Political tensions are prompting nations to re-strategize cybersecurity. Countries that once sought international cooperation and joint strategies are now prioritizing domestic cyber capacities and national interests as a result of geopolitical instabilities.
InfoSecurity Europe 2025, which begins in London today, Tuesday, June 2nd, will this year be dominated by the rapidly growing threat posed by the weaponization of artificial intelligence (AI).
New to the conference is an AI and cloud security stage, which will exhibit ways organizations can counter the threat posed by AI. AI-driven cybersecurity also dominated the recent RSA conference in San Francisco. Over the last 12 months, threat actors haven’t wasted a moment capitalizing on the global fascination with Artificial Intelligence. As AI’s popularity surged over the past year, cybercriminals have been quick to exploit the new technology to carry out cyberattacks on an industrial scale.
In our business, assessing risk is crucial. There is a constantly evolving threat landscape, and cybercriminals are constantly introducing new techniques and developing existing ones. And as online connectivity grows, so does every organization’s overall attack surface. Unit 42 are constantly conducting research examining the full scope of the ever expanding attack surface and constantly testing existing defenses. They play the role of cybercriminals, acting as white-hat hackers, if you like, in order to detect potential weaknesses. This research is conducted across the board and also directed at each client specific attacks surface. And when there is a breach, Unit 42 is there to detect and control it. They effectively act as wartime consiglieres – remember that the ongoing Russia/Ukraine conflict started in cyberspace. They must also act immediately to mitigate any breach that does occur. Constant research and testing of defenses are vital. We have to be right every time, but the cybercriminal gangs only have to be right once to effect a breach and perform a successful attack.
US Defense Secretary Pete Hegseth’s shock directive to US Cyber Command to pause offensive cyber-operations against Russia may have unforeseen consequences for organizations across the US. It would mean that the West could be blind-sided by a lack of actionable intelligence regarding Russia’s ongoing cyber-war against countries such as the US and the UK.
Russian groups are already upping cyber-attacks on the US. In December, Cyber Intelligence reported that two Russian groups, the People’s Cyber Army and Z-Pentest, claim to have taken attacks on critical infrastructure in the US to a new and more dangerous level. This was evidenced by Telegram videos detailing attacks on US energy and water facilities far beyond the previously supposed capabilities of such groups.
Ransomware attacks on the operational technology (OT) and industrial control systems (ICS) that run industrial facilities almost doubled in 2024. According to Washington DC-based industrial cybersecurity company Dragos, ransomware attacks on industrial organizations in 2024 increased by a staggering 87 percent over the previous year.
The main industries targeted were: electricity and water; industrial manufacturing; telecommunications; oil and gas; food and beverage; chemical manufacturing; mining, transportation, and logistics. Manufacturing, which accounted for 69 percent of all ransomware attacks targeting 1,171 manufacturing entities, was by far the worst hit.
On January 31, Texas became the first US state to ban the Chinese-owned generative artificial intelligence (AI) application, DeepSeek, on state-owned devices and networks. New York swiftly followed suit on February 10 with Virginia imposing a ban on February 11.
The Texas state governor’s office stated: “Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps. State agencies and employees responsible for handling critical infrastructure, intellectual property, and personal information must be protected from malicious espionage operations by the Chinese Communist Party. Texas will continue to protect and defend our state from hostile foreign actors.”
Financial services companies worldwide saw the number of distributed denial-of-service (DDoS) attacks more than double in the second half of 2024. A DDoS attack is a malicious attempt to disrupt a service by overwhelming it with a flood of internet traffic. In the same period, the total number of DDoS attacks globally grew by 17 percent.
According to global hosting and cloud services company Gcore, the financial services sector saw the most significant rise of any sector in the third and fourth quarters of 2024, with a rise of 117 percent. This marks a consistent overall increase in DDoS attacks quarter on quarter. While the third and fourth quarters of 2024 showed an increase of 17 percent, this represents a 56 percent rise over the same period in 2023.
Search engine giant’s Google Threat Intelligence Group reports that cybercriminal and state-backed cyber-attacks on the healthcare sector in countries such as the US and UK have escalated to a level where they are actually costing lives.
“Healthcare’s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks means that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it,” says Google.
Cybercriminals have been quick to see nefarious possibilities in search engine giant Google’s new Gemini 2.0 AI assistant. According to Google’s own findings, nation-state-backed threat actors are already leveraging Gemini to accelerate their criminal campaigns.
The actors are using Gemini 2.0 for “researching potential infrastructure and free hosting providers, reconnaissance on target organizations, research into vulnerabilities, payload development, and assistance with malicious scripting and evasion techniques,” says Google.
The start of this week saw roughly $1 trillion wiped off leading US tech stocks, following the launch of Deepseek, a Chinese rival to AI offerings such as Microsoft ChatGPT. What has really spooked the markets is that the Chinese artificial intelligence (AI) assistant uses less data and generates lower all-round costs than its current Silicon Valley rivals.
The expense of training and developing DeepSeek’s models is claimed to be only a small fraction of that required for OpenAI, putting into question the need to invest in the latest and most powerful AI accelerator chips from Nvidia. At the start of trading this week, Shares in Nvidia dropped a full10 percent and AI data analytics company Palantir lost seven percent in pre-market trading. Microsoft, Google’s parent company Alphabet, and Meta all also experienced a drop in their share price.
A man alleged to be behind the recent Salt Typhoon US telecoms network and US Treasury department breaches has been sanctioned by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). Yin Kecheng “has been a cyber actor for over a decade and is affiliated with the People’s Republic of China Ministry of State Security (MSS)”, says the Treasury Office. Yin is alleged to have had direct and associated involvement in both breaches.
Two key individuals in President Donald Trump’s new administration, Elon Musk, and the president’s nominee to head the Department of Homeland Security, Kristi Noem, have specifically cited the two devastating breaches as the prime examples of why the nation’s cybersecurity strategy is in pressingly urgent need of being overhauled.
One of the greatest challenges now facing President Trump’s new administration is to protect the US’s critical infrastructure and its economy from the rapidly growing menace of cyber-attacks.
On Friday, the president’s nominee to head the Department of Homeland Security, Kristi Noem, signalled a new direction for America’s main cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA), which, she says, urgently needs to be realigned away from focusing on misinformation and curtailing free speech and more towards preventing cyber-attacks on critical infrastructure in the US.
The World Economic Forum (WEF) Global Cybersecurity Outlook 2025 reports that several compounding factors are creating an increasingly complex and risky business environment. These include the growing complexity of supply chains, rising geopolitical tensions, cybercriminal’s increasing use of artificial intelligence (AI), and the entry of traditional organized crime groups into cybercrime.
Ransomware remains the top organizational cyber risk year on year, with 45 percent of respondents ranking it as a top concern in this year’s survey. Over half of the large organizations surveyed worldwide, 54 percent, identified supply chain challenges as the most challenging barrier to achieving cyber resilience, citing the increasing complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers.
The US Justice Department and FBI have completed a law enforcement operation to delete Chinese malware from approximately 4,258 U.S.-based computers and networks. The international operation was led by French law enforcement and France-based private cybersecurity company Sekoia.io.
According to court documents unsealed in the Eastern District of Pennsylvania, a group of hackers paid by the People’s Republic of China (PRC), known as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers. Since at least 2014, Mustang Panda hackers have infiltrated thousands of computer systems in campaigns targeting US victims, European and Asian governments and businesses, and Chinese dissident groups.
The latest US security breach attributed to systematic attempts by China to compromise US institutions and critical infrastructure has impacted the US Treasury. The intrusion is being billed as “a major cybersecurity incident”.
According to a letter from the US Department of the Treasury: “The threat actor was able to override the service’s security, remotely access certain Treasury Departmental Office user workstations, and access certain unclassified documents maintained by those users… Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.”
Two Russian groups, the People’s Cyber Army and Z-Pentest, claim to have taken attacks on critical infrastructure in the US to a new and more dangerous level. Dark web researchers at threat intelligence firm Cyble have discovered Telegram videos detailing attacks on US energy and water facilities far beyond the previously supposed capabilities of such groups.
Cyble believes that the two groups may be working in cooperation with one another. Previously, the People’s Cyber Army, which also goes by the name of the Cyber Army of Russia Reborn, and lesser-known groups such as Z-Pentest, have largely confined their attacks on US critical infrastructure to simple and easy-to-repel distributed denial of service (DDoS) attacks.
US Senator Mark Warner has called the Salt Typhoon hack, conducted by a group that has been linked to Chinese intelligence, “the most serious telecoms hack in our history.” In a recent interview with the NY Times, Warner also said that hackers were able to listen in on telephone calls and access text messages, emphasizing that “every major provider has been broken into.”
This follows hard on the FBI releasing a joint statement with the US Cybersecurity and Infrastructure Security Agency (CISA), in which they announced that “China-affiliated actors have compromised networks at multiple telecommunications companies.”
Women cybercriminals and lady Darknet hackers are now starting to make inroads into the hitherto male-dominated fraternities of Russian-speaking cybercrime. According to the cybersecurity training and certification cooperative, the SANS Institute, women cybercriminals sometimes now pose as men in order to obfuscate their identities as well as to gain credibility among Russian-speaking criminals.
The SANS Institute interviewed one such woman cybercriminal, who is referred to only as a “Confidential Human Source (CHS)” in order to comply with her request for anonymity.
“I often took my boyfriend to in-person meetings,” CHS revealed, shining a new light on a so-far largely unrecognized aspect of cybercrime, the fact that cybercriminals meetings are frequently also conducted offline.
The USA’s drinking water is under threat. According to the US Environmental Protection Agency (EPA), 97 drinking water systems serving around 27 million users have critical or high-risk cybersecurity.
Although the EPA’s latest report focuses on the potential financial costs of cyber-attacks, there is also strong evidence that such attacks could also result in significant loss of life, with thousands or even millions of people being deliberately poisoned by terrorists or a hostile foreign power.
“We estimate that a [California] state-wide water service disruption could potentially cost at least $61 billion in lost revenue per day,” says the EPA report, Cybersecurity Concerns Related to Drinking Water Systems.
The Walt Disney Company, which has long had a history of troubled labor relations, recently found itself the victim of a disgruntled former employee. According to an affidavit in support of a criminal complaint against the former employee, Michael Scheuer, Disney discovered a security breach allegedly used to make its menus unusable, together with the redirection of QR codes to direct Disney customers to a website calling for a boycott of Israel.
More seriously, it alleged that the threat actor manipulated allergen information on Disney menus, indicating that certain menu items were safe for people with peanut allergies when, in fact, they could have been potentially deadly for some diners. Scheuer is also alleged to have conducted denial of service attacks on four former colleagues and to have paid visits outside the home of one of them.
Research conducted by Which, the consumer watchdog magazine, has confirmed something the smartphone industry has known for years: Chinese electronic products are routinely used to spy on citizens in countries like the US and the UK.
The latest suspects, domestic air fryers, join a long list of products the Chinese are accused of having used to spy on the West, which already ranges from smart watches to automobiles. Which analyzed three air fryers sold in the UK and found that Aigostar, Xiaomi Mi Smart, and Cosori CAF-LI401S knew their customers’ precise locations and demanded permission to listen in on users’ conversations. The Aigostar air fryer even wanted to know the user’s gender and date of birth when setting up an account. Disturbingly, both the Aigostar and Xiaomi air fryers are reported to have sent personal data to servers in China.
Software giant Microsoft has made an urgent public announcement that the Russian secret service is currently sending thousands of weaponized spear-phishing emails to key individuals in over 100 organizations in countries including the US and the UK.
According to Microsoft: “The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS)… In some of the lures, the actor attempted to add credibility to their malicious messages by impersonating Microsoft employees.”
America’s leading technology companies are now engaged in their own nuclear power race. Advertising and search giant Google has announced that it has signed the world’s first corporate agreement to purchase nuclear energy from multiple small modular reactors (SMR), to be developed by Kairos Power.
By investing in its own nuclear energy facilities, Google has now joined the ranks of Amazon, Microsoft, and Oracle in investing heavily in nuclear facilities to power the rollout of new services based around their prematurely launched artificial intelligence (AI) services. According to a recent report from US Madison Avenue investment bankers, Jeffries: “If it feels like Graphics Processing Units (GPUs) are suddenly everywhere, it’s because they are. GPUs drive computation across a wide range of industries and applications, from big data analytics to machine learning [AI].”
The US Federal Bureau of Investigation (FBI) is conducting an ongoing investigation into the notorious North Korean cybercrime group Lazarus, formerly known as “God’s Apostles”. The group is alleged to have stolen over $800 million in virtual currency.
Over the past decade, the Lazarus group has targeted entertainment companies, banks, and pharmaceutical companies both in the US and worldwide. One heist, in particular, is referenced in the court documents, where approximately $41 million worth of virtual money was allegedly stolen from the online casino platform Stake.com and laundered through VCM Sinbad. Sinbad has since been sanctioned by the US Treasury Department’s Office of Foreign Assets Control for its involvement in laundering money from the Stake.com heist, among others executed by Lazarus.
An as-yet-unidentified group, known only as GoldenJackal with suspected links to the Russian state, is targeting high-security networks that are intentionally isolated from the internet. Confidential data is frequently stored in “air-gapped” computers that do not have an online connection and were, until now, virtually impossible to hack.
But cybersecurity firm ESET now reports that GoldenJackal was deploying “a highly modular toolset” against a government organization in a European Union (EU) country between May 2022 and March 2024. This follows similar ongoing attacks on air-gapped systems in Belarus that began in August 2019.
As the whole world is now aware, Beirut was thrown into chaos yesterday by 5,000 exploding weaponized pagers, leaving 900 people dead and a further 300 in critical condition. Iran’s ambassador to Lebanon, Mojtaba Amani, sustained injuries to his face and hand.
Lebanon-based Islamist and paramilitary group Hezbollah claims that Israel was responsible. If so, then yesterday afternoon’s event in Beirut will have global repercussions for cyber warfare and targeted cyber-attacks. The idea of weaponizing communications devices is hardly new. Over a decade ago, for example, former US Vice President Dick Cheney disabled a function that allowed the pacemaker regulating his heart to be administered wirelessly. Because he believed terrorists might hack the device to deliver a fatal shock. Israel has also been previously accused of killing Hamas terrorists with booby-trapped cellphones.
The Indian Government is upping the ante with its fight against cybercrime. Indian Union Home Minister Shri Amit Shah this week announced the launch of four major platforms under cyber security program Indian Cyber Crime Coordination Center (I4C), including the training of 5,000 “Cyber Commandos,” to counter the increasing threat of cyber-crime.
The Cyber Commando Program will create a special wing in every Central Police Organization, aiming to train 5,000 “Cyber Commandos” over the next five years. Trained Commandos will assist Central Agencies in “securing digital spaces”. Other platforms include a national Suspect Registry, a Cyber Fraud Mitigation Center, and an online portal for cyber-crime data analytics and crime mapping.
This week, Poland’s Supreme Court quashed an ongoing probe into spyware abuses allegedly conducted by its own government – claiming it to be “unconstitutional”. Comprehensive new research, published earlier this month by the Atlantic Council’s Digital Forensic Research (DFR) Labs, also now shows that government abuse of spyware is now widespread across the European Union (EU).
The findings of DFR Labs’ research provide a truly damning description of the widespread abuse of spyware by governments across Europe, accusing the EU of effectively turning a blind eye to the widespread abuse of its citizens’ rights despite being made aware of the widespread abuses at least two years ago. In 2022, the European Parliament (EP), frustrated by the Commission’s reluctance to tackle the growing scandal, established the PEGA Committee to investigate the misuse of surveillance spyware.
The cyber cold war just became a little warmer, with German Intelligence now publicly crying foul on Monday at Russia for online attacks stretching back to 2020.
Germany’s Bundesverfassungsschutz has issued a strong warning against a cyber group belonging to Russian military intelligence (GRU) Unit 29155, which was linked to the 2018 poisonings of a former Russian double agent and his daughter in the UK, claiming that the unit has also been active in carrying out cyberattacks against NATO and EU countries.
The European Union (EU) Council has made a last-minute withdrawal of the EU’s highly controversial planned “Chat Control” legislation, which was due to vote yesterday. This would have effectively introduced mass digital surveillance by means of fully automated real-time monitoring of all messaging and chats.
The EU would appear to finally have heeded the harsh warnings that have been coming from the cybersecurity and communication sectors since the controversial ruling was first proposed in 2022. For the six months prior to Thursday’s decision, the EU Belgian Council presidency has been sitting on a deadlock between EU countries. Germany and Poland have heeded privacy experts’ warnings of a potential police state. But Ireland and Spain are pressing for draconian new online laws to fight a rise in online child sexual abuse material that has grown since the start of Europe’s widespread lockdowns two and a half years ago.
Nations hostile to America, primarily Russia and China, are currently doubling down on their efforts to influence the outcome of the upcoming US elections. So far, their efforts appear to be directed at preventing Donald Trump from winning a second term as president, possibly fearing a Republican victory could herald the US taking a tougher stance on international affairs.
According to an extensive nine-page Microsoft threat intelligence report: “Foreign malign influence concerning the 2024 US election started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity.”
Russia is believed to be planning widespread cyber-attacks on the West in part retaliation for Ukraine’s cyber-attack, which recently crippled Russia’s financial services.
“In retaliation to NATO support for Ukraine, cyberwarfare coinciding with the ongoing Russia-Ukraine conflict will likely include focused state-level attacks against Western critical and military sectors launched by Moscow’s hacker groups,” says Craig Watt, a consultant specializing in strategic and geopolitical intelligence at cybersecurity firm Quorum Cyber.
Hackers from Ukraine’s Main Intelligence Directorate claim to have effected one of the largest Distributed Denial-of-Service (DDoS) attacks in history, derailing Russia’s financial services.
According to the Kyiv Post, the attack compromised the online services of all major Russian banks, including the Central Bank, telecommunications service providers, national payment systems, social networks and messengers, government resources, and dozens of other services.
The affected Russian financial institutions are reported to include VTB Bank, Alfa Bank, SberBank, Raiffeisen Bank, RSHB Bank, Ak Bars Bank, Rosbank, Gazprombank, Tinkoff Bank, iBank, Dom.RF Bank, and the Bank of Russia. On the last day of the attack, the resources of the Russian Ministry of Defense, the Ministry of Internal Affairs. The Federal Tax Service was also reported to have been affected.
Escalating geopolitical instability in the South China Seas and The Red Sea are being seen as the root cause behind a rapid rise in cyber-attacks on commercial shipping, as well as a sharp increase in cyber-assisted piracy.
“The risk has escalated significantly in the past year due to heightened geopolitical tensions and increased cyber capabilities of threat actors…The average cost per data breach now exceeds $545,000 for a shipping organization,” says Freight Right Global Logistics CEO Robert Khachatryan.
According to C. Todd Doss, Senior Managing Director at Guidepost Solutions: “Over the past year, these risks have escalated notably. Reports indicate that cyber-attacks on maritime infrastructure and vessels increased by over 20% in 2023 compared to the previous year .”
The famous “blue screen of death,” witnessed with horror by 8.5 million Microsoft Windows users worldwide as a result of the ongoing CrowdStrike outage, may soon become a far more familiar sight across a wide range of sectors.
While there is no evidence that the widespread Microsoft Windows outage caused by the CrowdStrike upgrade was anything but accidental, many in the cybersecurity industry are seeing the past week’s experience as a dummy run for a full-fledged cyber-attack aimed at crippling critical infrastructure. As the current media pictures of people sleeping in airports testify, some sectors appear to be faring better than others.
Recent reports that ransomware attacks on industrial organizations increased by over 50 percent in 2023 represent only “the tip of the iceberg.” According to operational technology (OT) cybersecurity company IXDen, critical infrastructure across the US is being attacked at unprecedented levels.
“The vast majority of cyber breaches of critical infrastructure such as water and power facilities go unreported, although a precise figure is impossible to gauge. Those that are reported in the media are only the tip of the iceberg. OT attacks on private businesses are not reported at all, and in public organizations, they are rarely reported,” says IXDen CEO and Co-Founder Zion Harel.
Clay County, Indiana, in the US, is sounding a Local Disaster Declaration in the wake of a “criminal ransomware attack” that occurred last week, following reports of increasing cyber-attacks on local governments across America.
“Clay County local government suffered a significant ransomware attack in the early morning hours of July 9, 2024. This has resulted in an inability to provide critical services required for the daily operation of all offices of the Clay County Courthouse, Community Corrections, and Clay County Probation,” said the county in an official statement.
With national elections coming up later this year, US public-sector organizations are experiencing unprecedented levels of phishing attacks designed to dupe government staff into opening weaponized links in fake emails.
According to email security firm Abnormal Security: “Between May 2023 and May 2024, public sector organizations experienced an astounding 360 percent growth in phishing attacks. While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.”
Cash-rich cybercriminals are learning that the easiest way to make money on the stock markets while laundering cash at the same time is to use deepfake videos to impact share prices, albeit temporarily.
According to Tim Grieveson, Senior Vice President of Global Cyber Risk, BitSight: “Using video and audio deepfakes to manipulate share prices for financial gain is definitely happening, but is something no one is currently talking about.”
“Using a deepfake to announce a takeover could, for instance, drive up a stock in which the threat actor owns shares. Alternatively, a negative announcement such as a dire profits warning could be used to lower the share price so that the threat actor could buy the shares at a knock-down price, only to sell them again when the profits warning was seen to be fake” adds Grieveson.
Editorial Team
