UK NCSC Unveils New Resilience Initiatives

Each week, Information Security Media Group compiles notable cybersecurity incidents and breaches from around the globe. This week, significant updates include the UK’s cyber agency announcing new resilience initiatives, an ongoing investigation into the Iberian blackout, conflicting cybersecurity advisories from India and Pakistan, legal action against Delta Airlines due to a CrowdStrike outage, and targeted attacks using the Mirai botnet.

See Also: Top 10 Technical Predictions for 2025

Recently, the National Cyber Security Centre (NCSC) of the United Kingdom launched two new initiatives aimed at bolstering the resilience of critical infrastructure. Announced during the CyberUK conference, the Cyber Resilience Test Facilities will provide technology vendors a platform to assess and enhance their products’ resilience against cyber threats. The NCSC will also introduce Cyber Adversary Simulation, which establishes an accreditation process for enterprises to streamline cyber resilience testing.

The NCSC plans to create several centers where low-technology vendors can perform independent audits of their IT infrastructures. This initiative will also incorporate a novel assurance methodology, diverging from existing regulatory standards. Jonathon Ellison, the NCSC’s director for national resilience, emphasized that simulated cyberattacks will empower critical infrastructure to better defend against evolving threats.

Researchers from Akamai, Arctic Wolf, and Huntress reported that hackers are taking advantage of end-of-life vulnerabilities in GeoVision IoT devices and Samsung’s MagicINFO server to expand the Mirai botnet. In April 2025, attacks became prevalent, exploiting two OS command injection vulnerabilities to deploy an ARM variant of Mirai known as LZRD. These attacks leverage the /DateSetting.cgi endpoint for command injection.

Additionally, researchers highlighted the ongoing exploitation of CVE-2024-7399 in Samsung MagicINFO 9 Server, which allows attackers to execute arbitrary code by manipulating crafted JSP files. Although Samsung patched the vulnerability in August 2024, subsequent investigations have revealed ongoing exposure in the latest version. The U.S. Cybersecurity and Infrastructure Security Agency has added the GeoVision vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating remediation or decommissioning by May 28.

Following a significant power outage on April 28 that impacted Spain and Portugal, grid operators have ruled out cyberattacks as a cause. The blackout, which left numerous essential services disrupted for up to 24 hours, has been attributed to unexpected energy losses and grid instability. A spokesperson for Spain’s Red Eléctrica confirmed that there were no intrusions in control systems contributing to the event. However, political leaders have remained aware of the cyber threat potential, with Spanish Prime Minister Pedro Sánchez not dismissing the prospect entirely.

Despite assertions from grid operators, speculation persisted as hacktivists such as Dark Storm Team claimed responsibility for power disruptions in NATO countries, a claim that experts view with skepticism. The situation prompted Spain’s high court to open an investigation into the outage.

Heightened tensions between India and Pakistan have led to conflicting cybersecurity advisories from both nations. Following military strikes against Pakistan attributed to terrorist activities linked to Lashkar-e-Taiba, the Indian stock exchange issued warnings advising firms to bolster their cyber defenses against potential high-impact attacks including ransomware and DDoS attacks. In response, Pakistan’s National Cyber Emergency Response Team published a high-priority advisory urging vigilance against sophisticated cyberattacks targeting critical infrastructure.

The historical context of conflict between these countries underscores the urgency of cybersecurity preparedness, particularly concerning potential attacks stemming from geopolitical tensions.

A proposed class action lawsuit against Delta Airlines, stemming from widespread cancellations and delays caused by a cybersecurity incident involving CrowdStrike, has progressed following a court ruling. Approximately 7,000 flights were affected due to an erroneous update from CrowdStrike, resulting in an estimated $500 million in lost revenue. A federal judge ruled that five plaintiffs could pursue breach of contract claims under the Montreal Convention, an international treaty governing airline liability.

In a counter-response, Delta is suing CrowdStrike, alleging that the cybersecurity firm inadvertently introduced vulnerabilities into Delta’s systems through the problematic update. Legal actions in this case highlight the intricate relationship between operational integrity and cybersecurity risks in the aviation industry.

A newly discovered smishing toolkit named “Panda Shop” developed by a China-based cybercriminal group is enabling widespread phishing attacks through iMessage. The kit allows attackers to impersonate delivery services like the USPS and Royal Mail, tricking victims into disclosing sensitive information via malicious links. By exploiting compromised Apple iCloud accounts, this group disseminates fraudulent notifications that mislead users into entering personal data on counterfeit sites. Researchers identified vulnerabilities within the toolkit, revealing data from over 108,000 individuals.

Other Stories from Last Week

This report incorporates insights from Information Security Media Group’s Akshaya Asokan in Manchester and David Perera in Northern Virginia.