the evolving challenges in the cybersecurity landscape, emphasizing the importance of proactive measures and international cooperation in mitigating these threats.

For more detailed stories and daily updates, listeners are encouraged to visit CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Sarah Lane
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Thursday, May 8, 2025. I'm Sarah Lane. Europol shuts down six DDoS for hire services used in global attacks Europol shut down six DDoS for hire services CFX API, CFX Security, NeoPress, Jetstress, Quick down and Zap Cut linked to global attacks on schools, businesses and government sites. Polish authorities arrested four suspects and the US seized nine related domains. These platforms let users launch attacks for as little as €10 via sleek interfaces. Quicktown, one of the services, combined botnets and dedicated servers to scale operations. CrowdStrike says it will lay off 500 workers CrowdStrike is laying off 500 employees, about 5% of its workforce, as part of a shift to hit a $10 billion annual recurring revenue target. CEO George Kurtz told staff the move will help Crowdstrike move faster and maintain its cybersecurity leadership. The company previously faced backlash after a faulty software update disrupted 8.5 million Windows devices globally. Passkeys set to protect gov.uk accounts against cyber attacks the UK will replace SMS based two factor authentication with passkeys across gov.uk services by the end of the year to boost security and reduce friction for users. The National Cybersecurity center is rolling out passkey support for its platform and the NHS already uses them. The move was announced at Cyber UK 2025 and follows the UK joining the FIDO alliance to support passwordless authentication standards. Massimo says cyber attack has impacted its ability to fulfill orders Masimo, maker of patient monitoring devices, is investigating an April cyber attack that disrupted its manufacturing systems and ability to fulfill orders. The company says its on premises systems were affected, but there's no evidence that the attack reached its cloud infrastructure. Masimo says it's working with law enforcement and third party experts and does not expect the incident to impact its 2025 earnings guidance. Huge thanks to our sponsor ThreatLocker. ThreatLocker is a global leader in Zero Trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threadlocker.com CISO that's CISO Autokit WordPlus plugin with 100,000 installs hit by exploits targeting multiple flaws. Attackers are actively exploiting two vulnerabilities in the Autokit formerly sure triggers Word plus plugin, which has over 100,000 installs. The main flaw allows unauthenticated attackers to escalate privileges due to missing checks in the code. Exploits reportedly began around May 2 with mass exploitation starting May 4. Wordfence advises users to update to version 1.0.83 immediately to mitigate risks. CISA warns of hackers targeting critical oil infrastructure cisa, along with the FBI, EPA and doe, has warned that unsophisticated attackers are targeting industrial control Systems in the U.S. oil and natural gas sectors. Agencies have urged infrastructure operators to disconnect public facing OT systems, use strong credentials, implement VPNs with phishing resistant MFA and separate it ot networks or also stressing the need for testing manual fail safes and coordinating with third party providers for system specific protections. Telemessage stores plaintext chat logs per security researchers Senator demands DOD investigate Telemessage suspend services Telemessage, a federal contractor that sold a modified version of Signal called tmsgnl so TM Signal to senior US officials can reportedly access plain text chat logs despite marketing claims suggesting end to end encryption. Security researcher Misha Lee analyzed the app's Android source code and found it insecure, confirming text messages access. The company was recently hacked twice, leaking sensitive data and prompting it to suspend operations. Senator Ron Wyden has now called for a DOJ investigation, citing the app as a potential national security threat due to its insecure design and foreign ties. Poland accuses Russia of unprecedented interference ahead of presidential election Poland's digital affairs minister accused Russia of launching an unprecedented campaign to disrupt the country's upcoming presidential election through disinformation and cyber attacks on critical infrastructure. Minister Christoph G said attacks have more than doubled this year and warned that Polish citizens who aid Russian efforts will face criminal charges. The warning follows similar concerns in Romania, where pro Kremlin hackers targeted government sites during a recent election. Russia has denied all allegations of election interference in both countries. Poland's election is set for May, with a possible runoff June 1st. If you're in the Boston area, remember to join us for a live CISO Series podcast recording on May 15th. If you've never joined us for a live recording, they are a lot of fun. Great conversations, fun games, a chance to win some CISO series WAG plus free food, drink and networking. If you want to join us, this is a free event being organized by Zscaler, but you need to register. Head on over to the events page@cisoseries.com for more information. I'm Sarah Lane reporting for the CISO Series. Thank you so much for listening. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines. It.