CyberWire Daily – Episode: "Lights Out, Lines Down"
Release Date: April 28, 2025
Host: Dave Bittner, N2K Networks

1. Major Cybersecurity Incidents

a. Massive Power Outage in the Iberian Peninsula

At approximately 12:30 PM local time, a significant power outage disrupted the Iberian Peninsula, affecting Spain, Portugal, southern France, and Andorra. The blackout resulted in Spain's power demand plummeting by half instantly, leading to a total grid failure. Critical infrastructure, including airports, metros, telecommunications, and traffic systems, experienced severe impacts.

Spain's Prime Minister, Pedro Sanchez, visited Red Electrica's control center to oversee emergency restoration efforts, primarily focusing on hydroelectric power as gas and nuclear sources remained offline. The region saw a substantial decline in internet traffic, dropping by nearly 37%. The Spanish Cybersecurity Coordination Office is investigating the incident, with authorities considering a cyberattack as the likely cause. This event underscores the escalating threat of cyberattacks on utility infrastructures, which have more than doubled globally in recent years.

Quote:

"[The outage] highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years."
— Dave Bittner [02:06]

b. Iran Repels Cyberattack on National Infrastructure

Iran announced the successful defense against a widespread and intricate cyberattack targeting its national infrastructure. Bezad Akbari from Iran's telecommunications infrastructure company provided limited details, noting no confirmed link to the deadly explosion at Rashid Rajeh port the previous day, which resulted in significant casualties. While maritime experts attribute the explosion to mishandled ballistic missile fuel, Iran maintains its stance amid tense nuclear negotiations with the U.S. The country has a history of facing major cyberattacks, often attributed to U.S. and Israeli forces.

c. SAP Netweaver Systems Vulnerable to Zero-Day Exploit

Security researchers from ReliaQuest discovered a critical zero-day vulnerability in approximately 454 SAP Netweaver systems. This flaw allows unauthenticated file uploads and complete system compromise by targeting the metadata uploader component. The vulnerability has already been weaponized, enabling attackers to deploy web shells through insufficient authorization checks. SAP released an emergency patch on April 24th, urging organizations to apply it immediately or use temporary passwords to mitigate the severe risks posed to exposed SAP environments.

d. Breach of VeraSource Services Exposes Personal Data

VeriSource Services disclosed a breach in 2024 that compromised the personal data of 4 million individuals associated with companies using its employee benefits platform. The exposed information includes names, birth dates, addresses, and Social Security numbers. Although the breach was quickly discovered, a comprehensive impact analysis took over a year, with final notifications issued in April 2025. While no misuse has been reported thus far, VeriSource is offering free credit monitoring to affected individuals. Experts warn that the prolonged exposure increases the risk of identity fraud and theft.

e. Surge in Global Automated Scanning Activities

According to the FortiGuard Labs 2025 Global Threat Landscape Report, global automated scanning activities increased by 16.7% in 2024, revealing significant digital vulnerabilities. Threat actors are conducting approximately 36,000 scans per second, targeting services such as SIP, RDP, and IoT protocols. Cybercrime marketplaces have introduced 40,000 new vulnerabilities and witnessed a 500% rise in infostealer malware logs, contributing to the theft of 1.7 billion credentials. Critical sectors like manufacturing and business services are increasingly under threat, with the U.S. absorbing 61% of these attacks. The report emphasizes the importance of intelligence-led defense strategies, including attack surface management, real-world adversary simulations, and dark web monitoring, to counter evolving cyber threats effectively.

Quote:

"Global automated scanning surged 16.7% in 2024, exposing major digital vulnerabilities."
— Dave Bittner [08:45]

2. Legal Developments

a. WhatsApp vs. NSO Group Trial

The ongoing lawsuit between WhatsApp and NSO Group has reached a critical phase. WhatsApp alleges that NSO Group engaged in unauthorized surveillance of approximately 1,400 of its users, violating the Computer Fraud and Abuse Act (CFAA) and invading privacy. NSO Group contends that it merely provides technology for governments to combat terrorism and crime, distancing itself from direct hacking activities.

This week, a significant ruling was issued, finding NSO Group guilty of the alleged misconduct. The judge imposed restrictions on NSO Group, preventing them from disclosing their clients' identities or the professions of the alleged victims. This decision undermines NSO Group's defense strategy of portraying themselves as facilitators for legitimate governmental actions. As a result, the trial is now expected to focus more on NSO Group's conduct rather than the actions of their clients.

Quote:

"NSO Group can no longer bring up who their clients are or the identities of the alleged victims."
— Tim Starks [14:34]

b. Appointment of New Deputy Director at CISA

Tim Starks highlighted the appointment of Gatumakala as the new Deputy Director at the Cybersecurity and Infrastructure Security Agency (CISA). Confirmed by CISA, Gatumakala will assume his role after transitioning from his current position in South Dakota's state government on May 16th. Unlike some previous appointments lacking extensive cybersecurity expertise, Gatumakala brings a robust technical background, enhancing CISA's leadership capabilities. His appointment is seen as a positive step towards strengthening the agency's cybersecurity initiatives.

3. Industry Insights and Trends

a. Rise of AI-Driven Cyber Threats

The integration of AI in cyberattacks has intensified phishing and credential stuffing campaigns. Tools like Fraud GPT leverage artificial intelligence to craft more convincing and targeted attacks, making them harder to detect and mitigate. Fortinet advocates for the adoption of real-time AI-powered security solutions to stay ahead of these sophisticated threats and prevent operational disruptions.

b. Shift Towards Continuous Penetration Testing

Traditional penetration testing has been criticized for being resource-intensive, slow, and providing only a snapshot of an application's security. Outpost 24 introduces a continuous penetration testing service, offering year-round protection through recurring manual tests conducted by Crest-certified testers. This approach ensures that web applications remain secure by proactively identifying and addressing vulnerabilities between development cycles.

Quote:

"Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities."
— Dave Bittner [00:02]

4. Expert Interviews

Tim Starks from Cyberscoop

Tim Starks, a senior reporter at Cyberscoop, provided in-depth analysis of the NSO Group trial and the proliferation of cyber threats fueled by bad scans and AI misconceptions. He discussed the implications of the recent court ruling against NSO Group, emphasizing the challenges the company faces in defending its role in providing surveillance technology. Starks also shed light on the appointment of Gatumakala at CISA, highlighting the importance of experienced leadership in combating emerging cyber threats.

Quote:

"This outage highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years."
— Tim Starks [02:06]

5. Conclusions and Takeaways

• Escalating Threats to Critical Infrastructure: The recent power outage in the Iberian Peninsula and Iran's defense against cyberattacks underscore the increasing targeting of national infrastructure by sophisticated cyber adversaries.

• Vulnerability Management is Crucial: The discovery of critical vulnerabilities in SAP Netweaver systems and the breach of VeraSource Services highlight the need for timely patching and robust security measures to protect sensitive data.

• Legal Accountability in Cybersecurity: The WhatsApp vs. NSO Group case sets a precedent for holding technology providers accountable for the misuse of their tools, potentially reshaping the landscape of cybersecurity litigation.

• Adoption of Advanced Security Strategies: As cyber threats evolve with AI advancements, organizations must embrace intelligence-led defense strategies and continuous security assessments to safeguard their assets effectively.

• Leadership and Expertise Matter: The appointment of experienced individuals like Gatumakala to pivotal roles in agencies like CISA is essential for enhancing national cybersecurity resilience.

Notable Quotes:

• "Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities." — Dave Bittner [00:02]

• "Global automated scanning surged 16.7% in 2024, exposing major digital vulnerabilities." — Dave Bittner [08:45]

• "NSO Group can no longer bring up who their clients are or the identities of the alleged victims." — Tim Starks [14:34]

• "[The outage] highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years." — Dave Bittner [02:06]

Final Thoughts:
The "Lights Out, Lines Down" episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, highlighting significant incidents, legal battles, and emerging trends. With expert insights and in-depth analysis, listeners gain a nuanced understanding of the challenges and strategies essential for navigating the ever-evolving threat environment.