- CYBERDEFENSE.NET
- Posts
- IS CYBERSECURITY BECOMING OBSOLETE ?
IS CYBERSECURITY BECOMING OBSOLETE ?
In this digital battlefield, where every line of code is a fortification and every decision a combat post, we only have one rule: the best defense is a good offense.
Johnny Rico
October 02, 2025
In partnership with
π€ Dear internet users and fellow Cyberdefenders,
The cybersecurity landscape is evolving at a dizzying pace, and the past week demonstrated that with brutal clarity. Forget abstract threats and movie scenarios, because cyber-warfare is now an operational reality that's paralyzing critical infrastructure and redefining the economic models of organized crime. This special edition of our newsletter dives into the heart of this shift. We've witnessed, powerless, the chaos that struck European airports, a result of a ransomware attack that reminds us of the vulnerability of our hyper-connected world. Meanwhile, Europe is fighting for its digital independence against American technological dominance, a battle that is far from won but is gaining in intensity.
In this new era, innovation becomes our best weapon. Deepfakes, once a sci-fi gadget, are now an increasingly sophisticated attack vector, ensnaring companies with social engineering. But the counter-offensive is organizing: companies like Dragos are strengthening our defense arsenal with AI-powered platforms to thwart threats to industrial control systems. It's a race against time, where every second counts.
We will analyze the trends in the RaaS (Ransomware-as-a-Service) market, which is seeing its payments drop but its attacks multiply, forcing cybercriminals to rethink their business model. Get ready to discover avant-garde defense tactics, key facts about new forms of cybercrime, and the startups that are building the future of European digital sovereignty. The time for simple monitoring is over; it's time1 for action. Stay connected, because the stakes have never been higher.
Highlights :
π European air chaos: When check-in becomes a cyber war zone βοΈ
π The heist of the century: Is the RaaS model collapsing? π°
π AI vs. AI: The deepfake arms race has begun π€
π Are Europeans prisoners of American tech? π½
π Dragos strikes with an AI for industrial security to avert disaster π
If this letter was forwarded to you, subscribe by clicking this link
ποΈβ Guess what ?
ENISA confirms that a ransomware attack paralyzed several European airports, including London, Berlin, and Brussels. The incident affected Collins Aerospace's check-in software, forcing employees to revert to manual operations. Flight delays and cancellations occurred, highlighting the fragility of critical infrastructure in the face of such threats.
The RaaS (Ransomware-as-a-Service) market is in full transition. According to a Chainalysis analysis, ransom payments dropped by 35% in 2024, even as the number of incidents continued to increase. Attackers are now focusing on data exfiltration and leak threats to pressure their victims.
A Gartner survey reveals that nearly two-thirds of companies (62%) were targeted by a deepfake attack in the past year. These attacks combine social engineering and AI technology to impersonate executives and manipulate employees into making fraudulent financial transfers.
A study shows that 74% of European companies still depend on American tech providers, exposing themselves to major legal and geopolitical risks. This dependence is a threat to the EU's digital sovereignty, putting it in direct conflict with laws like the CLOUD Act.
Dragos launched its new Platform 3.0, integrating AI to strengthen the defense of industrial control systems (OT). The solution centralizes threat and vulnerability alerts, offering "industrial defenders" concrete, prioritized recommendations to act faster against threats that cost the sector billions.
Free, private email that puts your privacy first
A private inbox doesnβt have to come with a price tagβor a catch. Proton Mailβs free plan gives you the privacy and security you expect, without selling your data or showing you ads.
Built by scientists and privacy advocates, Proton Mail uses end-to-end encryption to keep your conversations secure. No scanning. No targeting. No creepy promotions.
With Proton, youβre not the product β youβre in control.
Start for free. Upgrade anytime. Stay private always.
π€β Would you like to know more?
1οΈβ£β European Air Chaos: When Check-in Becomes a Cyber War Zone
Summary : The European Union Agency for Cybersecurity (ENISA) formally confirmed that a ransomware attack paralyzed operations at several major airports in Europe, including London Heathrow and Berlin Brandenburg. The attack targeted the ARINC SelfServ cMUSE software from Collins Aerospace, a subsidiary of RTX, which manages passenger and baggage processing. The impact was immediate and tangible, forcing airports to resort to manual procedures and leading to delays and cancellations.
Details :
Key Airport Systems Paralyzed : The attack caused major disruptions at airports, affecting check-in and baggage drop services. Although the culprits remain unknown, ENISA confirmed the incident was a ransomware attack.
Strategic Target Raises Questions : The fact that the attack hit a subsidiary of RTX, a major defense industry player, is particularly significant. This suggests that attackers might be indirectly targeting larger military-linked entities by exploiting vulnerabilities in their suppliers.
Lack of Transparency Hinders Response : Despite crucial coordination between airports and airlines, the official communications from both ENISA and the airports have been unclear. This lack of transparency and slow information sharing could complicate the work of investigators and recovery teams.
Ransomware as a Complex Crisis : The ongoing uncertainty surrounding a full resolution reinforces that a ransomware attack is more than just a technical issue. It's a complex crisis that requires transparent communication and robust coordination to manage the chaos it creates.
What should be remembered ?
The ransomware attack on Collins Aerospace is a perfect case study to demonstrate the fragility of digital supply chains. A single weak link can create large-scale chaos, affecting thousands of people and disrupting the economy. Cybersecurity professionals must now focus not only on protecting their own perimeter but also on assessing the risks associated with their suppliers and partners. The entire aviation and critical infrastructure sector must rethink its defense strategy.
βββββββββββββββββββββββββ
2οΈβ£ The Heist of the Century: Is the RaaS Model Collapsing?
Summary : The economic model of Ransomware-as-a-Service (RaaS), once an easy revenue stream for cybercriminals, is faltering. A report by Chainalysis reveals that ransom payments dropped by 35% in 2024, to about $813 million, despite an increase in the number of reported incidents. This paradoxical trend is explained by a combination of factors: better company resilience, the increasing effectiveness of law enforcement operations, and the evolution of attacker tactics, who are now focusing on data exfiltration.
Details :
Ransom Payments are Declining : Ransom payments are decreasing because companies are better prepared with off-site and immutable backups. Additionally, cyber insurance companies are now requiring stricter security measures and may not cover ransom demands.
Cybercriminals are Adapting : Ransomware-as-a-Service (RaaS) groups have shifted their focus from data encryption to exfiltration. They use the threat of leaking sensitive data as a powerful new form of blackmail, regardless of whether a ransom is paid.
Law Enforcement Efforts : Coordinated global law enforcement operations have significantly disrupted major ransomware groups like LockBit and ALPHV/BlackCat. These actions, combined with crackdowns on money laundering, have made the RaaS business model less reliable and much riskier for attackers.
The Ongoing Challenge for Companies : Despite the decline in payments, the risk of attack is not going away; on the contrary, attacks are becoming more frequent. Victims now face the dual threat of both data encryption and the public exposure of sensitive information.
Adapting Security Strategies : ISOs must update their strategies to focus on verifying backups and proactively monitoring for new threats. It's also critical to review insurance policies to ensure they cover the risks associated with data exfiltration.
What should be remembered?
The drop in ransom payments does not mark the end of RaaS, but its transformation. Threat actors are agile and adapt quickly to new market realities. The shift towards data exfiltration as the main leverage for blackmail proves that cybercrime remains a resilient economy. For cybersecurity professionals, it is crucial to understand this dynamic to anticipate the next waves of attacks and ensure their defenses are still relevant.
ββββββββββββββββββββββ
3οΈβ£β AI vs. AI: The Deepfake Arms Race Has Begun
Summary : According to a Gartner survey, 62% of companies have been the target of deepfake attacks in the last 12 months. These attacks are not bad jokes, but sophisticated social engineering operations where cybercriminals use AI-generated voices or faces to impersonate company executives. The goal is simple: to trick employees into transferring funds or disclosing confidential information.
Details:
AI-Powered Social Engineering Threats : Cybercriminals are now using AI and deepfakes to impersonate senior executives during video or audio calls. This technique exploits employees' trust to trick them into transferring large sums of money, bypassing traditional technical defenses.
Organizational Countermeasures : To combat this threat, it's essential to strengthen employee training on the risks of deepfakes and simulate attacks to prepare them. Companies should also review their payment approval processes and add a layer of multi-factor authentication (MFA) for validation.
Attacks on Generative AI : Another growing threat is prompt injection, which manipulates large language models to generate malicious or biased results. Although less frequent, these attacks can have serious consequences and should not be overlooked by organizations.
AI-Powered Detection Solutions : Cybersecurity providers are already integrating deepfake detection capabilities directly into collaboration tools like Microsoft Teams and Zoom. These emerging technologies could become essential for identifying and blocking attacks in real time.
Risk Assessment : According to a Gartner study, deepfakes are not yet the top threat for companies, but the risk is not negligible, with 5% of organizations reporting a major incident. Leaders must therefore focus their efforts on managing access to AI tools and raising awareness among their teams.
What should be remembered ?
Deepfakes are no longer a marginal phenomenon but a formidable weapon for cybercriminals. They transform social engineering into a much more credible and difficult-to-counter threat. The cybersecurity sector's response must be twofold: combine AI-based technical detection solutions with rigorous human training. The arms race between deepfake creators and detectors has begun, and the future of corporate security will depend on the speed of our adaptation.
ββββββββββββββββββββ-
4οΈβ£β Europe Under Tutelage: Are We Prisoners of American Tech?
Summary : A recent study reveals that 74% of European companies depend on U.S.-based tech providers, creating a strategic vulnerability to U.S. regulations like the CLOUD Act. This dependence, far from being a simple business choice, exposes European companies to risks of sanctions, trade wars, and mass surveillance. While the EU is strengthening its legislation with texts like GDPR, NIS2, and the Cyber Resilience Act, digital sovereignty is becoming a strategic imperative for Europe. European companies face a dilemma: continue to rely on American solutions at the risk of complying with foreign laws, or turn to European alternatives to gain independence.
Details:
Risks of Relying on U.S. Technology: Relying on U.S. technology brings significant risks, such as the CLOUD Act, which can force American authorities to access data stored in Europe. This directly violates GDPR principles and can leave European companies in a non-compliant state.
Europe's Response: In response, Europe is actively working to build its own resilient and independent digital ecosystem. The continent's cybersecurity market is projected to reach $76 billion by 2025, with major investments in European startups showing a clear desire for alternatives.
European Solutions and Providers: The article highlights ten European companies that provide GDPR-compliant solutions while ensuring data residency within the continent. Companies like Withsecure Elements, Oodrive, Darktrace, and Filigran offer powerful options for businesses looking to move away from American providers.
Advantages of Choosing European: By choosing European solutions, companies benefit from strict EU regulatory compliance and guaranteed data residency. This also ensures technological independence from U.S. political decisions and provides the added value of local expertise and support.
What should be remembered?
Digital sovereignty is not a political slogan but an economic and strategic necessity. Dependence on American technology exposes European companies to unbearable legal and operational risks. The European cybersecurity market now offers credible and competitive alternatives that allow companies to regain control of their data and their future. For CIOs and CTOs, the time is no longer for hesitation but for planning a strategic migration towards European solutions.
5οΈβ£ Dragos Strikes Hard: AI for Industrial Security to Avert Disaster
Summary : Dragos, a leader in industrial control systems (OT) security, has launched its Platform 3.0, a major innovation for "industrial defenders." This new version integrates artificial intelligence to accelerate the analysis of threats and vulnerabilities, offering a unified and prioritized view of risks. Faced with increasingly sophisticated and rapid cyber threats that could cost up to $172 billion in business interruption, the new Dragos platform allows security teams to move from detection to action with increased confidence and speed.
Details:
Insights Hub : The heart of the platform, this feature uses AI to prioritize all alerts into a single, risk-based dashboard. It provides clear, actionable recommendations from Dragos experts, helping operators know exactly where and how to act to reduce alert fatigue.
Accelerated Vulnerability Analysis : Dragos Platform 3.0 uses AI models to significantly speed up vulnerability analysis, delivering faster and more accurate results. Its "Now, Next, Never" methodology helps security teams focus on immediate risks instead of wasting time on irrelevant alerts.
Flexible Deployment Options : To serve smaller industrial sites, Dragos has introduced new, more compact hardware options and a combination of sensors and storage. This allows companies to extend their operational technology (OT) visibility to isolated or intermittently connected environments that were previously difficult to secure.
Simplified Management and Integration : The new platform simplifies operations with centralized sensor configurations and seamless integration with OT and IT security systems. This ensures that security teams can work more efficiently without needing to manage multiple disconnected tools.
Managed Service: OT Watch Complete : For organizations lacking internal resources, Dragos offers this fully managed service for 24/7 monitoring, proactive threat hunting, and incident management. It helps companies quickly strengthen their defenses and get value from their investment without having to build a dedicated team.
What should be remembered?
The new Dragos platform is a giant leap for industrial security. By integrating AI to accelerate and contextualize threat analysis, the company enables OT defenders to become more effective. The financial risk of industrial cyberattacks is colossal, and solutions that allow for rapid action have become indispensable. This innovation demonstrates that technology, when used well, can transform our ability to protect the most critical infrastructure of our civilization.
βοΈβ Digital Combat Ops
Due to the constant evolution of cyber threats, selling cybersecurity services has become a crucial activity for many businesses. To master this commercial challenge, here is a summary of the key points from the video "How to Sell Cyber Security Services (The Right Way)," presented by the Growth Generator channel and hosted by expert Harrison Baron.
In this video, cybersecurity expert Harrison Baron explains how to sell cybersecurity services the right way. He covers sales preparation, positioning your offer, and techniques for closing more deals. This is essential content for MSPs (managed service providers) and companies that want to get up to speed on this crucial activity for their growth.
CYBERTRIVIA - DID YOU KNOW ? π€
Sure, here's another cybersecurity trivia fact:
Did you know that the most expensive computer virus in history is believed to be MyDoom?
Discovered in 2004, this malicious program spread via email as an email worm. It replicated itself by sending copies to email addresses found on infected computers. MyDoom's primary function was to open a backdoor on the compromised machine, which was then used to launch a distributed denial-of-service (DDoS) attack against certain websites. While its exact creator remains a mystery, the virus caused an estimated $38.5 billion in damages globally by slowing down internet traffic and affecting major corporations and search engines. It became the fastest-spreading email worm ever, and its impact highlighted the need for more robust cybersecurity measures.
In your opinion, what is the main reason for the drop in ransom payments in 2024 ? |
ποΈ Let me know if you need further adjustments !
Don't miss any crucial cybersecurity news! Subscribe now to our newsletter to receive in-depth analysis, expert advice, and stay informed about the latest threats and solutions to protect your business. 'This is for all the newcomers: I have only one rule. Everyone fights. No one quits.
1