Information Security News – 10/20/2025

Arup’s $25M Deepfake Loss: Anatomy of an AI-Powered Scam

Article Link: https://www.adaptivesecurity.com/blog/arup-deepfake-scam-attack

• In a striking case of AI deception, U.K. engineering firm Arup confirmed a $25 million loss after a Hong Kong employee joined a video meeting where every “executive,” including the CFO, was an AI deepfake.
• It began with a phishing email about a secret payment. When doubts surfaced, attackers staged a fake call, convincing the employee to send 15 transfers to five accounts.
• The event marks a new era of fraud, where AI personas exploit trust and turn routine communication into a tool for large-scale theft.
• Rob Greig, Arup’s Chief Information Officer, described it as “technology-enhanced social engineering,” stressing multi-channel verification, dual payment approvals, and training to detect AI manipulation.

U.S. Warns That Hackers Using F5 Devices to Target Government Networks

Article Link: https://www.reuters.com/technology/cybersecurity-firm-f5-discloses-nation-state-hack-says-operations-unaffected-2025-10-15/

• U.S. officials warned that a nation-state threat actor is targeting federal networks by exploiting flaws in F5 products, describing the activity as an imminent threat.
• The Cyber and Infrastructure Security Agency (CISA) said the actor breached F5’s internal systems, stealing files, portions of source code, and vulnerability data that could guide intrusions into devices used across government networks.
• F5 discovered the breach on August 9, found no tampering in its software development, and brought in CrowdStrike, Mandiant, NCC Group, and IOActive. Officials reported no verified compromise of civilian agencies; the Department of Justice (DoJ) approved a disclosure delay until September 12, and United Kingdom authorities issued a patch alert.
• Identify every F5 device, apply critical updates, and review configurations and logs immediately; extend the same actions to any organization using F5 gear. This reflects CISA’s emergency directive and the Executive Assistant Director Nick Andersen’s direction to agencies to act immediately.
• CISA ED-26-01: https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices

Cyberhackers Target the Beer Biz: A History and Warning

Article Link: https://www.americancraftbeer.com/cyberhackers-target-the-beer-biz-a-history-and-warning/

• Breweries worldwide are learning that hackers like beer too. Attacks on Asahi, Molson Coors, Lion Australia, and Duvel Moortgat have halted production and exposed data, turning the beer trade into a brewing ground for hacks.
• Experts say breweries mix aging systems with automation, making them easy marks for ransomware and theft. Some hackers even froze recipes, giving new meaning to “cold storage.”
• When networks fail, beer spoils, shelves empty, and reputations suffer. Craft brewers feel the hangover first, losing sales, stock, and loyal supporters when inventory and trust run dry.
• Tom Bobak from American Craft Beer points out that protection isn’t just the IT team’s job anymore. It’s part of brewing, branding, and keeping public trust on tap. The Brewer’s Association is jumping in too, running workshops to help smaller breweries keep their hops fresh, kegs full, and data secure.
  

Extortion and Ransomware Drive Over Half of Cyberattacks

Article Link: https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/

• Microsoft’s Digital Defense Report 2025 shows the U.S. and U.K. take the top targets of global attacks at 74.4% and 18.8%. China and Russia trail far behind at 2.4% and 1.4%.
• Most incidents are driven by profit, not politics. Ransomware and data theft dominate, while espionage barely registers. Attackers are using AI to automate phishing, steal passwords, and profit through a thriving crime-as-a-service market.
• Government agencies, universities, and research institutions are frequent victims, with Lumma Stealer still active across networks.
• Microsoft proposes stronger identity safeguards, AI-assisted defenses, and global collaboration to contain these e-crime waves before the next major hit lands.
• Report: https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/

When Time Turns Against You: What a Negative TTE Means for Cyber Resilience

Article Link: https://www.cio.com/article/4072435/when-time-turns-against-you-what-a-negative-tte-means-for-cyber-resilience.html

• Attackers have tipped the odds in their favor. Microsoft reports that the average time to exploit (TTE) has turned negative, meaning dirty-rottens now move before fixes exist.
• What used to be a 63-day window for patching is gone. In 2024, attackers infiltrated disclosure pipelines, used AI to scan code leaks, and exploited flaws before vendors could react.
• Speed’s no longer our edge. Waiting for patches is like betting on a race after the winner’s already crossed the line. Too little, too late. Defense now revolves around containment, rapid detection, and recovery as the latest winning moves.
• Far too few leaders are recognizing that the edge can flip back for those who build for endurance. Security consultants recommend practicing “assume breach” tabletop scenarios, updating incident response plans, and verifying business continuity and disaster recovery plans are prepared and current.

The Growing Threat of Ignoring Personal Cybersecurity

Article Link: https://www.cyberdefensemagazine.com/the-growing-threat-of-ignoring-personal-cybersecurity/

• A Nationwide 2024 survey shows that 80% of consumers worry about identity theft, yet only 16% have invested in protection or education, revealing a widening gap between awareness and action.
• AI-driven scams, including deep-fakes and impersonation attacks, are making it easier than ever for criminals to mimic real people and harvest personal data.
• The growing concern over personal digital safety is met with hesitation, as human behavior often proves the softest target, shaped by indifference, misinformation, and a quiet belief that nothing can be done to make a difference.
• The story is no longer just about hackers and software. It is about people, trust, and the choices we make every day in a world where our identities live online.
• Survey: https://news.nationwide.com/survey-consumers-are-ignoring-cybersecurity-risks-despite-identify-theft-concerns/
  

Cross-Border Phishing Attacks Spreads Across Asia

Article Link: https://www.healthcareinfosecurity.com/cross-border-phishing-attacks-spreads-across-asia-a-29758

• A phishing campaign is spreading across Asia, starting in China and reaching Malaysia. It targets Chinese speakers with malware called HoldingHands that allows attackers to secretly access devices.
• Fortinet researchers linked these attacks in China, Taiwan, Japan, and Malaysia through shared code, concealment methods, and Tencent Cloud files disguised as government or tax documents.
• The malware hides in Windows tasks, changes servers through registry edits, and avoids antivirus tools, making detection difficult.
• This campaign shows how trusted cloud platforms and multilingual lures can be used to mask wide-scale data theft and infiltration. These same techniques could easily be adapted for supply-chain disruption or financial targeting elsewhere, closing the gap between regional attacks and global consequences.
• The article points out a few thoughtful habits, like approaching vendor content with care, securing finance and ERP accounts with strong MFA, watching for bizarre cloud behavior, and confirming payment changes through trusted controls, can reasonably and stealthily layer routine defenses.

PowerSchool Hacker Gets Sentenced to Four Years in Prison

Article Link: https://www.bleepingcomputer.com/news/security/powerschool-hacker-gets-sentenced-to-four-years-in-prison/

• A Massachusetts college student, 19-year-old Matthew D. Lane, was sentenced to four years in prison for a 2024 attack on PowerSchool that exposed the data of more than 60 million students and 9.5 million teachers worldwide.
• Using stolen subcontractor credentials, Lane and his dirty-rotten accomplices accessed PowerSchool’s systems, stealing sensitive student and faculty information and demanding $2.85 million in Bitcoin.
• Even after PowerSchool paid to stop the leak, the group continued badgering individual school districts for additional ransom payments.
• There’s more. The story continued when the Texas Attorney General took PowerSchool to court, demonstrating how a single breach can leave lasting marks on both reputation and regulation alike.
• Related: https://www.bleepingcomputer.com/news/security/texas-sues-powerschool-after-massive-data-breach-hit-62-million-students/

Chairman of Prince Group Indicted for Operating Cambodian Forced Labor Scam Compounds Engaged in Cryptocurrency Fraud Schemes

Article Link: https://www.justice.gov/opa/pr/chairman-prince-group-indicted-operating-cambodian-forced-labor-scam-compounds-engaged

• The U.S. Department of Justice filed its largest forfeiture action to date, seizing about $15 billion in Bitcoin tied to Cambodian businessperson Chen Zhi, also known as Vincent, accused of directing forced-labor scam compounds under the Prince Holding Group.
• Prosecutors say trafficked workers were forced to run cryptocurrency “pig-butchering” schemes that stole billions from victims worldwide.
• The U.S. Attorney’s Office in Brooklyn unsealed charges of wire-fraud and money-laundering conspiracy, alleging Chen used bribes, violence, and political influence to shield his empire.
• The case expanded as the Treasury and U.K. authorities imposed sanctions, illustrating how global cooperation is closing in on crypto-fueled fraud and human suffering.