Attackers are shifting tactics, targeting mid-size companies and critical infrastructure sectors, while generative AI risks threaten to overshadow a focus on cyber hygiene.
Ransomware attacks continue to be one of the most significant cybersecurity threats organizations and cybersecurity leaders face. Attacks lead to wide-scale disruptions, large data breaches, huge payouts and millions of dollars in costs to businesses.
In response, large, coordinated law enforcement operations have targeted major ransomware groups and disrupted operations, dismantled data leak sites and seen the release of decryption keys.
However, the volume of attacks has risen, the number of reported victims continues to grow and like a hydra that sprouts new heads, the ransomware ecosystem has been reformed and continues operating, although some of the tactics are changing.
Here are five key insights CISOs need to know in 2025.
1. Too much focus on generative AI risks underestimating known threats
Generative AI tools such as ChatGPT continue to cause a stir in organizations and raise a host of security concerns. However, some incident data and threat analysis suggest security leaders need to remain vigilant about the evolution of traditional ransomware tactics.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3825545/5-things-to-know-about-ransomware-threats-in-2025.html
U.S. engineering firm ENGlobal has confirmed that hackers accessed “sensitive personal information” from its systems during a November 2024 cyberattack.
ENGlobal, which provides engineering and automation services to the federal government and critical infrastructure organizations, said in an updated 8-K filing with the U.S. securities regulator on Monday that hackers subsequently “encrypted some of its data files,” implying the incident was related to ransomware. The company said some of its business applications — including financial reporting systems — were offline for about six weeks.
The Houston, Texas-based company hasn’t yet said how many individuals are affected by the breach or what types of data were accessed, but said it will notify those affected. ENGlobal did not immediately respond to TechCrunch’s questions.
In its updated filing, ENGlobal says that its operations have been “fully restored” following its cyberattack. The company says it believes the threat actor, who has not yet been named, no longer has access to its IT systems.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
