Cyber threats continue to evolve, and they are targeting both businesses and governments. When these threats reach the high street and make mainstream news, the conversation expands beyond just us geeks…

So, I wanted to take a moment to reflect on the past two months. My focus is on the sophisticated attacks we have seen and the lessons they hold for individuals and organisations.

April 2025 – UK Retailers Hacked via Social Engineering (Credential Compromise / Social Engineering)

Retail giants including M&S, Harrods and Co-op were victims of coordinated attacks involving the social engineering of IT staff. Hackers from the group Scattered Spider, possibly linked to the ransomware group DragonForce, tricked support teams into resetting administrator passwords, giving attackers access to internal systems and sensitive customer data.

What can we take from this? It seems straightforward, yet it affected some very prominent names, so it clearly is not. All businesses must strengthen employee training on social engineering, even if you think you have already done so. It may also seem basic, but using multi-person approval processes for sensitive actions such as password resets on important accounts is vital.

And for the rest of us as individuals? We need to stay alert to signs of retail account misuse and monitor any personal data exposures using credit monitoring tools.

April 2025 – Yale New Haven Health Breach (Data Breach / Healthcare)

A breach at Yale New Haven Health compromised approximately 5.5 million patient records, including US Social Security numbers, ethnicity data and medical identifiers. The breach was reportedly linked to compromised third-party systems, with personal health data exfiltrated quietly over a number of weeks.

We have discussed this in detail in previous articles, but third-party risk assessments and segmentation of patient data are not only good practice, they are absolutely essential. And this may sound basic, but encrypt everything.

For individuals, be cautious about sharing any information online, especially health data. You might also consider requesting copies of your medical records to check for inaccuracies or signs of identity fraud.

March 2025 – Iranian Bank Sepah Breach (Data Leak / Financial Services)

Hackers known as Codebreakers infiltrated Bank Sepah, extracting data belonging to 42 million customers, including account details, passwords, mobile numbers and transaction histories. This kind of breach is always serious, and it appears to be linked to geopolitical tensions, highlighting vulnerabilities in widely used core banking systems.

Without speculating on the Bank Sepah incident, does the following seem reasonable? Treat your core banking platform as high-risk, possibly your highest single point of risk, and separate it from customer-facing systems. Also, run continuous threat hunting.

For individuals, ask yourself: do I truly use unique passwords and enable two-factor authentication on all financial platforms? Regularly monitor your accounts, even when everything appears normal.

April to May 2025 – Aviation Disruptions via GPS Spoofing and Physical Sabotage (Hybrid Cyber-Physical Threat)

Aviation has been subjected to complex, multi-layered attacks. DHL aircraft were targeted with incendiary devices disguised as parcels, while widespread GPS spoofing and jamming—likely originating from Russian-aligned regions—affected both civil and military aircraft. These disruptions, seen over the Baltic and Eastern Europe, underscore the growing threat of hybrid warfare.

Source: flightradar24

What should businesses take from this? Build crisis scenarios that include both physical and digital threats, especially if you operate in critical infrastructure.

For individuals, it is important to understand that aviation cybersecurity has implications for national security. Remain sensible, but always report suspicious parcels, phishing messages claiming to be from airlines or fraudulent tracking links.

May 2025 – "LOSTKEYS" Malware from Cold River (Advanced Persistent Threat / Espionage Malware)

Google’s Threat Analysis Group revealed a new malware family called “LOSTKEYS”, developed by the Russian hacker group Cold River. This malware collects files and system metadata, then sends the data to command and control servers. Targets include NATO affiliates, think tanks, NGOs and journalists, indicating a clear espionage agenda.

What should organisations do? If you are involved in policy, defence or media, assume you could be targeted by nation-state-level actors. Use endpoint detection and response tools and monitor outbound network traffic for any anomalies.

If you are a high-profile individual, exercise caution with email attachments, VPN usage and social media interactions.

All of these events highlight that cybersecurity is no longer just a technical concern. It is a business-critical issue. Every organisation, whether dealing with consumer goods or critical national infrastructure, must assess its risk exposure, enhance staff awareness, and invest in both preventative and detective capabilities and individuals must stay informed and take practical, straightforward steps to protect their digital lives.

To find out more about this article or our experience in the Technology market get in touch.

Get In Touch →