Hackers Breach Wizz Air Systems, Steal 22 GB of Sensitive Customer and Staff Data — Company Remains Silent

The notorious hacker group Stormous has claimed responsibility for a massive cyberattack on Wizz Air, announcing that they have stolen approximately 22 GB of highly sensitive data, including internal company documents, staff certifications, and personal customer information. Through their official online channels, Stormous published samples of the stolen material, revealing internal reports,…

Matt Wuerker. Politico

* * * *

LETTERS FROM AN AMERICAN

March 11, 2025

Heather Cox Richardson

Mar 12, 2025

The stock market continued to fall today. The Dow Jones Industrial Average fell another 478 points, or 1.14%; the S&P 500 fell almost 0.8%; and the Nasdaq Composite fell almost 0.2%. The S&P 500 briefly held its own in trading today, but then Trump announced on his social media platform that he was going to double the tariffs on steel and aluminum from the new 25% rates to a 50% rate on Canada and might increase tariffs to “permanently shut down the automobile manufacturing business in Canada.”

Stocks fell again.

Unable to admit that he might be wrong, President Donald Trump is doubling down on the policies that are crashing the economy. In addition to his tariff threats, he also reiterated that “the only thing that makes sense is for Canada to become our cherished Fifty First State,” an outrageous position that he suddenly began to advance after the 2024 presidential election and which has Canadians so furious they are boycotting U.S. goods and booing the Star-Spangled Banner.

More than 100 top business leaders met with Trump today to urge him to stop destabilizing what had been a booming economy with his on-again-off-again tariffs. Mark Zandi, chief economist of Moody’s Analytics, told Jeff Stein and Isaac Arnsdorf of the Washington Post that in private, “[b]usiness leaders, CEOs and COOs are nervous, bordering on unnerved, by the policies that are being implemented, how they’re being implemented and what the fallout is. There’s overwhelming uncertainty and increasing discomfort with how policy is being implemented.”

The extreme unpredictability means that no one knows where or how to invest. Market strategist Art Hogan told CNN’s Matt Egan, “This market is just blatantly sick and tired of the back and forth on trade policy.” Yesterday, Delta Air Lines cut its forecasts for its first-quarter revenue and profits by half, a sign of weakening corporate and consumer confidence and concerns about the safety of air travel. Today, Southwest Airlines and United Airlines cut their forecasts, and American Airlines forecast a first-quarter loss.

When he talked to reporters, Trump reasserted that he intends to do what he wants regardless of the business leaders’ input. “Markets are going to go up and they’re going to go down, but you know what, we have to rebuild our country. Long-term what I’m doing is making our country strong again.” White House press secretary Karoline Leavitt advised, “If people are looking for certainty, they should look at the record of this president.”

Not everyone will find that suggestion comforting.

Trump backed off on his threat to raise the tariffs on Canadian steel and aluminum to 50%, but went ahead with his threat to place 25% tariffs on all imported steel and aluminum products. Those tariffs took effect at midnight.

In the face of his own troubles, Trump’s sidekick billionaire Elon Musk is also escalating his destructive behavior. Yesterday Musk’s social media platform X underwent three separate outages that spanned more than six hours. Lily Jamali and Liv McMahon of the BBC reported that Oxford professor Ciaran Martin, former head of the United Kingdom’s National Cyber Security Center, said that the outages appear to have been an attack called a “distributed denial of service,” or DDoS, attack. This is an old technique in which hackers flood a server to prevent authentic users from reaching a website.

"I can't think of a company of the size and standing internationally of X that's fallen over to a DDoS attack for a very long time," Martin said. The outage "doesn't reflect well on their cyber security." Without any evidence, Musk blamed hackers in Ukraine for the outages, an accusation Martin called “pretty much garbage.”

Four days ago, another of Musk’s SpaceX rockets exploded after takeoff, and now SpaceX’s Starlink internet service is facing headwinds. In February, Mexican billionaire Carlos Slim canceled his collaborations with Starlink after growing tensions with Musk culminated with Musk alleging on X that Slim is tied to organized crime. The loss of that deal cost Musk about $7 billion in the short term, but more in the long term as Slim will work with European and Chinese companies in 25 Latin American countries rather than Starlink. Slim has said he would invest $22 billion in those projects over the next three years.

Also in February, after U.S. negotiators threatened to cut Ukraine’s access to the 42,000 Starlink terminals that supply information to the front lines, the European Commission began to look for either government or commercial alternatives. The European Commission is made up of a college of commissioners from each of the 27 European Union countries. It acts as the main executive branch of the European Union.

On Sunday, Musk posted: “[M]y Starlink system is the backbone of the Ukrainian army. Their entire front line would collapse if I turned it off.” Poland pays for about half the Starlink terminals in Ukraine, about $50 million a year. Poland’s minister of foreign affairs, Radosław Sikorski, responded that “if SpaceX proves to be an unreliable provider we will be forced to look for other suppliers.” “Be quiet, small man,” Musk replied. “You pay a tiny fraction of the cost. And there is no substitute for Starlink.”

After all the tariff drama with Canada, last week Ontario also cancelled a deal it had with Starlink.

But perhaps the biggest hit Musk has taken lately is over his Tesla car brand. On February 6, Musk’s younger brother Kimbal, who sits on Tesla’s board, sold more than $27 million worth of shares in the company. Tesla chair Robyn Denholm sold about $43 million worth of Tesla stock in February and recently sold another $33 million. Tesla CFO Vaibhav Taneja has sold $8 million worth over the past 90 days. Yesterday, board member James Murdoch sold just over $13 million worth of stock.

Fred Lambert of Electrek, which follows the news about electric vehicles and Tesla, noted that Tesla stock dropped 15% yesterday, “down more than 50% from its all-time high just a few months ago.” “Tesla insiders are unloading,” he concluded.

Tesla sales are dropping across the globe owing to the unpopularity of Musk’s antics, along with the cuts and data breaches from his “Department of Government Efficiency.” Protesters have been gathering at Tesla dealerships to express their dismay. While the protests have been peaceful, as Chris Isidore of CNN reports, there have also been reports of vandalism. Tesla owners are facing ridicule as protesters take out their anger toward Musk on his customers, and at least one competitor is working to lure consumers away from Musk’s brand by offering a discount to Tesla owners.

Trump has jumped to Musk’s defense, posting just after midnight this morning that “Elon Musk is ‘putting it on the line’ in order to help our Nation, and he is doing a FANTASTIC JOB! But the Radical Left Lunatics, as they often do, are trying to illegally and collusively boycott Tesla, one of the World’s great automakers, and Elon’s ‘baby,’ in order to attack and do harm to Elon, and everything he stands for. They tried to do it to me at the 2024 Presidential Ballot Box, but how did that work out? In any event, I’m going to buy a brand new Tesla tomorrow morning as a show of confidence and support for Elon Musk, a truly great American.”

Indeed, today Trump used the office of the presidency to bolster Musk’s business. Teslas were lined up at the White House, where Trump read from a Tesla sales pitch—photographer Andrew Harnik caught an image of his notes. And then the same man who gave a blanket pardon to those convicted of violent crimes related to the January 6, 2021, attack on the U.S. Capitol called those protesting at Tesla dealerships “domestic terrorists” and promised that the government would make sure they “go through hell.”

Trump and Musk appear to have taken the downturn in their fortunes by becoming more aggressive. Martin Pengelly of The Guardian noted that in the middle of Monday’s stock market plunge, Trump posted or reposted more than 100 messages on his social media channel. All of them showed him in a positive light, including reminders of the 2004 first season of the television show The Apprentice, in which Trump starred: a golden moment in Trump’s past when his ratings were high and the audience seemed to believe he was a brilliant and powerful businessman.

Today, egged on by Musk, Trump pushed again to take over other countries. He told reporters: "When you take away that artificial line that looks like it was done with a ruler…and you look at that beautiful formation of Canada and the United States, there is no place anywhere in the world that looks like that…. And then if you add Greenland…that's pretty good."

The Trump administration also announced today it was cutting about half the employees in the Department of Education. The Senate confirmed Linda McMahon, who has little experience with education, to head the department on March 3 by a party-line vote. Shutting down the department "was the president's mandate—his directive to me," McMahon told Fox News Channel host Laura Ingraham. McMahon assured Ingraham that existing grants and programs would not “fall through the cracks.”

But when Ingraham asked her what IDEA stood for—the Individuals with Disabilities Education Act—she wasn’t sure, although she knew it was “the programs for disabled and needs.” Ingraham knew what the acronym meant but assured McMahon that after 30 years on the job, she still didn’t know all the acronyms. McMahon replied: “This is my fifth day on the job and I’m really trying to learn them very quickly.”

Musk lashed out at Arizona senator Mark Kelly on social media yesterday, after Kelly posted pictures of his recent trip to Ukraine and discussed the history of Russia’s invasion, concluding “it’s important we stand with Ukraine.” Musk responded: “You are a traitor.”

Kelly, who was in the Navy for 25 years and flew 39 combat missions in the Gulf War before becoming an astronaut, responded: “Traitor? Elon, if you don’t understand that defending freedom is a basic tenet of what makes America great and keeps us safe, maybe you should leave it to those of us who do.”

LETTERS FROM AN AMERICAN

HEATHER COX RICHARDSON

FBI: Scattered Spider Hijacks Airline Staff to Bypass MFA

Scattered Spider is now targeting airline companies, impersonating staff to trick IT help desks into granting deep system access—bypassing MFA and hijacking critical infrastructure in minutes.

The FBI confirms the cybercrime group Scattered Spider is expanding attacks on the airline sector using aggressive social engineering. The group impersonates employees, especially executives, to bypass multi-factor authentication and access internal systems. ReliaQuest reports they used stolen CFO credentials to seize administrator access, steal data, and disrupt cloud and virtual infrastructure.

Sources: The Hacker News

This day in history

On OCTOBER 23 at 7PM, I'll be in DECATUR, presenting my novel THE BEZZLE at EAGLE EYE BOOKS.

#20yrago Monsanto stole patented wheat from Indian farmers https://www.gmwatch.org/en/news/archive/2004/7403-monsantos-indian-wheat-patent-withdrawn-in-europe-4102004

#15yrsago Meet the 42 lucky people who got to see the secret copyright treaty https://www.keionline.org/39045

#15yrsago Airlines that charge fees lost more money than airlines that didn’t https://joe.biztravelife.com/09/042309.html

#15yrsago EFF comes to the rescue of Texas Instruments calculator hackers https://www.eff.org/press/archives/2009/10/13

#10yrsago How state anti-choice laws let judges humiliate vulnerable teens https://www.motherjones.com/politics/2014/10/teen-abortion-judicial-bypass-parental-notification/

#10yrsago One weird legal trick that makes patent trolls cry https://memex.craphound.com/2014/10/13/one-weird-legal-trick-that-makes-patent-trolls-cry/

#10yrsago Hong Kong’s pro-democracy websites riddled with malware https://www.volexity.com/blog/2014/10/09/democracy-in-hong-kong-under-attack/

#1yrago Microsoft put their tax-evasion in writing and now they owe $29 billion https://pluralistic.net/2023/10/13/pour-encoragez-les-autres/#micros-tilde-one

Tor Books as just published two new, free LITTLE BROTHER stories: VIGILANT, about creepy surveillance in distance education; and SPILL, about oil pipelines and indigenous landback.

Russia-Ukraine Daily Briefing

🇷🇺 🇺��� Friday Briefing:

- Ukraine military says onslaught on Avdiivka in the east intensifies --------------------------------------------------- - Teenager from Mariupol called up in Russia asks Zelensky to bring him home - Ukraine says global peace summit may take place next year - Ukrainians step up efforts to cross Dnipro, tie up Russians in Kherson Obl. - Russia-linked hackers claim credit for OpenAI outage this week - EU lawmakers call for ban on Russian LNG - All private medical clinics in Crimea ‘voluntarily’ stop providing abortions - Moldova to crack down on Russia-backed oligarchs in push for EU accession - EU Parliament wants tougher enforcement of sanctions against Russia - Russia airlines seek to extend fleet lifespan over sanctions - Alternative Black Sea export corridor is working despite attack

--------------------------------- 📨 More in a daily newsletter: https://russia-ukraine-newsletter.beehiiv.com/subscribe

💬 My socials: https://linktr.ee/rvps2001

 Think Before You Click: A Simple Guide to Staying Safe Online

Imagine waking up one morning to find all your online accounts hacked, your private photos leaked, or your bank drained. Scary, right? In today’s hyper-connected world, everything — from shopping and banking to work and entertainment — happens online. That’s where cybersecurity services  steps in

But don’t worry — cybersecurity doesn’t have to be complicated. Let’s break it down in simple terms, so you can understand why it matters and how to protect yourself.

What is Cybersecurity?

Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks. These attacks usually aim to steal sensitive information, extort money, or disrupt normal operations.

Think of it like locking your doors at night — but for your computer, smartphone, or online data.

Why Should You Care?

Whether you're an individual browsing Instagram, a small business owner selling online, or a large organization handling customer data — everyone is a target. Hackers don’t just go after big companies. They go after whoever is vulnerable.

Here’s why cybersecurity is important:

Your personal data is valuable. Hackers want your passwords, credit card details, identity info, and more.

Cyber attacks can be devastating. One wrong click on a fake email can lead to stolen money or data loss.

Prevention is better than cure. Once your data is gone, it’s hard to recover. But staying safe isn’t that hard if you’re aware.

Common Cyber Threats (Made Simple)

Let’s simplify the jargon. Here are some common cyber threats you should know about:

1. Phishing

Fake emails or messages that trick you into clicking bad links or giving away personal information. Tip: Always double-check links and don’t trust messages that feel rushed or suspicious.

2. Malware

Malicious software that can harm your computer or steal your data. Tip: Install a trusted antivirus and avoid downloading files from unknown sources.

3. Ransomware

A type of malware that locks your files and demands money to unlock them. Tip: Backup your files regularly. If hit, don’t pay — contact experts instead.

4. Data Breaches

When hackers break into a company’s system and leak or steal customer information. Tip: Use strong, unique passwords for different accounts and enable two-factor authentication.

Real-Life Example

Remember the Facebook data leak? Millions of users’ personal info was exposed. Or when major hospitals and airlines had to shut down systems due to ransomware? These incidents remind us that cybersecurity isn’t just an IT issue — it’s a human issue.

How Can You Stay Safe Online?

You don’t need to be a techie to protect yourself. Here’s a simple checklist anyone can follow:

Use Strong Passwords: Make them long, unique, and hard to guess. Use a password manager if needed.

Enable Two-Factor Authentication: It adds an extra layer of protection — like a second lock on your door.

Avoid Suspicious Links: Don’t click unknown links, even if they come from someone you trust.

Keep Your Devices Updated: Updates fix bugs and security issues. Don’t delay them.

Back Up Your Data: Use cloud storage or an external drive. If you lose data, you’ll have a copy.

Avoid Public Wi-Fi for Sensitive Tasks: Public networks are easy to hack. Use a VPN if necessary.

Cybersecurity at Work

If you run a business — big or small — you must take cybersecurity seriously.

Train your employees to spot threats.

Protect customer and company data.

Invest in secure systems and software.

Work with IT experts for regular security audits.

One breach can cost you money, trust, and customers.

Future of Cybersecurity

With AI, smart devices, and remote work growing, cybersecurity will only become more important. Cyber criminals are evolving fast, but so are the tools and knowledge to fight back.

The first step? Awareness. And you've already taken it.

Final Thoughts

Cybersecurity isn’t about fear — it’s about awareness, responsibility, and simple habits that protect your digital life. In the online world, just like in the real one, it pays to lock your doors.

Whether you're a student, a working professional, or a business owner — cybersecurity is everyone’s business. Stay alert, stay updated, and never take your online safety for granted.

Call to Action:

Ready to make cybersecurity part of your everyday life? Follow us for easy, jargon-free insights on protecting yourself and your business online. Share this with someone who needs a reminder: your next smart click could protect a lot more than just your data.

Emirates Airline to Accept Bitcoin Payments

Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker’s perspective, teaching you attack techniques to defend against malicious activity. Learn to hack Android and Windows systems, create undetectable malware and ransomware, and even master spoofing techniques. Start your first hack in just one hour! Enroll now and…

Cyber Security Expert in Dubai – Your First Line of Digital Defense

In a modern city like Dubai, where technology drives innovation and business, staying digitally secure is no longer a luxury — it’s a necessity. From real estate and finance to hospitality and e-commerce, every industry is embracing digital transformation. But with that transformation comes the risk of cybercrime. Every click, every login, every transaction carries a potential threat. That’s why businesses across the UAE are turning to one solution: partnering with a cyber security expert in Dubai.

Why Dubai Needs Cyber Security Experts Now More Than Ever

Dubai has established itself as a global hub for business, finance, and smart technologies. With visionary programs like Smart Dubai and the UAE Digital Government Strategy 2025, the city is rapidly becoming one of the most connected digital economies in the world.

But as infrastructure advances, so do the risks. Cybercriminals target digital ecosystems with precision. In recent years, the UAE has witnessed a sharp rise in ransomware attacks, phishing scams, data breaches, and insider threats. These aren't just nuisances; they can lead to financial losses, reputational damage, and even legal trouble.

This is where the role of a cyber security expert in Dubai becomes vital. These professionals protect businesses by thinking ahead — predicting threats, preventing attacks, and preparing organizations to handle breaches if they occur.

What Does a Cyber Security Expert in Dubai Actually Do?

A cyber security expert is not your typical IT technician. They are highly skilled professionals who specialize in defending computer systems, networks, and digital assets from unauthorized access, disruption, or destruction.

Here’s what they typically offer:

1. Risk Assessment

They identify existing vulnerabilities in your digital environment — whether it's outdated software, weak passwords, or exposed databases.

2. Penetration Testing

By simulating real-world attacks, they test your systems and identify where a hacker could break in — before it happens for real.

3. Network and Endpoint Security

They secure every device and connection point in your infrastructure, ensuring hackers can't exploit weak links.

4. Security Monitoring & Incident Response

They track unusual activity 24/7 and are ready to respond instantly in case of a security breach.

5. Compliance & Regulatory Support

A cyber security expert in Dubai understands regional laws like the UAE Information Assurance Standards and international frameworks like ISO 27001 or PCI DSS. They make sure your business stays compliant and avoids penalties.

6. Cyber Security Awareness Training

Human error is a major cause of data breaches. Cyber experts train your staff to recognize and avoid threats like phishing emails, social engineering, and poor password practices.

Industries That Need Cyber Security Experts in Dubai

Every industry is vulnerable, but some are more targeted than others due to the value of the data they handle:

🏦 Finance & Fintech

With high-value transactions and sensitive customer data, the finance sector is always under threat. Experts help ensure security of banking systems, mobile apps, and digital payment platforms.

🏥 Healthcare

Hospitals and clinics store personal health information. Cyber security experts help secure electronic health records and maintain compliance with privacy laws.

🏢 Real Estate

Dubai’s booming property sector relies on online portals, CRMs, and transaction data that must be safeguarded.

🛍️ E-commerce

Online retailers are frequent targets of fraud, DDoS attacks, and customer data theft. Cyber security professionals keep systems secure and customer trust intact.

🛫 Travel & Hospitality

Hotels, airlines, and travel platforms need to secure booking systems and personal data of tourists — especially in a city like Dubai, which thrives on tourism.

Benefits of Hiring a Cyber Security Expert in Dubai

✅ Localized Expertise

A Dubai-based cyber security expert understands the regional laws, customer expectations, and business challenges specific to the UAE.

✅ Faster Response Time

When cyberattacks happen, every second counts. Local experts can respond faster and with better insight into your infrastructure.

✅ Compliance Knowledge

Navigating UAE cyber laws, especially as regulations tighten, is easier when you have someone who knows how to align your systems with legal standards.

✅ Tailored Solutions

Every business has different needs. A dedicated cyber expert provides customized solutions instead of a generic, one-size-fits-all approach.

Signs You Need a Cyber Security Expert in Dubai

Still unsure whether you need expert support? Here are the warning signs:

You’ve never done a vulnerability or penetration test.

Your staff hasn’t been trained in cyber hygiene.

Your business stores sensitive customer or financial data.

You’re expanding online or adopting new digital platforms.

You aren’t sure if you comply with Dubai’s cyber regulations.

You’ve already experienced suspicious emails, data loss, or malware infections.

If any of these apply, it’s time to act.

Why Choose eShield IT Services – Trusted Cyber Security Experts in Dubai

At eShield IT Services, we bring global expertise with local understanding. We’re a team of certified cyber security professionals (CEH, CISSP, OSCP) based in Dubai, delivering advanced digital protection to businesses of all sizes.

Our Services Include:

Penetration Testing & Ethical Hacking

24/7 SOC Monitoring

Data Security & Backup Solutions

Cloud Security & Endpoint Protection

ISO 27001 & PCI DSS Compliance

Security Audits & Gap Assessments

Incident Response & Forensics

Cyber Security Awareness Training

Whether you’re a startup in Dubai Internet City or an enterprise in Business Bay, we create security frameworks that are scalable, affordable, and tailored to your industry.

Cyber Security Is Not an Expense — It’s an Investment

Some business owners hesitate to bring in a cyber security expert due to costs. But the reality is, the cost of a breach is far greater — not just financially, but in lost time, trust, and reputation.

Hiring a cyber security expert in Dubai is not just about protection; it’s about confidence. Confidence that your business can grow, scale, and innovate without fear of being held hostage by cybercriminals.

Final Thoughts: Be Proactive, Not Reactive

In a city that never sleeps, neither do the cyber threats. As Dubai continues its journey toward becoming a fully digital economy, safeguarding your digital environment must be a top priority.

Don’t wait for something to go wrong.

Partner with a cyber security expert in Dubai today, and secure your future from the ground up.

Need help? Let’s talk. eShield IT Services – Cyber Security You Can Trust.

To know more click here :- https://eshielditservices.com

Empty grocery store shelves and grounded planes tend to signal a crisis, whether it’s an extreme weather event, public health crisis, or geopolitical emergency. But these scenes of chaos in recent weeks in the United Kingdom, United States, and Canada were caused instead by financially motivated cyberattacks—seemingly perpetrated by a collective of joyriding teens.

A notorious cybercriminal group often called Scattered Spider is known for using social engineering techniques to infiltrate target companies by tricking IT help desk workers into granting them system access. Researchers say that the group seems to gain expertise about the backend systems commonly used by businesses in a particular industry and then uses this knowledge to hit a cluster of targets before moving on to another sector. The group often deploys ransomware or conducts data extortion attacks once it has compromised its victims.

Amid increasing pressure from law enforcement last year, which culminated in charges and arrests of five suspects allegedly linked to Scattered Spider, researchers say that the group was less active in 2024 and seemed to be attempting to lay low. The group’s escalating attacks in recent weeks, though, have shown that, far from being defeated, Scattered Spider is emboldened once again.

“There are some uniquely skilled actors in Scattered Spider when it comes to social engineering, and they have identified a major gap in our security systems that they’re successfully taking advantage of,” says John Hultquist, chief analyst in Google’s threat intelligence group. “This group is carrying out serious attacks on our critical infrastructure, and I hope that we’re not missing the opportunity to address the most imminent threat.”

Though a number of incidents have not been publicly attributed, an overwhelming spree of recent attacks on UK grocery store chains, North American insurers, and international airlines has broadly been tied to Scattered Spider. In May, the UK’s National Crime Agency confirmed it was looking at Scattered Spider in connection to the attacks on British retailers. And the FBI warned in an alert on Friday that it has observed “the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.” The warning came as North American airlines Westjet and Hawaii Airlines said they had been victims of cybercriminal hacks. On Wednesday, the Australian airline Qantas also said it had been hit with a cyberattack, though it was not immediately clear if this attack was part of the group’s campaign.

“They slowed down, and we saw them dissipate for a while throughout 2024,” says Adam Meyers, a senior vice president for counter-adversary operations at the security company CrowdStrike. “Then they’ve roared back in the last couple of months, first hitting retail and then hitting insurance companies and most recently targeting airlines.”

Scattered Spider first emerged as a high-profile group toward the end of 2023 as its members moved from SIM swapping attacks to launching crippling ransomware attacks on Caesar’s Entertainment and MGM Resorts. The latter cost MGM around $100 million to recover from. Researchers emphasize that the collective is financially motivated, made up of mostly English-speaking teenagers and young men who are often based in the US or UK. The Scattered Spider hackers are considered an offshoot of the Com, an amorphous network of potentially thousands of trolls and criminals, many of whom engage in harassment, extortion, and child exploitation.

Scattered Spider members have increasingly coalesced around a tactic of using targeted social engineering to get a foothold inside company networks. Attackers may impersonate a staff member who is locked out of their company email account and contact the firm’s IT help desk to get access, before resetting multifactor authentication credentials. Researchers say that the group has also used a tactic of creating convincing phishing websites where the URLs often include the name of the target organization along with words like “okta,” “vpn” or “helpdesk.” Once inside networks, the hackers deploy various types of ransomware or steal data that is used to extort companies.

Meyers says Crowdstrike believes that Scattered Spider has roughly four core members, which drive the targeting of potential victims and “leverage” resources from the wider Com ecosystem as needed. The exact structure and size of Scattered Spider is unclear, but researchers agree that the group relies on an array of third-party services to carry out its attacks.

“Deterrence is extremely difficult because we’re essentially fighting a marketplace where a lot of the actors are replaceable,” Google’s Hultquist says. “For instance, Scattered Spider has worked with multiple ransomware services, so if one goes down there’s always someone to replace them.”

Aiden Sinnott, a senior threat researcher at cybersecurity company Sophos’ Counter Threat Unit, says that Scattered Spider and the Com more broadly are connected through relationships and communities on Discord servers or Telegram groups. “It’s this kind of evolving group where maybe new younger threat actors are coming in,” Sinnott says. “You can see this natural escalation progression as they learn skills of each other, and they're very big on sharing their wins as well.”

Some Scattered Spider members may target big-name companies, while others are involved in less high-profile activity. “There are groups, or individuals, who are really focused on hacking Coinbase accounts and stealing crypto and things like that,” Sinnott says. “So they’re not even focused on these big corporate organizations.”

As Hultquist puts it, "the activity is extremely resilient, because instead of fighting a single actor, we’re really fighting a marketplace.”

Attack Hacker exposes data from 6 million international airline passengers

[aviation news] Qantas investigates hacker attack that may have exposed data from up to six million passengers The Australian airline Qantas announced yesterday (1), that it is investigating a significant cyber attack that has reached an external system used by one of its customer service centers. According to Qatas, the invaders obtained access to sensitive data of up to six million passengers.…

FBI, cybersecurity firms say a prolific hacking crew is now targeting airlines and the transportation sector

The fresh wave of attacks targeting airlines comes soon after the hackers hit the U.K. retail sector and the insurance industry. Source: TechCrunch FBI, cybersecurity firms say a prolific hacking crew is now targeting airlines and the transportation sector

Cyberspace Just Got More Dangerous! Learn How To Be A Survivor When You Go Online

Ross Ulbrecht keeps resurfacing to warn us about the dangers we face in cyberspace. He was the man who created the Amazon of crime with everything a criminal could want for sale. When he was apprehended and found guilty, a US District Court judge in New York City tried to "put the fear of God" into others who might try to pen up such an enterprise. She sentenced Ross to two consecutive life sentences plus 40 years to be served after the life sentences. (If a serial killer avoided the death penalty, this is the kind of sentence the murderer would receive.)

     It failed to deter others from such activities. A second Amazon of crime appeared. Authorities took it down in 2017. The man who runs the messaging platform Telegram is now under arrest and awaiting trial in France for "turning a blind eye" while criminals used his platform to conduct all the criminal activities that were conducted on the Silk Road website run by Ross.

      The Economist magazine has an excellent article that I want to share with you about the frightening evolution of criminals using cyberspace to do their bad deeds. Before I give you the article, I want to give you a quick survival course on how to protect yourself when you're online as follows:

1) Never click on a link unless you are very sure of the person sending you the link.

2) Be alert to phishing. You might get an email that looks very official from a company like Amazon, American Express, Visa, A.T. and T, United Airlines, etc, or a government agency like the US IRS or the Social Security Administration, etc. You will be asked to click on a link or reveal personal information.

3) Have a security service like Identity Guard, American Express, a service from a credit bureau, etc. You will be warned if there is any sort of suspicious activity.

4) Do not trust anyone whom you meet online. Even if you have Zoom meetings with this person, be wary until you meet this person face-to-face and spend time with them.

5) Do not have all your financial activities concentrated at one financial institution. Spread out your money among several different financial institutions. In that way, if one financial institution is shut down with a ransomware attack, you will not be caught without money.

    Here is the article:

The Uber of the underworld

Amateur crooks are using plug-and-play hacking kits

May 29th 2025|SINGAPORE

SaveShare

Give

Listen to this story

EVERYTHING’S POSSIBLE at Harrods, proclaims the website of Britain’s glitziest department store. Alas, on May 1st, this universe of possibilities included an attempted cyber-attack that forced the company to restrict internet access at its sites, it said. The attempted intrusion came just days after hackers took down computer systems at Marks & Spencer (M&S), a supermarket and clothing retailer which says the disruptions will cost it some £300m ($405m). These breaches, which also hit the Co-op supermarket chain, were more than just costly cyberattacks. They are worrying examples of how crime is evolving beyond simple street thuggery, or even the work of small groups of clever hackers, into a global service economy where anyone with cryptocurrency can buy the tools to paralyse a multinational corporation.

One of the chief suspects in the attacks on Britain’s high street is the hacker collective Scattered Spider, according to Britain’s National Crime Agency, which investigates serious and organised crime. Scattered Spider is not a traditional, hierarchical mafia. Instead, it is a fluid network of young hackers who may never meet in person, yet can co-ordinate devastating attacks across continents. They are thought to have used DragonForce, a ransomware-as-a-service platform that gives criminals the software to carry out attacks in which they encrypt the victim’s data or otherwise block their access to computer systems until a ransom is paid.

Just as Uber upended the taxi industry and Airbnb reshaped the hotel business, the criminal underworld is undergoing its own digital revolution. Criminals who might once have committed crimes themselves are now becoming service providers in a vast underground marketplace. This new service model “is evolving at a rate that we’ve never previously seen”, says John Wojcik of the United Nations Office on Drugs and Crime (UNODC).

The exact cost of cybercrime cannot be known, since much of it happens in the shadows, and victims of ransomware attacks may be reluctant to report the crimes. Sometimes this is out of fear that doing so will harm their reputation among customers or that it could result in them being fined under data-protection laws.

Nevertheless, the scale is staggering, with billions, possibly trillions, of dollars in economic costs each year. The low end of the range comes from tallies of reported crimes by law enforcement agencies. The FBI said it received reports of direct losses of $16.6bn in 2024, a 33% increase over 2023. Adding in unreported losses and wider economic costs leads to bigger numbers. Britain puts its current annual losses at more than £27bn (based on old data). The European Commission reckons that the worldwide costs of cybercrime were €5.5trn ($6.5trn) in 2021.

Though estimates of the full cost differ, almost all studies suggest that cybercrime is booming. One reason is the emergence of DragonForce and other similar providers of plug-and-play hacking kits, which give even unskilled criminals the ability to launch ransomware attacks. This dramatically lowers the barriers for newcomers, who no longer have to write their own malicious malware. Moreover, a wider ecosystem of criminal services is developing. This allows hackers to buy, rather than steal, the personal data they need to identify potential victims or to work out how to launder ransom payments. Many of these services are accessed through online forums or messaging apps, such as Telegram, and are often paid for with cryptocurrency.

Hackers who develop ransomware use a variety of business models, from selling the basic code, which sometimes costs as little as $2,000, to ransomware-as-a-service. Under the service model, a client (or affiliate) gets access to a web portal that lets them customise the ransomware. Some groups also provide a communications portal, through which their clients can negotiate anonymously with their victims. In exchange for these services, they take a share of the profits. Market forces and competition have pushed these down to around 10-20% from around 30-40% a few years ago.

Keeping secrets

This new modular model is not easily thwarted by law enforcement officials. When cybercrime operates through countless providers, shutting down one node barely dents the system. In 2023, Scattered Spider attacked Caesars Entertainment and MGM Resorts International, two American casino operators, yet the FBI struggled to dismantle the network.

Criminal business models are also evolving. DragonForce uses a double extortion method. The service both steals a copy of its victim’s data and also encrypts it on the victim’s computer system. Thus, it can demand two separate ransoms: one to unscramble the data and another to delete the stolen copy. Firms that refuse to pay face the threat that their data will be leaked to other cyber-criminals.

The targeting of large retailers such as M&S, Co-op, and Harrods is not random: these sorts of firms house troves of customer data. After Scattered Spider attacked the British retailers, Google warned on May 21st that the group is turning its attention to American retailers.

The sorts of personal information big retailers hold—names, email addresses, credit-card details, shopping habits, even browsing histories that reveal personal interests—are the backbone of modern retailing. These data are among cybercrime’s most valuable commodities. With this information, criminals can craft more convincing phishing attacks (emails that impersonate legitimate companies in order to trick people into divulging passwords or financial information), launch targeted malware attacks, and commit fraud. Underground markets, hosted on messaging apps or on the dark web, now serve as trading hubs where vendors sell stolen credit-card details, bank records, and other confidential data. Beyond hacking large retailers, criminals who specialise in stealing and selling data also target banks, investment firms, and other financial companies for information about wealthy clients and other profitable targets.

Increasingly, criminals use information-stealing malware, often distributed through phishing emails or malicious ads, that infects computers and smartphones. This malware harvests browsing history, saved passwords (including from internet banking), chat logs, cryptocurrency-wallet details and other personal content. Among these password-stealers are RedLine Infostealer, which has been used to infiltrate major corporations, and META Infostealer (not to be confused with the company that runs Facebook). They are distributed through a decentralised malware-as-a-service model in which cybercriminals either buy a lifetime licence for $900 or subscribe to use it for $150 a month, according to a criminal complaint filed by America’s Department of Justice before a court in Texas in 2022. One cybersecurity expert now reckons that the cost of a lifetime licence has increased to $10,000.

Adding fuel to the fire is artificial intelligence (AI), which has already transformed two common types of cybercrime: producing malware and conducting phishing attacks. In the past, gangs would have needed experts with advanced coding skills to write malware or to tailor it to specific targets, tasks that are easily done by generative AI. “What might have previously taken an advanced criminal group weeks to figure out is now available to any criminal in minutes,” says Jeff Sims of Infoblox, a security firm.

AI also allows criminals to produce convincing, well-written phishing messages (often in languages that are not their own). These are more likely to succeed in deceiving victims, especially when combined with stolen data. Crime syndicates, for example, Chinese groups operating out of South-East Asia, are using AI to translate scripts for romance scams, fake job offers or fraudulent investments, letting them target victims around the world.

Paying the bounty

Law-enforcement agencies have tended to focus on trying to shut down or disrupt the providers of ransomware. In late May, an operation by European and North American agencies dismantled an extensive network and issued arrest warrants for 20 people. Yet the continued growth in this sort of crime suggests that enforcement is failing, leading to more draconian proposals. Britain plans to outlaw payment of ransoms by public-sector bodies and operators of critical infrastructure, hoping this will make them less attractive as targets. Those not subject to this ban would still have to report ransomware attacks to the authorities, which would allow law enforcement officials to block ransom payments. Yet legal experts fret this will not stop cyberattacks (since hackers may still get customer data that they can sell) nor protect companies, which could collapse if they cannot regain control of their data.

If nothing else, the dilemma over how to deter the new breed of cybercriminals highlights how one of the world’s fastest-growing criminal threats comes not from armed gangsters, but from geeks writing and selling code in the burgeoning underworld of the criminal gig economy. ■

Explore more

WorldInternational

North America Biometric Technologies Market Size, Revenue, End Users And Forecast Till 2030

The North America biometric technologies market was valued at US$ 13,516.24 million in 2022 and is expected to reach US$ 45,097.67 million by 2030; it is estimated to register a CAGR of 16.3% from 2022 to 2030.

Market Overview

The US, Canada, and Mexico are among the major economies in North America. This region accounts for a significant share of the biometric technologies market. Surging data theft identity fraud incidences, and terrorist operations, among other security breaches, are driving the biometric technologies market in North America. In October 2023, the House Foreign Affairs Committee and the U.S. Senate Committee on Homeland Security & Governmental Affairs faced a cyberattack from Vietnamese hackers trying to install spyware on the phones of journalists. This propels the demand and adoption of biometrics technologies to handle unlawful practices and enhances national security. Biometric authentication in phones unlocks greater security due to its resistance to most common cyberattacks such as password cracking or phishing. Biometric technologies offer an efficient way to keep physical attacks and cyber-attacks in check by delivering more stringent security measures to users. The market in North America is anticipated to expand at a significant rate during the forecast period owing to the surging demand for biometrics solutions from the IT sector and the rising number of phishing attacks.

Grab PDF To Know More @ https://www.businessmarketinsights.com/sample/BMIRE00030666

North America Biometric Technologies Strategic Insights

Strategic insights for the North America Biometric Technologies provides data-driven analysis of the industry landscape, including current trends, key players, and regional nuances. These insights offer actionable recommendations, enabling readers to differentiate themselves from competitors by identifying untapped segments or developing unique value propositions. Leveraging data analytics, these insights help industry players anticipate the market shifts, whether investors, manufacturers, or other stakeholders. A future-oriented perspective is essential, helping stakeholders anticipate market shifts and position themselves for long-term success in this dynamic region. Ultimately, effective strategic insights empower readers to make informed decisions that drive profitability and achieve their business objectives within the market.

Increasing Use of Biometric Systems at Airports Fuels North America Biometric Technologies Market

Airports around the world are actively exploring and implementing biometric solutions at various touchpoints, including check-in kiosks, security checkpoints, and boarding gates, which results into a continuous demand for new hardware and software systems. As airport administrations experience success with initial implementations, they are likely to expand the application of biometrics to other areas at airports, creating additional demand for technology and integrations. Moreover, facial recognition is becoming common in airport operations. For instance, in February 2024, passenger screening using facial recognition software was made available to select travelers at La Guardia by Delta Air Lines and the Transportation Security Administration. This explains how biometric technology, which uses an individual's unique physical identifiers such as face or fingerprints, promises to transform airline operations and traveling experience.  Therefore, the increasing use of biometric technology in airports presents a significant biometric technology market trend.\

Market leaders and key company profiles

Aware, Inc.

Thales SA

Cognitec Systems GmbH

NEC Corp

IDEMIA France SAS

HID Global Corp

Fujitsu Ltd

Leidos Holdings, Inc.

M2SYS Technology

Precise Biometrics AB

North America Biometric Technologies Regional Insights

The geographic scope of the North America Biometric Technologies refers to the specific areas in which a business operates and competes. Understanding local distinctions, such as diverse consumer preferences (e.g., demand for specific plug types or battery backup durations), varying economic conditions, and regulatory environments, is crucial for tailoring strategies to specific markets. Businesses can expand their reach by identifying underserved areas or adapting their offerings to meet local demands. A clear market focus allows for more effective resource allocation, targeted marketing campaigns, and better positioning against local competitors, ultimately driving growth in those targeted areas.

About Us:

Business Market Insights is a market research platform that provides subscription service for industry and company reports. Our research team has extensive professional expertise in domains such as Electronics & Semiconductor; Aerospace & Defence; Automotive & Transportation; Energy & Power; Healthcare; Manufacturing & Construction; Food & Beverages; Chemicals & Materials; and Technology, Media, & Telecommunications.

This day in history

I'm kickstarting the audiobook for "The Internet Con: How To Seize the Means of Computation," a Big Tech disassembly manual to disenshittify the web and make a new, good internet that picks up where the old, good internet left off. It's a DRM-free book, which means Audible won't carry it, so this crowdfunder is essential. Back now to get the audio, Verso hardcover and ebook:

http://seizethemeansofcomputation.org

#20yrsago Trademark-holders don’t have to be bullies https://web.archive.org/web/20030826225802/http://www.openp2p.com/pub/a/p2p/2003/08/14/trademarks.html

#15yrsago Stop Writing Young Adult Science Fiction https://gizmodo.com/stop-writing-young-adult-science-fiction-5037686

#15yrsago Young Adult Books Will Save Science Fiction https://gizmodo.com/young-adult-books-will-save-science-fiction-5036820

#15yrsago RIAA has to pay $107,951 for court costs in failed suit against disabled single mom https://yro.slashdot.org/story/08/08/15/1145236/riaa-pays-tanya-andersen-107951

#15yrsago Scamorama: book explains how to get into scambaiting as a hobby https://memex.craphound.com/2008/08/15/scamorama-book-explains-how-to-get-into-scambaiting-as-a-hobby/

#10yrsago NSA leaks trigger steep rise in ad/third-party-cookie blocking https://www.adweek.com/performance-marketing/study-nsa-scandal-still-setting-privacy-alarm-bells-among-consumers-151835/

#10yrsago On slagging off other writers’ books https://floggingbabel.blogspot.com/2013/08/on-my-refusal-to-mock-my-brothers-and.html

#10yrsago Decoding NSA doublespeak https://www.eff.org/deeplinks/2013/08/guide-deceptions-word-games-obfuscations-officials-use-mislead-public-about-nsa

#10yrsago Dear airline execs: crowing about new fees and price hikes before your merger makes the DoJ mad https://consumerist.com/2013/08/14/past-statements-about-moneymaking-mergers-returning-to-bite-airline-execs-in-the-behind/

#10yrsago Copyright troll’s lawyer wants record sealed so we won’t make fun of him https://www.techdirt.com/2013/08/14/prenda-lawyer-would-like-future-documents-sealed-because-techdirt-commenters-said-mean-stuff-about-him/

#10yrsago Horse Association must accept clones on registry https://www.reuters.com/article/us-usa-cloning-horses/u-s-horse-association-will-be-ordered-to-allow-clones-on-registry-idUSBRE97C01V20130813

#5yrsago How a civic hacker used open data to halve tickets at Chicago’s most confusing parking spot https://mchap.io/using-foia-data-and-unix-to-halve-major-source-of-parking-tickets.html

#5yrsago Truthful security disclosures should always be legal. Period. https://www.eff.org/deeplinks/2018/08/telling-truth-about-defects-technology-should-never-ever-ever-be-illegal-ever

#5yrsago Talking surveillance, elections, monopolies, and Facebook on the Bots and Ballots podcast https://www.yahoo.com/news/facebook-surveillance-system-sci-fi-author-cory-doctorow-says-090028574.html

#5yrsago Insecure medical equipment protocols let attackers spoof diagnostic information https://www.bleepingcomputer.com/news/security/hackers-can-falsify-patient-vitals/

#5yrsago Majority of young Americans distrust capitalism, embrace socialism https://www.cnbc.com/2018/08/14/fewer-than-half-of-young-americans-are-positive-about-capitalism.html

#5yrsago New Zealand bans most offshore residential real-estate ownership https://money.cnn.com/2018/08/15/investing/new-zealand-property-foreigners/index.html

#1yrago This weekend, I watched a hacker jailbreak a John Deere tractor live on stage https://pluralistic.net/2022/08/15/deere-in-headlights/#doh-a-deere

Back my anti-enshittification Kickstarter here!