Scams target MENA region, pen testers accused of blackmail, DDoS protection faces fresh challenges - Cybersecurity Headlines

Summary4 min read

Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: Sarah Lane
Date: December 25, 2025
Episode Title: Scams Target MENA Region, Pen Testers Accused of Blackmail, DDoS Protection Faces Fresh Challenges

Main Theme & Episode Overview

This episode delivers a roundup of major cybersecurity news for December 25, 2025. The show touches on a wave of fraud scams targeting the MENA region, controversy around responsible vulnerability disclosure, record-breaking crypto thefts, new challenges in DDoS mitigation, fresh U.S. drone regulation, Microsoft’s BitLocker upgrade, security initiatives for small water utilities, and sophisticated APT campaigns.

Key Discussion Points & Insights

1. Coordinated Job Scams in the MENA Region

[00:08 – 01:00]

Fraudulent Remote Job Ads:
- Group IB identifies over 1,500 fake job ads in 2025, mainly in Egypt, Gulf states, and North Africa.
- Scammers exploit demand for remote work using authentic-seeming language, local currencies, and familiar company brands.
- Victims are approached on social media, transitioned to WhatsApp or Telegram, and pressured for personal/financial details.
- Common tactic: requesting deposits for higher-paying work, after which scammers disappear.

Notable Quote:
“Victims are lured in via social media, moved to WhatsApp or Telegram, then asked for personal or financial details, and then often pressured to deposit money for higher paying tasks before scammers disappear.” — Sarah Lane ([00:22])

2. Pen Test Partners Accused of Blackmail During AI Chatbot Disclosure

[01:01 – 01:50]

Incident:
- Pen Test Partners reported multiple vulnerabilities in Eurostar’s public AI chatbot: prompt injection, system prompt leakage, and potential XSS.
- During disclosure, Eurostar’s head of security accused Pen Test Partners of blackmail.
- The chatbot’s guardrails only validated the latest chat message, letting attackers tamper with prior interactions.
- It’s unclear if all vulnerabilities have been fixed.

Notable Quote:
“Pen Test Partners… now say they were accused of blackmail by Eurostar’s head of security during the disclosure process.” — Sarah Lane ([01:15])

3. Record $2.7 Billion Stolen in Crypto Thefts

[01:51 – 02:17]

Data:
- Chainalysis, TRM Labs, and DeFi report hackers stole $2.7 billion in crypto during 2025.
- Biggest heist: $1.4 billion Bybit exchange hack, attributed to North Korean state-supported attackers.
- North Korea estimated to have stolen at least $2 billion in 2025 to fund weapons programs.
- Continues the trend from $2.2B in 2024 and $2B in 2023.

4. Evolving DDoS Attack Landscape

[02:18 – 03:20]

Emerging Trends:
- Automated bot traffic now surpasses 50% of web activity, blurring lines for DDoS defenses.
- Attackers mix malicious and legitimate automation.
- Multi-vector attacks escalate, e.g., 6TB Solana DDoS in December (no downtime).
- Traditional perimeter defenses are less effective.
- Advice: Adopt behavior-based detection, layered protections across network, application, and API layers for both “volumetric and cost exhaustion attacks.”

Notable Quote:
“Attackers blend in with legitimate automation. The shift is driving larger multi-vector attacks… traditional perimeter defenses and rate limiting aren’t sufficient anymore.” — Sarah Lane ([02:36])

5. FCC Bans Foreign-Made Drones and Critical Components

[03:21 – 03:58]

New Ban:
- FCC blocks approval, import, or sale of new foreign-made drones/components due to national security risks (2025 NDAA).
- Focuses on Chinese manufacturers like DJI and Autel.
- Existing/previously approved models unaffected; solely impacts future models.

6. Microsoft’s Hardware Accelerated BitLocker for Windows 11

[03:59 – 04:35]

Product Update:
- Hardware-accelerated BitLocker improves performance, cutting CPU usage by up to 70% per I/O.
- Offloads encryption to system-on-chip on NVMe systems.
- Enhanced security: better key protection from memory/CPU attacks.
- Rolling out with Windows 11 24H2 and 25H2, initially for Intel vPro Ultra Series 3.

7. Cybersecurity Initiative for Small Water Utilities

[04:36 – 05:22]

New Model:
- Defcon Franklin proposes a managed security service model for rural/small U.S. water utilities after volunteer-based efforts proved unscalable.
- Co-founder Jake Braun: new program offers national framework for shared threat monitoring and response, in partnership with National Rural Water Association.
- Over 70% of U.S. water systems fail basic cyber standards.
- Funded in part by Craigslist’s Craig Newmark, hiring cybersecurity expert Tara Wheeler for program design and operation.

8. Evasive Panda APT Poisons DNS for Stealthy Malware Delivery

[05:23 – 06:10]

APT Activity:
- Kaspersky: China-linked Evasive Panda group hijacked DNS requests to deliver MGBot malware in targeted campaigns (late 2022 - 2024).
- Used fake updates, adversary-in-the-middle, staged loaders, and per-victim encryption.
- MGBot injected into legit Windows processes for long-term persistence.
- Targeted victims in Turkey, China, and India; some systems compromised over a year.

Memorable Quotes & Moments

“Victims are lured in via social media, moved to WhatsApp or Telegram, then asked for personal or financial details, and then often pressured to deposit money for higher paying tasks before scammers disappear.” — Sarah Lane ([00:22])
“Pen Test Partners… now say they were accused of blackmail by Eurostar’s head of security during the disclosure process.” — Sarah Lane ([01:15])
“Attackers blend in with legitimate automation. The shift is driving larger multi-vector attacks… traditional perimeter defenses and rate limiting aren’t sufficient anymore.” — Sarah Lane ([02:36])

Noteworthy Timestamps

00:08 — Introduction to scams targeting MENA region
01:01 — Pen Test Partners vs Eurostar disclosure controversy
01:51 — Record-breaking cryptocurrency thefts
02:18 — Automated bots’ impact on DDoS protection
03:21 — FCC’s ban on certain foreign drones/components
03:59 — Microsoft’s BitLocker hardware acceleration
04:36 — Cybersecurity push for small water utilities
05:23 — Evasive Panda’s stealth DNS-poisoning campaign

Conclusion

The episode underscores escalating threats from scams and technical attacks across regions and industries, highlights challenges in vulnerability disclosure, and points to evolving defensive strategies. It also surfaces regulatory responses and innovation efforts in cybersecurity for critical infrastructure.

For deeper info on any headline, visit cisoseries.com.

Loading summary

Transcript4 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Thursday, December 25, 2025. I'm Sarah Lane. Coordinated scams target Mena Region Group IB reports a coordinated wave of fake job ads targeting the Middle east and North Africa or Middle East MENA Region Exploiting demand for remote work More than 1,500 fraudulent ads were identified in 2025, mainly aimed at Egypt, Gulf states and North Africa. Using localized language currencies and familiar brands, victims are lured in via social media, moved to WhatsApp or Telegram, then asked for personal or financial details, and then often pressured to deposit money for higher paying tasks before scammers disappear. Pen Test Partners accused of Blackmail Researchers at Pen Test Partners disclosed multiple flaws in Eurostar's public AI chatbot that allowed prompt injection system prompt leakage and potential HTML and cross site scripting attacks, but now say they were accused of blackmail by by Eurostar's head of security during the disclosure process. The issues stemmed from poor guardrail design that only validated the latest message in a chat, letting an attacker tamper with earlier messages to bypass protections. Pentest says it's unclear whether all issues have been fully resolved. Hackers steal record $2.7 billion in crypto According to data from Chainalysis, TRM Labs and DeFi, hackers stole a record $2.7 billion in cryptocurrency in 2025. The largest incident noted was the 1.4 billion Bybit exchange hack, which US authorities and blockchain analysts attributed to North Korean state backed hackers who are estimated to have stolen at least $2 billion this year due to to fund weapons programs. This continues a rise from 2.2 billion stolen in 2024 and 2 billion in 2023. DDoS protection faces fresh challenges IT security guru posted on Wednesday that automated bot traffic now accounts for more than half of all web traffic, complicating DDoS defense as attackers blend in with legitimate automation. The shift is driving larger multi vector attacks that combine network layer floods with application and API layer abuse, including a 6 TB DDoS attack against Solana in December that caused no downtime. The article says traditional perimeter defenses and rate limiting aren't sufficient anymore, and that organizations need behavior based detection and layered protections spanning network, application and and API layers to counter both volumetric and cost exhaustion attacks. Huge thanks to our sponsor Threadlocker want real zero trust training zero trust world 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando, plus a live CISO episode on March 6th. Get $200 off with ZTW CISO 26@ZTW.com FCC announces ban on Foreign Drones and Critical Components the FCC added foreign made drones and critical drone components to its covered list, citing national security risks blocking new models from being approved, imported or sold in the US under the 2025 National Defense Authorization Act. This does target Chinese manufacturers like DJI and autel. Existing and previously approved drones aren't affected. The ban applies only to future device models. Microsoft Rolls out Hardware Accelerated BitLocker in Windows 11 Microsoft is rolling out Hardware Accelerated BitLocker in windows 11 to improve performance and security by offlo encryption tasks to supported system on chip components on compatible NVME based systems. This reduces CPU usage by about 70% per IO and better protects encryption keys from memory and CPU attacks. The feature is available starting with Windows 11, 24H2 and 25H2, initially on Intel VPro systems with Core Ultra Series 3 processors with more hardware support planned Cyber Volunteer Effort for Small Water Utilities has new plan Defcon Franklin announced plans to build a managed security service provider model for small and rural U.S. water utilities after its volunteer based cybersecurity effort proved hard to scale. Co founder and former US Administration Cyber official Jake Braun says the initiative would offer shared, affordable threat monitoring and response through a national framework run with the National Rural Water association since findings show that more than 70% of water systems fail basic cyber standards. Funding support includes backing from Craigslist Craig Newmark, with cybersecurity expert Tara Wheeler hired to help design and run the program. Evasive Panda Apt Poisons DNS Requests to Deliver MG Bot Kaspersky reports that the China linked Evasive Panda APT poisoned DNS requests for legitimate sites to deliver its MG Bot malware in long running highly targeted campaigns from late 2022 through 2024. The group used fake software updates, adversary in the middle techniques, multi stage loaders and per victim encryption to evade detection, ultimately injecting MG Bot into legitimate Windows processes for long term persistence. Victims were identified in Turkey, China and India with some systems compromised for more than a year. As always, thank you for listening to cybersecurity headlines. We hope everyone out there has a very merry Christmas or a really excellent Thursday. If you have some thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I am Sarah Lane reporting for the CISO series. Happy holidays and we'll be back with you tomorrow.
[07:18]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.
[07:29]
B
Boom, boom.