Your Quarterly Cybersecurity Intelligence Briefing from Onecom Partners
Welcome to the December edition of CyberScope, your go-to quarterly update on the ever-evolving cybersecurity landscape. Designed for our Partner Channel, this blog delivers the latest news, trends and insights, plus a practical starting point for your customers.
In the News: Breaches, Phishing & the Dark Web
Update on JLR and M&S
Cyberattacks continue to dominate headlines, and the financial and operational fallout is staggering. Jaguar Land Rover’s ransomware incident earlier this year didn’t just disrupt production, it pushed UK car manufacturing to its lowest September output in 70 years. Analysts estimate the cost to the UK economy at nearly £2 billion, with thousands of suppliers feeling the pinch.
Marks & Spencer faced its own crisis, reporting a 99% drop in statutory profit before tax, from £391.9 million to just £3.4 million for the first half of the year. The attack disrupted systems and cost the retailer £136 million, only partially offset by insurance.
Asahi Group ransomware & data exposure
It’s not just UK brands under fire. Japanese beverage giant Asahi confirmed a breach exposing personal data of over 1.5 million customers and thousands of employees. The attack crippled logistics and order systems, with recovery expected to take months.
Quantas 5.7 milling customers detail leaked on the Dark Web
In October, a major data breach surfaced when nearly 5.7 million Qantas customer records appeared for sale on the Dark Web, linked to a ransomware campaign targeting Salesforce systems used by the airline. The stolen information included names, frequent flyer numbers, email addresses, and for some individuals, phone numbers, postal addresses, and birth dates.
This trove of personal data remains a goldmine for cybercriminals. Social engineering tactics combined with exposed PII enable attackers to orchestrate convincing phishing, scam calls, identity theft, and account takeover attacks, posing a serious threat to both customer trust and corporate reputation
London councils hit by cyber incident
On November 24–25, Kensington & Chelsea, Westminster, and Hammersmith & Fulham councils experienced disruptions to IT systems and phone services due to a shared cyber-attack.
These stories underscore a harsh reality: cybercrime isn’t slowing down, and its ripple effects reach far beyond IT departments.
CyberProtect gets a powerful new feature: ID Guard
To combat the threat that impersonation attacks such as phishing and smishing pose to a company’s brand, revenue, and reputation, a powerful new feature has been added to the CyberProtect portfolio. ID Guard alerts businesses in real time whenever a new domain is registered that closely resembles a customer’s legitimate business domain, enabling them to take action and prevent cybercriminals from exploiting their customers and other stakeholders.
Phishing and Smishing: What They Are and Why They Matter
Phishing is the practice of sending fraudulent emails that mimic trusted brands to trick recipients into revealing sensitive information or installing malware. Smishing uses the same tactic via SMS messages. Both can lead to account takeovers, financial fraud, and reputational damage.
Attackers are getting creative. Microsoft recently faced a homograph attack using the fake domain “rnicrosoft.com”, where “r” and “n” together look like “m.” This subtle trick fooled users into entering credentials on a malicious site. Typosquatting attacks follow a similar pattern, registering domains that look almost identical to legitimate ones to intercept payments or steal data.
Cyber Threat Trends
Small Businesses: The Silent Targets
Many SMEs believe they’re too small to attract hackers. The truth? Forty-three percent of cyberattacks target small businesses. Why? They’re easier to breach, often lacking robust defences. The average cost of an attack for a UK SME is £11,000, and 60% never recover. With the UK ranking as the second most targeted country globally, the risk is real and growing.
Hackers are evolving faster than SMEs can keep up. While attackers deploy AI-driven phishing and ransomware, many small businesses still rely on outdated security measures. This gap is exactly what criminals exploit.
Earlier this year KNP - a Northamptonshire transport company, that had operated for 158 years went out of business, putting 700 people out of work. The hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems.
The company said its IT complied with industry standards and it had taken out insurance against cyber-attack, however simply getting access to a single employee’s credentials was enough to take down the whole business.
Ransomware on the rise
Ransomware attacks have surged by 70% compared to last year. These attacks encrypt critical data and demand payment for its release, often bringing entire operations to a standstill.
Credential theft
Credential theft remains the most common entry point for hackers. Over 24 billion usernames and passwords are available for purchase on the Dark Web today. As the saying goes: “Hackers don’t break in, they log in.”
Examples from the last 2 months ago in the UK include:
Capita PLC/CPSL – 6.6 million UK individuals affected (Oct 2025).
Kido Nurseries – ~8,000 children’s and families’ sensitive data compromised (Oct 2025).
London Women’s Clinic – Patient data impacted in Qilin ransomware breach (acknowledged Nov 2025).
Partner Advice: Where to Begin
Your customers know cybersecurity matters, but many don’t know where to start. Here’s how you can guide them:
- Begin with Dark Web monitoring and domain impersonation protection. CyberProtect now includes ID Guard, which alerts businesses in real time when criminals register domains that mimic their brand. You can give your customers up to 30 days to trial the service.
- Educate users. Most breaches start with human error. Training is essential.
- Implement multi-factor authentication (MFA). Leaked credentials are harder to exploit when Multi Factor Authentication is in place.
- Conduct regular security assessments to identify vulnerabilities before attackers do.
CyberProtect - Dark Web Monitoring & ID Guard: Your Customers’ First Line of Defence
Dark Web monitoring scans the Dark Web for leaked credentials and sensitive data, while ID Guard monitors for suspicious domain registrations that could signal phishing or impersonation attempts. Together, they provide:
- 24/7/365 Real-time alerts
- Early breach detection
- Protection against credential and identity theft
- Commercial value for partners
It’s a simple, scalable solution you can upsell or cross-sell to your customers, helping them stay secure while growing your revenue.
Get Started Today
Contact your Partner Business Manager or email hello@onecompartners.co.uk to learn more about CyberProtect and ID Guard.
.png)
