Risky Bulletin: France Runs Phishing Test on 2.5 Million Students Hosted by risky.biz | Released on March 28, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Aird delves into a spectrum of pressing cybersecurity issues, ranging from large-scale phishing tests to government regulations on facial recognition technology. The episode, prepared by Catalyn Kim Panu and sponsored by Sublime Security, provides a comprehensive overview of recent cyber threats, governmental actions, and significant breaches impacting various sectors globally.

Major Topics Discussed

1. France's Largest-Ever Phishing Test: Operation Cactus

Claire Aird opens the discussion with France's ambitious cybersecurity initiative, Operation Cactus.

• Overview: The French government conducted a phishing test targeting 2.5 million students across middle and high schools. The aim was to assess and enhance the phishing awareness among young individuals.

• Results:

  • 10% Click-Through Rate: Approximately 200,000 students interacted with the phishing attempt. While this may seem alarming, security firm KnowBefore highlighted that this rate is “still much better than the average corporate click-through rate of 33%” (00:45).

• Objective: The test involved sending a link that advertised cracked games and cheats. Clicking the link redirected students to a phishing awareness message, educating them on the dangers and recognizing phishing attempts.

• Significance: As Operation Cactus stands as the largest known phishing test to date, it underscores the proactive measures governments are taking to bolster cyber resilience among the youth.

2. China's New Facial Recognition Regulations

The episode shifts focus to significant policy changes in China regarding facial recognition technology.

• Key Points:

  • Consent Requirement: Companies must obtain explicit consent before deploying facial recognition systems.

  • Encryption & Security Audits: Biometric data must be encrypted, and organizations are required to undergo regular security audits to ensure data protection.

  • Usage Restrictions: Facial recognition is now banned in hotel lobbies, pubs, public bathrooms, and changing rooms, minimizing intrusive surveillance in sensitive areas.

• Exemptions: Notably, these rules do not apply to the Chinese government's use of facial recognition technology, maintaining state surveillance capabilities.

• Implementation Date: The regulations are set to take effect in June 2025.

• Claire Aird Quotes: “The rules prohibit companies from using facial recognition if other less intrusive options exist” (02:15).

3. Data Breaches Involving US Government Officials

Highlighting vulnerabilities in data protection, the podcast discusses recent breaches exposing personal information of high-profile US officials.

• Affected Individuals:

  • Mike Waltz, National Security Adviser
  • Tulsi Gabbard, Director of National Intelligence
  • Pete Hegseth, Defence Secretary

• Leak Details: The German news site Der Spiegel uncovered phone numbers and email addresses linked to accounts on platforms like Dropbox, LinkedIn, Instagram, and Signal (03:30).

• Implications: This breach emphasizes the continuous threat to governmental data and the importance of robust cybersecurity measures to protect sensitive information.

4. Zero-Day Exploits and Browser Security

The discussion moves to critical vulnerabilities discovered in major web browsers, impacting both users and organizations.

• Google Chrome Zero-Day:

  • Patch Release: Google addressed a zero-day vulnerability that was exploited in attacks against Russian media and educational institutions.
  • Attack Details: According to Kaspersky, a state-sponsored APT group utilized a Chrome sandbox escape combined with a secondary exploit to deploy sophisticated malware (04:45).

• Mozilla Firefox Vulnerability:

  • Parallel Patch: Mozilla swiftly patched similar vulnerabilities found in Firefox's codebase, ensuring users remain protected.

• Kaspersky Insights: The malware deployed via these exploits was described as “highly sophisticated”, indicating the advanced nature of the threats (05:10).

5. Facebook Blocked in Papua New Guinea

Papua New Guinea has taken decisive action against the proliferation of harmful content on Facebook.

• Ban Details:

  • Scope: The government temporarily blocked access to Facebook to combat hate speech, disinformation, and pornography.
  • Reasoning: Authorities criticized Facebook's role in spreading disinformation that fueled civil unrest within the country (06:00).

• Regulatory Response: The move was unexpected by local telecommunications regulators, and the duration of the ban remains uncertain.

6. UK Company Fined Over NHS Ransomware Attack

A significant financial penalty was imposed on the British IT firm Advanced due to a ransomware attack.

• Incident Overview:

  • Attack Details: In 2022, Lockbit Group targeted Advanced, leading to disruptions in NHS IT platforms and the non-emergency phone service.

• Penalties:

  • Fine Imposed: Advanced is required to pay over £3 million for failing to implement adequate security measures such as multi-factor authentication, vulnerability scanning, and timely patch application (07:30).

• Regulatory Standpoint: The privacy regulator's decision underscores the critical need for robust cybersecurity protocols, especially in healthcare services.

7. T-Mobile Settlements Over SIM Swapping Incidents

T-Mobile faces significant settlements following incidents of SIM swapping leading to cryptocurrency theft.

• Case Details:

  • Amount: T-Mobile agreed to pay $33 million to a victim who lost $38 million in cryptocurrency in 2020 due to SIM swapping.

• Previous Settlements: The company also settled with the FTC for $31.5 million the previous year over similar incidents.

• Impact: These cases highlight the severe financial repercussions of inadequate security measures in protecting user accounts from SIM swapping attacks (08:45).

8. Data Exposure by an Australian Tool Retailer

A significant data breach exposed the personal information of millions through an open internet database.

• Breach Details:

  • Affected Data: Over 34 million orders were compromised, including employee salaries, customer personal information, and purchase details.

  • Storage Method: The data was stored in an instance of Clickhouse, an open-source database, similar to exposure methods used by Chinese AI firm Deepseek.

• Consequences: The breach underscores the vulnerabilities inherent in open-source database management systems when not properly secured.

9. Cryptocurrency Theft from Abracadabra Finance

A severe attack targeted a DeFi lending platform, resulting in substantial cryptocurrency losses.

• Attack Overview:

  • Stolen Amount: $13 million worth of crypto assets were illicitly withdrawn from Abracadabra Finance's lending pools.

• Response: The platform acted swiftly, refunding half of the stolen assets within two days and planning to return the remaining funds by mid-year (09:50).

• Significance: This incident highlights the ongoing security challenges within the decentralized finance sector and the need for enhanced protective measures.

10. Belarusian Hacktivist Group Targets Government Websites

A group of Belarusian hacktivists launched a significant cyber attack against the country's certification website.

• Attack Details:

  • Data Leaked: The source code and database of Belarus' certification website were compromised and publicly released.

  • Timing: The data was leaked on Belarus Freedom Day (March 25), symbolizing a protest against governmental control.

• Government Response: Russian authorities have since arrested three men suspected of developing the Mammont Android banking trojan, linked to over 300 infections (10:30).

11. Russian Fake Anti-War Websites Collecting Personal Information

An emerging threat involves fake websites masquerading as reputable anti-war platforms to harvest personal data.

• Operation Details:

  • Impersonated Entities: The fake sites imitate organizations like the CIA, Russian Volunteer Corps, Legion Liberty, and the Ukrainian portal Hoshuzhit.

  • Data Collection Methods: Personal information is gathered through web forms or Telegram channels.

  • Visibility: While these sites rank deep in Google's search results, they top the charts in Russia's Yandex search engine, increasing their reach and potential impact (11:20).

• Silent Push’s Report: Security firm Silent Push attributes the network of fake portals to Russian intelligence services, aiming to collect sensitive visitor information.

12. Redcurl’s New Ransomware Strain: Qwcrypt

The hacker group Redcurl has escalated their operations by deploying a new ransomware variant.

• Ransomware Details:

  • Name: Qwcrypt

  • Targets: Designed to infect Windows systems and Hyper V virtual machines.

  • Background: Active since 2018, Redcurl had previously been observed stealing data without a clear monetization strategy. The introduction of Qwcrypt marks their shift towards ransom-based attacks (12:15).

• Impact on Rivals: The group has actively targeted competing ransomware groups like Blacklock and Mamona, defacing their infrastructures and leaking sensitive data, indicating intra-hacker conflicts (12:50).

13. Esri Patches Critical Vulnerability in ArcGIS

A major vulnerability was discovered and addressed in Esri's widely-used geospatial platform.

• Vulnerability Details:

  • Severity Rating: 9.8 out of 10, indicating a critical threat level.

  • Affected Systems: Over 1,000 systems were exposed online, compromising the management and visualization of geospatial data by various government agencies.

• Technical Aspects: The vulnerability related to an authentication flaw within the ArcGIS platform, necessitating immediate patching to prevent exploitation (13:25).

14. Solar Inverter Vulnerabilities Exposed

Forescout researchers identified multiple vulnerabilities in popular solar inverters, posing risks to national power grids.

• Vulnerable Products:

  • Manufacturers: GrowWatt, SMA, and Sungrown.

• Potential Exploits: The 46 discovered vulnerabilities could allow attackers to take over solar devices and their associated cloud management platforms.

• National Security Concerns: Experts warn that mass hacks of solar equipment could have cascading effects on national power infrastructures, highlighting the intersection of cybersecurity and energy security (14:10).

15. Google's Shift in Android Development Model

Google has announced changes to its Android operating system development and source sharing practices.

• New Approach:

  • Private Development: Android will now be developed internally with the source code shared only after each major release.

  • Simplification: This strategy aims to simplify the development process and enhance control over the operating system’s evolution.

  • Dual Maintenance: Google maintains both the internal version and a separate public open-source project simultaneously (15:00).

16. Mozilla Seeks Donations Amid Funding Cuts

Mozilla faces financial challenges following reduced US government funding.

• Funding Impact:

  • Loss: Firefox has confirmed a loss of $2.5 million in US federal aid, with a potential additional $1 million at risk.

  • Revenue Breakdown: In 2023, Mozilla reported $3.5 million in total US aid funding, a small fraction of its $500 million revenue largely derived from search engine placement deals.

• Call to Action: In response, Mozilla is seeking donations from Firefox users to sustain its operations and continue providing free, open-source browsing solutions (16:20).

17. U.S. Commerce Department's New Export Restrictions

The U.S. Commerce Department has expanded its export restrictions, adding 80 foreign companies to its list.

• Affected Regions:

  • Primary Focus: 50 companies are based in China, with others in Taiwan, Iran, Pakistan, South Africa, and the UAE.

• Technology Sectors: The restricted companies are linked to advancements in AI, high-performance computing, and quantum technologies, areas critical to national security and economic competitiveness.

• Implications: This move aims to curb the proliferation of technologies that could bolster military capabilities or pose strategic threats, reflecting the escalating tech rivalry on the global stage (17:05).

Conclusion

Today's episode of Risky Bulletin covered a diverse range of cybersecurity topics, highlighting both the evolving threats in the digital landscape and the proactive measures governments and organizations are implementing to mitigate risks. From massive phishing tests in France to stringent facial recognition laws in China, the episode underscores the global efforts to enhance cybersecurity resilience. Additionally, the discussions on significant data breaches, ransomware attacks, and vulnerabilities in widely-used technologies emphasize the persistent challenges faced by individuals and institutions alike. As cyber threats become increasingly sophisticated, the insights shared in this episode serve as a crucial guide for staying informed and prepared in the dynamic realm of cybersecurity.

Notable Quotes:

• Claire Aird: “The rules prohibit companies from using facial recognition if other less intrusive options exist” (02:15).
• Security firm KnowBefore: “10% is still much better than the average corporate click-through rate of 33%” (01:10).

For more detailed cybersecurity news and updates, subscribe to Risky Bulletin and stay informed about the latest threats and protective measures in the digital world.