The UK government is issuing a warning this week to all companies to make cybersecurity an “absolute priority”, following recent cyberattacks on retailers Marks & Spencer, Harrods, and the Co-op. UK cabinet office minister Pat McFadden is reported to have held a briefing last week with national security officials and the CEO of the National Cyber Security Centre, Richard Horne, aimed at providing support to the three retail groups.
The UK retailers, Marks & Spencer, Harrods and the Co-Op, who have been hit by a flurry of cyber-attacks over the last two weeks, have immediately experienced a loss in consumer and investor confidence.
In our business, assessing risk is crucial. There is a constantly evolving threat landscape, and cybercriminals are constantly introducing new techniques and developing existing ones. And as online connectivity grows, so does every organization’s overall attack surface. Unit 42 are constantly conducting research examining the full scope of the ever expanding attack surface and constantly testing existing defenses. They play the role of cybercriminals, acting as white-hat hackers, if you like, in order to detect potential weaknesses. This research is conducted across the board and also directed at each client specific attacks surface. And when there is a breach, Unit 42 is there to detect and control it. They effectively act as wartime consiglieres – remember that the ongoing Russia/Ukraine conflict started in cyberspace. They must also act immediately to mitigate any breach that does occur. Constant research and testing of defenses are vital. We have to be right every time, but the cybercriminal gangs only have to be right once to effect a breach and perform a successful attack.
George Patsis is the founder and CEO of Obrela and has a proven track record in developing large-scale innovative security programs for major Global 500 companies. In an exclusive interview with Cyber Intelligence, he explains why a global approach is needed to fight cybercrime.
This is a philosophical discussion shaped by the evolving changes in the human and society conditions. Ten years ago, digital communications and laptops were supplementary tools in people’s lives and perceived as an extension of our natural world. Today, we are witnessing the evolution of a full-scale digital transformation leading to an entirely new domain: cyberspace. Much like the air travel leading to partitioning of the skies, or the British Empire’s domination of the seas or the space quest. Whenever humankind discovers new domains and frontiers, the absence of clear leadership and authority often leads to conflict and crime. In the American Old West, every town had its own safe, and criminals tried to rob it. In the same way, the new digital frontier of cyberspace is driving demand for companies like OBRELA to protect their digital assets. But we need more than just individual Cybersecurity companies to protect us across the new threats in cyberspace. In the absence of a central cybersecurity authority, cybercriminals operate with near impunity—facing little resistance, no clear attribution, and a remarkably low risk of consequences.
Boeing Employees’ Credit Union (BECU) is a not-for-profit credit union based in Washington, dedicated to improving the financial well-being of its members and communities. It has grown beyond serving Boeing’s employees to more than 1.5 million members and $29 billion in assets. In an exclusive interview, Sean Murphy, Chief Information Security Officer (CISO) at BECU, explains the changing cyber-threats now facing consumers.
The cybersecurity challenges faced by all consumers have escalated with the growth of artificial intelligence (AI). We have witnessed the growing use of botnets, and AI is at such a stage that it can be used to attempt to gain access to accounts on an individual level. The use of virtual private networks (VPNs) simplifies this process and makes it difficult to track. Remember – while organizations are constantly monitoring for threats and attacks, the cybercriminals only have to get it right one time to cause a highly damaging breach. Advanced persistent threats (APTs) have now become a major ongoing threat. Financial institution employees are the first line of defense against cyber attackers and play a key role in protecting consumers. As such, a robust cybersecurity team and the regular training of employees is crucial.
Approximately 2,850 Ivanti Connect Secure VPN instances remain vulnerable to CVE-2025-22467, a critical stack buffer-overflow flaw, according to Shadowserver Foundation.
Despite Ivanti patching the vulnerability on February 11, unpatched devices could allow remote authenticated attackers to execute code. The U.S. and Japan lead in exposure, with 852 and 384 vulnerable instances, respectively.
Most organizations have no clear idea of the value of the data they hold on themselves and their customers. According to technology research and consulting firm Gartner, 30 percent of chief data and analytics officers (CDAOs) say that their top challenge is the inability to measure data, analytics, and AI’s impact on business outcomes. Gartner also reports that only 22 percent of organizations surveyed have defined, tracked, and communicated business impact metrics for the bulk of their data and analytics (D&A) use cases.
“There is a massive value vibe around data, where many organizations talk about the value of data, desire to be data-driven, etc., but there are few who can substantiate it,” said Michael Gabbard, senior director analyst at Gartner.
On January 31, Texas became the first US state to ban the Chinese-owned generative artificial intelligence (AI) application, DeepSeek, on state-owned devices and networks. New York swiftly followed suit on February 10 with Virginia imposing a ban on February 11.
The Texas state governor’s office stated: “Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps. State agencies and employees responsible for handling critical infrastructure, intellectual property, and personal information must be protected from malicious espionage operations by the Chinese Communist Party. Texas will continue to protect and defend our state from hostile foreign actors.”
California-based cybersecurity goliath Palo Alto Networks has issued a bullish revenue forecast based on a perceived rising global demand for artificial intelligence (AI)-driven security products.
“In Q2 [2025], our strong business performance was fuelled by customers adopting technology driven by the imperative of AI, including cloud investment and infrastructure modernization,” said CEO Nikesh Arora. “Our growth across regions and demand for our platforms demonstrates our customers’ confidence in our approach. It reaffirms our faith in our 2030 plans and our $15 billion next-generation technology annual recurring revenue goal.”
This coming Friday is St Valentine’s Day and cybercriminals all over the world are rubbing their hands together with glee at the harvest they intend to reap. Developments in artificial intelligence and the widespread availability of off-the-shelf cybercrime software have enabled a new generation of cyber-scams specifically designed around St Valentine’s Day.
In the recent past, cybercriminals typically used February 14th as an excuse to introduce themselves to lonely people with a view to patiently winning their victims’ trust in the short-term and cruelly robbing them of their savings in the longer term.
The bust of the illegal Cracked and Nulled crime forums evidences the global nature of cybercrime and the impossibility of seeing it as a threat that has no regard for national boundaries.
Although at least 17 million US citizens were victims of the crime forums. law enforcement agencies in the United States, Romania, Australia, France, Germany, Spain, Italy, and Greece were all involved in the bust, according to the US Department of Justice.
A ransomware gang, Hellcat, that emerged in 2024 is being seen as representative of a new type of threat actor using off-the-shelf malware and innovative extortion techniques.
According to cybersecurity company Cato Networks: “Hellcat’s emergence in 2024 marks a troubling shift in the landscape of cybercrime. By leveraging a ransomware-as-a-service (RaaS) model and utilizing double extortion tactics, Hellcat has not only increased the accessibility of ransomware but also heightened the psychological impact on its victims.”
The line between cybercrime and plain old-fashioned fraud has become yet more blurred following the sentencing of international virtual currency vendor Anurag Pramod Murarka to 121 months in prison for his involvement in a classic money laundering operation that he advertised on Darknet marketplaces.
According to recently unsealed court documents, Murarka operated an international money laundering business from April 2021 until September 29, 2023. Murarka was able to operate out of India and serviced shady clients in the United States through an intricate Indian “hawala” money transferring system and the use of the US Postal Service as his “unwitting partner in transferring ill-begotten funds.” The original Hawala scam was an Indian political and financial scandal involving illicit payments allegedly sent by politicians through a network of four Hawala brokers that implicated some of the country’s leading politicians.
Washington-based Pastor Francier Obando Pinillo has been charged for his involvement in “Solano Fi,” a fraudulent cryptocurrency investment business that Pinillo claims “came to him in a dream.” A pastor in a church based in Pasco, Washington, Pinillo allegedly took advantage of his position to sway members of the congregation to invest in Solano Fi, defrauding over a thousand victims of millions of dollars in what he claimed was a “safe and guaranteed investment.”
“Fraudulent investment schemes are not new, but cryptocurrency scams are a new way fraudsters take money from hardworking, honest people,” states US Attorney Vanessa Waldref.
The landmark case illustrates how cryptocurrency scams have now become mainstream. Fraudulent cryptocurrency schemes have previously been viewed as the province of highly organized hostile nation-state-backed cybercriminals and shadowy ‘market makers”. But the Pinillo case illustrates how even relatively unskilled crooks are now capable of preying on the greed of unsuspecting investors.
The World Economic Forum (WEF) Global Cybersecurity Outlook 2025 reports that several compounding factors are creating an increasingly complex and risky business environment. These include the growing complexity of supply chains, rising geopolitical tensions, cybercriminal’s increasing use of artificial intelligence (AI), and the entry of traditional organized crime groups into cybercrime.
Ransomware remains the top organizational cyber risk year on year, with 45 percent of respondents ranking it as a top concern in this year’s survey. Over half of the large organizations surveyed worldwide, 54 percent, identified supply chain challenges as the most challenging barrier to achieving cyber resilience, citing the increasing complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers.
In an exclusive interview with Cyber Intelligence, Gadi Bashvitz, CEO of cybersecurity testing firm, Bright Security warns of the security challenges facing organizations in the wake of widespread adoption of GenAI.
Cyber Intelligence: Are there any specific dangers of which companies using GenAI to generate new code should be particularly aware?
Gadi Bashvitz: There are multiple considerations here. On one hand, any solution developed leveraging LLMs is prone to LLM-specific vulnerabilities such as Insecure Output Handling and Broken Access Control and it is critical to make sure organizations are aware and can detect such vulnerabilities before releasing LLM-based solutions.
The FBI warns the public about rising fraud schemes using generative artificial intelligence. The FBI observed that GenAI can be utilized by hackers to create fraudulent social media accounts, generate false websites to entice cryptocurrency investors, and create AI chatbots in order to lure victims into clicking malicious links.
German authorities have made arrests linked to drug-selling platform Crimenetwork, seizing over $1 million in crypto assets. Crimenetwork is alleged to be the largest darkweb marketplace in the country and enabled users to buy and sell drugs, and offered illicit services such as the forging of documents and trading of stolen data.
Cybercriminals now have an unprecedented of highly effective custom-made tools designed to defraud online retailers and shoppers during the holiday season.
“As we approach the end of 2024, the upcoming holiday season and events like Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited-time offers. They also create ideal conditions for cybercriminals to exploit users and shoppers,” warns threat intelligence firm FortiGuard in its report, Threat Actor Readiness for the Upcoming Holiday Season.
Scammers have stolen £11.4 billion from UK citizens over the last 12 months. According to the Global Anti-Scam Alliance’s (GASA) latest report, The State of Scams in the UK, conducted in association with the UK’s leading fraud prevention service, Cifas, this represents an increase of £4 billion over the previous year.
With the Black Friday sales bonanza looming on both sides of the Atlantic, the findings come as a timely warning to online shoppers. GASA and Cifas anticipate a further spike in scam attempts this week and re-urging consumers to remain vigilant. The warning comes as 1 in 7 (15 percent) consumers surveyed said they lost cash to criminals in 2024, an increase from 10 percent in 2023. The average loss per victim was £1,400, and only 18 percent of victims recovered all their money.
Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals.
The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a “Confidential Human Source (CHS)” in order to comply with her request for anonymity.
“I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.
Russian-Swedish native Roman Sterlingov has been sentenced to twelve years in prison for his alleged involvement in Bitcoin Fog, the longest-running cryptocurrency laundering service on the dark web. Sterlingov reportedly operated Bitcoin Fog for a decade and processed over 1.2 million Bitcoin, valued at approximately $400 million at the time of the transactions.
Bitcoin Fog ran from 2011-2021 and quickly garnered a reputation among the dark web community as the “go-to” cryptocurrency “mixer” for cybercriminals looking to hide their illicit funds from law enforcement. Bitcoin Fog would pool the “dirty” cryptocurrency and redistribute it in order to make the funds untraceable. According to court documents, the cryptocurrency laundered was mainly derived from darknet marketplaces tied to illegal narcotics, identity theft, and child sexual abuse material.
The US Federal Bureau of Investigation (FBI) has issued an urgent warning to business and law enforcement agencies that cybercriminals are using genuine stolen US and foreign government email addresses to hack into companies.
As of August this year, the FBI has observed an increase in posts on criminal forums relating to fraudulent emergency data requests. In August 2024, a cyber-criminal known to the FBI offered for sale, “High Quality .gov emails for espionage/social engineering/data extortion requests, etc”, that included official US credentials. The cyber-criminals also offered to guide buyers through emergency data requests and to sell real stolen subpoena documents to allow the buyer(s) to pose as law enforcement officers.
The Dutch Police, Politie, claim to have removed a major threat to organizations all over the world by dismantling two of the most notorious ‘infostealers’, software designed to breach computer systems to steal sensitive information.
“Operation Magnus,” conducted in collaboration with Team Cybercrime Limburg, is reported to have taken down the Redline and META info stealers, which have been responsible for infecting millions of computers worldwide with malware, leaving them open to devastating ransomware attacks and other threats.
A cybercriminal in Alabama, suspected of hacking into the US Securities and Exchange Commission’s (SEC’s) X account, has been arrested. He is accused of using the compromised account to post fake messages, causing the value of Bitcoin to boost by $1,000.
Hacker Eric Council Jr, also known as “EasyMunny” and “AGiantSchnauzer,” was allegedly able to secure the credentials for the SEC’s X account through a method called “Sim Swapping.” The council created a fake ID using the stolen personal information of someone who had access to the X account. With the fake ID, he was able to purchase a SIM card linked to the victim’s phone in a cellphone provider store in Alabama, giving Council access to the victim’s personal information and log-in credentials.
The US Federal Bureau of Investigation (FBI) is conducting an ongoing investigation into the notorious North Korean cybercrime group Lazarus, formerly known as “God’s Apostles”. The group is alleged to have stolen over $800 million in virtual currency.
Over the past decade, the Lazarus group has targeted entertainment companies, banks, and pharmaceutical companies both in the US and worldwide. One heist, in particular, is referenced in the court documents, where approximately $41 million worth of virtual money was allegedly stolen from the online casino platform Stake.com and laundered through VCM Sinbad. Sinbad has since been sanctioned by the US Treasury Department’s Office of Foreign Assets Control for its involvement in laundering money from the Stake.com heist, among others executed by Lazarus.
An as-yet-unidentified group, known only as GoldenJackal with suspected links to the Russian state, is targeting high-security networks that are intentionally isolated from the internet. Confidential data is frequently stored in “air-gapped” computers that do not have an online connection and were, until now, virtually impossible to hack.
But cybersecurity firm ESET now reports that GoldenJackal was deploying “a highly modular toolset” against a government organization in a European Union (EU) country between May 2022 and March 2024. This follows similar ongoing attacks on air-gapped systems in Belarus that began in August 2019.
Cyber toolkits for threat actors are now harnessing the latest deepfake technology and artificial intelligence (AI) for targeted email attacks, known as ‘spear-phishing.’ According to cloud cybersecurity firm Egress, a staggering 82 percent of phishing toolkits mentioned deepfakes, and 75 percent referenced AI.
The growing threat presented by the use of deepfakes by cybercriminals was highlighted earlier this year at InfoSecurity Europe in London. Widely available toolkits now enable even relatively unskilled hackers to create highly convincing video and audio clips of chief executives (CEOs) and other senior staff members in any specific organization. All the threat actor needs is a short video clip of the person they wish to impersonate. This can easily be copied from a corporate seminar or from a video podcast.
Cyber-physical systems (CPS), such as operational technology (OT), the Internet of Things (IoT), building management systems (BMS) and connected media devices have now become a prime target for ransomware attacks.
According to security firm, Claroty, cyber-physical attacks are now placing significant financial strain across organizations in several key sectors. Almost half of the respondents, 45 percent, to an independent survey commissioned by Claroty report financial losses of $500,000 or more over the last 12 months from cyber-attacks affecting CPS. Over a quarter, 27 percent, report losses of $1 million or more.
“The most financially impacted sectors are chemical manufacturing, power and energy, and mining and materials, with 54-55 percent of respondents in each sector reporting more than $500,000 in losses from incidents in the last 12 months,” says the report, The Global State of CPS Security 2024.
By adopting such Nineteenth-Century criminal grooming methods to the online world of the Twenty-First Century, today’s threat actors are effectively criminalizing an entire generation not to pick pockets but to rifle fat online crypto wallets instead. When the media reports that a nineteen-year-old hacker has been arrested at his parent’s house for a major hack, such as the one that recently occurred at Transport for London (TfL), the sinister cybercriminals who may have orchestrated the cyber-attack doubtless breathe a sigh of relief.
“What the police should be asking in a case like is who has been grooming the teenage hacker and for how many years?” says Fraser Hay, CEO and co-founder of one-year-old UK start-up The Hacking Games, whose aim is to use online gaming, TV and other media to encourage teenagers away from a life of online crime and towards careers in ethical hacking.
Chief executives frequently vie with one another for the spotlight when delivering key speeches at major conferences. But the most-talked-about address of the day, given to a packed auditorium at the International Cyber Expo in London’s Olympia showground, forbade any recording or photographing of his talk. He also insisted he be referred to only as “Paul F”.
“Paul F”’s bashfulness became understandable when he explained that the UK’s National Protective Security Authority (NPSA), where he is head of physical security, is now part of Britain’s secret intelligence service MI5. His talk neatly summed up the central theme of the show by providing evidence that the difference between cybercrime and physical crime has become blurred to the point of invisibility. He asked the very relevant question of whether a small drone spying into a City office using a telescopic lens and an 8k camera to read the staff’s log-in details through the window is a physical or a cyber-crime.
As the whole world is now aware, Beirut was thrown into chaos yesterday by 5,000 exploding weaponized pagers, leaving 900 people dead and a further 300 in critical condition. Iran’s ambassador to Lebanon, Mojtaba Amani, sustained injuries to his face and hand.
Lebanon-based Islamist and paramilitary group Hezbollah claims that Israel was responsible. If so, then yesterday afternoon’s event in Beirut will have global repercussions for cyber warfare and targeted cyber-attacks. The idea of weaponizing communications devices is hardly new. Over a decade ago, for example, former US Vice President Dick Cheney disabled a function that allowed the pacemaker regulating his heart to be administered wirelessly. Because he believed terrorists might hack the device to deliver a fatal shock. Israel has also been previously accused of killing Hamas terrorists with booby-trapped cellphones.
The Indian Government is upping the ante with its fight against cybercrime. Indian Union Home Minister Shri Amit Shah this week announced the launch of four major platforms under cyber security program Indian Cyber Crime Coordination Center (I4C), including the training of 5,000 “Cyber Commandos,” to counter the increasing threat of cyber-crime.
The Cyber Commando Program will create a special wing in every Central Police Organization, aiming to train 5,000 “Cyber Commandos” over the next five years. Trained Commandos will assist Central Agencies in “securing digital spaces”. Other platforms include a national Suspect Registry, a Cyber Fraud Mitigation Center, and an online portal for cyber-crime data analytics and crime mapping.
This week, Poland’s Supreme Court quashed an ongoing probe into spyware abuses allegedly conducted by its own government – claiming it to be “unconstitutional”. Comprehensive new research, published earlier this month by the Atlantic Council’s Digital Forensic Research (DFR) Labs, also now shows that government abuse of spyware is now widespread across the European Union (EU).
The findings of DFR Labs’ research provide a truly damning description of the widespread abuse of spyware by governments across Europe, accusing the EU of effectively turning a blind eye to the widespread abuse of its citizens’ rights despite being made aware of the widespread abuses at least two years ago. In 2022, the European Parliament (EP), frustrated by the Commission’s reluctance to tackle the growing scandal, established the PEGA Committee to investigate the misuse of surveillance spyware.
The United States Secret Service is doubling down on the search for cybercriminal “Stalin.”
On August 26, 2024, the U.S Department of State partnered with the US Secret Service to put out a bounty of up to $2.5 million for information leading to the arrest of Belarusian hacker Volodymyr Kadariya, sometimes going by the alias “Stalin.”
Kadariya was allegedly part of a malicious advertising (“malvertising”) ring responsible for transmitting the Angler Exploit Kit, a toolkit utilized by threat actors to exploit vulnerabilities in a system or code.
A threat actor named “Voldemort” is impersonating tax authorities from governments in Europe, Asia, and the US – targeting dozens of organizations worldwide. Cybersecurity company Proofpoint believes “with moderate confidence” that Voldemort’s ultimate goal is cyber-espionage.
Since August 5 this year, Voldemort, named after the main villain in J. K. Rowling’s Harry Potter children’s books, has sent over 20,000 messages purported to be from various tax authorities to over 70 organizations around the world. The threat actor poses as the US Internal Revenue Services, the UK’s HM Revenue & Customs, France’s Direction Générale des Finances Publiques, Germany’s Bundeszentralamt für Steuern, Italy’s Agenzia delle Entrate, India‘s Income Tax Department and Japan’s National Tax Agency.
In the wake of Telegram owner and founder Pavel Durov’s shock arrest in Paris on Saturday, the French state is being hit by a growing wave of cyber-attacks designed to cause maximum embarrassment to beleaguered French president Emmanuel Macron. Durov was released from police custody in France on Wednesday and has been transferred to court for questioning ahead of a possible indictment that could result in a long prison sentence.
A post on X by SaxX, reportedly the nom de Twitter of cybersecurity consultant Clément Domingo, listed 10 websites in France that bore the brunt of the first wave of cyber-attacks orchestrated by a new online hacktivist group, #opDurov.
Speculation is today mounting concerning the arrest of the popular encrypted messaging app Telegram head and founder, Pavel Durov, at Le Bourget airport north of Paris on Saturday evening. The arrest has been widely reported in France, although the authorities have yet to issue a full statement.
In the past, the French president. Emmanuel Macron and his team have been enthusiastic users of Telegram, using it to orchestrate their political strategies. But Durov’s arrest on Saturday is now being seen as part of an attempt by the UK and the European Union to curtail the reach and influence of largely unregulated communications platforms such as Telegram and X (formerly Twitter). This theory is born out of sources close to the situation, who believe that Durov will face charges of complicity in drug trafficking, crimes against children, and fraud – all allegedly stemming from a lack of moderation controls on Telegram.
A second outage of several Microsoft services in two weeks, this one attributed to a cyber-attack, is fuelling further questions about the underlying security of the Windows operating system.
According to Microsoft: “While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack… initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it.”
Services affected included Outlook, Azure, and Microsoft 365, with some people complaining on social media that they were unable to work. Starbucks customers also reported issues with the Starbucks app in Boston, New York, Washington DC, Dallas, Chicago, Los Angeles, Tampa and other cities. The disruption caused by this latest outage is, however, minor compared with the Windows outage caused by a mishandled CrowdStrike security upgrade, which resulted in canceled flights and marooned passengers in major international airports around the world last week.
Editorial Team
