Major Cyber Attacks This Week (March 2025)

This week saw several significant cyber attacks affecting millions of users worldwide. Staying informed about these incidents helps you understand current threats and take appropriate protective measures.

Healthcare Data Breach: 3 Million Patients Affected

A major US healthcare network discovered a breach on March 24 that exposed the personal and medical information of 3.2 million patients. The breach went undetected for three weeks, allowing attackers to access names, social security numbers, medical records, and insurance information.

Supply Chain Attack Hits Fortune 500 Companies

A supply chain compromise affected 47 major corporations this week. Attackers infiltrated a business software vendor's update system, embedding malware in legitimate software updates that were then distributed to enterprise clients. The companies affected haven't been publicly named, but the incident highlights the risks of third-party software dependencies.

Lessons: Verify software updates before installation, use application whitelisting, and implement supply chain security measures.

European Energy Grid Ransomware

A regional power provider in Europe fell victim to a LockBit 3.0 ransomware attack that left 50,000 customers without power for four hours. The attack started with a phishing email, followed by lateral movement through the network, and culminated in ransomware deployment.

The organization restored systems from backups and refused to pay the €5 million ransom demand. This incident underscores the increasing targeting of critical infrastructure.

Social Media Platform Breach: 100 Million Users

A popular messaging app disclosed a breach exposing phone numbers, email addresses, and device information for 100 million users. The data is reportedly being sold on dark web markets for $200,000.

Protection: Review your privacy settings, limit profile information visible to others, and consider using a separate email address for social media accounts.

Philippines Government Phishing Campaign

Multiple Philippine government employees were targeted in a spear phishing campaign using fake DICT (Department of Information and Communications Technology) emails. The emails claimed to require immediate password resets, leading to credential theft. The DICT has issued an advisory and forced password resets for affected accounts.

Current Attack Trends

Increasing: AI-powered phishing, supply chain attacks, ransomware-as-a-service, cloud configuration attacks, and mobile malware.

Decreasing: Cryptojacking and unrelated scam emails.

How to Stay Safe

Personal protection: Monitor your accounts weekly, use unique passwords, enable 2FA, freeze your credit, and limit personal information online.

Business protection: Maintain an incident response plan, perform regular backups, conduct security awareness training, assess vendor security, and consider zero trust architecture.