Cybercrime

Bank Indonesia reports over 370 million cyber threat attempts in 2024

Bank Indonesia (BI) has reported more than 370 million attempted cyber threats targeting the country, highlighting the growing exposure linked to Indonesia’s rapid digital transformation.

The central bank also noted a 25% increase in anomalous cyber traffic in 2024 compared to the previous year. Deputy Governor Filianingsih Hendarta stated that the rise in cyber activity underscores the need for all stakeholders to remain vigilant as Indonesia continues to develop its digital infrastructure.

She also added that public trust is essential to sustaining a resilient digital ecosystem, as trust takes a long time to build and can be lost in to moment.

To strengthen cybersecurity and prepare for continued digitalisation, BI has developed the Indonesian Payment System Blueprint (BSPI) 2030, a strategic framework intended to enhance institutional collaboration and reinforce the security of the national payment system.

BI data shows that internet penetration in Indonesia has reached 80.66%, equivalent to approximately 229 million people, surpassing the global average of 68.7% (around 6.66 billion people worldwide).

Filianingsih also emphasised that strengthening digital infrastructure requires cross-sectoral and international cooperation, given the global and rapidly evolving nature of cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New law aims to make the internet safer in Singapore

Singapore’s Parliament has passed the Online Safety (Relief and Accountability) Bill, a landmark law designed to provide faster protection and redress for victims of online harm. After over eight hours of debate, MPs approved the Bill, which will establish the Online Safety Commission (OSC) by June 2026, a one-stop agency empowered to direct online platforms, group administrators, and internet service providers to remove harmful content or restrict the accounts of perpetrators.

The move follows findings that social media platforms often take five days or more to act on harmful content reports, leaving victims exposed to harassment and abuse.

The new law introduces civil remedies and enforcement powers for a wide range of online harms, including harassment, doxing, stalking, intimate image abuse, and child exploitation. Victims can seek compensation for lost income or force perpetrators to surrender profits gained from harmful acts.

In severe cases, individuals or entities that ignore OSC orders may face fines of up to S$500,000, and daily penalties may be applied until compliance is achieved. The OSC can also order access blocks or app removals for persistent offenders.

Ministers Josephine Teo, Rahayu Mahzam, and Edwin Tong emphasised that the Bill aims to empower victims rather than punish expression, while ensuring privacy safeguards. Victims will be able to request the disclosure of a perpetrator’s identity to pursue civil claims, though misuse of such data, such as doxing in retaliation, will be an offence. The law also introduces a ‘no wrong door’ approach, ensuring that victims will not have to navigate multiple agencies to seek help.

Singapore joins a small group of nations, such as Australia, that have created specialised agencies for digital safety. The government hopes the OSC will help rebuild trust in online spaces and establish new norms for digital behaviour.

As Minister Teo noted, ‘Our collective well-being is compromised when those who are harmed are denied restitution. By fostering trust in online spaces, Singaporeans can participate safely and confidently in our digital society.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S profits plunge after costly cyberattack

Marks & Spencer says a major cyberattack around Easter forced it to shut its website to orders for about six weeks, disrupting logistics, emptying shelves and sending customers to rivals. The breach also exposed personal data, including names, email and postal addresses, and dates of birth.

The incident was traced to ‘human error’, according to chief executive Stuart Machin. M&S estimated the attack cost around £324 million in lost sales, partly offset by a £100 million insurance payout, and expects a total profit impact of about £136 million for the year.

Home delivery restarted in June, while click and collect returned in August, but fashion, home and beauty recovered more slowly than food as the retailer rebuilt systems and worked through backlogs. M&S says online trading has steadily improved and it expects operations to be fully restored by year-end.

The company has pledged tighter security controls and processes following the attack, which highlighted the vulnerability of retail supply chains to cyber incidents. The attack comes amid a surge in cyber incidents targeting UK retailers, including recent campaigns where hackers posed as IT staff to breach corporate networks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UN treaty sparks debate over digital cybersecurity

A new UN cybercrime treaty opened for signature on 25 October, raising concerns about digital cybersecurity and privacy protections. The treaty allows broad cross-border cooperation on serious crimes, potentially requiring states to assist investigations that conflict with domestic laws.

Negotiations revealed disagreements over the treaty’s scope and human rights standards, primarily because it grants broad surveillance powers without clearly specifying safeguards for privacy and digital rights. Critics warn that these powers could be misused, putting digital cybersecurity and the rights of citizens at risk.

Governments supporting the treaty are advised to adopt safeguards, including limiting intrusive monitoring, conditioning cooperation on dual criminality, and reporting requests for assistance transparently. Even with these measures, experts caution that the treaty could pose challenges to global digital cybersecurity protection.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Major crypto fraud network dismantled across Europe

European authorities have dismantled one of the continent’s largest cryptocurrency fraud and money laundering schemes, arresting nine suspects across Cyprus, Spain, and Germany. The network allegedly defrauded hundreds of investors through fake crypto platforms, stealing over €600 million.

The scammers reportedly created websites that mimicked legitimate trading platforms, luring victims through social media, cold calls, and fabricated celebrity endorsements. Once deposits were made, the funds were laundered through blockchain technology, making recovery nearly impossible.

During the operation, investigators seized €800,000 in bank accounts, €415,000 in cryptocurrencies, €300,000 in cash, and luxury watches worth over €100,000. Authorities stated that several properties linked to the network remain under evaluation as investigations continue.

French prosecutors said the suspects face fraud and money laundering charges, carrying sentences of up to ten years. The case underscores the growing cross-border nature of crypto-related crime, with Eurojust’s coordination proving key to dismantling the network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

World Economic Forum President warns of potential AI and crypto bubbles 

World Economic Forum President Borge Brende has warned that massive investments in AI and cryptocurrencies may create financial bubbles. Speaking in Berlin, he noted that $500 billion has been invested in AI this year, raising concerns about speculative bubbles in AI and cryptocurrency.

Brende described frontier technologies as a ‘big paradigm shift’ that could drive global growth, with potential productivity gains of up to 10% over the next decade. He noted that breakthroughs in medicine, synthetic biology, space, and energy could transform economies, but stressed that the benefits must be widely shared.

Geopolitical uncertainty remains a significant concern, according to Brende. He pointed to rising tensions between the US and China, calling it a race for technological dominance that could shape global power.

He also urged multilateral cooperation to address global challenges, including pandemics, cybercrime, and investment uncertainty.

Despite the disorder in world politics, Brende highlighted the resilience of economies like those in the US, China, and India. He called for patient investment strategies and stronger international coordination to ensure that new technologies translate into sustainable prosperity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Mustafa Suleyman warns against building seemingly conscious AI

Mustafa Suleyman, CEO of Microsoft AI, argues that AI should be built for people, not to replace them. Growing belief in chatbot consciousness risks campaigns for AI rights and a needless struggle over personhood that distracts from human welfare.

Debates over true consciousness miss the urgent issue of convincing imitation. Seemingly conscious AI may speak fluently, recall interactions, claim experiences, and set goals that appear to exhibit agency. Capabilities are close, and the social effects will be real regardless of metaphysics.

People already form attachments to chatbots and seek meaning in conversations. Reports of dependency and talk of ‘AI psychosis‘ show persuasive systems can nudge vulnerable users. Extending moral status to uncertainty, Suleyman argues, would amplify delusions and dilute existing rights.

Norms and design principles are needed across the industry. Products should include engineered interruptions that break the illusion, clear statements of nonhuman status, and guardrails for responsible ‘personalities’. Microsoft AI is exploring approaches that promote offline connection and healthy use.

A positive vision keeps AI empowering without faking inner life. Companions should organise tasks, aid learning, and support collaboration while remaining transparently artificial. The focus remains on safeguarding humans, animals, and the natural world, not on granting rights to persuasive simulations.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Live exploitation of CVE-2024-1086 across older Linux versions flagged by CISA

CISA’s warning serves as a reminder that ransomware is not confined to Windows. A Linux kernel flaw, CVE-2024-1086, is being exploited in real-world incidents, and federal networks face a November 20 patch-or-disable deadline. Businesses should read it as their cue, too.

Attackers who reach a vulnerable host can escalate privileges to root, bypass defences, and deploy malware. Many older kernels remain in circulation even though upstream fixes were shipped in January 2024, creating a soft target when paired with phishing and lateral movement.

Practical steps matter more than labels. Patch affected kernels where possible, isolate any components that cannot be updated, and verify the running versions against vendor advisories and the NIST catalogue. Treat emergency changes as production work, with change logs and checks.

Resilience buys time when updates lag. Enforce least privilege, require MFA for admin entry points, and segment crown-jewel services. Tune EDR to spot privilege-escalation behaviour and suspicious modules, then rehearse restores from offline, immutable backups.

Security habits shape outcomes as much as CVEs. Teams that patch quickly, validate fixes, and document closure shrink the blast radius. Teams that defer kernel maintenance invite repeat visits, turning a known bug into an avoidable outage.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Cyber and energy leaders meet to harden EU power grid resilience

Europe’s 8th Cybersecurity Forum in Brussels brought together more than 200 officials and operators from energy, cybersecurity and technology to discuss how to protect the bloc’s increasingly digital, decentralised grids. ENISA said strengthening energy infrastructure security is urgent as geopolitics and digitalisation raise risk.

Discussions focused on turning new EU frameworks into real-world protection: the Cyber Resilience Act placing board-level responsibility for security, the NIS2 Directive updating obligations across critical sectors, and the Network Code on Cybersecurity setting common rules for cross-border electricity flows. Speakers pressed for faster implementation, better public-private cooperation and stronger supply-chain security.

Case studies highlighted live threats. Ukraine’s National Cybersecurity Coordination Center warned of the growing threat of hybrid warfare, citing repeated Russian cyberattacks on its power grid dating back to 2015. ENCS demonstrated how insecure consumer-energy devices like EV chargers, PV inverters, and home batteries can be easily exploited when security-by-design measures are absent.

Organisers closed with a call to standardise best practice, improve information sharing and coordinate operators, regulators and suppliers. As DG Energy’s Michaela Kollau noted, the resilience of Europe’s grids depends on a shared commitment to implementing current legislation and sector cybersecurity measures.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Australian police create AI tool to decode predators’ slang

Australian police are developing an AI tool with Microsoft to decode slang and emojis used by online predators. The technology is designed to interpret coded messages in digital conversations to help investigators detect harmful intent more quickly.

Federal Police Commissioner Krissy Barrett said social media has become a breeding ground for exploitation, bullying, and radicalisation. The AI based prototype, she explained, could allow officers to identify threats earlier and rescue children before abuse occurs.

Barrett also warned about the rise of so-called ‘crimefluencers’, offenders using social media trends to lure young victims, many of whom are pre-teen or teenage girls. Australian authorities believe understanding modern online language is key to disrupting their methods.

The initiative follows Australia’s new under-16 social media ban, due to take effect in December. Regulators worldwide are monitoring the country’s approach as governments struggle to balance online safety with privacy and digital rights.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot