Cybercrime

US seizes $15 billion crypto from Cambodia fraud ring

US federal prosecutors have seized $15 billion in cryptocurrency tied to a large-scale ‘pig butchering’ investment scam linked to forced labour compounds in Cambodia. Officials said it marks the biggest crypto forfeiture in Justice Department history.

Authorities charged Chinese-born businessman Chen Zhi, founder of the Prince Group, with money laundering and wire fraud. Chen allegedly used the conglomerate as cover for criminal operations that laundered billions through fake crypto investments. He remains at large.

Investigators say Chen and his associates operated at least ten forced labour sites in Cambodia where victims, many coerced workers, managed thousands of fake social media accounts to lure targets into fraudulent investment schemes.

The US Treasury also imposed sanctions on dozens of Prince Group affiliates, calling them transnational criminal organisations. FBI officials said the scam is part of a wider wave of crypto fraud across Southeast Asia, urging anyone targeted by online investment offers to contact authorities immediately.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

An awards win for McAfee’s consumer-first AI defence

McAfee won ‘Best Use of AI in Cybersecurity’ at the 2025 A.I. Awards for its Scam Detector. The tool, which McAfee says is the first to automate deepfake, email, and text-scam detection, underscores a consumer-focused defence. The award recognises its bid to counter fast-evolving online fraud.

Scams are at record levels, with one in three US residents reporting victimisation and average losses of $1,500. Threats now range from fake job offers and text messages to AI-generated deepfakes, increasing the pressure on tools that can act in real time across channels.

McAfee’s Scam Detector uses advanced AI to analyse text, email, and video, blocking dangerous links and flagging deepfakes before they cause harm. It is included with core McAfee plans and available on PC, mobile, and web, positioning it as a default layer for everyday protection.

Adoption has been rapid, with the product crossing one million users in its first months, according to the company. Judges praised its proactive protection and emphasis on accuracy and trust, citing its potential to restore user confidence as AI-enabled deception becomes more sophisticated.

McAfee frames the award as validation of its responsible, consumer-first AI strategy. The company says it will expand Scam Detector’s capabilities while partnering with the wider ecosystem to keep users a step ahead of emerging threats, both online and offline.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

UK government urges firms to keep paper backups for cyberattack recovery

The UK government has issued a strong warning to company leaders to prepare for cyber incidents by maintaining paper-based contingency plans. The National Cyber Security Centre (NCSC) emphasised that firms must plan how to continue operations and rebuild IT systems if networks are compromised.

The advice follows a series of high-profile cyberattacks this year targeting major UK firms, including Marks & Spencer, The Co-op, and Jaguar Land Rover, which experienced production halts and supply disruptions after their systems were breached.

According to NCSC chief executive Richard Horne, organisations need to adopt ‘resilience engineering’ strategies, systems designed to anticipate, absorb, recover, and adapt during cyberattacks.

The agency recommends storing response plans offline and outlining alternative communication methods, such as phone trees and manual record-keeping, should email systems fail.

While the total number of cyber incidents investigated by the NCSC, 429 in the first nine months of 2025, remained stable, the number of ‘nationally significant’ attacks nearly doubled from 89 to 204. These include Category 1–3 incidents, ranging from ‘significant’ to ‘national cyber emergency.’

Recent cases highlight the human and operational toll of such events, including a ransomware attack on a London blood testing provider last year that caused severe clinical disruption and contributed to at least one patient death.

Experts say the call for offline backups may sound old-fashioned but is pragmatic. ‘You wouldn’t walk onto a building site without a helmet, yet companies still go online without basic protection,’ said Graeme Stewart, head of public sector at Check Point. ‘Cybersecurity must be treated like health and safety: not optional, but essential.’

The government is also encouraging companies, particularly SMEs, to use the NCSC’s free support tools, including cyber insurance linked to its Cyber Essentials programme.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ethernet wins in raw security, but Wi-Fi can compete with the right setup

The way you connect to the internet matters, not just the speed, but also your privacy and security. That’s the main takeaway from a recent Fox News report comparing Ethernet and Wi-Fi security.

At its core, Ethernet is inherently more secure in many scenarios because it requires physical access. Data travels along a cable directly to your router, reducing risks of eavesdropping or intercepting signals mid-air.

Wi-Fi, by contrast, sends data through the air. That makes it more vulnerable, especially if a network uses weak passwords or outdated encryption standards. Attackers within signal range might exploit poorly secured networks.

But Ethernet isn’t a guaranteed fortress. The Fox article emphasises that security depends largely on your entire setup. A Wi-Fi network with strong encryption (ideally WPA3), robust passwords, regular firmware updates, and a well-configured router can approach the network security level of wired connections.

Each device you connect, smartphones, smart home gadgets, IoT sensors, increases your network’s exposure. Wi-Fi amplifies that risk since more devices can join wirelessly. Ethernet limits the number of direct connection points, which reduces the attack surface.

In short, Ethernet gives you a baseline security advantage, but a well-secured Wi-Fi network can be quite robust. The critical factor is how carefully you manage your network settings and devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft ends support for Windows 10

Windows 10 support ends on Tuesday, 14 October 2025, and routine security patches and fixes will no longer be provided. Devices will face increased cyber risk without updates. Microsoft urges upgrades to Windows 11 where possible.

Windows powers more than 1.4 billion devices, with Windows 10 still widely used. UK consumer group Which? estimates 21 million local users. Some plan to continue regardless, citing cost, waste, and working hardware.

Upgrade to Windows 11 is free for eligible PCs via the Settings app. Others can enrol in Extended Security Updates, which deliver security fixes only until October 2026. ESU offers no technical support or feature updates.

Personal users in the European Economic Area can register for ESU at no charge. Elsewhere, eligibility may unlock ESU for free, or it costs $30 or 1,000 Microsoft Rewards points. Businesses pay $61 per device for year one.

Unsupported systems become easier targets for malware and scams, and some software may degrade over time. Organisations risk compliance issues running out-of-support platforms. Privacy-minded users may also dislike Windows 11’s tighter Microsoft account requirements.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!

Beer deliveries falter after Asahi cyber crisis

A ransomware attack by the Qilin group has crippled Asahi Group Holdings, Japan’s leading brewer, halting production across most of its 30 factories. Over 27GB of stolen Asahi data appeared online, forcing manual order processing with handwritten notes and faxes.

The attack has slashed shipments to 10-20% of normal capacity, disrupting supplies of its popular Super Dry beer.

Small businesses, like Tokyo’s Ben Thai restaurant, are left with dwindling stocks, some down to just a few bottles. Retail giants such as 7-Eleven, FamilyMart, and Lawson warn of shortages affecting not only beer but also Asahi’s soft drinks and bottled teas.

Liquor store owners, grappling with limited deliveries, fear disruptions could persist for weeks given Asahi’s 40% market dominance.

Experts point to Japan’s outdated legacy systems and low cybersecurity expertise as key vulnerabilities, making firms like Asahi prime targets. Recent attacks on Japan Airlines and Nagoya’s port highlight a growing trend.

The reliance on high trust in Japanese society further emboldens hackers, who often demand ransoms from unprepared organisations.

The government’s Active Cyber Defense Law aims to strengthen protections by enhancing information sharing and empowering proactive counterattacks. Chief Cabinet Secretary Yoshimasa Hayashi confirmed an ongoing investigation into the Asahi breach.

However, small vendors and customers face ongoing uncertainty, with no clear timeline for full recovery of Japan’s beloved brews.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Fake VPN apps linked to banking malware warn security experts

Security researchers have issued urgent warnings about VPN applications that appear legitimate but secretly distribute banking trojans such as Klopatra and Mobdro.

The apps masquerade as trustworthy privacy tools, but once installed they can steal credentials, exfiltrate data or give attackers backdoor access to devices. Victims may initially notice nothing amiss.

Among the apps flagged, some were available on major app platforms, increasing the risk exposure. Analysts recommend users immediately uninstall any unfamiliar VPN apps, scan devices with a reputable security tool and change banking passwords if suspicious activity is detected.

Developers and platform operators are urged to strengthen vetting of privacy tool submissions. Given that VPNs are inherently powerful (encrypting traffic, accessing network functions), any malicious behaviour can escalate rapidly.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Fake VPN app drains bank accounts across Europe

Cybersecurity experts are urging Android users to uninstall a fake VPN app capable of stealing banking details and draining accounts. The malware, hidden inside a Mobdro Pro IPTV + VPN app, has already infected more than 3,000 devices across Europe.

The app promises free access to films and live sports, but installs Klopatra, a sophisticated malware designed to gain complete control of a device. Once downloaded, it tricks users into granting access through Android’s Accessibility Services, enabling attackers to read screens and perform actions remotely.

Researchers at Cleafy, the firm that uncovered the operation, said attackers can use the permissions to operate phones as if they were the real owners. The firm believes the campaign originated in Turkey and estimates that around 1,000 people have fallen victim to the scam.

Cybersecurity analysts stress that the attack represents a growing trend in banking malware, where accessibility features are exploited to bypass traditional defences and gain near-total control of infected devices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Age verification and online safety dominate EU ministers’ Horsens meeting

EU digital ministers are meeting in Horsens on 9–10 October to improve the protection of minors online. Age verification, child protection, and digital sovereignty are at the top of the agenda under the Danish EU Presidency.

The Informal Council Meeting on Telecommunications is hosted by the Ministry of Digital Affairs of Denmark and chaired by Caroline Stage. European Commission Executive Vice-President Henna Virkkunen is also attending to support discussions on shared priorities.

Ministers are considering measures to prevent children from accessing age-inappropriate platforms and reduce exposure to harmful features like addictive designs and adult content. Stronger safeguards across digital services are being discussed.

The talks also focus on Europe’s technological independence. Ministers aim to enhance the EU’s digital competitiveness and sovereignty while setting a clear direction ahead of the Commission’s upcoming Digital Fairness Act proposal.

A joint declaration, ‘The Jutland Declaration’, is expected as an outcome. It will highlight the need for stronger EU-level measures and effective age verification to create a safer online environment for children.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US greenlights Nvidia chip exports to UAE under new AI pact

The US has approved its first export licences for Nvidia’s advanced AI chips destined for the United Arab Emirates, marking a concrete step in the bilateral AI partnership announced earlier in 2025.

These licences come under the oversight of the US Commerce Department’s Bureau of Industry and Security, aligned with a formal agreement between the two nations signed in May.

In return, the UAE has committed to investing in the United States, making this a two-way deal. The licences do not cover every project yet: some entities, such as the AI firm G42, are currently excluded from the approved shipments.

The UAE sees the move as crucial to its AI push under Vision 2031, particularly for funding data centre expansion and advancing research in robotics and intelligent systems. Nvidia already collaborates with Abu Dhabi’s Technology Innovation Institute (TII) in a joint AI and robotics lab.

Challenges remain. Some US officials cite national security risks, especially given the UAE’s ties and potential technology pathways to third countries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot