Weekly Cybersecurity Brief: May 5-9, 2025

Weekly Cybersecurity Brief: May 5-9, 2025

☣️ Mr. The Plague ☣️

Key Points

  • It seems likely that ransomware attacks targeted critical sectors, with reported incidents at Mountain View Mushrooms and Hennessy Funds on May 9, 2025, potentially disrupting agriculture and finance.
  • Research suggests hackers are exploiting oil and gas infrastructure, as warned by CISA on May 7, 2025, using basic techniques that could cause significant damage due to poor cyber hygiene.
  • The evidence leans toward a surge in digital REAL ID scams around May 6, 2025, targeting vulnerable groups amid new identification rules.
  • Former CISA Director Chris Krebs’ appearance at the RSA Conference on May 1, 2025, indicates strong community support, reflecting his ongoing influence in cybersecurity.

Contents

Overview

This week’s cybersecurity news highlights several incidents that underscore the evolving threat landscape. From ransomware attacks on critical infrastructure to scams exploiting regulatory changes, organizations and individuals must stay vigilant.

Ransomware Attacks

On May 9, 2025, two significant ransomware attacks were reported. Mountain View Mushrooms, a major US mushroom supplier, was hit by the rhysida group, raising concerns about food supply chain disruptions. Similarly, Hennessy Funds, an investment firm, was targeted by LockBit3, potentially compromising sensitive financial data. These incidents highlight the need for robust defenses in agriculture and finance sectors.

CISA Warning on Oil and Gas

On May 7, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about hackers targeting US oil and gas infrastructure. While the attackers use simple methods, the sector’s poor cyber hygiene could lead to operational disruptions or physical damage. This advisory emphasizes the urgency of securing operational technology (OT) systems in critical infrastructure.

Digital REAL ID Scams

As the REAL ID deadline approached on May 7, 2025, scams surged, targeting individuals with fake websites and phishing emails. These social engineering attacks aim to steal personal information, particularly from vulnerable groups like seniors and immigrants. Verifying official sources is crucial to avoid falling victim to these scams.

Leadership in Cybersecurity

Former CISA Director Chris Krebs spoke at the RSA Conference on May 1, 2025, receiving strong support from the cybersecurity community. His leadership, especially in securing the 2020 election, continues to inspire efforts to strengthen national cybersecurity.

Introduction

This week’s cybersecurity landscape was marked by significant incidents that highlight the persistent and evolving nature of cyber threats. From ransomware attacks targeting critical sectors to social engineering scams exploiting regulatory changes, these events underscore the need for robust defenses and heightened awareness.

Summary of Key Incidents

DateIncidentSectorThreat ActorDetails
May 9, 2025Mountain View Mushrooms ransomware attackAgriculturerhysidaPotential supply chain disruption, details limited due to recency.
May 9, 2025Hennessy Funds ransomware attackFinanceLockBit3Potential data compromise, details limited due to recency.
May 7, 2025CISA warning on oil and gas infrastructureEnergyUnsophisticated actorsBasic techniques, poor cyber hygiene risks disruptions.
May 6, 2025Digital REAL ID scams targeting vulnerable groupsPublicSocial engineeringExploiting regulatory changes, targeting immigrants, seniors.
May 1, 2025Chris Krebs at RSA ConferenceCommunity EventN/AStrong community support, reflects leadership in cybersecurity.

Ransomware Attacks on Critical Infrastructure

Mountain View Mushrooms

On May 9, 2025, Mountain View Mushrooms, the largest mushroom supplier in the US since 2003, was targeted by the rhysida ransomware group, as reported in an X post by @TweetThreatNews (Mountain View Mushrooms Ransomware). This attack poses a significant threat to the agricultural sector, where disruptions can ripple through the food supply chain, affecting availability and prices.

Implications: The attack could lead to operational downtime, financial losses, and compromised data, with broader impacts on food security. The agricultural sector’s increasing reliance on interconnected systems amplifies these risks.

Recommendations:

  • Deploy endpoint detection and response (EDR) solutions to detect and mitigate ransomware.
  • Conduct regular backups and test recovery processes to ensure business continuity.
  • Perform penetration testing to identify and remediate vulnerabilities in critical systems.
Hennessy Funds

Also on May 9, 2025, Hennessy Funds, a US-based investment management firm, fell victim to a ransomware attack by the LockBit3 group, as noted in an X post by @TweetThreatNews (Hennessy Funds Ransomware). The potential compromise of sensitive financial data could lead to significant financial losses, regulatory scrutiny, and erosion of client trust.

Implications: Financial institutions are prime targets for ransomware due to their data-rich environments. A breach could result in reputational damage and compliance violations under regulations like GDPR or SEC guidelines.

Recommendations:

  • Implement multi-factor authentication (MFA) to secure access to sensitive systems.
  • Enhance security monitoring with security information and event management (SIEM) tools.
  • Develop and test incident response plans to minimize the impact of ransomware attacks.

CISA Warning on Oil and Gas Infrastructure

On May 7, 2025, CISA, alongside the FBI, EPA, and DOE, issued a critical advisory about hackers targeting US oil and natural gas infrastructure, as reported by BleepingComputer (CISA Warning). The advisory highlighted that unsophisticated actors, likely hacktivists, are using basic intrusion techniques to compromise industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. However, poor cyber hygiene in operational technology (OT) environments could lead to significant consequences, including operational disruptions and physical damage.

Implications: The energy sector’s reliance on legacy OT systems, often exposed to the internet, creates significant vulnerabilities.

Recommendations:

  • Disconnect OT systems from the public internet to reduce attack surfaces.
  • Segment OT and IT networks to limit the spread of attacks.
  • Conduct threat hunting to detect unauthorized access in OT environments.

Digital REAL ID Scams

On May 6, 2025, a surge in digital REAL ID scams was reported, targeting vulnerable groups like immigrants and seniors, as noted by AARP (REAL ID Scams). These scams exploit the May 7, 2025, REAL ID enforcement deadline, using phishing emails and fake websites to steal personal information.

Implications: These scams could lead to identity theft, financial fraud, and increased distrust in digital systems. Vulnerable populations are particularly at risk, necessitating targeted awareness campaigns.

Recommendations:

  • Use only official government websites for REAL ID applications.
  • Implement MFA for all user accounts to mitigate phishing risks.
  • Conduct security awareness training to educate users on recognizing phishing attempts.

Leadership in Cybersecurity: Chris Krebs at RSA Conference

On May 1, 2025, former CISA Director Chris Krebs spoke at the RSA Conference, receiving strong support from the cybersecurity community, as reported by SC Media (Chris Krebs at RSA). Despite facing a politically motivated Justice Department investigation, Krebs’ leadership, particularly in securing the 2020 election, continues to inspire the field.

Implications: Krebs’ appearance highlights the importance of experienced leadership in addressing complex cyber threats. Industry events like RSA foster collaboration and innovation, essential for advancing cybersecurity.

Recommendations:

  • Leverage industry conferences for knowledge sharing and adopting best practices.
  • Facilitate Purple Team workshops to enhance security through integrated efforts.
  • Support cybersecurity leaders to maintain trust and resilience in the community.
  • Ransomware Landscape: The attacks on Mountain View Mushrooms and Hennessy Funds align with trends noted in Kaspersky’s 2025 ransomware report, which highlights the dominance of ransomware-as-a-service (RaaS) models (Kaspersky Report). Groups like rhysida and LockBit3 are known for their agility and focus on data exfiltration.
  • Critical Infrastructure Threats: The CISA warning reflects broader concerns about supply chain vulnerabilities, as noted in the World Economic Forum’s 2025 Cybersecurity Outlook (Cyber Threats 2025).
  • Social Engineering: The rise in REAL ID scams mirrors tactics seen in advanced persistent threats (APTs), exploiting regulatory changes to target unsuspecting users.

Actionable Insights

  • Ransomware Mitigation: Deploy EDR solutions, conduct regular backups, and simulate ransomware scenarios to test incident response plans.
  • Critical Infrastructure Protection: Segment OT and IT networks, air-gap critical systems, and conduct threat hunting to detect unauthorized access.
  • User Awareness: Implement MFA, conduct phishing simulations, and provide training to mitigate social engineering risks.
  • Leadership Engagement: Leverage industry events for knowledge sharing, fostering Purple Team collaborations to enhance security postures.

Cyber Threats to Watch in 2025

CISA Warns of Hackers Targeting Critical Oil Infrastructure

Unsophisticated Hackers Targeting Oil and Gas Industries

Cyberattacks Against Critical Oil and Gas Infrastructure

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations

Cyber Agency Warns Oil and Gas Sector Targeted by Hackers

CISA Warns of Hackers Attacking ICS/SCADA Systems

CISA Warns of Cyberattacks Targeting US Oil and Gas Infrastructure

Warning Over Cyber-Threat to Oil and Gas by Unsophisticated Attackers

Cybersecurity Experts Warn Digital REAL ID Scams

Mountain View Mushrooms Ransomware Attack X Post

Hennessy Funds Ransomware Attack X Post

Chris Krebs at RSA Conference X Post

Kaspersky Ransomware Report for 2025