Ten Major cyber attacks of 2025 so far

Written By David .

1. PowerSchool (Education Technology)

  • Date: January 2025

  • Attack Type: Data Breach

  • Attack Vector: Extended undetected system compromise

  • Number Affected: ~72 million (62.5M students, 9.5M teachers)

  • Business Impact: Massive exposure of sensitive educational data, severe reputational damage, regulatory scrutiny

  • Organizational Response: Public disclosure, forensic investigation with CrowdStrike, notification to school districts

  • Prevention & Mitigation:

    • Technical: Endpoint monitoring, encryption, patch management

    • Managerial: Investment in cyber-resilience, security teams oversight

    • Operational: Regular security audits and penetration tests

    • Procedural: Comprehensive IR plans and response SOPs

    • Policy: Strict data handling, encryption policies

2. TalkTalk (Telecommunications)

  • Date: January 2025

  • Attack Type: Data Breach (ongoing investigation)

  • Attack Vector: Possible insider threat or external exploit

  • Number Affected: Claimed ~18.8 million customers (pending confirmation)

  • Business Impact: Significant risk to customer trust and privacy; reputational harm

  • Organizational Response: Disputed severity, launched investigation, engaged external experts

  • Prevention & Mitigation:

    • Technical: User behavior analytics, encryption

    • Managerial: Executive-level oversight, dedicated security resources

    • Operational: Frequent third-party security audits

    • Procedural: Internal and external breach response protocols

    • Policy: Mandatory access control, insider-threat prevention policies

3. Phemex (Cryptocurrency Exchange)

  • Date: January 2025

  • Attack Type: Cryptocurrency Theft

  • Attack Vector: Compromise of hot wallet system

  • Number Affected: Platform-wide ($85 million assets stolen)

  • Business Impact: Financial losses, disrupted operations, user confidence severely shaken

  • Organizational Response: Immediate suspension of transactions, transparent disclosure, forensic investigation

  • Prevention & Mitigation:

    • Technical: Cold-wallet storage, MFA

    • Managerial: Specialized security investment

    • Operational: Continuous real-time transaction monitoring

    • Procedural: Clear SOPs for wallet security, rapid-response plans

    • Policy: Mandatory MFA, asset storage standards

4. Kettering Health (Healthcare)

  • Date: May 2025

  • Attack Type: Ransomware

  • Attack Vector: Phishing or system vulnerability exploitation

  • Number Affected: 14 hospitals, thousands of patients impacted indirectly

  • Business Impact: Severe disruption to medical services, patient-care delays, financial loss

  • Organizational Response: Refusal to pay ransom, system isolation, data restoration from backups

  • Prevention & Mitigation:

    • Technical: Network segmentation, endpoint detection

    • Managerial: IR and recovery team establishment

    • Operational: Frequent phishing training, robust backups

    • Procedural: Detailed ransomware response SOPs

    • Policy: Phishing-awareness, mandatory patch management

5. ConnectWise (Software Vendor)

  • Date: May 2025

  • Attack Type: Supply Chain Attack

  • Attack Vector: Zero-day exploit by state-sponsored hackers

  • Number Affected: Limited clients; significant reputational damage

  • Business Impact: Trust in vendor services damaged, client anxiety heightened

  • Organizational Response: Prompt public disclosure, applied patches immediately, external cyber investigation

  • Prevention & Mitigation:

    • Technical: Secure software development lifecycle, zero-trust

    • Managerial: Comprehensive vendor-risk management

    • Operational: Regular red-team exercises, threat intel

    • Procedural: Rapid response procedures for software security issues

    • Policy: Secure coding standards, vendor-security obligations

6. Oracle Cloud (Cloud Provider)

  • Date: March 2025

  • Attack Type: Data Breach (claimed)

  • Attack Vector: Potential SSO vulnerability

  • Number Affected: Claimed ~6 million accounts (pending confirmation)

  • Business Impact: Questions about cloud-service credibility, potential privacy implications

  • Organizational Response: Official denial, client engagement ongoing, internal security review

  • Prevention & Mitigation:

    • Technical: MFA, encryption of stored user data

    • Managerial: Dedicated cloud-security oversight

    • Operational: Routine penetration testing, credential monitoring

    • Procedural: Credential-rotation protocols, breach verification SOPs

    • Policy: IAM policy enforcement, data privacy standards

7. Kuala Lumpur International Airport (Transportation)

  • Date: March 2025

  • Attack Type: Ransomware

  • Attack Vector: Likely phishing or malware infection

  • Number Affected: Entire airport operations, thousands of passengers affected

  • Business Impact: Disruption in flights, ticketing, baggage handling, economic losses

  • Organizational Response: No ransom paid, restored from backups, coordination with national cyber authorities

  • Prevention & Mitigation:

    • Technical: Strong network segmentation, endpoint protection

    • Managerial: IR teams, cybersecurity training investment

    • Operational: Regular audits, vulnerability management

    • Procedural: Detailed disaster recovery plans

    • Policy: Mandatory cybersecurity training, backup procedures

8. Iran National Shipping (Maritime Logistics)

  • Date: February 2025

  • Attack Type: Coordinated Network Attack

  • Attack Vector: Communications sabotage

  • Number Affected: 116 ships

  • Business Impact: Severe disruption in maritime operations, economic impact on trade

  • Organizational Response: Restoration of backup systems, rapid isolation, government cybersecurity assistance

  • Prevention & Mitigation:

    • Technical: Redundant communication systems, encryption

    • Managerial: Cybersecurity team integration, leadership accountability

    • Operational: Routine cybersecurity drills, network monitoring

    • Procedural: Rapid response protocols for communications failure

    • Policy: Cyber-readiness standards, mandatory communication security

9. X (formerly Twitter - Social Media)

  • Date: March 2025

  • Attack Type: DDoS Attack

  • Attack Vector: Massive coordinated botnet attack

  • Number Affected: Millions of global users (service outage)

  • Business Impact: Global communication outage, user frustration, brand reputation impacted

  • Organizational Response: Real-time traffic mitigation, public transparency, system reinforcement

  • Prevention & Mitigation:

    • Technical: DDoS mitigation tools, scalable architecture

    • Managerial: Cybersecurity infrastructure investment

    • Operational: Continuous network monitoring

    • Procedural: Traffic spike response SOPs

    • Policy: Infrastructure redundancy and scalability policies

10. ENGlobal Corp. (Energy Engineering Contractor)

  • Date: January 2025

  • Attack Type: Ransomware

  • Attack Vector: Phishing or unpatched vulnerabilities

  • Number Affected: Company-wide financial and HR systems (thousands of employees indirectly affected)

  • Business Impact: Six-week financial system lockdown, disrupted operations, significant data exposure concerns

  • Organizational Response: SEC disclosure, restoration from backups, comprehensive security review

  • Prevention & Mitigation:

    • Technical: Email security gateways, robust backups

    • Managerial: Cybersecurity budgeting and resource allocation

    • Operational: Regular phishing simulations, vulnerability scanning

    • Procedural: Clearly defined ransomware-response procedures

    • Policy: Employee cybersecurity training, stringent patch management

David .
Previous

may-june CTI report
Next

Reflections on Cybersecurity Standards, Talent Development, and Industry Direction