Expert Insights on Recent Hacks 2025

2025 has already been a busy year for hackers, with new cyber attacks and data compromises occuring frequently! Cyber Resilience has become one of the most critical business concerns.

New Ransomware Discovered in January 2025 are as follows:

• FunkSec Ransomware – A new ransomware group that has claimed more than 80 victims in this month alone.
• Firescam Malware – An Android based Malware impersonating Telegram app via Github.
• Eagerbee – New variants of the Eagerbee malware framework are being deployed against government organisations and internet service providers in the Middle East.
• A New Mirai-Based Botnet – leveraging zero-day exploits for security flaws in industrial routers and smart home devices.

Insights from Sam, ANSecurity Security Engineer:

In the ever-evolving world of cybersecurity, threats come from every direction. New attack methods and variations of old ones emerge regularly, and it’s crucial to stay ahead of these dangers.

1. FunkSec: Traditional Yet Effective

FunkSec appears to follow a fairly traditional approach despite its AI origins. This threat actor often relies on double-extortion tactics: not only do they demand payment to unlock your data, but they also threaten to leak it online if you don’t comply. This method has been used by many other threat actors, but that doesn’t make it any less dangerous.

Key Defense Measures:

• Immutable Backups: Ensure that your backup data is immutable and regularly test restoration procedures.

• Data Loss Prevention (DLP) and Packet Inspection: Use DLP tools and inspect network traffic to monitor what data is leaving your network.

• Next-Gen Firewalls (NGFW): Implement NGFWs to tightly control and restrict network traffic, ensuring only authorized applications can communicate with the internet.

• EDR/XDR: Make sure Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) solutions are running on all devices to detect malicious activity.

• SSL Decryption: Employ inbound SSL decryption to inspect encrypted traffic for potential threats.

2. FireScam: Preventing Malicious Impersonations

FireScam is a threat that primarily targets mobile devices by impersonating legitimate applications. The best defense against this attack is ensuring that mobile devices are properly managed and locked down. By implementing a software restriction policy, you can prevent unauthorized applications from being installed on company devices, especially malicious APK files from unknown sources.

Key Defense Measure:

• Mobile Device Management (MDM): Enforce policies that only allow authorized apps to be installed on devices, preventing the installation of malicious software.

3. Eagerbee: Nation-State Attacks Targeting Critical Infrastructure

Eagerbee is a highly sophisticated threat that targets ISPs and government agencies, raising alarms about potential nation-state involvement. Though the specific motives behind this attack may never be fully understood, it has been loosely attributed to Chinese origin. Defending against these types of attacks can be incredibly challenging, particularly given the near-unlimited resources of the attacker.

Key Defense Measures:

• Responsive Threat Monitoring: Stay vigilant and responsive to emerging threats. If you’re in a critical industry like government or ISP operations, be ready for sophisticated attacks.

• Effective Logging and Retention: Ensure your logging practices are robust, with adequate retention periods to investigate potential breaches, even if they occur months before detection.

• Blocking Malicious IPs: Implement threat feeds to block known malicious IPs. Once the attack infrastructure is identified, security tools can help you prevent further infection.

• EDR for Threat Detection: When classified, EDR solutions should detect and block this type of malware, removing the surprise element of a zero-day attack.

• Threat Hunting: Regularly conduct threat hunting exercises, using available indicators of compromise (IOCs), to check for signs of infection.

4. New Mirai Botnet: Securing IoT Devices

The New Mirai Botnet is a reminder of the importance of securing Internet of Things (IoT) devices. These devices, especially those on the edge of your network, can easily be exploited if left unpatched and unsupported.

Key Defense Measures:

• Patch and Support IoT Devices: Keep all IoT devices, particularly those at the network’s edge, up-to-date with security patches and support. This starts with an asset discovery process to identify all devices on the network.

• Network Segmentation: Segregate your IoT devices from critical systems. Smart devices should never interact with valuable systems. Just like the story of the infected IP camera, a breach in one device can lead to larger compromises.

• Zero-Trust and IDP: Implement a zero-trust network configuration and Intrusion Detection and Prevention (IDP) to tightly control traffic to and from IoT devices. This ensures that even if a device is compromised, the attacker cannot freely move through your network.

Conclusion: The Key to Defending Against These Threats

In the face of increasingly sophisticated attacks, it’s essential to continuously improve your organization’s cybersecurity posture. Whether you’re dealing with double-extortion ransomware, software impersonations, nation-state actors, or botnets, there are always steps you can take to defend your network.

By implementing robust security measures like data loss prevention, mobile device management, effective logging, and regular patching of IoT devices, you can minimize your risk and stay one step ahead of cybercriminals. Stay vigilant, stay prepared, and always monitor for new threats.