Changes from Enzoic’s Threat Research Team
A New Season Once
Here we are halfway through February – seems like 2025 is actually cruising by. The Threat Research team at Enzoic has been active, closing out information research from 2024 and looking at first trends in 2025, which is a significant accomplishment in the cybersec industry already this year. In terms of historical data, we recently released a study on certifications thefts linked to Fortune 500 company people. Using the Fortune 500 corporations as a sampling category can be a very useful cross-sector bellwether because it allows you to easily segment a sizable sample and examine changes across business ( Spoiler alert: infostealers’ increasing popularity is probably due to this ).
Cybercrime Forums Seized
We have a few things to talk about from current month because both the scammers and law police have been busy. Let’s start with the Feds: two long-standing hacking/stolen data forums,” Cracked” and” Nulled” were .
Due to poor files quality and a desire for schemes, Cracked and Nulled had outlived several versions of the more well-known RaidForums and BreachForums, and were known for having a somewhat less-glamorous status.
Despite the lack of high-value new information, their lifetime had made them a fixture in the exposed information trading industry. The attack, known as” Operation Talent,” also included the MySellIX and SellIX e-commerce services company, which hosted markets that threat actors used to steal information, as well as the StarkRDP cloud service provider, which allegedly offered Windows VM solutions that threat actors allegedly used to run credential packing services.
So why the crackdown? Annual reports like the Verizon DBIR and IBM XForce confirm annually that compromised credentials are the leading entry vector in many types of attacks and breaches, according to the CISA audit last year. Not to mention identity theft fraud, which is expected to cost US$ 43 billion in 2023, an increase from previous years. It’s wonderful to see the FBI attempting to stop the theft of personal information, and we can only hope that these efforts will lead to more information about the fight against fraud and ATO.
Healthcare Breaches: A Grim Outlook
We wrote about healthcare data breaches at the , and 2025 is off to a great ( i. e. terrible ) start.
So far in January 2025 alone, the Department of Health and Human Services has received notification of 2, 316, 896 people’s health information being exposed in Hacking/IT incidents.
While the blew last year’s stats out of the water, 2025 isn’t giving us much hope that anything has changed vis-à-vis hospital/medical office/healthcare facility cybersecurity postures. Willie Sutton may not have robbed hospitals, but for today’s fraudsters and ransomware operators, that’s where the money is. Although health information is undoubtedly sensitive by nature, fraudsters can profit from the associated personal information used for billing and insurance purposes. The ransomware operators are also drawn to a more direct line to profits. Hospitals and care facilities aren’t necessarily known as bastions of cybersecurity, but they are known for administering important, time-critical interventions and procedures. This gives cybercriminals a lot of leverage for their demand for ransom, so it’s not surprising that healthcare managed to maintain its unfortunate position as the most attacked sub-industry in 2024. With insurance companies and private equity owners milking hospitals, care facilities, and patients for every dollar they can extract, cybersecurity is not always a major budgetary priority, . According to some reports, cybersec spending in healthcare is rising, but there is still time to relax. Small gains may not make up for the massive historical deficiencies and foundational problems that plague the vast attack surfaces of healthcare organizations ( patient portals, EHRs, mobile apps, heart monitors, HR systems, etc ). As the industry data comes in, we’ll be taking a closer look at this this year.
What is Malvertising?
One last thing we’d like to touch on is the practice of’ malvertising’, and how it ties in to stolen credentials.
Malvertising is a method used by threat actors to spread malware and spook credentials by placing legitimate advertisements on websites like Google and Meta or directly with the sellers.
These ads may look just like any other, and advertise software, services, or be made to look similar to popular services or websites to mislead individuals. Malvertising has been around for a while, but it still poses a significant problem, especially as ads are increasingly embedded into the web applications and services we use. Threat actors will become more able to snare unsuspecting visitors, who may have mistakenly clicked on a legitimate search result, as it becomes harder to tell what an ad is and what is not. Early malvertising often involved tricking users into downloading viruses, trojans, or spyware. We also need to watch out for infostealers and fake login page clones these days. Threat actors may register URLs similar to those used by large companies, and put up fake login pages that resemble the target site, e. g. an online banking login, or popular email provider. When victims enter their login information, it is viewed and recorded by the malicious owners, who can use it for account take-over themselves, or distribute them on various platforms ( like the recently seized forums we discussed earlier ).
Hope for 2025
It’s pretty easy for cybersecurity to feel like a Sisyphean task, with every new year bringing new technologies, expanding attack surfaces, and legions of salivating threat actors. When the threats overwhelm, it’s a good time to go back to basics, and remember that good cybersecurity practices start with strong foundations.
Keeping systems and anti-virus definitions updated, training employees/users on good practices, and screening for compromised credentials pay dividends in preventing fraud, account take-over, system intrusion, ransomware, and all of the financial and social impacts that these crimes involve.
FAQs
Why are stolen credentials a growing concern for organizations?
Stolen credentials are a primary entry point for cybercriminals to execute account takeovers, data breaches, and ransomware attacks. These credentials are frequently obtained through database breaches or infostealers, and they are then sold on dark web forums. Once in the wrong hands, they enable unauthorized access to corporate systems, leading to financial fraud, reputational damage, and compliance violations.
How can businesses reduce the dangers of data breaches in the healthcare industry?
Healthcare data breaches continue to rise due to the vast attack surface of hospitals and medical facilities, including EHR systems, patient portals, employee logins, and IoT medical devices. The majority or all of these systems have a login process that allows for the entry of important data or serves as a jumping-off point for additional information into the environment. Organizations should invest in proactive cybersecurity measures like compromised password monitoring to reduce risks. This directly addresses the# 1 cause of a data breach, compromised credentials, as found by Verizon’s DBIR report and IBM’s Cost of a Data Breach report.
What is malvertising, and how does it contribute to stolen credentials?
Malvertising is a cyberattack strategy where malicious hackers embed malicious code into ostensibly legitimate online advertisements to distribute malware or spoof login credentials. These deceptive advertisements swindle users into registering for fake login pages or downloading infostealer malware. Organizations and individuals should keep an eye on credentials to make sure it hasn’t been accessed and distributed on the dark web in order to prevent credential theft related to malvertising.
AUTHOR
Dylan Hudson
In order to protect users and organizations from cyberattacks, Dylan leads the Threat Research team at Enzoic, creating and putting in place cutting-edge threat intelligence infrastructure. When he isn’t at work, he can be found playing traditional Celtic music on stringed instruments like hiking and biking in the Rocky Mountains.
This blog was co-authored by and is a Security Bloggers Network syndicated blog. Read the original post at: https ://www.enzoic.com/blog/early-trends-2025/