Here are some interesting updates about cybersecurity threats and new trends.
23andMe Bankruptcy: What It Means for Your Genetic Data
The genetic testing company 23andMe has filed for bankruptcy, prompting concerns about the security and future of its customers' genetic data. The company announced plans to sell most of its assets through a court-approved reorganization and assured customers that operations, including processing DNA kits, would continue without disruption. However, its privacy policy states that personal data could be sold or transferred during transactions like bankruptcy or acquisitions.
23andMe has faced challenges for years, including struggles to find a profitable business model since going public in 2021. A major data breach in 2023 exposed information of nearly seven million customers, severely damaging its reputation. This was followed by layoffs of 40% of its workforce and the resignation of CEO Anne Wojcicki.
Experts warn that customer data remains at risk, especially during bankruptcy proceedings. While regulators may impose protections, privacy laws in the U.S. and Canada have limitations. Customers are advised to delete their accounts if concerned, though this offers only partial relief as some genetic information may still be retained for legal compliance.
The uncertainty surrounding 23andMe’s ownership raises questions about how customer data might be used in the future, including risks of misuse by insurers or other entities.
Source: CBC
DollyWay Malware Campaign Compromises Thousands of WordPress Sites Over 8 Years
The "DollyWay World Domination" malware campaign, active for nearly a decade, has compromised over 20,000 WordPress websites since 2016. GoDaddy's recent report reveals that this campaign, orchestrated by the cybercrime network VexTrio, consolidates multiple previously distinct threat campaigns. The malware uses Traffic Direction Systems (TDSs) and lookalike domains to redirect visitors of infected sites to scams or malware. DollyWay v3 employs sophisticated methods, including cryptographically signed data transfers and removal of competing malware, to maintain control over WordPress sites.
Visitors to infected sites are subjected to multistage redirection chains leading to phishing pages, cryptocurrency scams, or malicious apps. VexTrio monetizes site traffic through ad networks like AdsTerra and PropellerAds while historically deploying more aggressive payloads such as ransomware and banking trojans. The malware reinfects WordPress pages automatically by disabling security plugins and injecting fresh malicious code, making it difficult to remove.
GoDaddy reports that as of February 2025, over 10,000 unique WordPress sites generate millions of impressions monthly from malicious scripts. To mitigate risks, administrators are advised to temporarily disable infected sites, update plugins and themes, enforce strong passwords, use multifactor authentication, and consider Web Application Firewalls (WAFs). Users should remain cautious of unexpected redirects to dubious websites.
Source: Dark Reading
Qilin Targets Clinics in Japan and the US
The Qilin ransomware group continues to target global healthcare organizations, recently claiming responsibility for attacks on Japan's Utsunomiya Central Clinic (UCC) and the US-based Rockhill Women’s Care. Known for its lack of remorse, Qilin has previously disrupted critical services, including NHS pathology labs in the UK, causing widespread healthcare crises.
At UCC, the February 18 attack compromised 140 GB of sensitive data, impacting around 300,000 patients. Leaked samples revealed personally identifiable information (PII), medical histories, treatment details, and scan images. The clinic confirmed the breach involved both patient and staff data. Temporary service restrictions were imposed following the attack.
In Kansas City, Rockhill Women’s Care faced a similar breach, with Qilin leaking samples of 20 GB of stolen data. The files included patients' names, addresses, medical histories, and even sensitive details like contraception procedures for minors. The facility experienced unscheduled closures but has yet to publicly disclose the incident as a cyberattack.
Qilin’s attacks on critical services like cancer clinics and charities have drawn sharp criticism. Unlike groups like LockBit, which occasionally show restraint, Qilin has shown no moral boundaries. Law enforcement agencies are reportedly coordinating efforts to disrupt the group's operations.
Source: The Register
UK Organizations Have 10 Years to Prepare for Post-Quantum Cryptography
The UK's National Cyber Security Centre (NCSC) has set a 10-year timeline for organizations to migrate to post-quantum cryptography (PQC) to address future risks posed by quantum computing. The guidance outlines three key milestones: by 2028, organizations must define migration goals, assess systems, and draft an initial plan; by 2031, high-priority migrations should be completed with refined strategies; and by 2035, full migration across all systems must be achieved.
Quantum computers, though still in early development, are expected to eventually break current encryption standards like public key cryptography (PKC). While estimates for functional quantum computers range from 5 to 20 years, the NCSC emphasizes proactive planning to ensure secure transitions. Organizations are advised to run PQC and PKC concurrently during migration and prioritize critical systems handling sensitive data.
The complexity of migration varies by sector. Critical infrastructure operators face significant challenges due to legacy systems and embedded devices, while smaller businesses may rely on vendor-driven updates. The NCSC also highlights the financial and operational costs of this transition but frames it as a necessary step toward cyber resilience.
Source: The Register
