This week in cybersecurity, we’re seeing major developments across government policy, corporate security, and new hacking tactics. A newly discovered attack method exploits trusted system files to bypass security defenses, while Hewlett Packard Enterprise (HPE) disclosed a breach linked to a Russian-backed Office 365 compromise. Meanwhile, Canada is investing $38 million in its cybersecurity infrastructure, and Mastercard is teaming up with VikingCloud to provide cybersecurity solutions for SMBs.
Additionally, a staggering 28 million devices have been hijacked in a new cyber attack, and the FBI has issued an urgent warning about a phishing campaign using fake texts and messages. Finally, Ukraine has officially launched a project to bolster its cyber defense capabilities amid ongoing cyber warfare threats.
Here’s what you need to know.
1. Massive Attack Leverages 28 Million Devices in Password Theft Campaign
Summary:
Security researchers have uncovered a large-scale Brute Force cyber attack where 28 million devices have been compromised to steal login credentials and facilitate attacks on Palo Alto, Ivanti, and Sonicwall. Attackers are using previously stolen passwords and credentials to exploit these devices, enabling widespread unauthorized access across numerous platforms.
Timeline: Reported on February 9-10, 2025
Threat Actors: Currently unidentified cybercriminal groups
Key Implications:
- Large-scale compromise of online accounts and personal data
- Potential for increased ransomware attacks and financial fraud
- Growing threat of credential stuffing attacks
Actionable Steps:
- Use unique, strong passwords for all accounts
- Enable multi-factor authentication (MFA)
- Monitor online accounts for unauthorized access
Additional Resources: Forbes
2. Canada Invests $38 Million in National Cybersecurity Strategy
Summary:
The Canadian government has committed $38 million over the next 6 years to improve the country's cybersecurity resilience. The funding will support initiatives aimed at protecting critical infrastructure, strengthening national defense against cyber threats, and enhancing digital security for businesses and individuals. The NCSS, Securing Canada's Digital Future, enhances partnerships across government, law enforcement, multiple critical industrie, and within Indigenous communities to improve cybersecurity coordination and threat response. It also funds initiatives, including cybersecurity education for youth, to build a more resilient digital future.
Timeline: Reported on February 10, 2025; 6 year commitment to investment.
Threat Actors: N/A. However, the NCSS comes after significant ransomware attacks within school districts and public service sectors across Canada over the last year.
Key Implications:
- Increased investment in cybersecurity research and development
- Stronger protection for public and private sector organizations
- Potential new regulations and compliance requirements for businesses
Actionable Steps:
- Canadian organizations should prepare for new cybersecurity regulations
- Businesses should leverage government resources for security enhancements
- Companies should invest in cybersecurity training and threat detection
Additional Resources: BlogTO
3. Mastercard Partners with VikingCloud for SMB Cybersecurity Solutions
Summary:
Mastercard is collaborating with VikingCloud to develop advanced cybersecurity solutions for small and medium-sized businesses (SMBs). This initiative aims to improve digital security, reduce fraud, and help SMBs comply with cybersecurity regulations.
Timeline: Announced on February 7, 2025; Solutions will be available to VikingCloud customers by the second quarter.
Threat Actors: N/A
Key Implications:
- Stronger cybersecurity tools for SMBs
- Reduced risk of payment fraud and data breaches
- Easier compliance with security standards
Actionable Steps:
- SMBs should explore new cybersecurity offerings from Mastercard and VikingCloud
- Businesses should enhance payment security to prevent fraud
- Companies should conduct regular security audits and evaluate current solutions in comparison to new technology.
Additional Resources: PYMNTS
4. Ukraine Launches National Cybersecurity Project with the help of France
Summary:
Ukraine has officially launched the CCBU project, aimed at strengthening the country’s cybersecurity infrastructure. The project, headmanned by the French government, will focus on training cybersecurity experts, upgrading defenses, and preventing future cyber warfare attacks.
Timeline: Reported on February 10, 2025; The project will conclude in Decemberof 2025.
Threat Actors: Non-specific mention of threats, however, the project is likely in response to current geopolitical conflicts and events within and around Ukraine.
Key Implications:
- Enhanced national cyber defense capabilities
- Strengthened digital infrastructure against cyber warfare
- Increased global collaboration in cybersecurity efforts
Actionable Steps:
- Security professionals should monitor Ukraine’s cyber defense strategies
- Other Governments should consider similar initiatives to bolster national cybersecurity
- Organizations working in Ukraine should harden their security infrastructure
Additional Resources: Odessa Journal
5. HPE Confirms Data Breach Tied to Russian-Linked Hackers
Summary:
Hewlett Packard Enterprise (HPE) has notified employees of a data breach after Russian-backed hackers compromised its Office 365 environment. The attack resulted in the exposure of sensitive corporate information.
Timeline: Reported on February 7, 2025; Data was compromised in May of 2025, HPE was notified December 12, 2024, and began notification on January 29, 2025.
Actors: Cozy Bear (also known as Midnight Blizzard, APT29, and Nobelium), believed to be part of Russia's Foreign Intelligence Service (SVR)
Key Implications:
- Potential corporate espionage and intellectual property theft
- Heightened risks for companies using Office 365 services
- Regulatory and legal consequences for HPE
Actionable Steps:
- Companies using Office 365 should review security settings
- Employees should reset passwords and enable MFA
- Organizations must monitor for unauthorized access
Additional Resources: BleepingComputer
6. FBI Warns of New Phishing Attacks via Fake Text Messages
Summary:
The FBI has issued an alert about a phishing campaign that uses fraudulent text messages to trick victims and advises people to delete any SMS messages they receive claiming they have unpaid tolls. Reports show that the scam is not limited to a single state and texts have been recorded from Massachusetts, California, North and South Carolina, Illinois, Colorado, Florida and more
Timeline: Reported on February 9, 2025; Warnings have been issued as early as the beginning of January.
Threat Actors: Unidentified cybercriminal groups conducting large-scale smishing campaigns
Key Implications:
- Increased risk of identity theft and financial fraud
- Growing sophistication of phishing tactics
- Potential exposure of sensitive user data
Actionable Steps:
- Never click links in unsolicited text messages
- Verify sender information directly with official sources
- Use anti-phishing tools to detect fraudulent messages
Additional Resources: The Daily Mail
7. New BYOTB Attack Exploits Trusted Binaries
Summary:
Security researchers have uncovered a new Bring Your Own Trusted Binary (BYOTB) attack, which exploits trusted Windows binaries to execute malicious payloads while bypassing traditional security defenses. This attack method leverages legitimate, signed Microsoft binaries—often whitelisted by endpoint security solutions—to deploy malware stealthily. By abusing these trusted executables, attackers can evade detection, gain persistent access, and escalate privileges within compromised systems.
Timeline: Reported on February 10, 2025
Threat Actors: Unknown threat actors exploiting trusted Windows binaries
Key Implications:
- Increased difficulty in detecting malware due to the use of legitimate, signed binaries.
- Bypassing traditional security solutions, allowing attackers to maintain persistent access.
- Potential for widespread abuse, as many trusted Windows binaries could be leveraged in future attacks.
Actionable Steps:
- Monitor execution of signed but unusual binaries in corporate environments.
- Implement application whitelisting policies to limit the execution of unnecessary Windows binaries.
- Enhance behavioral analytics-based threat detection to identify anomalies in binary execution.
Additional Resources: Cybersecurity News
>This week’s cybersecurity developments highlight the growing risks associated with large-scale credential theft, phishing campaigns, and state-sponsored hacking. With major investments in national cybersecurity strategies and new security partnerships, organizations must stay ahead of emerging threats. For expert guidance on cybersecurity best practices, EIP Networks offers tailored security solutions to safeguard your business.
Partnering with EIP Networks for People-First Cybersecurity
EIP Networks remains committed to a person-first approach to cybersecurity, delivering tailored solutions to meet your organization's unique needs. Stay ahead of threats by engaging with our current events and weekly roundups here on our Blog, LinkedIn or X (Twitter), and learn how to fortify your security posture by booking an assessement with our expert team. #WeDoThat
