Global Cyber Pulse: 05 February 2025

February 5, 2025 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Cyberattacks continue to disrupt critical sectors worldwide. The NHS in England struggles with cancer care delays months after a cyberattack crippled its hospitals. Ransomware reached record levels in 2024, with 5,263 attacks, largely targeting infrastructure and businesses. A new cyber technique allows hackers to bypass EDR security even with low-privilege access, escalating risks.

Researchers warn that abandoned cloud storage buckets pose severe security threats, with millions of unauthorized access attempts recorded. Grubhub suffered a data breach via a third-party provider, exposing customer information. Meanwhile, ValleyRAT malware is infiltrating finance departments using deceptive phishing techniques. As cyber threats evolve, organizations must prioritize proactive security measures to mitigate growing risks in an increasingly digital world.

NHS Cyberattack Worsens Cancer Care Delays

Hospitals in Wirral, northwest England, continue to struggle with cancer care delays following last year’s cyberattack, with NHS executives warning that disruptions could persist for months. The attack, which began on November 25, 2024, forced the main clinical system offline, leaving hospitals dependent on manual operations.

A breakdown of NHS waiting times shows a surge in cancer patients left untreated in December. The attack originated through a shared digital gateway, crippling services and leading to widespread appointment cancellations. NHS standards require cancer patients to begin treatment within 62 days of diagnosis, a goal now severely impacted.

Ransomware Hits Record High in 2024, NCC Group Reports

The 2024 NCC Group Threat Monitor reveals a staggering 5,263 ransomware attacks, marking an all-time high. Critical National Infrastructure (CNI) faced relentless targeting, underscoring global vulnerabilities. LockBit topped the list with 526 attacks despite its earlier takedown, while RansomHub surged with 501 incidents.

NCC’s Global Head of Threat Intelligence, warns of escalating threats as cybercriminals exploit growing tech integration. North America bore the brunt, suffering 55% of attacks, while industrial sectors saw a 15% rise. With cyberattacks growing in scale and complexity, organizations face mounting challenges in fortifying their defenses.

New EDR Bypass Tactic Exploits Standard User Privileges

Cybercriminals have developed a method to bypass Endpoint Detection and Response (EDR) tools without requiring elevated privileges. Unlike traditional attacks that rely on admin-level access, this technique leverages path obfuscation and masquerading to disguise malicious payloads as legitimate processes.

Reports from Zero Salarium indicate that process creation events—tracked by tools like Sysmon—are critical in detecting such threats. This evolving evasion strategy highlights the need for enhanced monitoring and behavioral analytics to counter increasingly sophisticated cyber threats that operate under low-privileged accounts.

Abandoned Cloud Storage Buckets Pose Major Security Risks

Neglected cloud storage repositories used by governments, defense agencies, and cybersecurity firms have become a prime target for cyber threats. A recent report by watchTowr uncovered that 150 abandoned AWS S3 buckets, once used by enterprises and public institutions, still receive millions of HTTP requests.

Over a two-month period, these inactive buckets were accessed for software updates and other critical functions, creating opportunities for cybercriminals to hijack sensitive data. The findings highlight the urgent need for organizations to secure or decommission abandoned cloud assets to prevent potential exploitation.

Grubhub Breach Exposes Customer Data via Third-Party Hack

A security breach at Grubhub linked to a third-party service provider has exposed customer data, including partial payment details. The food delivery platform confirmed that names, email addresses, phone numbers, and the last four digits of card numbers were compromised.

Additionally, some hashed passwords from legacy systems were stolen. Grubhub has since revoked access for the compromised third-party account and removed the provider from its systems. The company has not disclosed the number of affected users or the attack’s timeline, raising concerns about third-party security risks in the digital supply chain.

ValleyRAT Targets Finance Departments with Sophisticated Tactics

A surge in cyberattacks linked to ValleyRAT, a Remote Access Trojan (RAT) associated with the Silver Fox APT group, is targeting finance and accounting departments. Researchers at Morphisec Threat Labs report that cybercriminals are using deceptive delivery techniques, including fake software downloads and phishing domains mimicking legitimate Chinese businesses.

One primary infection method involves a counterfeit Chrome browser hosted on phishing sites like “anizom[.]com.” As attackers refine their tools, organizations are urged to bolster security measures against increasingly stealthy and persistent threats.