Quarterly Threat Report: Q3 2025 Round Up

Cybercriminals are evolving their tactics, attacks are no longer limited to data theft. Hackers now aim to disrupt operations, manipulate staff using AI, and exploit trusted platforms such as CRM systems and development tools.

Major cyber incidents

1. Jaguar Land Rover (UK) – Production shutdown

What happened: Hackers exploited JLR’s internal systems using stolen credentials from a project management tool (Jira), gaining access to sensitive systems controlling manufacturing and electric vehicle charging.

The attack began on Sunday 31 August as the latest batch of new registration plates became available on Monday 1 September. The attack was detected while it was happening. The company shut down its IT systems to reduce damage.

Impact:

• Production halted at Solihull, Halewood and Gaydon sites
• 33,000 employees sent home
• Estimated losses: £50 million per week
• Disruption coincided with a key sales period (“New Plate Day”)
• Global operations affected, including facilities in China, Slovakia, India, and Brazil
• Supply chain disruption impacting over 200,000 workers

Why it matters: This attack underscores the vulnerability of large manufacturers to operational disruption from compromised credentials. The extended shutdown highlights the critical need for robust cyber security measures in the automotive industry.

Who was behind it: A hybrid group using tactics associated with Scattered Spider, LAPSUS$, and ShinyHunters.

2. Co-op Loyalty Breach (UK)

What happened: A third-party supplier responsible for managing Co-op’s loyalty program was compromised. Hackers accessed systems containing personal details of 6.5 million customers, including names, contact information, and purchase history. The breach occurred because of weaknesses in the supplier’s security, not Co-op’s own systems.

Impact:

• Customer trust was significantly undermined, potentially affecting brand reputation and loyalty program participation.
• Increased risk of phishing and fraud campaigns targeting customers using the stolen data.
• Potential regulatory scrutiny and fines under UK data protection laws (e.g., GDPR).

Why it matters: This incident demonstrates that even companies with strong internal security can face exposure through their suppliers. It shows the need for careful cyber security checks of third-party vendors. This includes regular audits, breach response clauses in contracts, and ongoing monitoring. Businesses must treat their entire partner ecosystem as part of their cyber risk strategy.

3. Salesforce Supply Chain Attack (Global)

What happened: Hackers stole login details and tokens from popular CRM and marketing platforms including Salesforce, Mailchimp, and HubSpot. These platforms are used by big global brands like Google, Cisco, and Pandora, giving attackers access to sensitive customer data and communication tools.

Impact:

• Over 5 million customer records exposed globally.
• Phishing emails sent from trusted platforms, increasing the success rate of scams.
• Risk of brand impersonation and financial fraud affecting both customers and employees.
• Disruption to marketing campaigns and customer engagement activities.

Why it matters: CRM and marketing platforms are central to modern business operations. If compromised, attackers can impersonate your brand, damage customer trust, and bypass internal security. Businesses need to protect their internal systems and the cloud platforms they use. This includes setting strong access controls and watching for unusual activity.

4. Arup Deepfake Scam (UK)

What happened: Attackers used AI-generated deepfake video calls to impersonate senior executives at Arup. The visuals and voice were realistic enough to convince employees to authorise a £25 million transfer.

Impact:

• Major financial loss with immediate operational consequences.
• Erosion of trust between staff and leadership.
• Increased scrutiny of internal approval processes and financial controls.

Why it matters: AI-driven impersonation is a growing threat. Traditional security tools won’t detect these scams. Businesses must implement robust verification protocols for financial transactions, such as multi-person approvals, voice authentication and validation of unusual requests.

5. HCRG Care Group (UK) – Healthcare data leak

What happened: A ransomware group infiltrated HCRG Care Group’s IT systems, encrypted files, and demanded a £2 million ransom. Sensitive patient data, including medical records, was leaked online when the ransom wasn’t paid.

Impact:

• Serious data privacy concerns for patients and regulators.
• Reputational damage, potentially affecting patient trust and future contracts.
• Operational disruption due to system outages and recovery efforts.

Why it matters: Healthcare providers are high-value targets due to the sensitivity of their data and the urgency of their services. This incident underscores the need for strong backups, ransomware response plans, and staff training to detect and prevent attacks.

Key trends

• Third-Party risk: Most attacks began with suppliers or external platforms. Vendor security must be treated as an extension of corporate security.
• AI-Driven fraud: Deepfake videos and voice cloning are increasingly used to deceive employees. Verification processes must evolve accordingly.
• Operational disruption: Attacks now target business continuity rather than just data. Manufacturing, logistics, and retail remain particularly vulnerable.
• Credential theft: Simple login credentials remain a primary attack vector. Multi-factor authentication and strong password hygiene are critical.

Recommendations for businesses

Review supplier security

• Assess vendor cyber security practices
• Include breach response clauses in contracts

Strengthen staff awareness

• Train teams to identify phishing and deepfake scams
• Encourage reporting of suspicious activity

Improve access controls

• Implement multi-factor authentication across all systems
• Restrict access to sensitive tools and data

Segment critical systems

• Separate production systems from office networks
• Monitor operational tech for unusual activity

Prepare for disruption

• Develop a business continuity plan that includes cyber scenarios
• Regularly test recovery processes

Act now to protect your organisation

The cyber threat landscape in Q3 2025 has taught us a key lesson. Businesses and public organisations should not wait to respond. They need to be proactive. From supply chain compromises to AI-driven fraud, attacks are growing in sophistication and potential impact. A multi-layered approach combining technology, people and processes is essential.

Now is the time to future-proof your organisation’s cybersecurity posture. Our Managed Cyber Security services provide 24/7 protection, proactive threat detection, and expert guidance tailored to your specific needs.

We also offer free consultations to help you identify vulnerabilities, prioritise improvements, and align your security strategy with business objectives. Take the first step in safeguarding your operations, contact us today to schedule your free consultation.