Information Security News – 2/10/2025

Cybercriminals Use Axios and Node Fetch in 13 million Password Spraying Attempts

Article Link: https://thehackernews.com/2025/02/cybercriminals-use-axios-and-node-fetch.html

• Cybercriminals are weaponizing legitimate tools like Axios and Node Fetch, software designed for web development, to breach Microsoft 365 accounts in a surge of sophisticated attacks.
• These tools, freely available on platforms like GitHub, are exploited in Adversary-in-the-Middle (AitM) schemes and brute-force attacks. Hackers use them to mimic regular web traffic, slipping past security systems while stealing credentials and hijacking accounts.
• These attacks are escalating across industries, targeting executives, finance teams, and operational staff. Compromised accounts give attackers access to confidential data, financial transactions, and sensitive business communications.
• Security experts recommend enabling multi-factor authentication, tracking unusual login activity, and training employees to recognize phishing tactics disguised as routine messages.

Ransomware Payments Decreased 35% Year-over-Year

Article Link: https://www.infosecurity-magazine.com/news/ransomware-payments-decline/

• According to a report by blockchain analytics firm Chainalysis, ransomware attackers received approximately $815.55 million in payments from victims in 2024, marking a 35% decrease from 2023’s record-setting year of $1.25 billion.
• This decline is attributed to increased law enforcement actions, such as the disruption of major ransomware groups like LockBit and ALPHV/BlackCat, and a growing reluctance among victim organizations to pay the ransom.
• The reduction in payments suggests progress, demonstrating that proactive defense strategies and successful incident responses can weaken the financial incentives driving ransomware operations.
• Industry leaders point to the need for stronger data protection efforts, referencing tested backups, recovery plans, and employee awareness. They also mention that individuals can lower risks by being cautious with links, attachments, and using distinct passwords.
• Report: https://www.chainalysis.com/blog/crypto-crime-ransomware-victim-extortion-2025/

Google Says Hackers Abuse Gemini AI to Empower Their Attacks

Article Link: https://www.bleepingcomputer.com/news/security/google-says-hackers-abuse-gemini-ai-to-empower-their-attacks/

• Google’s Threat Intelligence Group (GTIG) has uncovered several state-sponsored hacking groups tied to Iran, China, North Korea, and Russia are using AI tools like Gemini to improve their cyber operations.
• These attackers are applying AI to create malicious scripts, uncover security flaws, collect detailed data on targets, and devise tactics to infiltrate networks while evading detection.
• AI-driven strategies enable faster, more precise attacks, allowing these groups to expand their reach and intensify the impact of their operations across critical sectors.
• GTIG advises organizations to deploy advanced threat monitoring, reinforce security protocols, and perform continual risk assessments to detect and counter AI-enhanced threats.

Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks

Article Link: https://www.infosecurity-magazine.com/news/texas-cyber-command-rise-attacks/

• In response to a dramatic increase in cyberattacks, Texas Governor Greg Abbott has announced the creation of the Texas Cyber Command, a dedicated unit designed to strengthen the state’s defenses against digital threats.
• The initiative intends to centralize the state’s digital security efforts, enhancing coordination among various agencies to effectively detect, prevent, and respond to online threats targeting Texas’ infrastructure and residents.
• As cyberattacks surge, critical sectors like healthcare and education are under fire. The University Medical Center in Lubbock was recently crippled by ransomware that disrupted critical patient care services and forced vital systems offline, exposing vulnerabilities inside the state’s digital infrastructure.
• The establishment of the Texas Cyber Command is expected to build a more agile response system, strengthen threat detection capabilities, and improve resistance against future cyber incidents.

“Everyone Will Experience a Hack” – How Incident Response Can Protect Your Organization

Article Link: https://www.techradar.com/pro/security/everyone-will-experience-a-hack-how-incident-response-can-protect-your-organization

• Analysts confirm that every organization faces the risk of cyberattacks. As digital threats become more advanced, attention has nudged from prevention alone to strategic preparedness, with incident response plans taking center stage.
• Beyond password protocols and routine data backups, companies are adopting real-time breach simulations or tabletop exercises, to strengthen readiness. These exercises help identify security gaps, improve personnel knowledge and skills, and adjust decision-making during actual incidents.
• According to risk management consultants, the repercussions of cyber incidents reach beyond technical disruptions, often impacting day-to-day operations, depleting financial resources, and undermining public confidence, impacting business continuity and stakeholder assurance.
• Industry specialists assert incident response defense relies on more than just technology and denote consistent training sessions and coordinated drills will equip teams to contain threats quickly, minimize disruption, and support faster recovery.

Cybercriminals Court Traitorous Insiders via Ransom Notes

Article Link: https://www.darkreading.com/threat-intelligence/cybercriminals-traitorous-insiders-ransom-notes

• Ransomware groups are adopting a new tactic, embedding messages in ransom notes to recruit employees willing to leak company secrets in exchange for large payouts.
• These ransom demands double as advertisements, offering lucrative rewards for insider cooperation. One note reads, “Help us uncover company secrets, and you’ll be handsomely rewarded,” while another pitches, “Want to make millions? Share accounting data or access credentials.”
• This marks a change in strategy, with attackers attempting to gain a powerful advantage for insider access. Such collusion could intensify data breaches, making them harder to detect and more damaging to businesses.
• Threat intelligence professionals suggest organizations reinforce internal security practices, educate employees on the risks of insider threats, create clear channels for reporting suspicious behavior, and advocate ongoing monitoring and regular assessments to help uncover red flags before they escalate.
  

New York Legislature Passes Health Data Privacy Law

Article Link: https://www.techtarget.com/healthtechsecurity/news/366618652/New-York-legislature-passes-health-data-privacy-law

• The New York State Legislature has approved the Health Information Privacy Act, granting individuals greater control over how their health data is collected, shared, and sold.
• Under this new law, companies must obtain explicit consent before transferring or selling personal health information. Data can only be processed without consent when strictly necessary to deliver requested services.
• Inspired by Washington State’s My Health, My Data Act, this legislation signals a heavier shift toward tighter health data safeguards. Organizations violating the law could face fines of up to $15,000 per offense or 20% of revenue tied to New York residents, whichever is greater.
• Businesses managing health information are expected to review data handling procedures, establish clear consent protocols and reinforce privacy protections to comply with the new law.
• NY Senate Bill: https://www.nysenate.gov/legislation/bills/2025/S929

Nine Human-Centric Strategies That Strengthen Security Teams

Article Link: https://www.scworld.com/perspective/nine-human-centric-strategies-that-strengthen-security-teams

• A new framework outlines nine key approaches centered around people, directed at improving the efficiency and cohesion of security teams by prioritizing employee involvement and support.
• These methods include encouraging staff participation in decision-making, providing timely feedback, and empowering a personal investment in day-to-day security practices, which are all important for creating strong internal defenses.
• Reporting positive results, companies are ostensibly seeing reduced burnout and improved communication in environments where risk awareness is embedded in daily operations.
• Information security experts propose leveling up security teams through continuous learning, streamlining processes, and recognizing individual contributions to help teams remain agile and prepared for future challenges.

DOJ, Dutch Police Take Down Group Selling Phishing Tools to Cybercriminals

Article Link: https://www.scworld.com/news/doj-dutch-police-take-down-group-selling-phishing-tools-to-cybercriminals

• The U.S. Department of Justice and Dutch National Police have taken down 39 domains connected to a Pakistan-based group known as Saim Raza, also operating under the alias HeartSender.
• Since 2020, this network has been distributing phishing kits and tools designed to assist cybercriminals in executing business email compromise (BEC) schemes across numerous platforms.
• These fraudulent operations have caused over $3 million in financial losses to U.S. companies, exposing vulnerabilities within corporate email systems.
• Officials report that this takedown reflects the increasing sophistication of online crime networks, where tools are sold as off-the-shelf services, enabling even inexperienced actors to effectively carry out attacks.