Ransomware Hits SMBs Hard, Google OAuth Exploited, Gladinet's Security Flaw, and AI Scraping Issues

[00:00:02] It's Tuesday, April 22nd, 2025, and I'm Dave Sobel. Four things to know today. Ransomware Hits New Heights in SMB-targeted Attacks, Raising the Stakes for Resilience-Focused Security. Google's OAuth Flaw Enables Legit-Looking Phishing, Exposing Platform Accountability Gaps. Gladinets Default Key Blunder Reminds Us Insecure Products Still Ship. And Wikipedia Joins Kaggle to Shape AI Data Access Amid Content Scraping Chaos.

[00:00:30] This is the Business of Tech. The latest annual data breach survey from the UK government reveals a troubling rise in ransomware attacks, with 1% of organizations reporting such incidents affecting an estimated 19,000 entities. This is a significant increase from less than half a percent the previous year. The survey highlights that 7% of businesses that experienced cybercrime were victims of ransomware, compared to under half a percent for charities.

[00:00:58] Furthermore, responsibility for cybersecurity at the board level has declined, with only 27% of businesses having a cyber specialist on their board, down from 38% 40 years ago. The survey also notes that while ransomware incidents have surged, the overall rate of cybercrime has remained stable, with 20% of businesses reporting cyber incidents in the past year. Nation-state actors are increasingly targeting small and medium-sized businesses, or SMBs,

[00:01:28] as they often lack robust cybersecurity measures and may not recognize their critical role in the supply chain. Eric Chen, a cybersecurity fellow at Broadcom's Symantec Threat Hunter team, emphasizes the majority of organizations affected by nation-state attacks are in the private sector, particularly in the middle market. In 2024, 70% of security incidents involving small businesses included ransomware,

[00:01:53] with the overall cost of such attacks rising despite a decline in their frequency, according to cybersecurity firm Sophos. Why do we care? Sophos' data that 70% of small business incidents involve ransomware, yet its frequency is falling, signals better targeting, not less activity. The cost per incident is climbing, putting emphasis on recovery, resilience, and outcome-based security services, not just preventative controls.

[00:02:22] Providers should double down on practical resilience services, backup integrity testing, disaster recovery orchestration, MFA enforcement, and ransomware tabletop simulations, especially for small businesses that lack strategic cyber planning. This is less about chasing the latest threats and more about closing long-standing gaps that attackers are clearly exploiting with precision. This episode is supported by Comet Backup.

[00:02:51] Whether you get hit with ransomware, hardware failure, or human error, there's nothing more heart-stopping than losing business-critical data. Backups are your final stand when a threat penetrates your layers of defense. That's where Comet Backup comes in. Comet is an all-in-one backup solution. Whether you need to protect computers, servers, virtual environments, emails, or databases, Comet Backup empowers you to manage backups on your terms. Visit CometBackup.com to start your free 30-day trial today.

[00:03:20] Get $100 free credit when you sign up with the promo code MSPRADIO. Start running backups in 15 minutes or less. Comet Backup. The backup solution that MSPs trust. Phishers have exploited a vulnerability in Google's OAuth system to execute a sophisticated attack, allowing them to send fraudulent emails that appear to originate from Google.

[00:03:45] This method, known as a DKIM replay phishing attack, enables hackers to bypass security checks, presenting a fake email as a legitimate message from Google while directing recipients to a fraudulent login page. In a noble case, Nick Johnson, lead developer of the Ethereum name service, received a phishing email that mimicked a legitimate security alert from Google. The email passed domain keys identified mail authentication, making it difficult for a user to detect the scam.

[00:04:15] The difference? Just accounts.google.com versus what was used in the scam? The email address is a security expert from EZDMark have detailed the mechanisms behind the attack, emphasizing that the vulnerability lies in how Google verifies messages. Similar tactics have also been employed against other platforms, such as PayPal, where attackers have utilized fraudulent confirmation messages to target users.

[00:04:39] A recently discovered vulnerability in Gladinet's Centrastack file sharing platform has raised alarms within the cybersecurity community. The flaw, identified as CVE-2025-30406, allows remote code execution due to a deserialization issue linked to a hard-coded cryptographic key. Research from Huntress indicates that this vulnerability has already been exploited in at least seven known cases across various organizations.

[00:05:09] The issue, which affects both Centrastack and its on-premises counterpart, TrioFox, stems from the use of default keys that were not altered during deployment, making it easier for attackers to gain control over compromised systems. Huntress discovered 120 Centrastack endpoints among its monitored systems that were vulnerable. TrioFox has not yet been actively targeted. Gladinet has since advised customers to upgrade or manually change their keys to mitigate potential threats.

[00:05:39] And Microsoft has acknowledged a flaw in its Intune device management tool that inadvertently offered Windows 11 upgrades to devices that should have been blocked from receiving the update. The issue, attributed to a latent code error, was detected on April 12th, prompting Microsoft to recommend pausing updates to prevent further complications. In light of the incident, organizations are advised to manually revert any devices that were incorrectly upgraded. This is not an isolated case.

[00:06:06] A similar issue occurred in November of 2024, when users unexpectedly upgraded from Windows Server 2022 to Windows Server 2025 without consent. Why do we care? Well, security awareness training needs updating. Most phishing training assumes bad grammar or unauthenticated domains. These emails are cryptographically legitimate. Only context or real-time sandboxing exposes the fraud.

[00:06:33] And note, Google's failure to close this loophole highlights a growing accountability issue. When major platforms get exploited, it's your customer who pays. Providers must increasingly become the buffer between platform security shortcomings and end-user exposure, which is risk exposure too. Centristack is a textbook case of security-by-default failure. Using hard-coded keys is an old sin, but it still happens. What's worse, exploitation was already underway before disclosure.

[00:07:02] Vendors like Gladinet continue to offload security responsibilities to providers, hoping partners will catch what insecure defaults expose. The incident reinforces a key trust issue. Are your vendors building secure products, or are they relying on you to compensate for design debt? When rare edge cases add up, they define the new baseline of risk. The assumption that vendors will get it right by default is not safe. And MSPs are the last line of accountability when that trust fails.

[00:07:33] Wikipedia has announced a partnership with Kaggle, a Google-owned data science community platform, to create a machine-readable dataset of its content specifically designed for training artificial intelligence models. The initiative comes in response to a significant increase in non-human traffic due to bots scraping the site for AI training, with bandwidth consumption rising by 50% since January of 2024.

[00:07:56] The new dataset will initially focus on English and French, providing stripped-down versions of Wikipedia articles that exclude references and markdown code. As the Wikimedia Foundation seeks to manage costs associated with the surge in traffic, it emphasizes the importance of protecting contributors' rights by adhering to Creative Commons licensing terms. The dataset is expected to enhance accessibility for AI developers while addressing the ongoing challenges of content scraping from the platform.

[00:08:26] And a concerning new trend has emerged where users are employing OpenAI's latest models, O3 and O4 Mini, to conduct reverse location searches from photographs. These AI models have advanced image-analyzing capabilities, allowing them to identify cities, landmarks, and even specific venues based on visual clues. This trend has gained traction on social media platforms, with users sharing expansibles of the models successfully identifying locations from various types of images.

[00:08:54] For instance, one user demonstrated how the model accurately identified a location from a seemingly random photo taken in a library. However, experts warn that this capability poses significant privacy risks, as malicious actors could misuse this technology to uncover personal information. OpenAI has yet to address these potential dangers in its safety reports for the new models. Why do we care? Wikipedia's move is a calculated pivot.

[00:09:21] If AI models are going to ingest your data anyway, better to shape how it happens. It tackles two core issues, runaway scraping costs, and contributor rights under Creative Commons licensing. Expect more structured open data offerings, and be aware of this an offering you too can include. In the webinar I hosted today, Srinivas Krishnaswamy offered ready-to-use schema templates for your website. Link in the show notes and description.

[00:09:48] And those helping clients with AI integration will need to track these new official pipelines. They'll often be more cost-effective and compliant than unstructured scraping. And I included the OpenAI insights to provide perspective on unanticipated safety risks. A recent article from The Guardian discusses the potential negative impact of artificial intelligence on human intelligence, warning that reliance on AI tools could be contributing to a decline in cognitive abilities.

[00:10:18] Research indicates that while generative AI has the potential to improve efficiency, it may also inhibit critical thinking and problem-solving skills, with studies showing a correlation between frequent AI use and lower critical thinking abilities among users, particularly younger individuals. The article highlights findings from a study conducted by Michael Gerlich at SBS Swiss Business School, which found that younger participants who frequently depend on AI tools

[00:10:46] performed worse in critical thinking tasks compared to older adults. Additionally, a report from Microsoft and Carnegie Mellon University noted that while AI improved efficiency for professionals, it has fostered long-term over-reliance, potentially diminishing the ability to solve problems independently. Community colleges are facing a growing crisis as fraudulent students, often referred to as bots, increasingly enroll in online classes to exploit financial aid.

[00:11:14] In 2024, California community colleges reported over $11 million in financial aid fraud, more than double the previous year's losses, with estimates suggesting that 25% of applicants may be bots. As these bots, managed by organized fraud rings, continue to infiltrate the education system, professors are left to navigate a complicated landscape of verifying student identities.

[00:11:39] Elizabeth Smith, a professor at Southwestern College, described the situation as heartbreaking, noting that she ended up with only 15 genuine students out of 104 enrolled in her classes. Administrators are implementing measures to combat this issue, such as the Inauthentic Enrollment Mitigation Task Force at Southwestern, but the rapid evolution of bot technology continues to present challenges. The college is seeking improved protocols from the state to help mitigate the crisis.

[00:12:07] A recent survey by Snowflake and the Enterprise Strategy Group reveals that over half of IT leaders struggle to prioritize artificial intelligence use cases, despite having more ideas than they can fund. The report, which surveyed 1,900 business and IT leaders across nine countries, found that approximately 70% of early adopters face challenges in evaluating potential projects based on objective factors such as costs and business impact. The stakes are high.

[00:12:35] 71% of respondents believe that choosing the wrong use case could harm their company's market position, and nearly 60% feel that advocating for an undesirable project could jeopardize their job security. With the urgency created by recent advancements in AI, organizations are grappling with project delays due to budget constraints and skill shortages, leading to an increase in AI project failure rates.

[00:12:58] Companies like AFLAC and General Mills are prioritizing AI opportunities based on business impact and guaranteed value as they navigate the landscape. Why do we care? Well, the common thread is this. AI is becoming a systematic force, and the systems built to manage people, education, and business outcomes are not yet resilient or adaptive enough to handle it. Providers must evolve from implementers to interpreters, helping clients decode when,

[00:13:24] how and why AI adds value and where it threatens to erode it. This episode is supported by Flexpoint. Managing cash flow can be tough for managed service providers. Flexpoint's working capital solution is designed to bridge the gap between invoicing and payment, giving providers access to funds when they need them. With quick approvals and flexible terms, it helps cover expenses, invested growth, maintain financial stability.

[00:13:53] Keep your operations running smoothly with Flexpoint. Visit getflexpoint.com slash MSP dash radio to learn more. Select Heard It on the Business of Tech or MSP Radio. You'll get 10% off. Thanks for listening. Today is National IT Service Provider Day. The only one I need to talk about, unless you want to celebrate with National Jelly Bean Day.

[00:14:20] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash MSP Radio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech.

[00:14:49] Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video, to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage.

[00:15:17] Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.