Your Business Dies When Your Internet Provider Gets Hacked: The 13-Day COLT Nightmare

Your Business Dies When Your Internet Provider Gets Hacked: The 13-Day COLT Nightmare

Episode Summary COLT Technology Services, a major UK telecommunications provider, suffers from ongoing ransomware attacks, causing week-long outages affecting thousands of businesses. Host Lucy Harper breaks down the SharePoint vulnerability exploitation and provides emergency supplier risk protection strategies for UK SMEs. What You'll Learn * How WarLock ransomware compromised COLT using Microsoft SharePoint zero-day CVE-2025-53770 * Why the 'ToolShell' exploit chain bypasses all authentication and enables remote code execution * Real business impact: multi-day connectivity outages affecting customer portals, voice systems, and network management * Emergency supplier risk assessment and redundant connectivity implementation strategies * Chinese threat group coordination targeting telecommunications infrastructure across multiple countries Critical Statistics Mentioned * 1 million documents allegedly stolen from COLT, offered for £147,500 ransom * 30 countries where COLT operates critical telecommunications infrastructure * 900 data centres connected by COLT's 75,000km fibre network * 8+ days of ongoing service disruptions affecting UK business operations * 424 vulnerable SharePoint servers still exposed globally according to Shadowserver Foundation * 9,665 SharePoint devices exposed to internet as of August 2025 * CVSS 9.8 critical severity rating for CVE-2025-53770 SharePoint vulnerability * 3 Chinese APT groups confirmed exploiting same SharePoint vulnerabilities for ransomware and espionage Key Sources & References * BleepingComputer: COLT WarLock ransomware attack confirmation and data theft claims [https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/] * The Register: Technical timeline and service disruption details [https://www.theregister.com/2025/08/15/london_telco_colts_services_disrupted/] * Microsoft Security Blog: CVE-2025-53770 vulnerability analysis and threat actor attribution [https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/] * CISA Alert: Government response and mitigation guidance for SharePoint vulnerabilities [https://www.cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities/] * Computer Weekly: UK business impact analysis and expert commentary [https://www.computerweekly.com/news/366629219/Warlock-claims-ransomware-attack-on-network-services-firm-Colt] * Palo Alto Unit 42: ToolShell exploit chain technical analysis [https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/] * Check Point Research: Exploitation campaign timeline and affected sectors [https://blog.checkpoint.com/research/sharepoint-zero-day-cve-2025-53770-actively-exploited-what-security-teams-need-to-know/] * SOCRadar: Global threat intelligence and vulnerable server identification [https://socradar.io/toolshell-sharepoint-zero-day-cve-2025-53770/] Episode Sponsor Equate Group - Comprehensive cybersecurity and IT services specialising in network resilience planning, business continuity management, and supplier risk assessment. Visit www.equategroup.com [https://www.equategroup.com] Your Next Steps URGENT ACTION REQUIRED: * Audit all critical IT suppliers immediately to identify single points of failure. * Implement redundant connectivity and verify SharePoint patch status if using on-premises systems. * Seek professional help for comprehensive supplier risk assessment and business continuity planning. Source Verification Standards All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Microsoft Security Blog serves as the primary source for technical details on vulnerabilities. Financial figures are cross-referenced through cybersecurity threat intelligence platforms. UK-specific impact data prioritises telecommunications industry publications and government cybersecurity guidance. Disclaimer This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices. 🎧 Subscribe for daily cybersecurity updates 👍 Like this episode if it helped you prepare Production: Small Business Cyber Security Guy Production Host: Lucy Harper All rights reserved

When AI Turns Against You

Episode Summary AI-powered cybercriminals are now targeting UK small businesses with unprecedented sophistication, making artificial intelligence threats the top security concern for 35% of SMEs in 2025. Host Lucy Harper breaks down how criminals weaponise machine learning against businesses and provides a five-step action plan to defend against deepfakes, AI-generated phishing, and automated attacks that traditional security cannot detect. What You'll Learn AI-Powered Cyber Attacks: How criminals use machine learning to create personalised, sophisticated attacks that bypass traditional security measures and target UK SMEs specifically. Technical Threat Landscape: The mechanics behind AI-generated phishing, deepfake technology, and automated attack systems that can launch thousands of customised attacks simultaneously. Business Impact Assessment: Why AI cybercrime contributes to the 27 billion pounds annual cost to the UK economy and how skills shortages leave SMEs vulnerable to advanced threats. Practical Defence Strategy: Five immediate actions including AI-aware email security, enhanced verification protocols, and employee training specifically designed for AI threat recognition. Regulatory Compliance Preparation: New UK AI Cyber Security Code requirements, upcoming Cyber Security and Resilience Bill implications, and GDPR changes affecting AI-powered data processing. Key Sources & References Six Degrees Research Study [https://securitybrief.co.uk/story/ai-threats-top-concern-for-uk-smes-cybersecurity-in-2025]: "Mapping the UK SME Cyber Security Landscape in 2025" UK Government DSIT & NCSC [https://www.gov.uk/government/publications/ai-cyber-security-code-of-practice]: AI Cyber Security Code of Practice published January 31, 2025 DefCon 33 Official Information [https://defcon.org/]: Premier cybersecurity conference featuring DARPA AI Cyber Challenge and emerging threat research UK Cyber Security Breaches Survey 2025 [https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025]: Government analysis of cybersecurity threat landscape and business impacts NIST AI Security Framework [https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems]: Technical standards for identifying and defending against AI-powered cyber attacks World Economic Forum Case Study [https://www.weforum.org/stories/2025/02/deepfake-ai-cybercrime-arup/]: Analysis of 25 million dollar deepfake attack demonstrating advanced AI threat capabilities Episode Sponsor Equate Group. Visit equategroup.com [https://equategroup.com] Your Next Steps Immediate Action Required: Assess your current email security systems against AI-generated phishing threats and implement enhanced verification protocols for all financial transactions exceeding £ 1,000. Professional Help Recommended: For businesses requiring sophisticated AI threat monitoring and rapid response capabilities, consider partnering with managed security providers who offer AI-powered threat detection services. Source Verification Standards All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. UK Government research serves as the primary source for cybersecurity statistics and regulatory requirements. Financial figures are cross-referenced through official government surveys and established cybersecurity research organisations. Disclaimer This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices. 🎧 Subscribe for daily cybersecurity updates 👍 Like this episode if it helped you prepare Production: The Small Business Cyber Security Guy Production [https://thesmallbusinesscybersecurityguy.co.uk] Hosts: Lucy Harper & Graham All rights reserved #Cybersecurity #AISecurity #UKBusiness #SMESecurity #CyberThreats #BusinessSecurity #Deepfakes #PhishingAttacks #CyberDefense #TechSecurity

PayPal's 16 Million User NIGHTMARE - Your Business Is Next

Episode Summary Cybercriminals are selling alleged PayPal credentials for nearly 16 million users on dark web forums, highlighting the devastating reality of credential stuffing attacks targeting UK businesses daily. Hosts Lucy Harper and Graham break down why this threat represents far more than just another data breach and provide an emergency action plan for protecting your business from automated credential attacks. What You'll Learn * Why the alleged PayPal credential dump likely comes from infostealer malware rather than a company breach * How credential stuffing attacks work and why they're particularly dangerous for UK SMEs * The devastating financial impact - £4.8 million average breach costs and 67% of small businesses facing financial difficulties within six months * Three immediate emergency actions: credential audits, MFA implementation, and password management * Forward-looking insights about AI-powered attacks becoming SMEs' top cybersecurity concern in 2025 Critical Statistics Mentioned * 15.8 million PayPal credentials are allegedly being sold for just £750 on dark web forums * 52% of users utilise identical or very similar passwords across multiple accounts * 43% of UK businesses experienced cybersecurity breaches in the last 12 months * 84% of UK businesses faced phishing attacks in 2024 * 67% of small businesses that experienced cyber attacks reported financial difficulties within six months * £4.8 million average cost of breaches caused by credential stuffing attacks * 80% of successful hacking incidents involve compromised credentials or passwords Key Sources & References * Cybernews: PayPal credential dump investigation and company denial [https://cybernews.com/security/paypal-credential-dump-hacker-claims/] * Tom's Guide: 16 million PayPal accounts exposed analysis [https://www.tomsguide.com/computing/online-security/over-16-million-paypal-accounts-exposed-on-a-hacking-forum-including-passwords] * Hackread: Threat actor selling PayPal credentials investigation [https://hackread.com/threat-actor-selling-plain-text-paypal-credentials/] * UK Government: Cyber Security Breaches Survey 2025 [https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025] * Optimising IT: Top cyber attack threats facing UK businesses [https://optimisingit.co.uk/blog/top-8-cyber-attack-threats-facing-uk-businesses-in-2025-and-how-to-stay-protected/] * ID Dataweb: Credential stuffing attack analysis and costs [https://www.iddataweb.com/credential-stuffing-attacks/] * Eclarity: UK SME cybersecurity statistics and threats [https://eclarity.co.uk/cybersecurity-for-uk-smes-the-complete-2025-guide/] * Dr Logic: SME cyber attack risks and business impact [https://drlogic.com/article/cyber-attacks-on-uk-businesses-why-smes-are-at-greater-risk-in-2025/] * Cybersecurity News: PayPal email and password leak analysis [https://cybersecuritynews.com/paypal-email-and-passwords-leak/] Your Next Steps Conduct an immediate credential audit across all business accounts and enable multi-factor authentication everywhere today. The alleged PayPal credentials may already be circulating in criminal networks, which are being tested against UK business platforms. For businesses lacking internal cybersecurity expertise, professional monitoring services can detect and prevent credential stuffing attacks before they cause devastating financial damage. Source Verification Standards All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Cybersecurity research firms and threat intelligence platforms serve as primary sources for attack methodology and statistics. Financial impact figures are cross-referenced through various industry sources. UK-specific data prioritises government cybersecurity surveys and established UK technology security publications. Disclaimer This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices. 🎧 Subscribe for daily cybersecurity updates👍 Like this episode if it helped you prepare Production: Small Business Cyber Security Guy Production [https://thesmallbusinesscybersecurityguy.co.uk] Hosts: Lucy Harper and Graham Falkner Sponsor: Equate Group Ltd [https://www.equategroup.com] All rights reserved #CyberSecurity #PayPalBreach #CredentialStuffing #DataBreach #CyberThreats #PasswordSecurity #MFA #TwoFactorAuthentication #UKCyberSecurity #SmallBusiness #BusinessSecurity #DarkWeb #Cybercrime #InfoStealerMalware #CyberIntelligence #ThreatIntelligence #CyberSecurityPodcast #TechPodcast #BusinessPodcast #UKPodcast #CyberNews #SecurityNews #TechNews #BusinessNews #DailyTech #CyberEducation #PasswordManager

Workday Breach: The Rise of Voice Phishing Attacks

Episode Summary HR giant Workday falls victim to ShinyHunters' sophisticated social engineering campaign, exposing how simple phone calls can bypass enterprise-grade security. Host Lucy Harper breaks down the attack methods and provides actionable defence strategies for UK businesses facing this escalating threat. What You'll Learn * How the ShinyHunters group uses voice phishing to breach major corporations including Workday, Google, and Adidas * The technical methods behind social engineering attacks targeting Salesforce and CRM systems * Why UK SMEs face higher risk and the four hundred thousand pound ransom already paid by one victim * Four immediate action steps to protect your business from sophisticated voice phishing campaigns * Advanced OAuth security measures and connected application monitoring strategies Critical Statistics Mentioned * Over 11,000 organisations use Workday services, including sixty percent of Fortune 500 companies * Four hundred thousand pounds ransom payment made by one company to prevent data leak * Ten-day delay between Workday's breach discovery and public disclosure * August 6th discovery date versus August 16th disclosure timeline * Multiple major corporations targeted including Adidas, Google, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co, and Chanel * Eight-digit connection codes used by criminals to link malicious data extraction tools * Third-party CRM platform compromised rather than core Workday systems * English-speaking employees specifically targeted at multinational corporations Key Sources & References * BleepingComputer: Workday breach disclosure and ShinyHunters campaign details [https://www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/] * Google Threat Intelligence Group: UNC6040 vishing campaign analysis [https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion] * Malwarebytes: Comprehensive analysis of Salesforce social engineering attacks [https://www.malwarebytes.com/blog/news/2025/08/how-google-adidas-and-more-were-breached-in-a-salesforce-scam] * GBHackers: Workday data breach technical details and impact [https://gbhackers.com/workday-data-breach-exposes/] * Computer Weekly: ShinyHunters campaign methodology and attribution [https://www.computerweekly.com/feature/ShinyHunters-Salesforce-cyber-attacks-explained-What-you-need-to-know] * Salesforce Ben: Google breach confirmation and industry impact analysis [https://www.salesforceben.com/salesforce-forced-to-issue-data-theft-warning-as-google-confirms-it-is-among-victims/] * ShadowOpsIntel: Chanel breach details and OAuth security implications [https://www.ampcuscyber.com/shadowopsintel/chanel-hit-by-shinyhunters-in-salesforce-data-theft-campaign/] * Medium: Technical analysis of UNC6040 attack patterns and infrastructure [https://medium.com/@tahirbalarabe2/salesforce-vishing-shinyhunters-unc6040-data-extortion-operations-3cb5ed5b6caf] * Cybersecurity Dive: Malicious Salesforce tool abuse and extortion tactics [https://www.cybersecuritydive.com/news/hackers-abuse-salesforce-tool-extortion/749790/] Episode Sponsor Equate Group - Comprehensive cybersecurity and IT services specialising in social engineering defence training, security operations centre monitoring, and OAuth application security auditing. Your Next Steps Implement immediate social engineering verification protocols across your organisation today. Audit all connected applications with administrative access, particularly CRM and cloud platforms. Establish multi-person approval processes for new application integrations. If your business lacks dedicated cybersecurity expertise, professional social engineering defence training becomes essential. Source Verification Standards All sources cited in this episode have been fact-checked and verified through multiple authoritative channels. Cybersecurity research firms and threat intelligence groups serve as primary sources for attack methodology and attribution. Financial figures are cross-referenced through industry security publications. UK-specific risk assessment prioritises government and established UK cybersecurity guidance. Disclaimer This episode provides general guidance only. Always consult qualified cybersecurity professionals before making critical infrastructure changes. Content is based on independent research and industry best practices.🎧 Subscribe for daily cybersecurity updates 👍 Like this episode if it helped you prepare Production: Small Business Cyber Security Guy Production Host: Lucy Harper Sponsor: All rights reserved

Why Your Managed Service Provider Could Destroy Your Business This Week

Episode Summary CISA warns of active exploitation targeting N-able N-central RMM platforms used by UK managed service providers. Host Lucy Harper breaks down the critical vulnerabilities affecting thousands of businesses and provides immediate action steps for SME protection. What You'll Learn * CVE-2025-8875 and CVE-2025-8876 vulnerabilities enabling complete network takeover through MSP tools * How deserialization attacks and command injection work using simple analogies * Why UK SMEs face cascading risks through compromised MSP relationships worth fifty-two billion pounds * Four immediate actions to verify MSP security and protect business operations * Emergency timeline with CISA's August 20th federal deadline for patch deployment Critical Statistics Mentioned * 2,000 instances N-central systems exposed online globally * 11,492 active MSPs operating in UK market generating massive revenue * £52.6 billion combined annual revenue for UK managed service providers * 89% of UK SMBs currently use MSPs for critical IT functions * 294,340 employees supported by UK MSP sector infrastructure * August 13th N-able emergency patch release date * August 20th CISA deadline for federal agency remediation * £5,000-£15,000 typical emergency incident response costs Key Sources & References * CISA Known Exploited Vulnerabilities Catalog: Official federal guidance [https://www.cisa.gov/known-exploited-vulnerabilities-catalog] * N-able Security Advisory: Emergency patch details [https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/] * BleepingComputer: Active exploitation confirmation [https://www.bleepingcomputer.com/news/security/cisa-warns-of-n-able-n-central-flaws-exploited-in-zero-day-attacks/] * UK Government MSP Research: Market analysis and statistics [https://www.gov.uk/government/publications/research-on-managed-service-providers] * The Hacker News: Technical vulnerability breakdown [https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html] * Cybersecurity News: Attack timeline and impact assessment [https://cybersecuritynews.com/cisa-warns-of-n-able-n-central-vulnerabilities/] Episode Sponsor Equate Group Ltd - Comprehensive cybersecurity and IT services specialising in MSP oversight, incident response, and independent security monitoring. Your Next Steps 1. Contact your MSP immediately to verify N-central patch status. 2. Demand written confirmation of security updates and enhanced monitoring during transition. 3. Review MSP agreements for emergency protocols and consider independent security oversight. Source Verification Standards All sources cited have been fact-checked through multiple authoritative channels. CISA and N-able serve as primary sources for vulnerability details. Financial figures cross-referenced through UK government research. All statistics verified through official cybersecurity publications. Disclaimer * This episode provides general guidance only. * Always consult qualified cybersecurity professionals before making critical infrastructure changes. * Content based on independent research and industry best practices. 🎧 Subscribe for daily cybersecurity updates 👍 Like this episode if it helped you prepare Production: Small Business Cyber Security Guy Production [https://thesmallbusinesscybersecurityguy.co.uk] Host: Lucy Harper All rights reserved