🚨 Gig platforms like Grubhub, Uber, and DoorDash are becoming prime targets for cybercriminals — and gig workers are paying the price.

In February, Grubhub confirmed a data breach exposing customer names, contact info, hashed passwords, and even partial payment data. The breach stemmed from a vulnerability in a third-party vendor.

But this incident highlights a much bigger threat: gig worker platforms are increasingly vulnerable to account takeovers and fraud.

Why are threat actors targeting the gig economy?
- High turnover = less consistent security hygiene
- Users access platforms from multiple personal devices
- Instant payouts make stolen accounts more lucrative
- Contractors rarely receive cybersecurity training

Research from TransUnion shows:
- 34% of gig platform users experienced fraud in 2024 (up from 23% in 2023)
- 75% would switch platforms or stop using an app if they were victimized
- Users want identity protection, fraud monitoring, and stronger safeguards

Experts say stronger defenses are needed, including:
- Mandatory MFA (even SMS-based as a starting point)
- Password manager adoption and secure reset flows
- Monitoring for demographic or device changes on accounts
- Detecting unusual activity with behavioral biometrics (keystrokes, hotkeys, VPN use)

Gig workers' ability to cash out earnings quickly — multiple times a day — makes their accounts especially attractive for attackers. And with payouts hitting $20B in a single quarter at Uber, the stakes are only getting higher.

Cybersecurity teams must go beyond reactive fraud handling. By monitoring login patterns, using behavioral analytics, and enforcing minimum controls, they can disrupt account hijacking attempts before money disappears.

#CyberSecurity #DataBreach #EfaniSecure

Cybercrime cost Americans a record-breaking $16.6 billion in 2024 — a 33% increase over the previous year, according to the FBI’s Internet Crime Complaint Center (IC3).

The newly released 2025 IC3 report shows:
- 859,532 complaints were filed last year
- 256,256 involved financial losses
- Average loss per victim: $19,372
- Older adults (60+) were hit hardest, with $4.8 billion in losses across 147,127 complaints

The FBI called ransomware the most persistent threat to critical infrastructure, with ransomware-related complaints rising 9% in 2024. However, the report stresses that the true impact is far higher than reported numbers — as most incidents go unreported or underreported.

The FBI clarifies that their loss estimates:
- Do not include lost productivity, downtime, or third-party recovery costs
- Only reflect what’s voluntarily submitted to IC3 or FBI field agents
- Underrepresent industries that choose not to report to law enforcement

Since 2020, IC3 has received 4.2 million complaints totaling over $50 billion in losses. Over 9 million complaints have been submitted since the program’s inception.

In a public warning, the FBI also noted an increase in scammers impersonating IC3 officials, targeting previous fraud victims by offering fake recovery services.

At @Efani, we believe the real number isn’t $16.6 billion — it’s much, much higher. Cybercrime is now an economic threat, not just a tech problem. Ransomware, impersonation, and digital fraud are evolving — and our defenses need to evolve faster.

#CyberSecurity #FBI #EfaniSecure

🚨 A February ransomware attack on Baltimore City Public Schools has now been confirmed to have compromised sensitive data belonging to over 25,000 individuals — including teachers, staff, contractors, and students.

On Tuesday, the district issued a public breach notification revealing that:
- The ransomware attack occurred on February 13, 2025
- Sensitive documents were stolen, including I-9 records and background checks
- Impacted data includes Social Security numbers, driver’s licenses, passport info, and even student call logs and attendance records
- 55% of all school employees were reportedly affected
- Over 1,150 students — roughly 1.5% of the district's enrollment — had personal information accessed

While no ransom was paid, reports suggest the Cloak ransomware gang may be behind the attack. So far, no group has taken credit publicly.

Additional context:
- Law enforcement was notified
- Cybersecurity firms were brought in for investigation and recovery
- The school district is now offering two years of credit monitoring to impacted individuals
- Affected parties are receiving breach notification letters this week

In a positive step, the district has rolled out new cybersecurity enhancements:
- Endpoint Detection and Response (EDR) software
- District-wide password resets
- Continued forensic investigation

Baltimore has been no stranger to cyberattacks:
- A 2020 school system breach cost more than $10 million
- A 2019 ransomware attack disrupted city-wide operations

And Baltimore’s not alone — experts have already recorded 75 ransomware attacks on U.S. K-12 schools and colleges in 2025, one of the highest numbers ever tracked.

At @Efani, we believe that the education sector — often underfunded and digitally vulnerable — is now squarely in the crosshairs. Schools don’t just need backups. They need active defense, endpoint visibility, and employee training that starts at onboarding.

#CyberSecurity #Ransomware #EducationSecurity #DataBreach #K12CyberRisk #EfaniSecure #BaltimoreCyberattack

📈 Ransomware and vulnerability exploitation are surging — and attackers are moving faster, hitting harder, and targeting smaller victims more aggressively than ever.

Verizon’s 2025 Data Breach Investigations Report reveals sharp increases across multiple threat vectors:
- Ransomware was present in 44% of breaches (up 37% YoY)
- Exploited vulnerabilities surged 34%, nearly matching credential abuse
- Third-party involvement in breaches doubled, from 15% to 30%

Ransomware now disproportionately impacts small and mid-sized businesses:
- 88% of SMB breaches involved ransomware
- Compared to just 39% in larger organizations
- While ransom payments declined, attack frequency and speed continue to rise
- Median ransom payment dropped from $150K → $115K

Vulnerability exploitation is tightly linked:
- 20% of initial breach vectors came from unpatched vulnerabilities
- Edge devices and VPNs were hit hardest (Ivanti, Cisco, Fortinet, Palo Alto)
- Edge device exploitation grew 8x YoY
- Only 54% of known edge vulnerabilities were fully remediated — median patch time: 32 days

Espionage-motivated breaches also leaned heavily on vulnerabilities:
- In 70% of these cases, initial access came from unpatched flaws
- Ransomware operators and state-backed actors continue to exploit the same gaps

The bottom line: attackers aren’t changing tactics — they’re maximizing opportunity.

At @Efani, we believe these numbers paint a clear picture. SMBs, edge networks, and third-party dependencies are now prime targets. Ransomware may not always demand a payment, but it always demands attention.

#CyberSecurity #Ransomware #VulnerabilityManagement #DataBreach #SMBSecurity #DBIR2025 #ThirdPartyRisk #EfaniSecure

🚨 Marks & Spencer confirms a cyberattack that disrupted operations, including delays in its popular Click and Collect service.

The British retail giant — with over 1,400 stores and 64,000 employees worldwide — issued a statement through the London Stock Exchange confirming they’re managing an ongoing cybersecurity incident.

Key details:
- Some store operations were temporarily adjusted to protect customer data
- Website and mobile app remain operational
- Delays are affecting Click and Collect orders; customers are asked to wait for confirmation emails before heading to stores
- The company has engaged external cybersecurity experts
- Authorities, including the UK’s data protection office and the National Cyber Security Centre, have been notified

At this stage, no ransomware groups have claimed responsibility, but security experts warn that such silence is common early in extortion-based attacks. If ransomware is involved, there is a high likelihood of data theft — which may later be used to pressure M&S into paying a ransom.

This incident is a reminder that even mature global retailers face significant risks when it comes to supply chain and customer-facing services.

At @Efani, we believe protecting customer trust in retail starts with resilient digital operations. Every outage — especially in fulfillment — risks brand damage that no loyalty program can fix.

#CyberSecurity #RetailSecurity #MarksAndSpencer #Ransomware #IncidentResponse #EfaniSecure #ClickAndCollect #DataProtection

🚢 While headlines focus on border security, America’s maritime cybersecurity remains dangerously exposed — and adversaries know it.

With 95,000+ miles of coastline and over 360 ports supporting $5.4 trillion in economic activity and 10 million jobs, the U.S. maritime transportation system is both mission-critical and vulnerable.

The August 2024 ransomware attack at the Port of Seattle proved it: mass cargo delays, a breach of 90,000 personal records, and potential risks to life.

As state-sponsored actors like China and Russia ramp up digital attacks on U.S. critical infrastructure, experts are urging a complete overhaul of America’s maritime cyber posture. A few key problems:
- The U.S. Coast Guard lacks cyber expertise and visibility
- Over 200 Chinese-manufactured cranes with foreign software still operate in U.S. ports
- The maritime industry relies heavily on outdated operational tech and software
- SLTT governments lack funding, clear threat metrics, and secure channels for coordination

The solution? A coordinated strategy that includes:
- Modernizing Coast Guard cyber personnel, training, and tools
- Investing in AI, blockchain, and port software upgrades
- Passing the bipartisan Port Crane Security and Inspection Act
- Strengthening public-private partnerships with port operators
- Preserving FEMA’s port cybersecurity grant programs
- Fast-tracking security clearances for local leaders
- Creating a Maritime Security Trust Fund to reinvest port fees
- Launching scholarships to bring new cyber talent into the maritime domain

With legislation like the Cyber PIVOTT Act and Executive Orders on maritime dominance and SLTT resilience, the U.S. has a chance to rebuild its shipping superiority — and secure the supply chain from the sea up.

At @Efani, we believe critical infrastructure security starts with recognition: cybersecurity isn’t just about the cloud or data centers. It’s about every port, crane, and vessel that keeps the nation moving.

#CyberSecurity #MaritimeSecurity #PortSecurity #CoastGuard #CriticalInfrastructure #NationalSecurity #EfaniSecure

🚨 Two of CISA’s most senior cybersecurity leaders have just resigned — amid growing concerns about staffing cuts and political disruption at the nation’s top cyber defense agency.

Bob Lord and Lauren Zabierek announced their departures Monday morning. Both were instrumental in shaping CISA’s Secure by Design initiative — the agency’s effort to hold tech companies accountable for insecure software and push for systemic product security reform.

- Bob Lord previously led security at the DNC, Yahoo, and Twitter, and was the first CSO at the DNC post-2016 Russia-linked breaches.
- Lauren Zabierek formerly led the Cyber Project at Harvard’s Belfer Center and has a deep background in both intelligence and cybersecurity policy.

While neither disclosed what’s next, their departures come during a period of intense change at CISA:
- Up to 1,300 employees — nearly half the agency — could be cut under the current administration
- DHS recently offered buyouts to staff, and earlier layoffs were challenged in court
- CISA’s leadership and mission are in flux, with its future role in national cyber defense uncertain

Both leaders emphasized the importance of Secure by Design as a foundation for future cyber resilience:
- “There’s a role for everyone in making software safer,” wrote Lord
- Zabierek added: “What started as a government-led call to action has become a global movement”

CISA’s Executive Director Bridget Bean thanked them, saying:
“While our approaches to Secure by Design evolve, our commitment to the principles remains steadfast.”

At @Efani, we believe in cybersecurity that begins at the design phase — not after a breach. We thank Lord and Zabierek for advancing that mission inside government and hope the private sector continues to carry the baton forward.

#CyberSecurity #SecureByDesign #CISA #PublicPrivatePartnership #CyberLeadership #EfaniSecure

😵💫 Ransomware with a meme twist: the latest Fog attacks come with DOGE-themed ransom notes — mocking victims and even offering free decryption if they "spread the malware".

Researchers at Trend Micro have been tracking a surge in attacks from the Fog ransomware group, which has now hit over 100 confirmed victims since January. While earlier variants relied on compromised VPN credentials, the latest campaigns use phishing emails to deliver a malicious “Pay Adjustment[dot]zip ” file that drops the ransomware via PowerShell.

Key observations:
- Initial infection begins with a ZIP file and LNK shortcut
- PowerShell downloads scripts and executables for system profiling, lateral movement, and encryption
- A QR code leads to Monero payment options
- Political commentary and YouTube links are embedded directly in the code
- Sectors hit include tech, education, manufacturing, and transportation

💰 The ransom notes reference the satirical Department of Government Efficiency (DOGE), making absurd demands like “list five tasks you accomplished last week” or “pay one trillion dollars.” In one version, victims are told they can decrypt their system for free — if they forward the malware.

This marks a shift in behavior:
- Originally, Fog didn’t exfiltrate data or run leak sites
- Now, researchers report double-extortion tactics and faster attack cycles
- In some incidents, data was encrypted within two hours of initial access

🛡️ Trend Micro and Darktrace urge organizations to:
- Monitor Fog IoCs
- Segment networks
- Keep offline, tested backups
- Train teams to spot phishing attempts
- Patch VPNs and remote access infrastructure

At @Efani, we believe even “troll” ransomware is no joke. Whether done for profit or chaos, the operational damage from Fog attacks can be severe. Stay vigilant — even the ransom notes are engineered for distraction.

#CyberSecurity #Ransomware #FogRansomware #DOGE #ThreatIntel #EfaniSecure #Phishing #IncidentResponse

🎙️ Got invited to speak on a crypto podcast? It might be a scam.

A threat group known as "Elusive Comet" is targeting Web3 professionals, founders, and investors — using fake media invites and Zoom calls to infect devices and steal crypto assets.

Researchers at the Open Security Alliance have confirmed that Elusive Comet has already stolen millions, using a mix of social engineering and malware deployment.

Here’s how they operate:
- Create fake brands like Aureon Capital, Aureon Press, and The OnChain Podcast
- Build a convincing online presence with active websites and social profiles
- DM or email victims with interview or podcast invites
- Schedule urgent Zoom calls and ask the target to share their screen
- Then request remote access — and install infostealers or RATs on the victim’s machine

Even the CEO of Trail of Bits was recently targeted under the guise of a "Bloomberg Crypto" interview.

🛡️ Security tips:
- Be cautious with unsolicited interview or partnership invites
- Don’t grant remote control access in Zoom unless you’re 100% sure
- Use cold wallets for crypto and monitor outbound device behavior

At @Efani, we believe the biggest threat to your digital life isn’t always technical — it’s psychological. And Elusive Comet is a reminder of just how polished modern scams have become.

#CyberSecurity #SocialEngineering #CryptoSecurity #ZoomThreats #Infostealer #RemoteAccessTrojan #EfaniSecure

🚨 Microsoft just moved MSA token signing to Azure Confidential VMs, a major step forward in securing its identity infrastructure after the high-profile Storm-0558 breach.

This move, along with the ongoing migration of Entra ID signing services, is part of Microsoft’s broader Secure Future Initiative (SFI) — described as the largest cybersecurity engineering project in its history.

Here’s what’s changing:
- MSA signing keys now protected inside Azure Confidential VMs
- Entra ID token signing is also being migrated to confidential infrastructure
- Access tokens are generated, stored, and auto-rotated via Azure-managed HSM
- 90% of identity tokens for Microsoft apps now validated via hardened SDKs
- 92% of Microsoft productivity accounts use phishing-resistant MFA
- 81% of production code branches are protected with proof-of-presence MFA
- Security logs have a mandatory 2-year retention period
- A new tenant provisioning system auto-registers tenants into the emergency response process

Microsoft is also piloting isolated customer support environments to reduce lateral movement, a direct response to risks exposed in the 2023 Storm-0558 breach, which involved forged Entra ID tokens using a compromised MSA key.

The attack, attributed to a China-linked threat group, led to unauthorized email access across U.S. and European entities.

This update builds on the lessons from the U.S. Cyber Safety Review Board (CSRB) report and pushes forward a model where signing keys, support processes, and token validation are more tightly controlled than ever before.

At @Efani, we support these kinds of structural shifts — because real security isn’t just about patching flaws after the fact, it’s about re-engineering trust from the foundation up.

#CyberSecurity #Microsoft #EntraID #CloudSecurity #SecureFutureInitiative #Storm0558 #IdentitySecurity #EfaniSecure