Risky Bulletin: Cybercriminals Stole More Than $16 Billion Last Year

Host: Claire Aird
Prepared by: Catalyn Kim Panu
Release Date: April 24, 2025
Podcast: Risky Bulletin by risky.biz

1. Surge in Cybercrime Losses

Cybercriminals' Financial Impact

Claire Aird opens the episode by highlighting a staggering increase in cybercrime activities. According to the FBI's annual Internet Crime Report, "Cybercriminals stole more than $16 billion last year" (00:04). This figure marks a 30% increase from 2023, with over $9 billion of the losses attributed to cryptocurrency assets—the first instance where crypto losses surpassed traditional financial theft.

Investment Scams Dominate Losses

Investment scams emerged as the most significant threat, accounting for over a third of the reported losses. Since 2020, cybercrime groups have continuously escalated their efforts, targeting both traditional financial systems and the growing cryptocurrency market.

2. Targeted Cyber Attacks and State-Sponsored Threats

Iranian Attempt to Hack EU Official

A notable incident involves an Iranian group attempting to breach the security of Hannah Neumann, head of the EU's Iran delegation. In January, the group, identified as APT42, linked to Iran's Revolutionary Guard Corps, impersonated FBI agents to pressure Neumann's staff into opening malicious emails and documents. Claire emphasizes, "The attacker's tactic was to use social engineering to bypass traditional security measures" (00:10).

US State Department's Cyber Diplomacy Restructure

In response to evolving cyber threats, the US State Department plans to restructure its cyber diplomacy offices. This includes shifting the Bureau of Cyberspace and Digital Policy into the economic wing and establishing a new Bureau for Emerging Threats within the Arms Control wing. Claire notes, "This reorganization suggests a strategic deprioritization of global cyber diplomacy efforts" (00:15).

3. Platform Censorship and Data Exploits

Blue Sky's Government-Mandated Censorship

Blue Sky, a social media platform, has censored 72 Turkish users at the Turkish government's request amidst anti-government protests in March. These accounts remain visible globally but are invisible to audiences within Turkey. Claire points out, "This is the first instance of Blue Sky complying with a government's censorship demands" (00:20).

Zero-Day Vulnerabilities Exploited

Several zero-day vulnerabilities have been exploited:

• SAP NetWeaver Service: Attackers have leveraged a zero-day flaw with a CVSS severity rating of 10 to gain access to enterprise networks by uploading web shells. Although SAP has issued a security advisory, a patch is pending.

• Japanese Email Service Provider: A stack buffer overflow in Active Mail allowed attackers to take over webmail servers. The vendor patched the issue last week.

North Korean Lazarus Group Activities

The Lazarus Group, associated with North Korea, has conducted successful watering hole attacks and zero-day exploits targeting South Korean tech companies. These attacks utilized vulnerabilities in CrossX, software used to secure enterprise browsers, and deployed malware through hacked websites. Additionally, Trend Micro reports that North Korean hackers are using Russian IP addresses registered to Russian companies near the North Korean border, extending their offensive operations into the cryptocurrency sector.

4. Insider Threats and Data Misconfigurations

Disney World Employee Sentenced for Hacking

Michael Shawyer, a former Disney World employee, has been sentenced to three years in prison for hacking the company's menu software. Shawyer manipulated allergen information, inserted profanity, and altered wine region details to correspond with mass shooting locations. Claire states, "The vandalism was detected after menus were printed but before distribution to restaurants" (00:25).

Blue Shield's Data Leak Incident

US healthcare provider Blue Shield inadvertently sent sensitive health data to Google due to a misconfigured website analytics setup. This data leak persisted for three years, affecting over 4.7 million users and exposing names, addresses, medical information, and insurance details. Blue Shield has acknowledged the breach but cannot specify the exact data compromised for each user.

5. Cyber Warfare and Online Harassment

Ukraine's IT Army Targets Russian Telecommunications

Ukraine's IT army launched a multi-day Distributed Denial of Service (DDoS) attack against UIS, a major Russian IP telephony provider servicing over 15,000 business customers. The attacks disrupted communication services, preventing customers from making calls, as confirmed by UAS on Telegram.

Disturbing Hacks in the Gaming Community

Gamers of Starcraft 2 have reported that trolls are hacking game servers to display disturbing content, including footage of mass shootings and fascist symbols. These hacks, persisting for nearly a year, aim to induce fear and psychological distress among players. Blizzard, the game's developer, is actively working on mitigating these issues.

6. Security Updates and Privacy Enhancements

Zyxel Releases Critical Security Updates

Taiwanese equipment vendor Zyxel has issued a security update to address a remote code execution flaw in its USG Flex H series firewalls, a key product for enterprise security. The vulnerabilities were discovered by Italian researchers Alessandro Grecia from Hackerhood and Marco Evaldi from HN Security.

WhatsApp Introduces Advanced Chat Privacy Features

Meta has rolled out new privacy enhancements for WhatsApp, named Advanced Chat Privacy. These features allow users to:

• Block Exporting of Sensitive Conversations: Prevent chat participants from exporting conversations.
• Restrict Saving of Images and Videos: Control the saving of shared media.
• Exclude Messages from AI Training: Ensure personal messages are not used to train AI models.

Claire concludes, "These updates signify Meta's commitment to enhancing user privacy and data security" (00:30).

Conclusion

This episode of Risky Bulletin underscores the escalating landscape of cyber threats, from significant financial losses and state-sponsored attacks to insider threats and platform censorship. It also highlights the ongoing efforts by companies and governments to mitigate these risks through security updates and privacy enhancements. For those navigating the complex world of cybersecurity, staying informed through sources like Risky Bulletin is paramount.

Note: Timestamps correspond to the podcast transcript provided and are indicative of when specific topics or quotes were discussed.