Simply Cyber Newsletter #129

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS, PEERS & EXECUTIVES

Ransomware Group Claims Attacks on UK Retailers. UK retailers Co-op, M&S, and Harrods were hit in a wave of extortion attacks tied to DragonForce, a group that shifted from protest to profit and now runs an operation built to deliver extortion at scale. Co-op confirmed a data breach affecting millions. M&S is still working to restore systems after days of disruption. These weren’t isolated events. DragonForce provides a repeatable playbook, leveraging stolen credentials, public exploits, and neglected systems. This isn’t chaos. It’s theater, with scripts anyone can follow if the conditions are right. The threat isn’t who acted. It’s how easily others can. The entry points were known. The trust wasn’t broken, it was borrowed.

What you need to know: Most ransomware attacks begin with something ordinary. It could be a fake email, a login screen, or a call from "IT" asking you to reset your password. Criminal groups are using social engineering to mimic trusted voices and routines. While the attackers in this case did not use artificial intelligence, the increasing use of AI in phishing and impersonation means these tactics are likely to evolve. The goal is to get access without triggering alarms. If something feels off, slow down. Do not trust the message just because it looks familiar. Trust your instinct instead. Whether it is an unusual request, a strange link, or a message that pushes urgency, pause and report it. One alert moment can stop days of disruption before they even begin.

Executive Takeaway: This incident is a clear opportunity to speak with senior leaders about response speed, internal alignment, and operational trust. It reveals a deeper pressure point for your organization. Ransomware groups are evolving into scalable operations, treating attacks as campaigns with brand value and affiliate support. Financial data may remain safe, but your trust, sales, and public confidence can collapse overnight. Retailers like Co-op and M&S faced disruption that outpaced their ability to respond. You need to align on three priorities: clear communication during crisis, visibility into vendor and access risk, including credential misuse and supplier exposure, and pre-approved authority to act. Make sure your decision-makers have defined authority before the breach, so no one hesitates when seconds count. Recovery is only part of the challenge. The lasting cost often comes from silence, delay, and confusion. Your trust moves faster than malware. You need to move even faster.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn - also available on Apple Podcasts or your favorite podcast platform. Check out our podcast page.

SC MEDIA GROUP SIMPLY DEFENSIVE PODCAST

When: Monday, May 12 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

From Submarines to Cybersecurity: Navigating Small Business Security

Welcome to another episode of Simply Defensive! In this installment, hosts Josh Mason and Wade Wells are joined by cybersecurity expert James Berley. Join us as he takes us on his journey from a submarine sonar technician in the Navy to founding his own security firm, Secure Point Solutions, specializing in helping small businesses tackle cybersecurity threats.

They discuss the vital steps and strategies for implementing robust security measures in small companies, the importance of patch management, and how to protect sensitive information. Additionally, James delves into his experiences as a foster parent, offering insights into the foster care system and the impactful ways you can contribute.

Set up your notifications and tune in for valuable tips on safeguarding your business and heartwarming stories from the world of foster care.

SC MEDIA GROUP SIMPLY ICS CYBER PODCAST

When: Wednesday, May 14 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

TSA Security Directives and OT

Don and Tom jump into the TSA Directives in this episode with their special guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. He also founded the Security BSides ICS/OT and BSides Greenville cons.

Prepare to take some notes from our expert guest as he helps us answer some questions: What are the TSA Directives and where do we find them? Who do they apply to and how are sites checked? What do we need to know relative to ICS and OT?

It’s always a great learning experience with the hosts on Simply ICS Cyber - meet us in chat this Wednesday for this upcoming episode!

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST

When: Thursday, May 15 at 9:30 AM EDT | Presented by: Simply Cyber Media Group

Mastering Cybersecurity Part 2 – Securing Systems and Environments

Steve and John explore why securing systems is a must-know skill in cybersecurity.

Learn the basics of system hardening, access control, and logging, plus practical tools and labs to get hands-on.

The hosts also uncover how AI can boost your cyber defense game — and why thinking like both an attacker and defender will set you apart from others.

Head over to the episode and set your reminder to attend!

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making Cybersecurity careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills.

With NEW COURSES released regularly, many of which are free and pay-what-you-can, get ready to advance in your cyber career! Head over to Simply Cyber Academy.

NEW FREE COURSE INTRO TO AWS PENTESTING

🚨 BRAND NEW! RED TEAM ALERT, REGISTER NOW! 🚨

This hands-on course from Tyler Ramsbey introduces you to AWS penetration testing through practical, scenario-driven labs. You'll use popular tools like CloudGoat and Pacu to explore real-world attacks, including exploiting vulnerable EC2 instances, stealing credentials from Lambda functions, and escalating privileges within AWS environments.

By the end, you'll have a solid foundation for identifying and exploiting common cloud misconfigurations—and plenty of practice to back it up. It’s a course accessible to everyone!

Learn more: academy.simplycyber.io/l/pdp/introduction-to-aws-pentesting 

PERSONAL BRANDING FOR CYBER CAREERS LIVE COHORT COURSE IS SET FOR JUNE 2025

📅 BACK BY POPULAR DEMAND - PBCC LIVE COHORT COMING SOON!

Stand out in a sea of professionals - Register for the Live Cohort happening June 2-5, 11 AM-3 PM EDT.

Employers want practical skills, so SHOW THEM YOU HAVE THEM. YouTube is the #2 most accessed site on the Internet. Leverage it to establish, showcase, and engage as a practical cybersecurity professional.

Our all-inclusive online course guides you through every step of building a successful YouTube channel. From planning to publishing content, managing with YouTube Studio, to monetizing and networking professionally - we empower you to make your mark on YouTube.