FBI warns of time-traveling hackers

Cybercriminals ever find caller ways to scam you, whether it’s mimicking a authorities agency, creating a fake website oregon delivering malware disguised arsenic a bundle update. Just erstwhile you deliberation you’ve seen it all, they travel up with a caller trick.

This time, the FBI has issued an alert: Hackers are utilizing a "time-traveling" method to bypass your device’s information measures. No, we’re not talking astir existent clip question (though wouldn’t that beryllium something?). This is simply a blase cyberattack wherever hackers manipulate a system's interior timepiece to sneak past information defenses.

Join The FREE "CyberGuy Report": Get my adept tech tips, captious information alerts and exclusive deals, positive instant entree to my free "Ultimate Scam Survival Guide" when you motion up.

A antheral moving connected his laptops (Kurt "CyberGuy" Knutsson)

What you request to know

The conception of "time-traveling hackers" refers not to literal clip question but to a blase cyberattack method wherever hackers manipulate a system's interior timepiece to bypass information measures. This onslaught is reportedly tied to the Medusa ransomware gang.

In this benignant of attack, hackers exploit expired information certificates by altering the strategy day connected a targeted instrumentality to a clip erstwhile those certificates were inactive valid. For example, a information certificate that expired in, say, 2020 could beryllium made usable again if the system's timepiece is acceptable backmost to 2019. This allows malicious bundle signed with these outdated certificates to beryllium recognized arsenic morganatic by the system, efficaciously "traveling backmost successful time" from a information perspective. 

This method was notably utilized successful the Medusa ransomware attacks, which targeted captious infrastructure and prompted an FBI cybersecurity advisory (AA25-071A) earlier successful 2025. The run has affected implicit 300 captious infrastructure targets. The attackers combined this method with societal engineering and exploited unpatched vulnerabilities, amplifying the threat. 

The FBI has warned that specified attacks airs a important risk, arsenic they tin disable modern information protections similar Windows Defender by tricking the strategy into accepting outdated drivers oregon software.

A pistillate moving connected her laptop and scrolling connected her phone (Kurt "CyberGuy" Knutsson)

DOUBLECLICKJACKING HACK TURNS DOUBLE-CLICKS INTO ACCOUNT TAKEOVERS

What does the FBI recommend?

Traditional hunt and rescue tools, similar rigid robots and specialized cameras, often conflict successful catastrophe zones. Cameras travel lone consecutive paths, forcing teams to chopped done debris conscionable to spot further in. Rigid robots are susceptible successful tight, unstable spaces and costly to repair erstwhile damaged. And manual probing is slow, exhausting and risks responder safety.

A antheral moving connected his laptop (Kurt "CyberGuy" Knutsson)

RELENTLESS HACKERS ABANDON WINDOWS TO TARGET YOUR APPLE ID

5 ways to enactment harmless from Medusa malware

1) Use beardown antivirus software: A beardown antivirus isn’t conscionable for catching old-school viruses anymore. It tin observe phishing links, artifact malicious downloads and halt ransomware earlier it gets a foothold. Since the Medusa pack uses fake updates and societal engineering to instrumentality users, having beardown antivirus bundle adds a captious furniture of extortion against threats you mightiness not spot coming. Get my picks of the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

2) Enable two-factor authentication (2FA): The FBI specifically recommends enabling 2FA crossed each services, particularly for high-value targets similar webmail accounts, VPNs and distant entree tools. 2FA makes it importantly harder for attackers to interruption in, adjacent if they’ve managed to bargain your username and password done phishing oregon different tactics.

3) Use strong, unsocial passwords: Many ransomware groups, including Medusa, trust connected reused oregon anemic passwords to summation access. Using a beardown password (think long, random and unsocial to each account) greatly reduces that risk. A password manager tin assistance you make and store analyzable passwords truthful you don’t person to retrieve them each yourself. Get much details astir my best expert-reviewed password managers of 2025 here.

4) Monitor for suspicious strategy clip changes: The halfway of this "time-traveling" onslaught is timepiece manipulation: Hackers rotation backmost a device’s timepiece to a clip erstwhile expired information certificates were inactive valid. This allows outdated and perchance malicious bundle to look trustworthy. Be alert to unexpected strategy clip changes, and if you're managing an organization, usage tools that emblem and log these types of configuration shifts.

5) Keep systems updated and spot known vulnerabilities: The Medusa ransomware run has a way grounds of exploiting unpatched systems. That means aged software, outdated drivers and ignored information updates tin each go introduction points. Regularly installing updates for your OS, applications and drivers is 1 of the astir effectual ways to enactment protected. Don't enactment disconnected those strategy notifications; they beryllium for a reason.

CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PC

Kurt’s cardinal takeaway

The Medusa onslaught is simply a bully illustration of however cybercriminals are shifting tactics. Instead of relying connected accepted methods similar brute unit oregon evident exploits, they are targeting the basal logic that systems beryllium connected to function. In this case, it is thing arsenic elemental arsenic the strategy clock. This benignant of strategy challenges the mode we deliberation astir security. It is not conscionable astir gathering stronger defenses but besides astir questioning the default assumptions built into the exertion we usage each day.

How bash you deliberation exertion companies tin amended enactment idiosyncratic users successful protecting their information and devices? Let america cognize by penning america at Cyberguy.com/Contact.

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy's exclusive coupons and deals
• Best gifts for Mom 2025

Copyright 2025 CyberGuy.com. All rights reserved.