CySecurity News - Latest Information Security and Hacking Incidents: cyber resilience

Cyber Attacks cyber resilience ransomware attacks ransomware statistics 2025 UK ransomware payment ban

UK’s Proposed Ransomware Payment Ban Sparks New Debate as Attacks Surge in 2025

Ransomware incidents are climbing at an alarming rate, reigniting discussions around whether organizations should be allowed to pay attackers at all.

Cybercriminals are increasingly turning to ransomware to extort large sums of money from organizations desperate to protect sensitive employee and customer data. Recent findings revealed a 126% increase in ransomware incidents in Q1 2025 compared to the previous quarter, a surge that has captured global attention.

In response, the UK government has unveiled a proposal to prohibit ransomware payments, aiming to stop public bodies and Critical National Infrastructure (CNI) providers from transferring large amounts of money to cybercriminals in hopes of regaining stolen data or avoiding public embarrassment. Many experts believe this ban could eventually expand to cover every organization operating in the UK.

If the restriction becomes universal, businesses will be forced to operate in an environment where paying attackers is no longer an option. This shift would require a stronger emphasis on resilience, incident response, and rapid recovery strategies.

The debate now centers on a key question: Is banning ransomware payments a wise move? And if the ban comes into effect, how can organizations safeguard their data without relying on a ransom fund?

Many companies have long viewed ransom payments as a quick, albeit risky, solution — almost a “get out of jail free” card. They see it as a seemingly reliable way to recover stolen data without formal disclosure or regulatory reporting.

However, negotiations with criminals come with no certainty. Paying a ransom only strengthens the broader cybercrime ecosystem and incentivizes further attacks.

Yet the practice persists. Research from 2025 reveals that 41% of organizations have paid a ransom, but only 67% of those regained full access to their data. These figures highlight that companies are still funneling large budgets into ransom payments — money that could instead be invested in preventing attacks through stronger cyber infrastructure.

The UK’s proposed ban brings both advantages and disadvantages. On the positive side, organizations would no longer be pushed into negotiating with unreliable cybercriminals. Since attackers may not return the data even after receiving payment, the ban eliminates that particular risk entirely.

Additionally, many organizations prefer to quietly pay ransoms to avoid reputational damage associated with admitting an attack. This secrecy not only benefits attackers but also leaves authorities unaware of crimes being committed. A payment ban, however, would force almost all affected organizations to formally report incidents — encouraging more accurate investigations and accountability.

Supporters of the ban argue that if attackers know ransom payments are impossible, the financial incentive behind ransomware will eventually disappear. While optimistic, the UK government sees the ban as a strong step toward reducing or even eliminating ransomware threats.

But opponents highlight an undeniable concern: ransomware attacks will continue, at least in the near term. If payment is no longer an option, organizations may struggle to recover highly sensitive information — often involving customer data — and may be left without any practical alternatives, even if negotiating feels morally uncomfortable.

If the UK enforces a nationwide prohibition on ransom payments, businesses must prioritize strengthening their cyber resilience. Increasing investment in preventive strategies will be crucial.

For SMEs — many of which lack dedicated cybersecurity teams — partnering with a Managed Service Provider (MSP) is one of the simplest ways to boost security. MSPs oversee IT operations and cybersecurity defenses, allowing business leaders to focus on innovation and growth. Recent studies show that over 80% of SMEs now rely on MSPs for cybersecurity support.

Regular employee security awareness training is also essential, helping staff identify early warning signs of cyberattacks and avoid mistakes that commonly lead to ransomware infections.

Organizations should also create and routinely test a detailed incident response plan. Although often overlooked, a well-rehearsed plan is critical for minimizing the damage when an attack occurs.

With the UK considering a nationwide ban on ransom payments, companies cannot afford to wait. The most effective approach is to build strong cyber resilience now.

This includes leveraging MSP services, upgrading security tools, and establishing a clear incident response strategy. Proactive planning will lower the chances of falling victim to ransomware and ensure smoother recovery if an attack does occur.

WA Law Firm Faces Cybersecurity Breach Following Ransomware Reports



 

Ransomware attack

AlphV Group Australian Government cyber resilience Cybersecurity Breach Data Breach Data Leak Data protection Digital Security Law Firm Hack Ransomware attack

WA Law Firm Faces Cybersecurity Breach Following Ransomware Reports

It seems that Western Australia's legal sector and government sectors are experiencing ripples right now following reports that the Russian ransomware group AlphV has successfully hacked the prominent national law firm HWL Ebsworth and extracted a ransom payment from the firm. This has sent shockwaves through the legal and government sectors across Western Australia.

It has raised serious concerns since May, when the first hints about the breach came to light, concerning the risk of revealing sensitive information, such as information pertaining to over 300 motor vehicle insurance claims filed with the Insurance Commission of Western Australia. In a statement released by the ABC on Monday, the ABC has confirmed that HWL Ebsworth data that was held by the company on behalf of WA government entities may have been compromised after a cybercriminal syndicate claimed to have published a vast repository of the firm’s files earlier this month on the dark web.

Although the full extent of the breach is unclear, investigations are currently underway to determine how large the data exposure is and what the potential consequences are. It has been reported that an ICWA spokesperson acknowledged in an official statement that there has been an impact on the Commission, which is responsible for providing insurance coverage for all vehicles registered in Western Australia as well as overseeing the government's self-insurance programs for property, workers' compensation, and liability.

Although the agency indicated that the extent of any data compromise cannot yet be verified because of ongoing investigation restrictions, the agency noted that it cannot verify the extent of any data compromise at the moment. A spokesperson from the Insurance Commission said, “The details of the data that has been accessed are not yet known, but this is part of a live investigation that we are actively supporting. It is important to note that this situation is extremely serious and that the information that may be compromised is sensitive.

Anubis, a ransomware group that was a part of the law firm that has been involved in the cyberattack, escalated the cyberattack by releasing a trove of sensitive information belonging to one of the firm's clients, which caused the cyberattack to take an alarming turn. The leaked material was reportedly containing confidential business correspondence, financial records, and deeply personal correspondence.

An extensive collection of data was exposed, including screenshots of text messages sent and received by the client and family members, emails, and even Facebook posts - all of which revealed intimate details about private family disputes that surrounded the client. Anubis stated, in its statement on the dark web, that the cache contained “financial information, correspondence, personal messages, and other details of family relationships.”

Despite this, the company highlighted the possibility of emotional and reputational damage as a result of such exposure. It was pointed out by the group that families already going through difficult circumstances like divorce, adoption, or child custody battles were now going to experience additional stress due to their private matters being made public, even though the full scope of the breach remains unclear, and the ransomware operators have yet to provide a specific ransom amount, making it difficult to speculate about the intentions of the attackers.

Cyber Daily contacted Paterson & Dowding in response to inquiries it received, and a spokesperson confirmed that there had been unauthorized access to data and exfiltration by the firm. “Our team immediately acted upon becoming aware of unusual activity on our system as soon as we became aware of it, engaging external experts to deal with the incident, and launching an urgent investigation as soon as possible,” said the spokesperson.

There is no doubt in the minds of the firm that a limited number of personal information had been accessed, but the threat actors had already published a portion of the data online. In addition to notifying affected clients and employees, Paterson & Dowding is coordinating with regulatory bodies, including the Australian Cyber Security Centre and the Office of the Information Commissioner, about the incident.

A representative of the company stated that he regretted the distress the firm had caused as a result of the breach of confidentiality and compliance. Meanwhile, an individual identifying himself as Tobias Keller - a self-proclaimed "journalist" and representative of Anubis - told Cyber Daily that Paterson & Dowding was one of four Australian law firms targeted by a larger cyber campaign, which included Pound Road Medical Center and Aussie Fluid Power, among others.

While the HWL Ebsworth cyberattack is still unfolding, it has raised increasing concern from the federal and state government authorities as the investigation continues. In addition to providing independent legal services to the Insurance Commission of Western Australia (ICWA), the firm also reviews its systems in order to determine if any client information has been compromised. In this position, one of 15 legal partners serves the Insurance Commission of Western Australia (ICWA).

A representative of ICWA confirmed that the firm is currently assessing the affected data in order to clarify the situation for impacted parties. However, a court order in New South Wales prohibiting the agency from accessing the leaked files has hampered its own ability to verify possible data loss.

As ICWA's Chief Executive Officer Rod Whithear acknowledged the Commission's growing concerns, he stated that a consent framework for limited access to the information is being developed as a result of a consent framework being developed. Currently, the Insurance Commission is implementing a consent regime that will allow them to assess whether data has been exfiltrated and if so, will be able to assess the exfiltrated information." He assured that the Commission remains committed to supporting any claimant impacted by the breach.

In addition to its involvement in insurance-related matters, HWL Ebsworth has established an extensive professional relationship with multiple departments of the State government of Washington. According to the firm's public transportation radio network replacement program, between 2017 and 2020, it was expected that it would receive approximately $280,000 for its role in providing legal advice to the state regarding its replacement of public transport radio networks, a project which would initially involve a $200 million contract with Huawei, the Chinese technology giant.

A $6.6 million settlement with Huawei and its partner firm was reached in 2020 after U.S. trade restrictions rendered the project unviable, ultimately resulting in Huawei and its partner firm being fined $6.6 million. Aside from legal representation for public housing initiatives and Government Employees Superannuation Board, HWL Ebsworth has provided legal representation for the Government Employees Superannuation Board as well.

In light of the breach, the state government has clarified, apart from the ICWA, that no other agencies seem to have been directly affected as a result. A significant vulnerability has been highlighted by this incident in the intersection of government operations with private legal service providers, but the incident has also highlighted broader issues related to cyber security.

Addressing the broader impacts of the attack will also be in the hands of the new Cyber Security Coordinator, Air Marshal Darren Goldie, who was appointed in order to strengthen the national cyber resilience program. The Minister of Home Affairs, Clare O'Neill, has described the breach as one of the biggest cyber incidents Australia has experienced in recent years, placing it alongside a number of major cases such as Latitude, Optus, and Medibank.

The Australian Federal Police and Victorian Police, working together with the Australian Cyber Security Centre, continue to investigate the root cause and impact of the attack. A number of cyber incidents are unfolding throughout Australia, which serves to serve as an alarming reminder of how fragile digital trust is becoming within the legal and governmental ecosystems of the country. Experts say that while authorities are intensifying their efforts to locate the perpetrators and strengthen defenses, the breach underscores the urgent need for stronger cybersecurity governance among third parties and law firms involved in the handling of sensitive data.

The monitoring of threats, employee awareness, and robust data protection frameworks, the nation's foremost challenge is now to rebuild trust in institutions and information integrity, beyond just restoring the systems. Beyond just restoring systems, rebuilding confidence in institutions and information integrity are the most urgent tasks facing us today.

Growing VPN Exploits Trigger Fresh Ransomware Crisis in APAC



 

VPN vulnerabilities

Akira Ransomware APAC Cybercrime cyber resilience Cybersecurity Threats Data Breach Network Security ransomware attacks SonicWall Exploit VPN vulnerabilities

Growing VPN Exploits Trigger Fresh Ransomware Crisis in APAC

Despite the growing cyber risk landscape in Asia-Pacific, ransomware operations continue to tighten their grip on India and the broader region, as threat actors more often seek to exploit network vulnerabilities and target critical sectors in order to get a foothold in the region.

It is essential to note that Cyble's Monthly Threat Landscape Report for July 2025 highlights a concerning trend: cybercriminals are no longer merely encrypting systems for ransom; they are systematically extracting sensitive information, selling network access, and exposing victims to the public in underground marketplaces.

In recent weeks, India has been a focal point of this escalation, with a string of damaging breaches taking place across a number of key industries. Recently, the Warlock ransomware group released sensitive information concerning a domestic manufacturing company. This information included employee records, financial reports, and internal HR files. Parallel to this, two Indian companies – a technology consulting firm and a SaaS provider – have been found posting stolen data on dark web forums that revealed information on customers, payment credentials, and server usage logs.

Further compounding the threat, the report claims that credentials granting administrative control over an Indian telecommunications provider’s infrastructure were being sold for an estimated US$35,000 as a way of monetizing network intrusions, highlighting the increasing monetization of network hacking.

Throughout the region, Thailand, Japan, and Singapore are the most targeted nations for ransomware, followed by India and the Philippines, with manufacturing, government, and critical infrastructure proving to be the most targeted sectors. As the region's digital volatility continues, the pro-India hacktivist group Team Pelican Hackers has been claiming responsibility for hacking multiple Pakistani institutions and leaking sensitive academic data and administrative data related to research projects, which demonstrates that cyber-crime is going beyond financial motives in order to serve as a form of geopolitical signaling in the region.

Security experts across the region are warning about renewed exploitation of SonicWall devices by threat actors linked to the Akira ransomware group among a growing number of ransomware incidents that have swept across the region. Since the resurgence of Akira's activity occurred in late July 2025, there has been a noticeable increase in intrusions leveraging SonicWall appliances as entry points. Rapid7 researchers have documented this increase.

An attacker, according to the firm, is exploiting a critical vulnerability that dates back a year—identified as CVE-2024-40766 with a CVSS score of 9.3—that is linked to a vulnerability in the SSL VPN configuration on the device. It is clear that this issue, which led to local user passwords persisting rather than being reset after migration, has provided cybercriminals with a convenient way to compromise network defenses.

It was SonicWall who acknowledged the targeted activity, and confirmed that malicious actors were attempting to gain unauthorized access to the network using brute force. According to the company, administrators should activate Botnet Filtering for the purpose of blocking known malicious IP addresses as well as enforce strict Account Lockout policies to take immediate measures. As ransomware campaigns that exploit VPN vulnerabilities continue to increase, proactive security hygiene is becoming increasingly important.

The increasing cybercrime challenges in the Asia-Pacific region are being exacerbated by recent findings from Barracuda's SOC Threat Radar Report, which indicate a significant increase in attacks exploiting vulnerabilities in VPN infrastructures and Microsoft 365 accounts. Throughout the study, threat actors are becoming increasingly stealthy and adopting Python-based scripts to avoid detection and maintain persistence within targeted networks in order to evade detection.

It has been determined that the Akira ransomware syndicate has increased its operations significantly, compromising outdated or unpatched systems rapidly, leading to significant losses for the syndicate. A number of intrusions have been traced back to exploitation of a known flaw in SonicWall VPN appliances — CVE-2024-40766 — that allows attackers to manipulate legacy credentials that haven’t been reset after migration as a result of this flaw.

A month ago, there was a patch released which addressed the issue. However, many organizations across the APAC region have yet to implement corrective measures, leaving them vulnerable to renewed exploitation in the coming months. In multiple instances, Akira operators have been observed intercepting one-time passwords and generating valid session tokens using previously stolen credentials, effectively bypassing multi-factor authentication protocols, even on patched networks.

In order to achieve such a level of sophistication, the group often deploys legitimate remote monitoring and management tools in order to disable security software, wipe backups, and obstruct remediation attempts, allowing the group to effectively infiltrate systems without being detected. There has been a sustained outbreak of such attacks in Australia and other Asian countries, which indicates how lapses in patch management, the use of legacy accounts, and the unrotation of high-privilege credentials continue to amplify risk exposure, according to security researchers.

There is no doubt that a prompt application of patches, a rigorous password reset, and a strict credential management regime are crucial defenses against ransomware threats as they evolve. There is no doubt that manufacturing is one of the most frequently targeted industries in the Asia-Pacific region, as more than 40 percent of all reported cyber incidents have been related to manufacturing industries.

Several researchers attribute this sustained attention to the sector's intricate supply chains, its dependence on outdated technologies, and the high value of proprietary data and intellectual property that resides within operational networks, which makes it a target for cybercriminals. It has been common for attackers to exploit weak server configurations, steal credentials, and deploy ransomware to disrupt production and gain financial gain by exploiting weak server configurations.

Approximately 16 percent of observed attacks occurred in the financial sector and insurance industry, with adversaries infiltrating high-value systems through sophisticated phishing campaigns and malware. The purpose of these intrusions was not only to steal sensitive information, such as customer and payment information, but also to maintain persistent access for prolonged reconnaissance.

Among the targeted entities, the transportation industry, which accounts for around 11 percent of all companies targeted, suffered from an increase in attacks intended to disrupt logistics and operational continuity as a consequence of its reliance on remote connectivity and third-party digital infrastructure as a consequence of its heavy reliance on remote connectivity.

In the wider APAC context, cybercriminals are increasingly pursuing both operational and financial goals in these attacks, aiming to disrupt as well as monetize. It is still very common for threats actors to steal trade secrets, customer records, and confidential enterprise information, making data theft one of the most common outcomes of these attacks.

Despite the fact that credential harvesting is often facilitated by malware that steals information from compromised systems, this method of extorting continues to enable subsequent breaches and lateral movements within compromised systems. Furthermore, the extortion-based operation has evolved, with many adversaries now turning to non-encrypting extortion schemes for coercing victims, rather than using ransomware encryption to coerce victims, emphasizing the change in cyber threats within the region.

Several experts have stressed that there is no substitute for a multilayered and intelligence-driven approach to security in the Asia-Pacific region that goes beyond conventional security frameworks in order to defend against the increasing tide of ransomware. Static defenses are not sufficient in an era in which threat actors have evolved their tactics in a speed and precision that is unprecedented in history.

A defence posture that is based on intelligence must be adopted by organizations, continuously monitoring the tactics, techniques, and procedures used by ransomware operators and initial access brokers in order to identify potential intrusions before they arise. As modern "sprinter" ransomware campaigns have been exploiting vulnerabilities within hours of public disclosure, agile patch management is a critical part of this approach.

There is no doubt that timely identification of vulnerable systems and remediation of those vulnerabilities, as well as close collaboration with third party vendors and suppliers to ensure consistency in patching, are critical components of an effective cyber hygiene program. It is equally important to take human factors into consideration.

The most common attack vector that continues to be exploited is social engineering. Therefore, it is important to conduct continuous awareness training tailored to employees who are in sensitive or high-privilege roles, such as IT and helpdesk workers, to reduce the potential for compromise. Furthermore, security leaders advise organizations to adopt a breach-ready mindset, which means accepting the possibility of a breach of even the most advanced defenses.

If an attack occurs, containing damage and ensuring continuity of operations can be achieved through the use of network segmentation, immutable data backups, and a rigorously tested incident response plan to strengthen resilience. Using actionable intelligence combined with proactive risk management, as well as developing a culture of security awareness, APAC enterprises can be better prepared to cope with the relentless wave of ransomware threats that continue to shape the digital threat landscape and recover from them.

A defining moment in the Asia-Pacific cybersecurity landscape is the current refinement of ransomware groups' tactics as they continue to exploit every weakness in enterprise defenses. Those recent incidents of cyber-attacks using VPNs and data exfiltration incidents should serve as a reminder that cyber resilience is no longer just an ambition; it is a business imperative as well. Organizations are being encouraged to shift away from reactive patching and adopt a culture that emphasizes visibility, adaptability, and intelligence sharing as the keys to continuous security maturity.

Collaboration between government, the private sector, and the cybersecurity community can make a significant contribution to the development of early warning systems and collective response abilities. A number of measures can help organizations detect threats more efficiently, enforce zero-trust architectures, and conduct regular penetration tests, which will help them identify any vulnerabilities before adversaries take advantage of them.

Increasingly, digital transformation is accelerating across industries, which makes the importance of integrating security by design—from supply chains to cloud environments—more pressing than ever before. Cybersecurity can be treated by APAC organizations as an enabler rather than as a compliance exercise, which is important since such enterprises are able to not only mitigate risks, but also build digital trust and operational resilience during an age in which ransomware threats are persistent and sophisticated.

Analysts Place JLR Hack at Top of UKs Most Costly Cyber Incidents



 

supply chain security

Automotive Industry Cyberattack cyber attack Cyber Attacks cyber resilience Cyber Risk Management Cybersecurity Breach Data Breach impact industrial cybersecurity Jaguar Land Rover Hack supply chain security

Analysts Place JLR Hack at Top of UKs Most Costly Cyber Incidents

It has been said by experts that Jaguar Land Rover (JLR) has found itself at the epicentre of the biggest cyber crisis in UK history, an event that has been described as a watershed moment for British industrial resilience. It was in late August that hackers breached the automaker's computer system, causing far more damage than just crippling its computers.

The breach caused a sudden and unexpected halt for the nation's largest car manufacturer, revealing how vulnerable modern manufacturing networks really are. Jaguar Land Rover's cyberattack has been classified as a Category 3 systemic event by the Cyber Monitoring Centre (CMC), the third-highest severity level on the five-point scale, emphasising the magnitude of the disruption that resulted.

According to estimates, the company lost between £1.6 billion ($2.1 billion) and £2.1 billion ($2.8 billion) in losses, but experts warned that losses could climb higher if production setbacks persist or deep damage arises to the company's operational technology. It appears by some distance to be, by some distance, that this incident has had a financial impact on the United Kingdom that has been far greater than any other cyber incident that has occurred, according to Ciaran Martin, chairman of the CMC Technical Committee, in a statement to Cybersecurity Dive.

As the British authorities expressed growing concern after a sobering national cybersecurity review which urged organisations to strengthen their digital defences at the board and executive level, his comments came at the same time that the British government was growing increasingly concerned. National Cyber Security Centre reports that in the past year, 204 national-level cyberattacks have been recorded in the United Kingdom, and there have been 18 major incidents in the country. These include a coordinated social-engineering campaign that targeted major retailers, causing hundreds of millions of dollars worth of damage.

Taking into account the severity level of the cyberattack on Jaguar Land Rover, the Cyber Monitoring Centre (CMC) has officially classified it as a Category 3 event on its five-point severity scale, which indicates the cyberattack resulted in a loss of between £1 billion and £5 billion and affected over 2,700 UK-based businesses.

During the late August break-up of JLR, which began in late August, an extended production freeze was imposed at the company's Solihull, Halewood, and Wolverhampton facilities, which disrupted the manufacturing of approximately 5,000 vehicles every week. As a result of this paralysis, thousands of smaller contractors and dealerships were affected as well, and local businesses that relied upon factory operations were put under severe financial strain.

A £1.5 billion ($2 billion) loan package was approved in September by British officials in response to the automaker's supplier network issues that had stalled the company's recovery efforts. Executives from the company declined to comment on the CMC's findings. However, they confirmed that production has gradually resumed at several plants, including Halewood and its Slovakia operation, indicating that after weeks of costly downtime, there has been some sign of operational restoration.

Unlike widespread malware outbreaks, which often target a range of sectors indiscriminately in the hope of spreading their malicious code, this was a targeted attack that exposed vulnerabilities deep within one of Britain's most advanced manufacturing ecosystems in a concentrated area.

While there was no direct threat to human life from the incident, analysts predicted substantial secondary effects on employment and industrial stability, with reduced demand for manufacturing likely to hurt job security, as production capacities remain underutilised despite the incident.

As a way of cushioning the blow, the Government of the UK announced it would provide a £1.5 billion loan to help the automaker rebuild its supply chain, and JLR itself offered an additional £500 million to help stabilise operations. Based on the data collected by the CMC as of October 17, the estimated financial damage is about £1.9 billion - a figure that is likely to increase as new information becomes available.

However, the Centre clarified that the conclusions it came to were not based on internal JLR disclosures, but on independent financial modelling, public filings, expert analysis and benchmarks specific to each sector. As a consequence, JLR is expected to be unable to fully recover from the incident until January 2026. However, additional shifts may be introduced, and production will be increased to 12 per cent of pre-incident capacity in an effort to speed the company's recovery.

In a concluding paragraph, the report urges both UK industries to strengthen their IT and operational systems to ensure a successful recovery from large-scale cyber disruptions. It also urged the government to develop a dedicated framework for the provision of assistance to those victims. It has thus far been agreed that Jaguar Land Rover has declined to comment on the CMC’s evaluation of the issue.

However, the magnitude of the Jaguar Land Rover breach has been heightened by the intricate network of suppliers that make up the British automotive industry. As an example of what a Range Rover luxury vehicle entails, almost 30,000 individual components are sourced from a vast ecosystem of businesses that together sustain more than 104,000 jobs in the UK.

The majority of these firms are small and medium-sized businesses that are heavily reliant on JLR's production schedules and procurement processes. Approximately 5,000 domestic organisations were disrupted as a result of the cyberattack, which was conducted by the Cyber Monitoring Centre (CMC). This includes more than 1,000 tier-one suppliers, as well as thousands more at tiers two and three.

Based on early data, approximately a quarter of these companies have already had to lay off employees, with another 20 to 25 per cent in danger of experiencing a similar situation if the slowdown continues. In addition to the manufacturing floor, the consequences have rippled out to other parts of the world as well.

Dealerships have reported sharp declines in sales and commissions; logistics companies have been faced with idle transport fleets and underutilised shipping capacity; and the local economies around the major JLR plants have been affected as restaurants, hotels, and service providers have lost their customers as a result of the recession.

The disruption has even affected aftermarket specialists, resulting in the inaccessibility of digital parts ordering systems, which caused them to lose access to their online systems. Though there was no direct threat to human lives, the incident has left a profound human impact—manifesting itself in job insecurity, financial strain, and heightened anxiety among the communities that were affected.

There is a risk that prolonged uncertainty will exacerbate regional inequalities and erode the socioeconomic stability of towns heavily reliant on the automotive supply chain for their livelihoods, according to analysts. Jaguar Land Rover's unprecedented scale breach underscores the close ties that exist between cybersecurity and the stability of the global economy, which is why it is so sobering that there is a deep relationship between cybersecurity and the success of any business.

Several analysts believe that this incident serves as a reminder that Britain's corporate and policy leadership should emphasise the importance of stronger digital defences, as well as adaptive crisis management frameworks that can protect interconnected supply networks from cyberattacks.

The automotive giant is rebuilding its operations at the moment, and experts stress the importance of organisations anticipating threats, integrating digital infrastructures across sectors, and collaborating across sectors in order to share intelligence and strengthen response mechanisms in order to remain resilient in the modern era.

Governments are facing increasing pressure to make industrial cybersecurity a part of their national strategy, including providing rapid financial assistance and technical support to prevent systemic failures. Although JLR's recovery roadmap may have the power to restore production on schedule, the wider takeaway is clear: in an age when code and machine are inseparably linked, the health of the nation's manufacturing future is dependent on the security of its digital infrastructure.

Mobdro Pro VPN Under Fire for Compromising User Privacy



 

VMO Incident

cyber resilience Cybersecurity Breach Data Privacy Data protection Digital Infrastructure Hong Kong Security Network Security Privacy Ransomware attack VMO Incident

Mobdro Pro VPN Under Fire for Compromising User Privacy

A disturbing revelation that highlights the persistent threat that malicious software poses to Android users has been brought to the attention of cybersecurity researchers, who have raised concerns over a deceptive application masquerading as a legitimate streaming and VPN application. Despite the app's promise that it offers free access to online television channels and virtual private networking features—as well as the name Modpro IPTV Plus VPN—it hides a much more dangerous purpose.

It is known as Mobdro Pro IPTV Plus VPN. Cleafy conducted an in-depth analysis of this software program and found that, as well as functioning as a sophisticated Trojan horse laced with Klopatra malware, it is also able to compromise users' financial data, infiltrating devices, securing remote controls, and infecting devices with Klopatra malware.

Even though it is not listed in Google Play, it has spread through sideloaded installations that appeal to users with the lure of free services, causing users to download it. There is a serious concern among experts that those who install this app may unknowingly expose their devices, bank accounts, and other financial assets to severe security risks. At first glance, the application appears to be an enticing gateway to free, high-quality IPTV channels and VPN services, and many Android users find the offer hard to refuse.

It is important to note, however, that beneath its polished interface lies a sophisticated banking Trojan with a remote-access toolkit that allows cybercriminals to control almost completely infected devices through a remote access toolkit. When the malware was installed on the device, Klopatra, the malware, exploiting Android's accessibility features, impersonated the user and accessed banking apps, which allowed for the malicious activity to go unnoticed.

Analysts have described the infection chain in a way that is both deliberate and deceptive, using social engineering techniques to deceive users into downloading an app from an unverified source, resulting in a sideload process of the app. Once installed, what appears to be a harmless setup process is, in fact, a mechanism to give the attacker full control of the system.

In analyzing Mobdro Pro IPTV Plus VPN further, the researchers have discovered that it has been misusing the popularity of the once popular streaming service Mobdro (previously taken down by Spanish authorities) to mislead users and gain credibility, by using the reputation of the once popular streaming service Mobdro.

There are over 3,000 Android devices that have already been compromised by Klopatra malware, most of which have been in Italy and Spain regions, according to Cleafy, and the operation was attributed to a Turkish-based threat group. A group of hackers continue to refine their tactics and exploit public frustration with content restrictions and digital surveillance by using trending services, such as free VPNs and IPTV apps.

The findings of Cleafy are supported by Kaspersky's note that there is a broader trend of malicious VPN services masquerading as legitimate tools. For example, there are apps such as MaskVPN, PaladinVPN, ShineVPN, ShieldVPN, DewVPN, and ProxyGate previously linked to similar attacks. In an effort to safeguard privacy and circumvent geo-restrictions online, the popularity of Klopatra may inspire an uproar among imitators, making it more critical than ever for users to verify the legitimacy of free VPNs and streaming apps before installing them. Virtual Private Networks (VPNs) have been portrayed for some time as a vital tool for safeguarding privacy and circumventing geo-restrictions.

There are millions of internet users around the world who use them as a way to protect themselves from online threats — masking their IP addresses, encrypting their data traffic, and making sure their intercepted communications remain unreadable. But security experts are warning that this perception of safety can sometimes be false.

In recent years, it has become increasingly difficult to select a trustworthy VPN, even when downloading it directly from official sites, such as the Google Play Store, since many apps are allegedly compromising the very privacy they claim to protect, which has made the selection process increasingly difficult. In the VPN Transparency Report 2025, published by the Open Technology Fund, significant security and transparency issues were highlighted among several VPN applications that are widely used around the world.

During the study, 32 major VPN services collectively used by over a billion people were examined, and the findings revealed opaque ownership structures, questionable operational practices, and the misuse of insecure tunnelling technologies. Several VPN services, which boasted over 100 million downloads each, were flagged as particularly worrying, including Turbo VPN, VPN Proxy Master, XY VPN, and 3X VPN – Smooth Browsing.

Several providers utilised the Shadowsocks tunnelling protocol, which was never intended to be private or confidential, and yet was marketed as a secure VPN solution by researchers. It emphasises the importance of doing users' due diligence before choosing a VPN provider, urging users to understand who operates the service, how it is designed, and how their information is handled before making a decision.

It is also strongly advised by cybersecurity experts to have cautious digital habits, including downloading apps from verified sources, carefully reviewing permission requests, installing up-to-date antivirus software, and staying informed on the latest cybersecurity developments through trusted cybersecurity publications. As malicious VPNs and fake streaming platforms become increasingly important gateways to malware such as Klopatra, awareness and vigilance have become increasingly important defensive tools in the rapidly evolving online security landscape.

As Clearafy uncovered in its analysis of the Klopatra malware, the malware represents a new level of sophistication in Android cyberattacks, utilising several sophisticated mechanisms to help evade detection and resist reverse engineering. As opposed to typical smartphone malware, Klopatra permits its operators to fully control an infected device remotely—essentially enabling them to do whatever the legitimate user is able to do on the device.

It has a hidden VNC mode, which allows attackers to access the device while keeping the screen black, making them completely unaware of any active activities going on in the device. This is one of the most insidious features of this malware. If malicious actors have access to such a level of access, they could open banking applications without any visible signs of compromise, initiate transfers, and manipulate device settings without anyone noticing.

A malware like Klopatra has strong defensive capabilities that make it very resilient. It maintains an internal watchlist of popular Android security applications and automatically attempts to uninstall them once it detects them, ensuring that it stays hidden from its victim. Whenever a victim attempts to uninstall a malicious application manually, they may be forced to trigger the system's "back" action, which prevents them from doing so.

The code analysis and internal operator comments—primarily written in Turkish—led investigators to trace the malware’s origins to a coordinated threat group based in Turkey, where most of their activities were directed towards targeting Italian and Spanish financial institutions. Cleafy's findings also revealed that the third server infrastructure is carrying out test campaigns in other countries, indicating an expansion of the business into other countries in the future.

With Klopatra, users can launch legitimate financial apps and a convincing fake login screen is presented to them. The screen gives the user the appearance of a legitimate login page, securing their credentials via direct operator intervention. The campaign evolved from a prototype created in early 2025 to its current advanced form in 2035. This information is collected and then used by the attackers in order to access accounts, often during the night when the device is idle, making suspicions less likely.

A few documented examples illustrate that operators have left internal notes in the app's code in reference to failed transactions and victims' unlock patterns, which highlights the hands-on nature of these attacks. Cybersecurity experts warn that the best defence against malware is prevention - avoiding downloading apps from unverified sources, especially those that offer free IPTV or VPN services. Although Google Play Protect is able to identify and block many threats, it cannot detect every emerging threat.

Whenever an app asks for deep system permissions or attempts to install secondary software, users are advised to be extremely cautious. According to Cleafy's research, curiosity about "free" streaming services or privacy services can all too easily serve as a gateway for full-scale digital compromise, so consumers need to be vigilant about these practices. In a time when convenience usually outweighs caution, threats such as Klopatra are becoming increasingly sophisticated.

A growing number of cybercriminals are exploiting popular trends such as free streaming and VPN services to ensnare unsuspecting users into ensnaring them. As a result, it is becoming increasingly essential for each individual to take steps to protect themselves. Experts recommend that users adopt a multi-layered security approach – pairing a trusted VPN with an anti-malware tool and enabling multi-factor authentication on their financial accounts to minimise damage should their account be compromised.

The regular review of system activity and app permissions can also assist in detecting anomalies before they occur. Additionally, users should cultivate a sense of scepticism when it comes to offers that seem too good to be true, particularly when they promise unrestricted access and “premium” services without charge. In addition, organisations need to increase awareness campaigns so consumers are able to recognise the warning signs of fraudulent apps.

The cybersecurity incidents serve as a reminder that cybersecurity is not a one-time safeguard, but must remain constant through vigilance and informed decisions throughout the evolving field of mobile security. Awareness of threats remains the first and most formidable line of defence as the mobile security battlefield continues to evolve.

Cheung Sha Wan Wholesale Market Faces Major Data Breach Impacting Thousands



 

VMO Incident

cyber resilience Cybersecurity Breach Data protection Digital Infrastructure Hong Kong Security Network Security Privacy Ransomware attack VMO Incident

Cheung Sha Wan Wholesale Market Faces Major Data Breach Impacting Thousands

As part of an alarming incident that highlights the growing threat of cyberattacks on public sector systems, the Vegetable Marketing Organisation (VMO) reported that it was targeted by a ransomware attack that disrupted the Cheung Sha Wan Vegetable Wholesale Market's operations through a ransomware attack on a segment of its computer infrastructure.

Upon discovering the breach on October 13, immediate suspension of network service was imposed as a precautionary measure to contain the intrusion and safeguard critical data. VMO announced on Wednesday that the affected servers were quickly isolated from external access and alerted the Hong Kong Police, the Hong Kong Computer Emergency Response Team Coordination Centre, and the Office of the Privacy Commissioner for Personal Data to the incident.

A preliminary study suggests that the attack had a significant effect on the gate and accounting systems of the market, potentially exposing the personal information of approximately 7,000 registered users to the outside world. Founded in 1946 to ensure that local produce will be available continuously, the VMO, a non-profit organisation established to ensure this, has begun a comprehensive investigation into the extent of the data breach to determine whether any personal information has been compromised, and it has promised to inform individuals if any personal information is found to be at risk.

As of Thursday, the organisation's official website has remained inaccessible as a result of the ongoing disruption that the cyber incident has caused. After detecting the breach, Vegetable Marketing Organisation engaged an external contractor to assist them with restoring the system and supporting the ongoing investigation into the attack after the breach had been discovered.

Although the core operations of the Cheung Sha Wan Vegetable Wholesale Market remain unaffected, the company has announced that it will temporarily utilise manual processes to manage invoicing and payment procedures, ensuring continuity of operations. Hong Kong's digital resilience has been questioned in the wake of a series of cybersecurity breaches that have struck numerous prominent institutions in the city in recent years.

These have included Cyberport, the Consumer Council, and the Hong Kong Post, raising concerns about the city's digital resilience in general. There has been an increase in cyber threats over the past few years, which has led lawmakers to pass legislation to strengthen critical infrastructure security, including penalties of up to HK$5 million for lapses in cybersecurity compliance, resulting in an increase in cybersecurity threats.

In a statement made by the VMO, it was noted that it would conduct a thorough review of the incident and that reinforced measures would be implemented to safeguard its systems from future attacks. The Vegetable Marketing Organisation has hired an external contractor to assist with restoring its systems, thereby accelerating the recovery process and facilitating the investigation.

It was acknowledged by the organisation that, despite continuing to operate daily, certain administrative functions, such as invoicing and payment processing, are being handled manually temporarily so that business continuity can be maintained. Hong Kong has been experiencing an increasing number of cybersecurity breaches in recent years, including Cyberport, the Consumer Council, and Hong Kong Post, which have put major institutions in a state of anxiety.

As a result, critical infrastructure remains vulnerable to cyberattacks, which has been highlighted in recent months. Recently, the city's legislature approved a new measure aimed at bolstering defences against cyberattacks, with penalties of up to HK$5 million for non-compliance outlined in the legislation. VMO reiterated its commitment to digital security, and that it places a high level of importance on cybersecurity, and that a comprehensive review of the event would be conducted, along with enhancements to network safeguards to prevent similar events from recurring.

Considering the recent incident at the Cheung Sha Wan Vegetable Wholesale Market, it has become increasingly apparent to me that Hong Kong's public and semi-public sectors need to strengthen cybersecurity resilience urgently.

The security experts have long warned that as digital systems are becoming increasingly integrated into key components of the services that consumers rely on, the effects of cyberattacks can quickly escalate from data breaches to disruptions in the regular functioning of processes and the public trust in them. Several industry observers believe that organisations like the VMO should go beyond enhancing only technical safeguards and make a concerted effort to train their staff regularly, to perform continuous vulnerability assessments, and to update their monitoring frameworks in real time to detect anomalies early.

As a supplement to this, the establishment of cross-agency collaboration and information-sharing mechanisms could also enhance the city's overall preparedness to handle similar attacks in the future. Despite the VMO's quick response and transparency in handling the incident, it highlights a crucial national imperative-the strengthening of cyber hygiene and cultivation of a culture of sensitive information across all levels of governance and commerce in order to mitigate the immediate risks.

The resilience of Hong Kong's institutions will be determined by how proactive vigilance is managed against cyber-attacks as much as it will be determined by their ability to defend themselves against technological disruption.

The Silent Guardians Powering the Frontlines of Cybersecurity



 

Nation-State Attacks

CISOs Cyber Attacks Cyber Awareness cyber resilience Cyber Threats Cybersecurity CyberWar Digital Defense Identity Security Nation-State Attacks

The Silent Guardians Powering the Frontlines of Cybersecurity

There is no doubt that a world increasingly defined by invisible battles and silent warriors has led to a shift from trenches to terminals on which modern warfare is now being waged. As a result, cyberwarfare is no longer a distant, abstract threat; now it is a tangible, relentless struggle with real-world consequences.

Power grids fail, hospitals go dark, and global markets tremble as a result of unseen attacks. It is at this point that a unique breed of defenders stands at the centre of this new conflict: cyber professionals who safeguard the fragile line between digital order and chaos. The official trailer for Semperis Midnight in the War Room, an upcoming documentary about the hidden costs of cyber conflict, has been released, bringing this hidden war to sharp focus.

Semperis is a provider of AI-powered identity security and cyber resilience. It has an extraordinary lineup of voices – including Chris Inglis, the first U.S. National Cyber Director; General (Ret.) David Petraeus, the former Director of the CIA; Jen Easterly, former Director of the CISA; Marcus Hutchins, one of the WannaCry heroes; and Professor Mary Aiken, a globally recognised cyber psychologist – all of whom are highly respected for their expertise in cybersecurity.

The film examines the high-stakes battle between attackers, defenders, and reformed hackers who have now taken the risk of exploiting for themselves. As part of this documentary, leading figures from the fields of cybersecurity and national defence gather together in order to present an unprecedented view of the digital battlefield.

Using their insights into cyber conflicts, Midnight in the War Room explores the increasing threat that cybercrime poses to international relations as well as corporate survival today. A film that sheds light on the crucial role of chief information security officers (CISOs), which consists of who serve as the frontlines of protecting critical infrastructure - from power grids to financial networks - against state-sponsored and criminal cyber threats, is a must-see.

It is the work of more than fifty international experts, including cyber journalists, intelligence veterans, and reformed hackers, who provide perspectives which demonstrate the ingenuity and exhaustion that those fighting constant digital attacks have in the face. Even though the biggest threat lies not only with the sophistication of adversaries but with complacency itself, Chris Inglis argues that global resilience is an urgent issue at the moment.

It has been reported that Semperis' Chief Marketing Officer and Executive Producer, Thomas LeDuc, views the project as one of the first of its kind to capture the courage and pressure experienced by defenders. The film is richly enriched by contributions from Professor Mary Aiken, Heath Adams, Marene Allison, Kirsta Arndt, Grace Cassy and several former chief information security officers, such as Anne Coulombe and Simon Hodgkinson, and it provides a sweeping and deeply human perspective on modern cyber warfare.

With its powerful narrative, Midnight in the War Room explores the human side of cyberwarfare—a struggle that is rarely acknowledged but is marked by courage, resilience and sacrifice in a way that is rarely depicted. A film about those defending the world's most vital systems is a look at the psychological and emotional toll they endure, in which trust is continually at risk and a moment of complacency can trigger devastating consequences.

The film explores the psychological and emotional tolls endured by those defending those systems. During his remarks at Semperis, Vice President for Asia Pacific and Japan, Mr Sillars, points out that cyber threats do not recognise any borders, and the Asia Pacific region is at the forefront of this digital conflict as a result of cyber threats.

During the presentation, he emphasises that the documentary seeks to highlight the common challenges cybersecurity professionals face worldwide, as well as to foster collaboration within critical sectors to build identity-driven resilience. As the Chief Marketing Officer at Semperis and Executive Producer, LeDuc describes the project as one of the most ambitious in cybersecurity history—bringing together top intelligence leaders, chief information security officers, journalists, victims and reformed hackers as part of a rare collaborative narrative.

In the film, Cyber Defenders' lives are portrayed through their own experiences as well as the relentless pressure and unwavering resolve they face every day. Among the prominent experts interviewed for the documentary are Marene Allison, former Chief Information Security Officer of Johnson & Johnson; Grace Cassy, co-founder of CyLon; Heather M. Costa, Director of Technology Resilience at the Mayo Clinic; Simon Hodgkinson, former Chief Information Security Officer of BHP; and David Schwed, former Chief Information Security Officer of Robinhood.

Among those on the panel are Richard Staunton, Founder of IT-Harvest, BBC Cyber Correspondent Joe Tidy, as well as Jesse McGraw, a former hacktivist who has turned his expertise towards safeguarding the internet, known as Ghost Exodus. As Jen Easterly, former Chief Information Security Officer of the U.S. Department of Homeland Security (CISA), points out, defeating malicious cyberattacks requires more than advanced technology—it demands the human mind's ingenuity and curiosity to overcome them.

A global collaboration was exemplified through the production of this documentary, which was filmed in North America and Europe by cybersecurity and professional organisations, including the CyberRisk Alliance, Cyber Future Foundation, Institute for Critical Infrastructure Technology, (ISC)2 Eastern Massachusetts Chapter, Michigan Council of Women in Technology, and Women in CyberSecurity (WiCyS) Delaware Valley Chapter.

As part of these partnerships, private screenings, expert discussions, and public outreach will be conducted in order to increase public awareness and cooperation regarding building digital resilience. By providing an insight into the human narratives that underpin cybersecurity, Midnight in the War Room hopes to give a deeper understanding of the modern battlefield and to inspire a collective awareness in the safeguarding of society's systems.

There is something special about Midnight in the War Room, both as a wake-up call and as a tribute - a cinematic reflection of those who stand up to the threats people face in today's digital age. The film focuses on cyber conflict and invites governments, organisations, and individuals to recognise the importance of cybersecurity not just as a technical problem, but as a responsibility that people all share.

In light of the continuous evolution of threats, people need stronger international collaborations, investments in identity security, and the development of psychological resilience among those on the front lines to help combat these threats. Semperis' initiative illustrates the power of storytelling to bridge the gap between awareness and action, transforming technical discourse into a powerful narrative that inspires vigilance, empathy, and unity among the community.

Providing a critical insight into the human aspect behind the machines, Midnight in the War Room reinforces a fundamental truth: that is, cybersecurity is not just about defending data, but also about protecting the people, systems, and values that make modern society what it is today.

Cyber Risks Emerge as a Direct Threat to Clinical Care



 

ransomware attacks

Clinical Safety cyber resilience cybersecurity in healthcare Data Breach Digital Health Threats Health ISAC Medical Device Security patient data protection ransomware attacks

Cyber Risks Emerge as a Direct Threat to Clinical Care

Even though almost every aspect of modern medicine is supported by digital infrastructure, the healthcare sector finds itself at the epicentre of an escalating cybersecurity crisis at the same time. Cyberattacks have now evolved from being just a financial or corporate problem to a serious clinical concern, causing patients' safety to be directly put at risk as well as disrupting essential healthcare.

With the increasing use of interconnected systems in hospitals and diagnostic equipment, as well as cloud-based patient records, the attack surface on medical institutions is expanding, making them increasingly susceptible to ransomware and data breaches posed by the increasing use of interconnected systems.

The frequency and sophistication of such attacks have skyrocketed in recent years, and the number of attacks has almost doubled compared to 2023, when the number of ransomware attacks in the United States alone climbed by a staggering 128 per cent in the same year. As far as data loss and financial damage are concerned, the consequences of these breaches do not stop there.

There are estimates of healthcare organisations losing up to $900,000 per day because of operational outages linked to ransomware, which excludes the millions—or billions—that are spent on ransom payments. In IBM's 2024 Cost of a Data Breach Report, healthcare was ranked as the highest cost per incident in the world, with an average cost of $9.8 million. This was significantly more than the $6.1 million average cost per incident within the financial sector.

In spite of this fact, the most devastating toll of cyberattacks is not in currency, but rather in the lives of victims. Studies indicate that cyberattacks have resulted in delayed procedures, compromised care delivery, and, in some cases, increased mortality rates of patients. There has been a troubling increase from the previous year, since 71 per cent of healthcare organisations affected by cyber incidents reported negative patient outcomes due to service disruptions in 2023.

With the rapid growth of digital transformation in healthcare, the line between data security and clinical safety is fast disappearing - making cybersecurity an urgent issue of patient survival rather than mere IT resilience as digital transformation continues to redefine healthcare. With cyber threats growing more sophisticated, healthcare is experiencing a troubling convergence of digital vulnerability and human consequences that is becoming more and more troubling.

There was once a time in healthcare when cybersecurity was viewed solely as a matter of data protection; however, today, it has become an integral part of patient safety and wellbeing, which is why experts are predicting that the threat of cybersecurity attacks will escalate significantly by the year 2025, with hospitals and health systems facing increasing financial losses as well as the threat of escalating risks.

Recent reports have highlighted hospitals being incapacitated by ransomware attacks, which have compromised critical care, eroded public trust, and left healthcare staff unable to provide care. "Patient safety is inseparable from cyber safety," emphasised Ryan Witt, Proofpoint's healthcare leader, emphasising that when digital systems fail, life-saving care can be compromised. Statistics behind these incidents reveal a frightening reality.

A study found that nearly seventy-eight per cent of healthcare organisations experienced disruptions in patient care as a result of ransomware, email compromise, cloud infiltration, and supply chain attacks. More than half of these patients experienced extended stays in the hospital or medical complications, while almost a third saw a rise in death rates.

Financial figures often overshadow the human toll of a major attack: although the average cost has fallen to $3.9 million from $4.7 million, ransom payments have risen to $1.2 million from $4.7 million. It is important to remember that there are no monetary figures that can fully capture the true impacts of systems that go dark-missing diagnoses, delays in surgery, and the lives put at risk of clinicians, nurses, and technicians.

Considering that time and precision are synonymous with survival in the healthcare sector, it has become clear that the encroachment of cybercrime is more than merely a technology nuisance and has become a profound threat to the very concept of care itself. Health Information Sharing and Analysis Centre (Health-ISAC) continues to play an important role in strengthening the industry's defences amidst increasing global cyber threats targeting the healthcare sector.

It serves as an important nexus for collaboration, intelligence sharing, and real-time threat mitigation across healthcare networks worldwide. Health-ISAC is a non-profit organisation run by its members. A vital resource for safeguarding both digital and physical health infrastructures, Health-ISAC has disseminated actionable intelligence and strengthened organizational resilience through the distribution of actionable intelligence and strengthening of organisational resilience.

It has recently been reported that the organisation has identified several security threats, including critical vulnerabilities found within Citrix NetScaler ADC, NetScaler Gateway, and Cisco Adaptive Security Appliances (ASA) that could potentially be exploited. Immediately after the identification of these flaws, Health-ISAC issued over a hundred targeted alerts to member institutions in order to minimise the risk of exploitation.

These vulnerabilities have been exploited by threat actors since then, highlighting how the healthcare sector needs to be monitored continuously and provide rapid response mechanisms. As well as detecting threats, Health-ISAC has also been involved in regulatory alignment, particularly addressing FDA guidance regarding cybersecurity for medical devices that was recently updated.

Revisions to the quality system considerations and the content of premarket submissions, issued in June 2025, have replaced the earlier version, which was issued in 2023, and incorporate Section VII of the Federal Food, Drug, and Cosmetic Act (FD&C Act). In this section, manufacturers are outlined in detail about their specific compliance obligations, including the use of cybersecurity assurance procedures, Software Bills of Materials (SBOMs), and secure development methods.

It has also been emphasised by Health-ISAC that there are related regulatory frameworks that will affect AI-enabled medical devices, such as the FDA Quality Management System Regulation, the EU Cyber Resilience Act, and emerging standards such as AI-enabled data providers. In the organisation's latest analysis, the organisation explored how the geopolitical climate has been shifting in the Asia Pacific region, where growing tensions between the Philippines and China, particularly over the Scarborough Shoal, which has now been designated by China as a maritime wildlife refuge, are reshaping regional security.

The significant investment Australia has made in asymmetric warfare capabilities is a further indication of the interconnectedness between geopolitics and cybersecurity threats. Denise Anderson, President and CEO of Health-ISAC, commented on the organisation's 15-year milestone and stated that the accomplishments of the organisation demonstrate the importance of collective defence and shared responsibility. She added, "Our growth and success are a testament to the power of collaboration and to our members' passion to improve the welfare of patients," she expressed.

"With the emergence of sophisticated threats, a unified defence has never been more needed." In the near future, Health-ISAC plans to strengthen the intelligence sharing capabilities of the organisation, expand its partnerships throughout the world, and continue promoting cybersecurity awareness - all of which will strengthen the organisation's commitment to making healthcare safer and more resilient throughout the world.

The healthcare landscape is becoming increasingly digitalised, and preserving it will require not only a proactive defence but a coordinated, unified approach as well. As technology and patient care have converged, cybersecurity has become a clinical imperative, one that will require the collaboration of policymakers, hospital administrators, medical device manufacturers, and cybersecurity specialists.

Various experts highlight that through investment in secure infrastructure, workforce training, and continuous monitoring and assessment of risks, there is no longer an option but instead a necessity to maintain the trust of patients and ensure the continuity of operations.

There is a significant reduction in vulnerabilities across complex healthcare ecosystems when zero-trust frameworks are implemented, timely software patches are made, and transparent data governance takes place. Moreover, fostering global intelligence-sharing alliances, such as the one promoted by Health-ISAC, can strengthen our collective resilience to emerging cyber threats.

With the sector facing a number of emerging challenges in the future - from ransomware to artificial intelligence-enabled attacks - it is imperative that cyber safety is treated as an integral part of patient safety in order to survive. In addition to protecting data, healthcare delivery is also preserving its most vital mission: saving lives in a world where the next medical emergency could be just as easily caused by malicious code as it would be caused by the hospital.

Microsoft Boosts Digital Trust through Post Quantum Cryptography



 

Technology

Cryptographic Transformation cyber resilience Digital Trust Encryption Standards Microsoft Post Quantum Cryptography Quantum Safe Program Quantum Security Technology

Microsoft Boosts Digital Trust through Post Quantum Cryptography

A comprehensive roadmap has been unveiled by Microsoft to enable it to future-proof its security infrastructure, marking a decisive step toward securing the company's products and services with quantum-safe protection by 2033 — two years ahead of the target set by the United States and other governments.

Moreover, this announcement underscores Microsoft's commitment to preparing for the imminent arrival of quantum computing, which threatens to outpace and undermine the current standards of cryptography in the near future. It is planned that Microsoft's core products and services will begin to be enhanced with quantum-safe capabilities as early as 2029, followed by a gradual transition into default implementation by the following years.

A new roadmap outlined by Mark Russinovich, Chief Technology Officer for Microsoft Azure, and Michal Braverman-Blumenstyk, Chief Technology Officer for Microsoft's security division, builds upon Microsoft's quantum-safe program introduced in 2023 and builds upon the company's current roadmap. An integral part of this phased approach is a modular framework developed to ensure resilience in the face of cyberattacks from adversaries who possess quantum computers capable of breaking existing encryption models.

The announcement marks a significant milestone in the race toward post-quantum security worldwide. Microsoft has formally announced its Quantum-Safe Program Strategy. The strategy is designed to make the company's ecosystem ready to deal with the disruptive potential of quantum computing by taking a security-first approach from the very beginning. There are profound stakes involved in this initiative, and it is because of this that this initiative is taking place.

Over the course of the last few decades, modern encryption algorithms have ensured the protection of everything from personal credentials and private communications to financial and critical infrastructure across the globe, but as quantum machines become increasingly powerful, these protections may be compromised, compromising society's trust in the confidentiality and integrity of digital systems that society relies on.

As Microsoft's roadmap emphasizes its commitment to leading the shift towards a quantum-resilient future, it seeks to address this looming risk well in advance, underlining its commitment to this effort. Even though quantum computing has been hailed as an exciting technological advancement, it is also one of the most significant cryptographic challenges people have encountered during the modern era. This reality Microsoft acknowledges through its ongoing efforts in making the move towards "progress toward next-generation cryptography."

As part of the comprehensive update published by Microsoft Azure's Chief Technology Officer Mark Russinovich and Microsoft's security division's Chief Technology Officer Michal Braverman-Blumenstyk, the company emphasized that quantum systems have the potential to render obsolete the widely used public-key cryptography people are currently using.

Although Microsoft has already laid the groundwork for a quantum-safe ecosystem, it stressed that it has already begun building resilient security foundations to anticipate and minimize the risks associated with this next wave of computing power. The company has been working on quantum security for quite some time; its pursuit of quantum-safe security dates back to 2014 when early research was conducted into quantum algorithms and quantum cryptography.

By the end of 2018, the company had begun experimenting with PQC implementations that were confirmed, and in its latest project, it has successfully established a VPN tunnel that is protected by PQC between its Redmond, Washington headquarters and Scotland's underwater data center, Project Natick.

As Microsoft has grown over the years, it has also taken a strong role in shaping the industry standards, contributing to the development of the Open Quantum Safe project, led the integration workstream of the NIST NCCoE Post-Quantum project, and contributed its FrodoKEM system to ISO standardization as well. It was for these reasons that the company has launched the Quantum Safe Program (QSP), unveiled by Executive Vice President Charlie Bell as part of its long-term vision of helping customers, partners, and the company's own ecosystem make a secure transition into the quantum age.

As part of the program, a full transition will be completed by 2033, with an early adoption beginning in 2029, aligned with global directives from CISA, NIST, OMB, and CNSSP-15. The strategy, which is based on a phased approach, is structured around three core priorities - the secure deployment of Microsoft's own infrastructure and supply chain, the development of tools that enable crypto-agility for customers and partners, and the advancement of global standards and research.

The first step in implementing PQC will be to embed PQC into foundational cryptographic libraries such as SymCrypt, with the ML-KEM and ML-DSA already available for testing on Windows Insider builds and Linux APIs, along with hybrid TLS key exchange enabled via SymCrypt-OpenSSL to counter the threat of "harvest now, decrypt later". As the next phase progresses, PQC integration will expand to include authentication, signing, Windows, Azure, Microsoft 365, Artificial Intelligence systems, and networking services as well.

The shift from quantum to post-quantum cryptography is not simply a switch, but a multiyear transformation that requires early, coordinated action to avoid a disruptive, last-minute scramble that Microsoft demonstrates by combining years of research, standards collaboration, and staged implementation. It has been set up for the company to set an ambitious internal deadline in order to ensure its core services are quantum-ready by 2029.

In fact, this is a much more aggressive timeline than most governments have set for the transition. It should be noted that according to the UK Government's National Cyber Security Centre (NCSC), critical sectors should aim to move to post-quantum cryptography (PQC) by the year 2035 in order to ensure their cybersecurity.

There has been some discussion about this proactive stance recently, and Mark Russinovich, Chief Technology Officer of Microsoft Azure, and Michal Braverman-Blumenstyk, Corporate Vice President and Chief Technology Officer of Microsoft Security, have emphasized the fact that, although the possibility of large-scale quantum computing is quite distant, people must begin preparing now.

They reported that the transition to PQC was not merely a matter of flipping a switch, but a multi-year transformation that requires early planning and coordination in order to prevent a scramble to become effective later on. Rather than just addressing the quantum threat, Microsoft views the transition as an opportunity for companies to safeguard their systems by modernizing their outdated systems, implementing stronger cryptographic standards, and implementing the crypto-agility practice as a fundamental security practice.

Essentially, the Quantum Safe Program is anchored by its three core pillars - updating Microsoft's own ecosystems, supporting partners, customers, and advancing global research and standards - and illustrates the importance of preparing industries for the quantum age by combining resilience with modernization.

The company is announcing a phased roadmap that will see accelerating adoption of quantum-safe standards across its core infrastructure, starting as early as 2026. Signing and networking services are slated to be the first areas of its infrastructure that will be upgraded. By 2027, Microsoft intends to extend these safeguards to Windows, Azure, Microsoft 365, data platforms, artificial intelligence services, and networking.

In order to protect its digital ecosystem, quantum-ready safeguards will be embedded into the backbone of the company's digital ecosystem. In order to lay the groundwork for this to happen, post quantum algorithms were already incorporated into foundational components like SymCrypt, which serves as the foundation for security for many Microsoft products and services. Over the next five years, additional capabilities are expected to be gradually introduced.

During the preparation process for the company, a comprehensive inventory was conducted across the organisation to identify potential risks associated with its assets. This was a similar process taken by federal agencies as well, followed by a collaborative effort with industry leaders in order to resolve vulnerabilities, strengthen quantum resilience, and advance hardware and firmware innovation.

Announcing its roadmap as aligned with international standards, Microsoft has confirmed it is on track to meet the most stringent government requirements, including those outlined in the Committee on National Security Systems Policy (CNSSP-15) for government security systems. According to that mandate, every new cryptographically protected product and service that is designed to support U.S. national security systems, as well as operations and partners of the Defense Department, should begin using the Commercial National Security Algorithm Suite 2.0 as soon as possible in January 2027.

There is a need for Microsoft to act fast when it comes to preparing for a quantum future. It is imperative that the entire digital ecosystem act as well. As individuals and businesses across industries transition to post-quantum cryptography, they must be aware that it is not simply about complying with looming deadlines, but more importantly, about maintaining trust, continuity, and resilience in a rapidly evolving threat environment.

The benefits of implementing proactive measures in crypto-agility, system modernization, and collaborative research can go far beyond quantum resistance, helping to strengthen defenses against current and emerging cyberattacks, providing businesses with a competitive edge as well as reducing disruption risk. By aligning with the highest standards of digital trust and security, businesses will be able to gain a competitive advantage as well.

Moreover, governments are also able to utilize this momentum as a means of developing unified policies, advocating for the adoption of interoperable standards, and fostering global cooperation on quantum-safe innovation. To take this next step, people must be willing to share responsibility; as quantum technology advances, they must come together to secure the digital world's foundations as well. Preparation now is crucial for enterprises to turn what is often framed as an looming challenge into an opportunity to transform, innovate, and build resilience not just today, but for generations to come.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

UK’s Proposed Ransomware Payment Ban Sparks New Debate as Attacks Surge in 2025

WA Law Firm Faces Cybersecurity Breach Following Ransomware Reports

Growing VPN Exploits Trigger Fresh Ransomware Crisis in APAC

Analysts Place JLR Hack at Top of UKs Most Costly Cyber Incidents

Mobdro Pro VPN Under Fire for Compromising User Privacy

Cheung Sha Wan Wholesale Market Faces Major Data Breach Impacting Thousands

The Silent Guardians Powering the Frontlines of Cybersecurity

Cyber Risks Emerge as a Direct Threat to Clinical Care

Microsoft Boosts Digital Trust through Post Quantum Cryptography

Footer About

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Footer About

Labels

Showing result(s) for

Popular Posts

Pages

Menu Item