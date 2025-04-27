Cybercriminals always find new ways to scam you, whether it’s mimicking a government agency, creating a fake website or delivering malware disguised as a software update. Just when you think you’ve seen it all, they come up with a new trick.

This time, the FBI has issued an alert: Hackers are using a "time-traveling" technique to bypass your device’s security measures. No, we’re not talking about actual time travel (though wouldn’t that be something?). This is a sophisticated cyberattack where hackers manipulate a system's internal clock to sneak past security defenses.

What you need to know

The concept of "time-traveling hackers" refers not to literal time travel but to a sophisticated cyberattack technique where hackers manipulate a system's internal clock to bypass security measures. This attack is reportedly tied to the Medusa ransomware gang.

In this type of attack, hackers exploit expired security certificates by altering the system date on a targeted device to a time when those certificates were still valid. For example, a security certificate that expired in, say, 2020 could be made usable again if the system's clock is set back to 2019. This allows malicious software signed with these outdated certificates to be recognized as legitimate by the system, effectively "traveling back in time" from a security perspective.

This technique was notably used in the Medusa ransomware attacks, which targeted critical infrastructure and prompted an FBI cybersecurity advisory (AA25-071A) earlier in 2025. The campaign has affected over 300 critical infrastructure targets. The attackers combined this method with social engineering and exploited unpatched vulnerabilities, amplifying the threat.

The FBI has warned that such attacks pose a significant risk, as they can disable modern security protections like Windows Defender by tricking the system into accepting outdated drivers or software.

What does the FBI recommend?

5 ways to stay safe from Medusa malware

1) Use strong antivirus software: A strong antivirus isn’t just for catching old-school viruses anymore. It can detect phishing links, block malicious downloads and stop ransomware before it gets a foothold. Since the Medusa gang uses fake updates and social engineering to trick users, having strong antivirus software adds a critical layer of protection against threats you might not see coming. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices .

2) Enable two-factor authentication (2FA): The FBI specifically recommends enabling 2FA across all services , especially for high-value targets like webmail accounts, VPNs and remote access tools. 2FA makes it significantly harder for attackers to break in, even if they’ve managed to steal your username and password through phishing or other tactics.

3) Use strong, unique passwords: Many ransomware groups, including Medusa, rely on reused or weak passwords to gain access. Using a strong password (think long, random and unique to each account) greatly reduces that risk. A password manager can help you generate and store complex passwords so you don’t have to remember them all yourself. Get more details about my best expert-reviewed password managers of 2025 here .

4) Monitor for suspicious system time changes: The core of this "time-traveling" attack is clock manipulation: Hackers roll back a device’s clock to a time when expired security certificates were still valid. This allows outdated and potentially malicious software to appear trustworthy. Be alert to unexpected system time changes, and if you're managing an organization, use tools that flag and log these types of configuration shifts.

5) Keep systems updated and patch known vulnerabilities: The Medusa ransomware campaign has a track record of exploiting unpatched systems. That means old software, outdated drivers and ignored security updates can all become entry points. Regularly installing updates for your OS, applications and drivers is one of the most effective ways to stay protected. Don't put off those system notifications; they exist for a reason.

Kurt’s key takeaway

The Medusa attack is a good example of how cybercriminals are shifting tactics. Instead of relying on traditional methods like brute force or obvious exploits, they are targeting the basic logic that systems depend on to function. In this case, it is something as simple as the system clock. This kind of strategy challenges the way we think about security. It is not just about building stronger defenses but also about questioning the default assumptions built into the technology we use every day.

