This week
- Pro-Ukrainian hacktivists ground dozens of Aeroflot flights
- Palo Alto announces $25 billion acquisition of CyberArk
- Minnesota mobilises national guard in response to St Paul attack
- Luxembourg launches probe following national telco outage
- Illumina settles DOJ False Claims case around poor cyber practices
- OpenAI rolls back feature allowing conversations to appear in Google search results
Interesting stats
$4.44 million the global average cost of a data breach, down from $4.88M last year, while $10.22 million was the average cost in the United States, up from $9.36M, to its highest ever level, with only 1/2 organisations managing to recover within 125 days, according to IBM’s Cost of a Data Breach report 2025. LINK (PDF)
AU$12.5 billion (US$8B) annual cost of espionage to Australia, according to ASIO’s chief, Mike Burgess, including AU$2 billion worth of trade secrets and intellectual property stolen by cyber spies between 2023 and 2024. LINK
36% of Palo Alto Networks’ Unit 42 incident response cases in the last year began with a social engineering attack. LINK
~22% of files uploaded to GenAI tools, and 4.37% of prompts contain sensitive content, according to Harmonic Security analysis of 1 million prompts in Q2 2025. LINK
Five things
-
Aeroflot cancelled ‘dozens’ of flights this week after a “technical failure” caused by pro-Ukrainian hacktivist groups. The groups — Silent Crow and Belarusian Cyberpartisans — stated that the operation had been a year in the making, with the former claiming they’d stolen flight history, audio recordings, and surveillance data, and the latter citing the “massive financial damage” inflicted by the destruction of around 7,000 servers. Flight operations returned to normal over the following days. At the end of the week, Roskomnadzor played down data leaked by the groups claiming to be passenger records of flights taken by Aeroflot’s CEO, saying the data leak “has not been confirmed”. AEROFLOT, LEAKS
-
Palo Alto Networks has agreed to a $25 billion cash-and-stock acquisition of CyberArk. The valuation represents a 26% premium on CyberArk’s share price, which has increased by 70% over the past year. Palo Alto’s share price dropped 8% following the announcement. The deal plugs an identity and privileged access hole in Palo Alto’s product portfolio, as well as bringing CyberArk’s 10,000 clients into its ‘platform strategy’. The combined portfolio could represent an interesting alternative to some of the features bundled by Microsoft in its top-tier E5 licence, with arguments to be made about segregating IT and security services. CYBERARK, MORE
-
Minnesota has mobilised the national guard following a “deliberate, coordinated, digital attack” against the city of St Paul. The National Guard contains a cyber capability that Governor Tim Walz says was necessary, as the attack “exceeded the city’s response capacity.” Certainly, anything involving the National Guard grabs headlines, though it seems like a sensible option, especially given the training and experience they will likely have in responding to such an attack. I think it’s great to have this type of centralised capability that you can deploy like this in times of emergency. MINNESOTA
-
Luxembourg has launched a formal investigation into an attack against POST Luxembourg that took out the country’s 4G and 5G networks for over three hours. Calls to emergency services could not get through, and internet access and bank services were also disrupted. The outage affected the government’s national alert system, which was also rendered inoperable as they tried to notify citizens about the issue. The “exceptionally advanced and sophisticated” attack is believed to have targeted a component in Huawei telecom equipment. It could be a misconfiguration, a cascading failure, or a malicious actor testing offensive capability. LUXEMBOURG
-
False Claims: The US DOJ has reached a $9.8 million settlement with Illumina, a DNA sequencing hardware vendor, for selling the US government systems without an appropriate cyber security programme in place, and failing to design security into its products. A whistleblower alerted the US government, which brought charges under the False Claims Act, after invoices for “hundreds of millions” of dollars were submitted to the US government over a seven-year period, requesting payment for devices that Illumina claimed met the appropriate cyber standards. Illumina, which controls around 80% of the genetic testing market, admitted no guilt as part of the settlement, telling The Register it was “to avoid the uncertainty, expense and distraction of litigation”. ILLUMINA
In brief
-
⚠️ Incidents: A couple of incidents in France this week: Naval Group, the majority state-owned French warship builder, is investigating a potential 1TB data breach. Orange says that it’s detected an attack affecting an internal system, but that there is “no evidence” that personal data of any of the telco’s 290 million customers has been affected. A Californian woman has filed a class-action lawsuit against women’s safety app Tea for failing to keep identity documents and selfies (required during signup) secure. The platform claims to have over 1.6 million users who can share information on men to stay safe. Since the breach, members of the notorious 4chan community have begun targeting Tea users. Group-IB says that UNC2891 managed to physically connect a Raspberry Pi with a 4G modem to an unnamed bank’s ATM network to steal money. Lawyers say the Legal Aid Agency attack earlier this year has left the sector in chaos, with many going unpaid and unable to support the usual volume of cases. NAVAL. ORANGE, TEA, UNC2891, LEGAL AID
-
🕵️ Threat Intel: SentinelOne has uncovered ten patents for offensive cyber technologies it says are linked to Shanghai Firetech, a company the US says is connected to the Silk Typhoon campaign. Microsoft says that Russian spies are targeting foreign embassies by abusing domestic ISP access to carry out attacker-in-the-middle (AITM) attacks to install the ApolloShadow malware (colour me surprised.) FIRETECH, RUSSIA
-
🧰 Guidance and tools: MacOS users can now run Kali Linux in a container on Apple’s virtualisation framework. KALI
-
🛠️ Security engineering: Google’s Project Zero has announced that it will notify the existence of bugs it discovers within 7 days, to address what it calls the ‘upstream patch gap’. Vendors will still have the 90+30-day timetable to fix the issue and then ship the patch before the technical details are published. PROJECT ZERO
-
📜 Policy & Regulation: The UK’s Competition and Markets Authority (CMA) is proposing to designate AWS and Microsoft, who have cornered 60%-80% of the UK cloud market, with ‘strategic market status’. The CMA states that a poorly performing market could mean the UK is overpaying for cloud services by around £500 million per year. CLOUD
-
🗞️ Industry news: DarkTrace will invest $200 million in US expansion in 2026 as it targets growing to $1 billion in revenue. The US Senate has confirmed Sean Cairncross as national cyber director. DARKTRACE, CAIRNCROSS
And finally
- OpenAI has rolled back changes that allowed ‘shared’ ChatGPT conversations to be indexed by search engines like Google. The “short-lived experiment” required users to check a box, consenting to the sharing, a nuance lost amidst the following social media hysteria. However, OpenAI also conceded that the feature introduces “too many opportunities” for users to get it wrong. OPENAI