Risky Bulletin: Cybercriminals stole more than $16 billion last year - Risky Bulletin

Summary4 min read

Risky Bulletin: Cybercriminals Stole More Than $16 Billion Last Year

Host: Claire Aird
Prepared by: Catalyn Kim Panu
Release Date: April 24, 2025
Podcast: Risky Bulletin by risky.biz

1. Surge in Cybercrime Losses

Cybercriminals' Financial Impact

Claire Aird opens the episode by highlighting a staggering increase in cybercrime activities. According to the FBI's annual Internet Crime Report, "Cybercriminals stole more than $16 billion last year" (00:04). This figure marks a 30% increase from 2023, with over $9 billion of the losses attributed to cryptocurrency assets—the first instance where crypto losses surpassed traditional financial theft.

Investment Scams Dominate Losses

Investment scams emerged as the most significant threat, accounting for over a third of the reported losses. Since 2020, cybercrime groups have continuously escalated their efforts, targeting both traditional financial systems and the growing cryptocurrency market.

2. Targeted Cyber Attacks and State-Sponsored Threats

Iranian Attempt to Hack EU Official

A notable incident involves an Iranian group attempting to breach the security of Hannah Neumann, head of the EU's Iran delegation. In January, the group, identified as APT42, linked to Iran's Revolutionary Guard Corps, impersonated FBI agents to pressure Neumann's staff into opening malicious emails and documents. Claire emphasizes, "The attacker's tactic was to use social engineering to bypass traditional security measures" (00:10).

US State Department's Cyber Diplomacy Restructure

In response to evolving cyber threats, the US State Department plans to restructure its cyber diplomacy offices. This includes shifting the Bureau of Cyberspace and Digital Policy into the economic wing and establishing a new Bureau for Emerging Threats within the Arms Control wing. Claire notes, "This reorganization suggests a strategic deprioritization of global cyber diplomacy efforts" (00:15).

3. Platform Censorship and Data Exploits

Blue Sky's Government-Mandated Censorship

Blue Sky, a social media platform, has censored 72 Turkish users at the Turkish government's request amidst anti-government protests in March. These accounts remain visible globally but are invisible to audiences within Turkey. Claire points out, "This is the first instance of Blue Sky complying with a government's censorship demands" (00:20).

Zero-Day Vulnerabilities Exploited

Several zero-day vulnerabilities have been exploited:

SAP NetWeaver Service: Attackers have leveraged a zero-day flaw with a CVSS severity rating of 10 to gain access to enterprise networks by uploading web shells. Although SAP has issued a security advisory, a patch is pending.
Japanese Email Service Provider: A stack buffer overflow in Active Mail allowed attackers to take over webmail servers. The vendor patched the issue last week.

North Korean Lazarus Group Activities

The Lazarus Group, associated with North Korea, has conducted successful watering hole attacks and zero-day exploits targeting South Korean tech companies. These attacks utilized vulnerabilities in CrossX, software used to secure enterprise browsers, and deployed malware through hacked websites. Additionally, Trend Micro reports that North Korean hackers are using Russian IP addresses registered to Russian companies near the North Korean border, extending their offensive operations into the cryptocurrency sector.

4. Insider Threats and Data Misconfigurations

Disney World Employee Sentenced for Hacking

Michael Shawyer, a former Disney World employee, has been sentenced to three years in prison for hacking the company's menu software. Shawyer manipulated allergen information, inserted profanity, and altered wine region details to correspond with mass shooting locations. Claire states, "The vandalism was detected after menus were printed but before distribution to restaurants" (00:25).

Blue Shield's Data Leak Incident

US healthcare provider Blue Shield inadvertently sent sensitive health data to Google due to a misconfigured website analytics setup. This data leak persisted for three years, affecting over 4.7 million users and exposing names, addresses, medical information, and insurance details. Blue Shield has acknowledged the breach but cannot specify the exact data compromised for each user.

5. Cyber Warfare and Online Harassment

Ukraine's IT Army Targets Russian Telecommunications

Ukraine's IT army launched a multi-day Distributed Denial of Service (DDoS) attack against UIS, a major Russian IP telephony provider servicing over 15,000 business customers. The attacks disrupted communication services, preventing customers from making calls, as confirmed by UAS on Telegram.

Disturbing Hacks in the Gaming Community

Gamers of Starcraft 2 have reported that trolls are hacking game servers to display disturbing content, including footage of mass shootings and fascist symbols. These hacks, persisting for nearly a year, aim to induce fear and psychological distress among players. Blizzard, the game's developer, is actively working on mitigating these issues.

6. Security Updates and Privacy Enhancements

Zyxel Releases Critical Security Updates

Taiwanese equipment vendor Zyxel has issued a security update to address a remote code execution flaw in its USG Flex H series firewalls, a key product for enterprise security. The vulnerabilities were discovered by Italian researchers Alessandro Grecia from Hackerhood and Marco Evaldi from HN Security.

WhatsApp Introduces Advanced Chat Privacy Features

Meta has rolled out new privacy enhancements for WhatsApp, named Advanced Chat Privacy. These features allow users to:

Block Exporting of Sensitive Conversations: Prevent chat participants from exporting conversations.
Restrict Saving of Images and Videos: Control the saving of shared media.
Exclude Messages from AI Training: Ensure personal messages are not used to train AI models.

Claire concludes, "These updates signify Meta's commitment to enhancing user privacy and data security" (00:30).

Conclusion

This episode of Risky Bulletin underscores the escalating landscape of cyber threats, from significant financial losses and state-sponsored attacks to insider threats and platform censorship. It also highlights the ongoing efforts by companies and governments to mitigate these risks through security updates and privacy enhancements. For those navigating the complex world of cybersecurity, staying informed through sources like Risky Bulletin is paramount.

Note: Timestamps correspond to the podcast transcript provided and are indicative of when specific topics or quotes were discussed.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
Cybercriminals stole more than $16 billion last year. Iran tries to hack an EU official, the Lazarus Group pulls off a successful watering hole and zero day attack and WhatsApp adds new chat privacy features. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 25th of April and this podcast episode is brought to you by Device Cybercrime groups stole more than $16 billion last year, according to the FBI's annual Internet Crime Report. Reported losses increased by more than 30% from 2023, a successful year for cybercrime groups. Over $9 billion of the total reported losses were cryptocurrency assets, marking the first time crypto losses exceeded real money. Investment scams accounted for more than a third of the reported losses. Since 2020, cybercrime groups have stolen a reported. In other news, an Iranian group has attempted to hack the head of the EU's Iran delegation. The attacks against the German politician Hannah Neumann took place in January. The group posed as an FBI agent and used phone calls and messages in an attempt to pressure staff to open malicious emails and documents. The group, Responsible APT42, has been linked to Iran's Revolutionary Guard Corps. The US State Department plans to restructure its cyber diplomacy offices. The proposal would shift the reporting lines of the Bureau of Cyberspace and Digital Policy into the department's economic wing. The department will also create a new Bureau for Emerging Threats in its Arms control wing that will have some cybersecurity responsibilities, according to Cybersecurity Dive. The new organisational chart suggests the US is deprioritising global cyber diplomacy efforts. Blue sky has hidden the posts of 72 Turkish users at the request of the country's government. The request came amid anti government protests in March. The accounts are invisible to audiences in Turkey but are still live on the platform globally. This is the first time Blue sky has censored accounts at the request of a government. A threat actor is exploiting a zero day in SAP Netweaver service to gain access to enterprise networks. The attackers are exploiting a lack of authentication to upload web shell. SAP has released a security advisory but has not yet released a patch. The zero day has a CVSS severity rating of 10. Threat actors have been exploiting a zero day in a popular Japanese email service provider. The stack buffer overflow in active mail allows attackers to take over webmail servers. The vendor patched the issue last week. North Korean hackers have used a watering hole attack and a zero day vulnerability to infect employees of major South Korean tech companies. The attacks occurred late last year. They exploited a zero day in CrossX, a software tool used in South Korea to secure enterprise browsers. Targets were lured to a hacked website where the cross x0 day was exploited to deploy malware on victims systems. Kaspersky attributed the attacks to North Korea's Lazarus Group. North Korean hackers are using Russian IP addresses for offensive cyber operations. Trend Micro says the IPs are registered to two Russian companies based near the North Korean border. The IPs are used by North Korean IT workers based out of China, Russia and Pakistan. They were also used by a North Korean APT in attacks against the cryptocurrency sector. A former Disney World employee has been sentenced to three years in prison for hacking the company's menu software. Michael Shawyer removed the allergen information from the company's menus, added profanity and changed wine regions to the locations at mass shootings. Shoyer was arrested last year and pleaded guilty in January. The vandalism was spotted after menus were printed, but before they were were shipped to restaurants. US Healthcare provider Blue Shield misconfigured its website analytics to send sensitive health data to Google. The leak lasted for three years, affecting more than 4.7 million users. The data included names, home addresses, medical information and insurance details. Blue Shield says it can't determine what was specifically leaked for each individual user. The IT army of Ukraine has conducted a multi day DDoS attack on a Russian telecommunications provider. UIS is one of the largest IP telephony providers on the Russian market, with more than 15,000 business customers. UAS has confirmed the attacks on Telegram. According to posts on Russian social media, customers were unable to make calls during the attacks. Trolls are hacking Starcraft 2 servers to show disturbing videos to other players. Gamers have reported seeing footage of mass shootings, fascist symbols and videos designed to induce epileptic seizures. According to Reddit reports. The hacks have been occurring for almost a year. Starcraft developer Blizzard says it's working on a fix Taiwanese equipment vendor Zyxel has released a security update to fix a remote code execution flaw in its firewalls. The security updates are available for the company's USG Flex H series firewalls, one of the company's most successful enterprise products. Zeixel credited Italian researchers Alessandro Grecia from Hackerhood and Marco Evaldi from HN Security with finding the bugs. And finally, Meta has added new Privacy features to WhatsApp that improve the privacy of chats. Users can now block chat participants from exporting sensitive conversations and saving images or videos. People can also exclude their messages from being used to train AI models. The new feature, named Advanced Chat Privacy is currently being rolled out and that is all for this podcast edition. Today's show is brought to you by our sponsor, Device. Find them at device.com thanks for your company.