Top news stories this week
- Hefty fines. Change Healthcare reveals ransomware attack impacted 190 million as MGM and PayPal settle data breach cases.
- Pull the plug. Cyber incident at British Museum caused by former employee.
- Fake news. Yahoo Boys turn to AI-generated news to target victims as Google boosts spoofing defences.
- Byte of justice. EU sanctions Russian hackers, and a multinational operation disrupts cyber marketplaces.
- Cutting edge. Cyber criminals in Southeast Asia use advanced tech to outpace law enforcement.
- Patch now. Threat actors exploit vulnerabilities in SonicWall and SimpleHelp remote access software.

1. Change Healthcare discloses cyber attack impacted 190 million as MGM and PayPal settle data breach cases
Change Healthcare, a healthcare technology company, has revealed that the number of individuals affected by a ransomware attack in October 2024 has increased to 190 million, nearly double the 100 million that were initially reported.
Separately, MGM Resorts International has agreed to pay USD 45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack in 2023. PayPal has agreed to pay a USD 2 million fine for failing to follow proper procedures before a December 2022 data breach.
So what?
The legal, financial, and technical consequences of cyber attacks can be very costly and are felt many months or even years after the event.
[Researcher: Denisa Greconici]
2. Former employee causes cyber incident at British Museum
A recently dismissed employee caused major disruption at the British Museum last week. The individual shut down critical IT systems after they were able to gain physical access to the building, resulting in the temporary closure of some exhibitions.
So what?
Organisations should strictly control both physical and virtual access to IT systems, and ensure it is terminated whenever employment contracts end.
[Researcher: Lena Krummeich]
3. Scammers use fake news to lure victims as Google boosts defences against advanced spoofing
Scammers in West Africa, colloquially referred to as Yahoo Boys, are using AI-generated news anchors and articles to blackmail victims, including those targeted by sextortion, into making payments.
Meanwhile, Google is enhancing its phishing defences after a programmer nearly fell prey to a scheme involving a spoofed call where the caller, speaking with an American accent, used a legitimate number associated with Google Assistant.
So what?
Threat actors frequently use innovative social engineering tactics to trick victims into making payments or revealing credentials. Individuals should verify news sources for legitimacy and avoid granting remote access to unknown or unsolicited callers.
[Researcher: Waithera Junghae]
4. EU sanctions Russian hackers and FBI seizes cybercrime marketplaces
The European Union has sanctioned three hackers from Unit 29155, a division of Russia's military intelligence service (GRU), for cyber attacks on Estonian government agencies in 2020.
Separately, a multinational law enforcement operation seized the online cybercrime marketplaces Cracked and Nulled. The US Department of Justice has also filed charges against Lucas Sohn, an Argentinian national, for both conspiracy to traffic in passwords and identity fraud.
SO WHAT?
Government agencies across the world are increasingly adopting sanctions as a strategic tool to counteract and deter malicious cyber actors, alongside conducting operations to disrupt threat actor infrastructure.
[Researcher: Aditya Ganjam Mahesh]
5. Southeast Asia cyber criminals outpace law enforcement using advanced technology
Cyber-enabled fraud in Southeast Asia has been estimated at nearly GBP 30 billion last year as cybercrime networks are getting tech-savvy amidst crackdowns against fraud and human trafficking. Criminals have been observed utilising cutting-edge technology such as generative AI, large language models and Telegram-based marketplaces.
So What?
While phishing awareness training remains important, organisations should review and maintain robust payment authorisation protocols to identify and mitigate the risk of fraudulent funds transfer.
[Researcher: Nor Liana Kamaruzzaman ]
6. Threat actors exploit vulnerabilities in SonicWall and SimpleHelp remote access software
SonicWall announced that the vulnerability in its SMA1000 remote access appliance was being actively exploited by cyber criminals and allowed them to plant malware on affected devices over the internet without logging into the system. Separately, threat actors have been exploiting three vulnerabilities in SimpleHelp Remote Access software shortly after they were disclosed.
SO WHAT?
Organisations should ensure that the latest available patches are applied to these systems as soon as possible to reduce the risk of them being exploited by cyber criminals.
[Researcher: Milda Petraityte]