--- title: "Car Cameras Hackable, UK Water Breach, Thailand Frees Captives | DMARC Report" description: "Black Hat Asia 2025 demos a drivethru attack on car dash cams, UK" image: "https://dmarcreport.com/og/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives.png" canonical: "https://dmarcreport.com/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives/" --- Quick Answer A drivethru attack disclosed at Black Hat Asia 2025 lets attackers hijack a parked car's dash cam through SSID exposure, exposing GPS, audio, video, and a path to manipulate vehicle systems. UK utility Southern Water reported $5.7 million in costs from a year-earlier Black Basta ransomware attack that affected up to 10 percent of its 2.7 million customers, with leaked chats hinting at a $750,000 payment against an initial $3.5 million demand. Thai police cut fuel and power to Myanmar-border scam compounds run by Chinese criminal gangs and expect about 7,000 of an estimated 100,000 trafficked workers to be released. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fcar-cameras-hackable-uk-water-breach-thailand-frees-captives%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Car%20Cameras%20Hackable%2C%20UK%20Water%20Breach%2C%20Thailand%20Frees%20Captives&url=undefined%2Fblog%2Fcar-cameras-hackable-uk-water-breach-thailand-frees-captives%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fcar-cameras-hackable-uk-water-breach-thailand-frees-captives%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fcar-cameras-hackable-uk-water-breach-thailand-frees-captives%2F&title=Car%20Cameras%20Hackable%2C%20UK%20Water%20Breach%2C%20Thailand%20Frees%20Captives "Share on Reddit") [ ](mailto:?subject=Car%20Cameras%20Hackable%2C%20UK%20Water%20Breach%2C%20Thailand%20Frees%20Captives&body=Check out this article: undefined%2Fblog%2Fcar-cameras-hackable-uk-water-breach-thailand-frees-captives%2F "Share via Email") ![Car Cameras Hackable, UK Water Breach, Thailand Frees Captives](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) ![Dmarc check 4681 150x150](https://media.mailhop.org/dmarcreport/images/2025/02/dmarc-check-4681-150x150.jpg) > DMARC monitoring should be as routine as checking your inbox, says Adam Lundrigan, CTO of DuoCircle. The aggregate reports tell you exactly who sends email from your domain. If you’re not reading them, you’re flying blind on your own email security posture. ``` DMARC Report ``` Car Cameras Hackable, UK Water Breach, Thailand Frees Captives ```

00:00 ``` / ``` 2:10 ``` RSS Feed ``` Share Link Embed ``` /\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-21957” readonly/> ``` ``` Another week, another cyber news bulletin to make you **cyber aware**! Hello people, we are back again on the fourth week of February. In this last bulletin of the month, we are going to talk about the \*\*vulnerability of car cameras against hackers, the long-lasting impact of [data br](https://www.scworld.com/brief/us-data-breach-victimization-spikes)[e](https://www.scworld.com/brief/us-data-breach-victimization-spikes)[aches](https://www.scworld.com/brief/us-data-breach-victimization-spikes) on critical infrastructure like water utility companies, and the Thai government’s attempt to free cyber captives trapped in illegitimate Myanmar workstations. Cyberawareness is our motto so that you can sleep in peace, knowing that your hard-earned \*\*money and system are safe from the [malicious attempts](https://www.gmanetwork.com/news/topstories/nation/914211/dnd-fake-video-of-marcos-a-maliciously-crude-destab-attempt/story/) of the threat actors. Stay with us if you wish the same. ## Car cameras are susceptible to hacking! Ever thought that [car dash cams](https://www.techradar.com/best/best-dash-cam) can be prone to hacking? No? Then you need to see this! Hackers can literally hack into your car’s dash cam and gain unauthorized access to your **car’s devices**. This further gives them complete access to sensitive data such as location data, in-car conversations, and so much more. This tactic is called [drivethru hacking](https://www.blackhat.com/asia-25/briefings/schedule/index.html#drivethru-car-hacking-fast-food-faster-data-breach-43514). _Threat actors can commit a breach and get access to personal data such as GPS, car information, driver details, video footage, audio clips, etc_. A researcher discovered this \*\*mind-boggling flaw while connecting his smartphone with his car’s new dash cam. He realized that the recorded video footage belonged to the car parked next to him. He had unrestrained access to sensitive details such as recorded conversations, video footage, and driving routes of that car. Chen, the researcher, has been working since then with fellow researchers and experts to understand the implications of this dash cam vulnerability on the [automobile industry](https://www.cnbc.com/2025/01/31/trumps-25percent-tariffs-this-is-whats-at-stake-for-us-auto-industry.html). This research has revealed concerning details. The initial access can provide the threat actor with ample chances for secondary exploits. For instance, a hacker can further try to gain access to other \*\*vehicle systems as well as extract more [personal data](https://www.delawareonline.com/story/news/2025/02/25/federal-court-blocks-elon-musk-doge-personal-data-access/80257197007/). They can even try to bypass authentication checks and manipulate the crucial functions of the vehicle. Another huge risk is that such [cyber attacks](https://www.insurancebusinessmag.com/us/news/cyber/75-of-us-companies-prone-to-cyberattack--report-497913.aspx) can easily throttle the vehicle battery, leading to the car being completely inoperable. ![What is dmarc](https://media.mailhop.org/dmarcreport/images/2025/02/what-is-dmarc-4857.jpg) The best possible way to avoid such unfortunate incidents is to go for secure-by-design principles when it comes to manufacturing car dashcams. The idea is to secure the dashcams and use \*\*proper authentication technology at multiple layers and lower down the SSID exposure. To enhance [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) and prevent spoofing, implement [SPF](https://dmarcreport.com/what-is-spf/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [DMARC](https://dmarcreport.com/) by configuring your domain’s [DNS records](https://www.ibm.com/think/topics/dns-records) to authenticate senders, validate message integrity, and enforce email policies ## UK Water utility company is facing breach consequences even after 1 year since the attack! One of the water utility companies in the UK, Southern Water, had to face a cyberattack one year ago. However, the company is still facing the consequences of the cyberattack after so long. A Russian [ransomware group named Black Basta](https://www.techspot.com/news/106884-black-basta-ransomware-group-secrets-exposed-massive-leak.html) claimed responsibility for the attack and managed to penetrate the IT system of the company. Legal advisers, **third-party cybersecurity experts**, and Southern Water worked closely to minimize the extent of the damage. In its [annual report,](https://www.southernwater.co.uk/annual-report-2024/) the company confirmed the expense of the data breach to be around $5.7 million USD. Prior to the attack, the customer base of the water utility company was **2.7 million**. Around 5% to 10% of the same have been affected by the ransomware attack. The company offered a notification letter and one year’s worth of paid Experian credit monitoring to all the victims. Apart from that, legal fees, **security measures**, [third-party](https://www.investopedia.com/terms/t/third-party.asp) cyber assistance, etc, have added to the overall cost. Experts believe that the total cost may even include the ransom amount of $750,000\. _As per some leaked chat details, initially, Black Basta demanded $3.5 million, which the company denied_. ## Thailand attempts to free thousands of cyber captives across cyber sweatshops! Thai police believe that a whopping 100,000 human trafficking victims are held in [captivity in Myanmar](https://www.darkreading.com/cyber-risk/thailand-cyber-sweatshops-free-captives). As per the police, these victims are forced to work as [threat actors](https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html) and run [cybercrime campaigns](https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html) from call centers and workstations\*\*. The Thai police state that these cybercrime workstations are being run by 40 to 50 [Chinese criminal gangs](https://asiatimes.com/2025/02/chinese-crime-gangs-holding-thai-tourism-hostage/). The victims are forced to carry out a wide variety of attacks, such as cryptomining, [fake gaming sites](https://www.malwarebytes.com/blog/news/2025/01/can-you-try-a-game-i-made-fake-game-sites-lead-to-information-stealers), [social engineering](https://www.techtarget.com/healthtechsecurity/news/366614853/HC3-Scattered-Spider-hits-healthcare-with-social-engineering), and so on. ![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2025/02/dmarc-record-generator-9112.jpg) Last week, the Thai police carried out a crackdown on these illegal workstations that are situated on the **Thailand-Myanmar border**. _They smartly cut off fuel and electricity supply to these work centers_. The operation is seemingly successful as Thai police are expecting a batch of 7000 victims to be released soon from those [cybercrime](https://carnegieendowment.org/research/2024/04/exploring-law-enforcement-hacking-as-a-tool-against-transnational-cyber-crime?lang=en) centers in the upcoming months. The victims will first be sent to Thailand. Then, they will go through proper screening methods and, finally, will be sent back to their home countries. ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ dns record ](/tags/dns-record/)[ email security ](/tags/email-security/)[ News ](/tags/news/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 11m 7 Easy Steps To Verify An Spf Record Using Nslookup Properly Nov 18, 2025 ](/blog/7-steps-to-verify-spf-record-correctly-using-nslookup-tool/)[ Foundational 8m A Records Vs. Alias Records - A Guide By DMARCReport Dec 4, 2025 ](/blog/a-records-vs-alias-records-a-guide-by-dmarcreport/)[ Foundational 14m Add TXT Record on Namecheap (SPF, DKIM & DMARC) - 2026 Mar 5, 2025 ](/blog/add-txt-record-on-namecheap-a-complete-dns-guide/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Car Cameras Hackable, UK Water Breach, Thailand Frees Captives","description":"Black Hat Asia 2025 demos a drivethru attack on car dash cams, UK's Southern Water spends $5.7M after Black Basta, and Thai police free trafficked scam workers.","url":"https://dmarcreport.com/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives/","datePublished":"2025-02-28T09:39:12.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-02-28T09:39:12.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives/"},"articleSection":"foundational","keywords":"dkim, DMARC, dns record, email security, News, SPF","wordCount":1084,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Car Cameras Hackable, UK Water Breach, Thailand Frees Captives","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Car Cameras Hackable, UK Water Breach, Thailand Frees Captives","item":"https://dmarcreport.com/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives/"}]} ```