AWS Outage Sparks Cyber Insurance Questions
A major Amazon Web Services (AWS) outage recently disrupted apps and services across the globe, stemming from an internal system failure and not a cyberattack. Still, it underscores cloud dependency as a critical cyber risk and highlights the potential for similar vulnerabilities to be exploited by malicious actors. The incident also brings renewed focus to cyber insurance coverage clarity, particularly around non-malicious outages, and reinforces the growing demand for dependent business interruption coverage tied to cloud service failures. Additionally, it emphasizes the importance of evaluating third-party dependencies and mitigating risks associated with single-source suppliers.
Mobile Attacks Surge, AI Threats Escalate
Concerns around mobile security are on the rise, especially as AI-powered threats become more prevalent and sophisticated. Verizon’s 2025 Mobile Security Index reveals that 85% of organizations are experiencing a surge in mobile device attacks, with AI-powered threats like SMS phishing and deepfakes raising serious concerns. Despite the widespread use of generative AI tools on mobile devices, few organizations have implemented targeted defenses. However, most are increasing mobile security budgets. Adopting mobile device management (MDM) solutions, aligning with industry standards and providing continuous phishing awareness training to stay ahead of evolving threats is essential.
Outsourcing Risks Amplified by Sophisticated Attacks
Recent cyberattacks, such as the Jaguar Land Rover breach linked to outsourced IT services, highlight growing risks in third-party cybersecurity. A new cybercriminal alliance, “Scattered Lapsus$ Hunters,” merges tactics from notorious groups like Scattered Spider, Lapsus$ and ShinyHunters, making attacks more complex and harder to detect. To defend against these threats, organizations should implement a layered security strategy that prioritizes user awareness, phishing-resistant multi-factor authentication (MFA), stronger help desk protocols, advanced detection tools, regular security testing and robust recovery planning.
EvilAI Malware Exploits Trust in AI Tools
A global malware campaign known as “EvilAI” is targeting industries including healthcare, manufacturing and government by disguising malicious software as legitimate AI and productivity tools. Fake apps like AppSuite, PDF Editor and TamperedChef use valid digital certificates and mimic real vendor websites to avoid detection. Once installed, they steal sensitive data, maintain encrypted communication with command servers and prepare infected systems for further attacks. Researchers warn that EvilAI is a sophisticated, evolving threat, highlighting the need for vigilant software vetting, endpoint protection and user education in the age of AI.
