This Week in Cyber 31st January 2025

Analyst Insight

This week in cyber, our analysts have observed a wave of news articles about the new "DeepSeek" AI and have expressed our security concerns. DeepSeek is a relatively new LLM that allegedly works identically to OpenAI's ChatGPT, but at a fraction of the cost for personal use and organizations. This sent NVIDIA's stock plummeting at the start of the week, wiping billions off their market value due to the claims. The flood of news articles covering DeepSeek caused users and businesses to try it out, making it one of the most downloaded apps on Apple’s App Store.

Exposed DeepSeek AI Database Found with Sensitive Information

DeepSeek is a Chinese AI startup that recently gained a large amount of media attention being a major rival to Nvidia’s AI capabilities. However this week, Wiz Research recently discovered a security vulnerability in DeepSeek's infrastructure. A publicly accessible “ClickHouse database” was found, facilitating unauthorized access to over a million lines of sensitive log streams, including chat histories, secret keys, backend details, and other critical information. The database was exposed without any authentication, posing a severe risk of data breaches and privilege escalation. Upon identifying the issue, Wiz Research promptly notified DeepSeek, which quickly secured the exposed database.

Operation Talent: FBI Seizes Domains of Hacking Forums

This week, the FBI with international law enforcement agencies, seized the domains of notorious hacking forums as part of “Operation Talent”. Cracked[.]io and Nulled[.]to were just a few of the many domains that were seized in the operation. These forums were known for facilitating cybercriminal activities, including the distribution of cracked software, stolen credentials, and hacking tools. The seizure aims to disrupt the operations of these forums and prevent further cybercriminal activity online.

UK Engineering Firm Smiths Group Discloses Cyberattack

This week, the London-based engineering firm “Smiths Group” disclosed a security breach after malicious actors gained access to the company’s systems. The cyberattack was disclosed in a London Stock Exchange filing, where Smiths Group stated they are “currently managing a cyber security incident” and “the incident has involved unauthorized access to the Company’s systems”.

A consequence of the attack is the market’s reaction to the filing, sending Smiths Group shares down by 2.3%. Smiths Group is currently “working with cyber security experts to recover affected systems and determine any wider impact on the business”.

UnitedHealth Reveals 190 Million Affected by February Data Breach

UnitedHealth has disclosed that a ransomware attack on its subsidiary Change Healthcare, affects the personal data of 190 million Americans, nearly doubling the previously reported figure of around 100 million. The breach in February 2024, is the largest healthcare data breach in U.S. history, with the stolen data including contact information, health insurance details, medical records, billing information, and other personal identifiers. The BlackCat ransomware group initially claimed responsibility for the attack, but after allegedly receiving a $22 million ransom from UnitedHealth, the group shutdown and didn’t pay affiliates, keeping the whole payment to themselves.

PayPal Settles $2 Million Over 2022 Data Breach Affecting 35,000 Accounts

In response to a data breach which occurred between December 6th and December 8th, 2022, New York State announced that PayPal has agreed to a $2 million settlement. This breach affected approximately 35,000 accounts. Threat actors exploited the absence of multi-factor authentication (MFA) on PayPal's platform, using valid credentials to access accounts and their sensitive 1099-K forms. The compromised information included full names, dates of birth, postal addresses, Social Security numbers, and Individual Tax Identification Numbers.