Cybercrime

Cybercrime Atlas launches open-source map of criminal networks

Cybercrime Atlas has launched Cosmos, an open-source platform designed to map global cybercrime networks and strengthen cooperation among defenders, investigators, prosecutors and policymakers.

Hosted by the World Economic Forum’s Centre for Cybersecurity, Cybercrime Atlas aims to build a shared understanding of cybercriminal ecosystems at a time when ransomware, fraud and illicit digital services are becoming increasingly organised and industrialised.

The initiative responds to a long-standing problem in cybercrime disruption: fragmented terminology, isolated investigations and inconsistent reporting structures. Cosmos aims to standardise definitions, organise threat intelligence into a shared structure and help different actors coordinate more effectively across borders.

The first version of the platform contains nine core categories, 229 identified cybercrime-related elements and 849 mapped connections showing how criminal networks, tools and services interact. The dataset is designed to expand as the wider community contributes new intelligence.

Why does it matter?

Cybercrime increasingly functions as an interconnected ecosystem, with specialised groups, tools, infrastructure providers and illicit services supporting one another across borders. A shared map of those relationships could help shift cyber defence from isolated incident response towards more coordinated disruption of criminal networks, while giving investigators and policymakers a clearer view of how digital crime is organised.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!

AI cyber capabilities raise risk of correlated financial system failures, IMF warns

AI is rapidly reshaping the global financial system’s cyber risk landscape, according to analysis associated with the International Monetary Fund. While AI improves defence, it also helps attackers find and exploit vulnerabilities more quickly, increasing the risk of systemic disruption.

Financial infrastructure is highly interconnected, relying on shared software, cloud services, and payment networks. IMF analysis suggests that AI-enabled cyberattacks could trigger correlated institutional failures, leading to funding stress, solvency risks, and disruptions to payments and market operations.

Recent developments in advanced AI models demonstrate how quickly offensive capabilities are evolving, with systems now able to identify weaknesses across widely used platforms.

At the same time, defensive AI tools are being deployed to detect threats and strengthen resilience, but their effectiveness depends on governance, oversight, and integration within financial institutions.

Authorities are now being urged to treat cyber risk as a core financial stability issue rather than a purely technical challenge. Stronger supervision, resilience standards, and international coordination are viewed as essential, particularly as cyber threats increasingly cross borders and exploit shared global infrastructure.

Why does it matter? 

Cyber risks related to AI are a macroeconomic threat that can affect liquidity, confidence, and core financial intermediation. At the same time, the same technology is essential for defence, meaning resilience now depends on how quickly supervision, governance, and international coordination can keep pace with rapidly scaling offensive capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our  chatbot!  

WEF report says AI is reshaping cybersecurity defence

Advanced AI models are reshaping cybersecurity by accelerating both offensive and defensive capabilities, forcing organisations to rethink how they detect, assess and respond to cyber threats.

A new World Economic Forum report argues that AI is becoming a defining force in cybersecurity, with organisations increasingly moving from pilot projects to operational deployment. According to the WEF, AI is already being used to improve vulnerability identification, threat detection, response speed and resilience.

The report highlights how AI can help security teams process large volumes of data, detect threats faster and support more efficient responses. At the same time, it warns that threat actors are also using AI to automate deception, generate malware and scale attacks at machine speed.

WEF’s analysis says the growing speed and scale of AI-enabled cyber operations are putting pressure on traditional cybersecurity models. Instead of relying mainly on prevention and scheduled patching cycles, organisations are being pushed towards continuous detection, automated response, stronger access controls and more resilient infrastructure.

The report also stresses that AI’s value in cybersecurity depends on strategy, governance and human oversight. Rather than treating AI as a standalone tool, organisations are encouraged to test use cases carefully, build appropriate safeguards and invest in the skills and processes needed to defend at machine speed.

Why does it matter?

AI is changing cybersecurity on both sides of the equation. It can lower the barriers for faster and more scalable attacks, but it can also help defenders improve detection, response and resilience. The wider significance is that cybersecurity strategies built around periodic assessment and manual response may become less effective as AI-driven threats and defences operate at greater speed and scale.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

The rise of gray websites fuels global scam and data theft risks

Cybersecurity researchers at Kaspersky have identified a growing network of so-called ‘grey’ websites that exploit user trust to generate financial gain and harvest personal data. Unlike traditional phishing attacks, these platforms rely on manipulation, misleading design and hidden conditions rather than direct credential theft.

The report shows that gray websites often imitate legitimate services, including financial tools, e-commerce platforms, AI services and subscription-based content.

Common categories include fake browser extensions, fraudulent investment schemes, subscription traps and counterfeit online shops, many of which are designed to encourage voluntary payment or data sharing.

Kaspersky notes that these threats are spreading globally but vary by region.

Europe is seeing a rise in fake privacy tools and browser hijackers, Africa is heavily affected by fraudulent trading platforms, while Latin America faces betting scams and pyramid schemes. Asia-Pacific shows a broader mix, including crypto fraud, AI-themed scams and malicious download services.

Across all regions, attackers are increasingly aligning scams with current digital trends to appear more credible. Kaspersky warns that even well-designed platforms can hide risks, making user awareness, verification and security tools key to reducing financial and data harm.

Why does it matter? 

The rise of ‘grey’ websites signals a shift in online fraud away from obvious phishing towards more subtle, trust-based manipulation. Instead of breaking systems, attackers increasingly exploit user behaviour, interfaces, and familiarity with digital services.

That lowers the ‘visibility’ of fraud. Users are not being forced into breaches; they are being guided into consent- signing up, subscribing, investing, or installing tools that appear legitimate. It makes scams harder to detect, harder to regulate, and easier to scale globally.

It also shows how cybercrime is adapting to current technological trends, especially AI services, crypto tools, and digital platforms that people already expect to be trustworthy. As a result, the boundary between legitimate innovation and fraud becomes less clear, increasing systemic risk for both consumers and digital economies.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

ENISA to host 2026 telecom and digital infrastructure security forum

The European Union Agency for Cybersecurity (ENISA) has announced its Telecom and Digital Infrastructure Security Forum 2026, bringing together telecom experts, policymakers and national authorities to address emerging cybersecurity risks.

The forum will focus on challenges, including cyberattacks on telecom networks, resilience issues such as power dependencies, and the security implications of new technologies. It aims to support strategic and technical dialogue across the sector.

Organised with the Cyprus Presidency of the Council of the EU, the event provides a private setting for collaboration among industry specialists, regulators and the wider cybersecurity community, without public broadcasting.

Discussions will contribute to ongoing efforts to strengthen coordinated telecom security measures and policy development across the EU, with the event taking place in Nicosia, Cyprus.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft reports large-scale phishing campaign targeting organisations across sectors

Microsoft has disclosed a phishing campaign aimed at stealing credentials from more than 35,000 users across 26 countries. The attack, detected in April 2026, targeted over 13,000 organisations, with a heavy concentration in healthcare, financial services, professional services, and technology sectors.

Microsoft said the campaign used email templates designed to mimic internal corporate communications, often framed as code of conduct or compliance-related notices.

Attackers created a sense of urgency through time-sensitive prompts and attached PDFs that redirected victims to credential-harvesting pages hosted on attacker-controlled infrastructure, Microsoft added.

The attack chain included multiple verification steps, such as CAPTCHA screens and intermediate landing pages intended to bypass automated defences and increase legitimacy.

Ultimately, victims were directed to fake sign-in portals using adversary-in-the-middle techniques, enabling real-time capture of credentials and authentication tokens, including multi-factor authentication bypass.

The disclosure comes amid a wider surge in phishing activity, with Microsoft reporting billions of attempts and a rapid rise in QR code-based attacks and CAPTCHA-gated phishing flows.

Why does it matter? 

The campaign shows phishing evolving into highly convincing, enterprise-style attacks that are harder to detect and increasingly scalable. By bypassing both human judgment and security controls like multi-factor authentication, it significantly raises the risk of large-scale account compromise.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cybercrime communities face skills gap despite rise of AI tools

A major study by researchers from the universities of Cambridge, Edinburgh, and Strathclyde, published by the Centre for Emerging Technology and Security at the Alan Turing Institute, suggests cybercriminals are still struggling to use AI effectively in their operations despite widespread attention around tools such as ChatGPT.

Researchers analysed more than 100 million posts from underground and dark web forums to assess how AI is being adopted within cybercrime communities.

The research, carried out by the universities of Edinburgh, Strathclyde, and Cambridge using the CrimeBB database, found that most offenders lack the technical skills and resources needed to integrate AI into criminal activity. Rather than lowering barriers to entry, AI tools benefit already skilled actors far more than inexperienced ones.

The analysis shows AI is used most successfully in already highly automated areas, such as social media bots linked to harassment and fraud, as well as in efforts to mask patterns that cybersecurity systems might otherwise detect. While experimentation is increasing, the researchers found little sign that AI is delivering a broad or transformative boost to overall cybercriminal capability. Mainstream chatbot guardrails were also found to be limiting harmful use in practice.

The researchers argue that the more immediate concern for industry is not dramatic AI-enabled innovation among cybercriminals, but insecure adoption of AI within legitimate organisations. They point to risks from poorly secured agentic AI systems and from AI-generated ‘vibecoded’ software being deployed without adequate safeguards.

Why does it matter?

The findings challenge a common assumption that generative AI is already giving cybercriminals a major operational advantage. Instead, the more immediate and scalable risk may come from companies deploying insecure AI systems faster than they can secure them. That shifts attention away from worst-case speculation about criminal innovation and towards a more practical cyber policy question: whether organisations are introducing new AI-enabled vulnerabilities into mainstream digital infrastructure.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

Swisscom says AI and geopolitics are reshaping the cyber threat landscape

Swisscom has published its 2026 Cybersecurity Threat Radar, warning that cyber threats have grown more complex over the past year as geopolitical tensions and disruptive technologies put added pressure on digital systems. The report presents AI, supply chain exposure, digital sovereignty, and operational technology security as four strategic risk areas for organisations.

The report highlights state-linked cyber activity, hybrid influence operations such as disinformation, and supply chain attacks as key drivers of the current threat environment. It argues that digital transformation has increased dependence on cloud services, third-party software, AI systems, and networked industrial infrastructure, making organisations more exposed to cascading failures and external dependencies.

On AI, Swisscom describes insecure AI use as a risk multiplier. While AI can improve productivity, the report warns that poor governance, weak visibility into models, and uncontrolled use of AI tools in operational environments can expand attack surfaces, affect data quality, and create new compliance challenges.

Software supply chains are also identified as a persistent vulnerability. Swisscom says a single compromised component or manipulated update process can have far-reaching consequences across interconnected systems, making software integrity, origin verification, and traceability increasingly important as mitigation measures.

The convergence of information technology and operational technology is presented as another growing area of concern. In sectors such as energy, healthcare, manufacturing, and building automation, incidents can have consequences that go well beyond financial loss, affecting critical infrastructure, production, and even human safety.

The report also places greater emphasis on digital sovereignty, arguing that organisations need clearer visibility over where data is processed, which legal regimes apply, and how dependent they are on cloud and technology providers. In that sense, Swisscom frames cybersecurity less as a narrow IT function and more as a strategic governance issue tied to resilience, control, and trust.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware accounts for 90% of cyber losses in manufacturing, claims data shows

Ransomware is responsible for 90% of total cyber-related financial losses in the manufacturing sector, despite accounting for only 12% of claim volume by number, according to an analysis of insurance claims data published by Resilience.

The findings indicate that while ransomware incidents are not the most frequently filed claim type, they produce disproportionately large financial losses when they occur. The manufacturing sector’s low tolerance for operational downtime is identified as a contributing factor to loss severity.

Additional findings from the claims dataset include:

  • 30% of manufacturing claims are linked to phishing and transfer fraud
  • 26% of total losses are associated with multi-factor authentication (MFA) misconfiguration
  • 12% of claims involved wrongful data collection

The report identifies MFA misconfiguration as a notable area of exposure, alongside procedural gaps in financial transfer controls. Recommended mitigation measures include auditing MFA deployment, implementing transfer verification procedures, and investing in ransomware containment capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Crypto crackdown intensifies in Kazakhstan over illegal exchanges

Kazakhstan’s financial regulator has warned that several major cryptocurrency exchanges are operating without the licences required under the country’s current digital asset framework, reinforcing its strict authorisation regime.

The Astana Financial Services Authority identified prominent platforms, including HTX, Bitget, OKX, and MEXC, as operating without the necessary permits. Under existing rules, only entities licensed within the Astana International Financial Centre are allowed to provide regulated digital asset services.

Authorities stressed that international popularity does not exempt platforms from complying with local law. They also warned that unauthorised exchanges can expose users to financial losses, data breaches, and fraudulent schemes, and urged the public to verify platforms through the official register of licensed firms. AFSA’s website currently shows a regulated ecosystem with dozens of authorised entities across the AIFC framework.

The warning comes amid broader enforcement efforts as Kazakhstan tries to formalise its crypto sector while positioning itself as a regulated regional hub for digital assets. In parallel, law enforcement agencies have reported wider crackdowns on illegal crypto activity, including shadow exchanges and money-laundering networks.

Why does it matter?

Kazakhstan’s tightening enforcement shows a broader push to bring crypto activity into a more formal and supervised market structure. By restricting unlicensed platforms and steering users towards authorised entities, the authorities are trying to reduce exposure to financial crime, improve market transparency, and build credibility for Kazakhstan’s ambition to become a regulated regional digital asset hub.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!  

Diplo chatbot can make mistakes. Consider checking important information.