Meta Platforms announced on Wednesday that it had removed approximately 63,000 Instagram accounts in Nigeria involved in financial sexual extortion scams, primarily targeting adult men in the United States. These Nigerian fraudsters, often called ‘Yahoo boys,’ are infamous for various scams, including posing as individuals in financial distress or as Nigerian princes.
In addition to the Instagram accounts, Meta also took down 7,200 Facebook accounts, pages, and groups that provided tips on how to scam people. Among the removed accounts, around 2,500 were part of a coordinated network linked to about 20 individuals. These scammers used fake accounts to conceal their identities and engage in sextortion, threatening victims with the release of compromising photos unless they paid a ransom.
Meta’s investigation revealed that most of the scammers’ attempts were unsuccessful. While adult men were the primary targets, there were also attempts against minors, which Meta reported to the National Centre for Missing and Exploited Children in the US. The company employed new technical measures to identify and combat sextortion activities.
Online scams have increased in Nigeria, where economic hardships have led many to engage in fraudulent activities from various settings, including university dormitories and affluent neighbourhoods. Meta noted that some of the removed accounts were not only participating in scams but also sharing guides, scripts, and photos to assist others in creating fake accounts for similar fraudulent purposes.
Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.
In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.
The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.
Spanish police have arrested three pro-Russian hackers suspected of carrying out cyberattacks against Spain and other NATO countries. These attacks, allegedly for terrorist purposes, targeted public institutions and critical infrastructures in nations supporting Ukraine in the ongoing conflict with Russia. The suspects, whose identities have not been disclosed, were detained in Manacor, Huelva, and Seville.
The arrests are linked to the hacktivist group NoName057(16), active since the Russian invasion of Ukraine. The Civil Guard reported that the group’s manifesto acknowledges their intent to retaliate against Western actions perceived as anti-Russian. Police released footage showing a Soviet-era flag in one suspect’s home.
Investigations continue, with the suspects accused of orchestrating distributed denial of service (DDoS) attacks on web pages of government sectors and essential services. A reference can be made to Russian hackers accused of similar attacks on targets in Lithuania and Norway in 2022.
A report from the Internet Watch Foundation (IWF) has exposed a disturbing misuse of AI to generate deepfake child sexual abuse images based on real victims. While the tools used to create these images remain legal in the UK, the images themselves are illegal. The case of a victim, referred to as Olivia, exemplifies the issue. Abused between the ages of three and eight, Olivia was rescued in 2023, but dark web users are now employing AI tools to create new abusive images of her, with one model available for free download.
The IWF report also reveals an anonymous dark web page with links to AI models for 128 child abuse victims. Offenders are compiling collections of images of named victims, such as Olivia, and using them to fine-tune AI models to create new material. Additionally, the report mentions models that can generate abusive images of celebrity children. Analysts found that 90% of these AI-generated images are realistic enough to fall under the same laws as real child sexual abuse material, highlighting the severity of the problem.
According to a blog post from Microsoft on Saturday, a global tech outage caused by a software update from cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices. That number represents less than one percent of all Windows machines, but the impact was significant, grounding flights, interrupting broadcasts, and disrupting access to essential services such as healthcare and banking.
Despite the relatively small percentage of devices affected, the outage had broad economic and societal effects due to critical enterprises’ widespread use of CrowdStrike’s services. Microsoft noted that CrowdStrike has helped develop a solution to accelerate the fix for Microsoft’s Azure infrastructure. The company is also collaborating with Amazon Web Services and Google Cloud Platform to share information about the outage’s effects across the industry.
The air travel industry was particularly hard hit, with thousands of flights cancelled and passengers experiencing extensive delays. Delta Air Lines, one of the hardest-hit airlines, reported over 600 flight cancellations by Saturday morning, with more expected throughout the day as the industry worked to recover from the IT outage.
Australia’s cyber intelligence agency warned on Saturday about the release of ‘malicious websites and unofficial code’ online, claiming to aid recovery from Friday’s global digital outage. The outage, caused by a botched software update from CrowdStrike, impacted various sectors, including media, retailers, banks, and airlines.
The Australian Signals Directorate (ASD) urged consumers to obtain technical information and updates exclusively from official CrowdStrike sources to avoid falling victim to scams. Cyber Security Minister Clare O’Neil also cautioned Australians to be vigilant against potential scams and phishing attempts.
The outage affected the Commonwealth Bank of Australia, causing temporary disruptions in PayID payments, which were later resolved. National airline Qantas and Sydney airport experienced delays but maintained operations. Prime Minister Anthony Albanese confirmed that critical infrastructure, government services, and emergency phone systems were unaffected.
CrowdStrike, a major cybersecurity provider with nearly 30.000 global subscribers, previously reached a market cap of about $83 billion. Despite the widespread disruption, the swift response helped mitigate further issues and ensured a quick recovery.
A US judge has dismissed most of an SEC lawsuit against software company SolarWinds, which accused it of defrauding investors by concealing security weaknesses linked to a Russia-backed cyberattack. Judge Paul Engelmayer ruled that claims against SolarWinds and its chief information security officer, Timothy Brown, were based on ‘hindsight and speculation’ and lacked concrete evidence.
The judge dismissed most claims related to statements made before the cyberattack, except for one regarding a statement on SolarWinds’ website about its security controls. The SEC had alleged that SolarWinds hid its cybersecurity vulnerabilities before the attack and downplayed its severity afterwards. SolarWinds expressed satisfaction with the decision, calling the remaining claim factually inaccurate.
The cyberattack, known as Sunburst, targeted SolarWinds’ Orion software platform and compromised several US government networks, including the Departments of Commerce, Energy, Homeland Security, State, and Treasury. The US government has attributed the attack to Russia, which has denied involvement.
This case, filed last October, was notable for being one of the first where the SEC sued a company that was a victim of a cyberattack without announcing a settlement. It is also rare for the SEC to sue public company executives not closely involved in preparing financial statements.
Whistle-blowers have filed a complaint with the US Securities and Exchange Commission (SEC) against OpenAI, calling for an investigation into the company’s allegedly restrictive non-disclosure agreements (NDAs). The complaint, alleges that OpenAI’s NDAs required employees to waive their federal rights to whistle-blower compensation, creating a chilling effect on their right to speak up.
Senator Chuck Grassley’s office provided the letter to Reuters, stating that OpenAI’s policies appear to prevent whistleblowers from receiving due compensation for their protected disclosures. The whistle-blowers have requested that the SEC fine OpenAI for each improper agreement and review all contracts containing NDAs, including employment, severance, and investor agreements. OpenAI did not immediately respond to requests for comment.
This complaint follows other legal and regulatory challenges faced by OpenAI. The company has been sued for allegedly stealing people’s data, and US authorities have called for companies to ensure their AI products do not violate civil rights. OpenAI recently formed a Safety and Security Committee to address safety concerns as it begins training its next AI model.
According to blockchain data, a major Cambodian payments firm, Huione Pay, received over $150,000 in cryptocurrency from a digital wallet linked to the North Korean hacking group Lazarus. The funds were sent between June 2023 and February this year from an anonymous wallet used by Lazarus to launder money stolen from three crypto companies through phishing attacks. The FBI reported that Lazarus stole around $160 million from Atomic Wallet, CoinsPaid, and Alphapo last year to fund North Korea’s weapons programs.
Huione Pay, based in Phnom Penh, stated it was unaware of receiving funds indirectly from the hacks and cited multiple transactions between its wallet and the source as the reason. The company declined to explain why it had received the funds or provide details on its compliance policies. Despite blockchain tools allowing companies to identify high-risk wallets, Huione Pay claimed it had no control over the anonymous wallet’s transactions.
The National Bank of Cambodia (NBC) prohibits payment firms like Huione Pay from dealing with cryptocurrencies due to risks like money laundering and financing terrorism. The NBC indicated it might take corrective measures against Huione Pay. Meanwhile, US blockchain analysis firms reported that Huione Pay was among several platforms receiving stolen crypto, which was converted into different currencies, including tether (USDT), to obscure the money trail. Southeast Asia has become a hotspot for high-tech money laundering and cybercrime operations, highlighting the need for stronger regulatory measures.
Indonesia is starting to recover data encrypted in a significant ransomware attack last month, which impacted over 160 government agencies. The cybercriminals, identified as Brain Cipher, initially demanded $8 million in ransom but later apologised and released the decryption key for free, according to cybersecurity firm StealthMole.
The attack disrupted several government services, including immigration and primary airport operations. Officials acknowledged that much of the data had yet to be backed up. Chief Security Minister Hadi Tjahjanto stated that data for 30 public services across 12 ministries had been recovered using a ‘decryption strategy,’ though details were not provided.
The Communications Ministry is gradually restoring services and assets affected by the attack. It remains to be seen if the government used Brain Cipher’s decryption key directly. Neither Hadi nor Communications Minister Budi Arie Setiadi commented on the matter.
Ransomware attacks involve encrypting data and demanding a ransom to unlock it. In this case, the attackers used malicious software known as Lockbit 3.0.
