Cyber News February 2025

February 2025: Biggest Crypto Heist in History, CrowdStrike’s 2025 Global Threat Report, Apple Blocks Advanced Data Protection in the UK, and More!

The Biggest Crypto Heist in History

Dubai-based cryptocurrency exchange Bybit has confirmed that hackers have stolen $1.5bn worth of digital currency in what has been touted as the most significant cryptocurrency heist in history. The attack, which occurred earlier on 21st February, saw hackers compromise a developer’s account, allowing them to access currency wallet infrastructure and deceive signers into approving malicious transactions.

The attack is believed to be linked to the North Korean-backed Lazarus Group. Blockchain investigation and risk management company TRM published research showing that the cryptocurrency wallets used in the attack overlap with those used in previous thefts by North Korea. The FBI also linked the heist to North Korea on 26th February.

In response to the attack, Bybit has implemented a bounty program that offers a 10% reward on assets successfully recovered or frozen. Law enforcement agencies, regulators, and the broader cryptocurrency industry are collaborating to trace the stolen funds and hopefully recover them. However, the decentralised nature of blockchain technology and cryptocurrency makes this a more challenging task!

CrowdStrike’s 2025 Global Threat Report

Our partners at CrowdStrike released their 2025 Global Threat Report at the tail end of February, offering compelling insights into emerging adversary trends from the past year.  

One of the most eyebrow-raising findings this year was the statistics on breakout time – the time it takes for attackers to move laterally around networks after initial infiltration. The average breakout time fell to 48 minutes, with the fastest observed breakout time of a rapid 51 seconds. The report also identified that voice phishing (vishing) attacks saw an explosive growth of 442% this year, that valid account abuses accounted for 25% of all cloud security incidents, and that the activity of access brokers – specialists who gain initial access to organisations and then sell it on – grew by 50%.

China-nexus activity grew 150% among nation-state activity, with Chinese adversaries prioritising their operational security (OPSEC) to obfuscate their activity and infrastructure. Activity from groups connected with North Korea also got more sophisticated, with the North-Korean-linked group Famous Chollima using generative AI (GenAI) to create compelling IT job candidates to infiltrate organisations.

CrowdStrike CEO George Kurtz said: “As with every product and service we provide, we hope this year’s Global Threat Report makes you more aware, more attuned to the threats you may be facing now or in the near future, and better equipped overall to defend your organisation.”

You can download the full report here.

Apple Blocks Advanced Data Protection in the UK

Following pressure from the UK government, Apple announced that it would not be rolling out its Advanced Data Protection (ADP) feature for iCloud in the UK. The Home Office requested a “backdoor” into Apple’s encryption service under the Investigatory Powers Act (IPA), which Apple vehemently opposed, stating that it would only be a matter of time before bad actors would exploit the backdoor.

Apple’s Advanced Data Protection feature enhances the security of iCloud file storage and provides end-to-end encryption. The British government considered banning end-to-end encryption in the Online Safety Bill but removed such powers from the draft after a massive backlash from the public, privacy experts, and tech firms.

The latest government actions have once again astonished the privacy and cyber security community. Privacy International’s legal director, Caroline Wilson Palow, said this was an “unprecedented attack” on individuals’ private data, stating that “this overreach sets a hugely damaging precedent and will embolden abusive regimes the world over.”

However, government and establishment voices have been out in force telling us that the latest overreach by the British state is for our safety and that of our children. Former Defence Secretary Ben Wallace launched a tirade of Tweets on X defending the government request and claiming that privacy concerns were “alarmist nonsense.”

Perhaps somebody should remind the Right Honourable gentleman that the road to hell is often paved with good intentions!

Some of This Month’s Other Vulnerabilities

Microsoft Patch Tuesday

As reported by our partners at CrowdStrike, Microsoft has issued security patches addressing 67 vulnerabilities as part of its February 2025 Patch Tuesday rollout. Three critical flaws and four zero-day vulnerabilities have been identified, affecting components such as the Windows NTLMv2 hash, Windows Storage, Windows Ancillary Function Driver, and Microsoft Surface devices.

Cisco ISE

Cisco has released updates to address two critical security vulnerabilities in Identity Services Engine (ISE), Cisco’s network access control (NAC) solution. CVE-2025-20124, with a CVSS base score of 9.9, is a flaw involving insecure Java deserialisation within an API of Cisco ISE and could enable an authenticated attacker to execute arbitrary commands as the root user. CVE-2025-20125 has a CVSS base score of 9.1. It is an authorisation bypass issue in an API that could allow an authenticated attacker with read-only credentials to access sensitive information, alter node configuration and restart nodes.

Cisco has released software fixes for both vulnerabilities.

Palo Alto PAN-OS

Palo Alto has fixed a high-severity authentication bypass vulnerability discovered in its PAN-OS software, the operating system for its Next-Generation Firewall appliances. The vulnerability could allow an unauthenticated attacker with network access to the management web interface to bypass authentication mechanisms and invoke specific PHP scripts.

Affected versions are:

• PAN-OS 10.1 versions before 10.1.14-h9​
• PAN-OS 10.2 versions before 10.2.13-h3​
• PAN-OS 11.1 versions before 11.1.6-h1​
• PAN-OS 11.2 versions before 11.2.4-h4

That wraps up winter, see you in the spring!