UK’s Hammersmith and Fulham Council faces 20,000 daily cyber attacks

Hammersmith and Fulham Council is targeted by around 20,000 cyber attacks each day, mostly phishing attempts, prompting the council to implement anti-phishing measures and strengthen firewalls.

Local councils have become prime targets for cyber criminals due to the large amounts of sensitive personal data they hold, outdated IT systems, and limited cybersecurity budgets. According to the ICO, cyber attacks on local authorities rose by 25% between 2022 and 2023, with reported data breaches surging by 58%.

Security researchers have highlighted the growing threats councils face, warning that compromised data can be exploited for fraud or sold on the dark web. He emphasised the need for modernised systems and improved cyber hygiene practices, such as multi-factor authentication and secure passwords.

With UK councils increasingly under siege, robust security measures are essential to protect citizens’ data and ensure resilient public services.

Microsoft’s February 2025 Patch Tuesday addresses 55 vulnerabilities, including 4 zero-days

Microsoft’s latest Patch Tuesday included fixes for 55 vulnerabilities, with 4 zero-days—2 actively exploited. Among the critical issues patched are remote code execution flaws and two elevation of privilege vulnerabilities (CVE-2025-21391 and CVE-2025-21418) that allow file deletion and SYSTEM-level access.

Another zero-day (CVE-2025-21194) bypasses UEFI on certain hardware, compromising the hypervisor and secure kernel, while CVE-2025-21377 exposes Windows users’ NTLM hashes, potentially enabling remote attacks.

Other vendors such as Adobe, AMD, Apple, Cisco, Google, Ivanti, Fortinet, Netgear, and SAP also issued security updates this month, addressing vulnerabilities across various products.

Users are urged to apply the updates promptly to mitigate risks, especially as attackers increasingly exploit unpatched systems. Full details of the vulnerabilities and updates can be found in Microsoft’s official Patch Tuesday report.

Hackers target outdated vulnerabilities in ThinkPHP and ownCloud

Threat researchers have reported a surge in attacks exploiting older vulnerabilities from 2022 and 2023, specifically CVE-2022-47945 in ThinkPHP Framework and CVE-2023-49103 in ownCloud.

Both flaws, rated critical, allow attackers to execute OS commands or steal sensitive data like admin passwords. CVE-2022-47945 is a local file inclusion vulnerability in ThinkPHP versions before 6.0.14. Chinese threat actors have exploited it since late 2023, and GreyNoise has detected 572 unique IPs launching attacks recently.

CVE-2023-49103, affecting ownCloud due to a third-party library, has seen increased exploitation from 484 unique IPs. This vulnerability was among the top 15 most exploited flaws in 2023, according to the FBI, CISA, and NSA.

Users are urged to patch systems immediately by upgrading to ThinkPHP 6.0.14+ and ownCloud GraphAPI 0.3.1+, or to isolate vulnerable instances behind firewalls to mitigate active threats.

North Korean hacker group Kimsuky targets victims with new PowerShell attack tactic

North Korean-linked hacking group Kimsuky is using a new method to trick victims into running malicious PowerShell commands as administrators. Masquerading as South Korean officials, the attackers build trust before sending phishing emails with PDF attachments. Victims are then directed to a link that instructs them to paste malicious code into PowerShell, installing a remote desktop tool and registering their device for attacker access.

Microsoft has observed limited attacks using this technique since January 2025, marking a shift in Kimsuky’s tactics.

In related news, U.S. citizen Christina Marie Chapman pleaded guilty to helping North Korean IT workers obtain remote jobs at over 300 U.S. companies by stealing identities and running a “laptop farm” from her home. The scheme generated $17.1 million for North Korea, with the FBI warning of rising extortion cases where North Korean IT workers hold stolen data for ransom after being discovered in company networks.

DDoS attacks surge 56% YoY, with financial experiencing a 117% increase

A new report reveals a 56% year-on-year increase in DDoS attacks during Q3–Q4 2024, with the largest attack peaking at a record 2 Tbps, targeting a global gaming company.

Financial services saw a 117% surge in attacks, highlighting the need for stronger defenses, while gaming remained the most-targeted sector despite improved protection. Short, high-intensity attacks are becoming the norm, challenging traditional mitigation methods.

Key drivers include easy access to DDoS-for-hire services, IoT vulnerabilities, geopolitical tensions, and advanced attack strategies like ACK floods. The report also notes a growing influence from regions like the US, China, the Netherlands, Brazil, and Indonesia.

The research from Gcore emphasises the need for robust, adaptive DDoS protection as attacks become more sophisticated and frequent. Organisations are urged to strengthen their defences to safeguard against evolving threats.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.