Cybercrime

Dutch police struggle with cyberattacks and underfunding

A leaked report has revealed serious financial and digital failings within the Dutch police, including unchecked spending on IT and cybersecurity.

Auditors from Ernst & Young found that the force must cut €160 million, raising concerns over national security and officer safety.

The Dutch Police Union warns that chronic understaffing, daily cyberattacks and a lack of digital resilience have pushed the system to breaking point.

A September data breach affected nearly all officers, and experts say over €300 million is needed to restore proper infrastructure.

Police Chief Janny Knol acknowledged the force underestimated the costs of digital transformation.

Merged systems from 24 regional departments have caused spiralling maintenance issues, while key tech projects run over budget and behind schedule. Urgent reforms are now planned.

For more information on these topics, visit diplomacy.edu.

ECB warns Euro zone banks on geopolitical risks

Euro zone banks must remain resilient and prepared for geopolitical shocks, including the risk of liquidity drying up amid volatile financial markets, according to Claudia Buch, the European Central Bank’s supervisory chief.

She highlighted concerns about the potential impact of policy reversals by the US government, particularly under President Donald Trump, which have unsettled investors and created uncertainty about future growth and stability.

Buch also pointed to the ongoing financial and political pressures arising from Russia’s war in Ukraine and the sanctions that followed.

She emphasised the need for banks to maintain sufficient capital, robust governance, and effective risk management systems in the face of potential asset quality deterioration and economic disruptions caused by geopolitical conflicts or sanctions.

Additionally, Buch noted the increasing threat of cybersecurity attacks, which have become more frequent and severe. The ECB’s annual report warned that geopolitical risks could strain liquidity and funding, particularly in foreign currencies, leading to higher borrowing costs and increased use of credit lines.

Buch called for progress in creating a crisis management and deposit insurance framework to protect depositors in the event of bank failures.

For more information on these topics, visit diplomacy.edu.

How to protect your business from infostealer malware and credential theft

Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.

These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.

To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.

Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.

Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.

By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.

For more information on these topics, visit diplomacy.edu.

Russian hackers exploit smart home devices for crypto mining and cyberattacks

The Russian Ministry of Internal Affairs has warned citizens that hackers are infecting smart home devices with crypto mining malware.

Officials claim cybercriminals aim to create networks of compromised devices that could also be used for DDoS attacks, surveillance, and even robbery.

To mitigate risks, the ministry advises regularly changing passwords, updating firmware, and purchasing devices from reputable manufacturers.

Crypto-related fraud is also rising in Russia, with criminals posing as brokerage employees to lure victims into fake exchanges.

Prosecutors in Yakutsk are investigating a case where a resident allegedly lost $4,600 to such a scheme. Authorities have launched a criminal case and a broader inquiry into fraudulent crypto operations.

Illegal crypto mining remains a pressing issue, particularly in regions like the North Caucasus and Siberia. Moscow has enforced seasonal bans on crypto mining until 2031, aiming to conserve electricity during peak winter months.

However, officials in Irkutsk report that while 308 MW of power was freed up, the unused capacity provided no tangible benefit to consumers.

Despite concerns, some government officials argue that mining bans are improving energy reliability. Transbaikal authorities claim no legal mining operations remain in the region and have found no evidence of illegal mining activity. Industry experts remain sceptical about the overall impact of these restrictions.

For more information on these topics, visit diplomacy.edu.

Canada warns of foreign election interference

Canada’s intelligence agency has warned that China and India are highly likely to interfere in the country’s general election on 28 April, with Russia and Pakistan also having the potential to do so.

The Canadian Security Intelligence Service (CSIS) stated that while previous interference attempts in the 2019 and 2021 elections did not alter the results, the country had been slow to respond at the time. Both China and India have denied previous allegations of meddling in Canada’s internal affairs.

Vanessa Lloyd, CSIS’s deputy director of operations, said hostile states are increasingly using AI to influence elections, with China being particularly likely to exploit such tools.

The warning comes amid tense diplomatic relations between Canada and Beijing, following China’s recent tariffs on $2.6 billion worth of Canadian agricultural products and Ottawa’s strong condemnation of China’s execution of four Canadian citizens on drug charges.

India has also been under scrutiny, with Canada expelling six Indian diplomats last year over allegations of involvement in a plot against Sikh separatists.

Lloyd stated that India has both the intent and capability to interfere in Canadian politics and communities, though the Indian diplomatic mission in Ottawa has yet to comment.

She added that while it is difficult to directly link foreign interference with election outcomes, such activities undermine public trust in Canada’s democratic institutions.

For more information on these topics, visit diplomacy.edu.

Hackers use fake Semrush ads to steal Google accounts

Cybercriminals are using fake adverts for popular SEO platform Semrush to trick users into giving up access to their Google accounts, researchers have warned.

The malvertising campaign features ads that link to a bogus Semrush login page, which only allows users to sign in via Google, a tactic designed to steal high-value credentials.

According to Malwarebytes, Semrush accounts are often linked to critical Google services such as Analytics and Search Console.

These tools store confidential business insights, which threat actors could exploit for strategic and financial gain. The scammers may also access names, phone numbers, business details, and partial card information through compromised Semrush accounts.

By impersonating Semrush support, attackers could deceive users into revealing full card details under the pretence of payment or billing updates. However, this may open the door to wider fraud, such as redirecting funds from vendors or business partners.

With Semrush serving over 117,000 customers, including a significant share of Fortune 500 firms, the attack underscores the growing risks of malvertising on platforms like Google.

Security experts are urging businesses to tighten account access controls and remain cautious when engaging with search ads, even from seemingly reputable brands.

For more information on these topics, visit diplomacy.edu.

Australian police warn of Binance-themed crypto scam targeting users

Australian authorities have issued warnings about a sophisticated scam in which fraudsters impersonate Binance via SMS, tricking users into transferring their crypto assets.

The Australian Federal Police (AFP) revealed that scammers use sender ID spoofing to make fraudulent messages appear in the same thread as legitimate Binance communications.

Victims are falsely informed of a security breach and urged to move their funds to a ‘trust wallet,’ which is controlled by the scammers.

The AFP has identified at least 130 potential victims and launched a campaign to warn them. Cybercrime officials explained that once funds are transferred to the scammers’ wallets, they are swiftly moved across multiple accounts, making recovery difficult.

Similar scams have also targeted users of Coinbase and Gemini, exploiting pre-generated recovery phrases to seize control of wallets.

Binance Chief Security Officer Jimmy Su advised users to verify official communications through Binance’s security tools and website.

The Australian government is taking steps to combat these scams, planning to launch an SMS Sender ID Register in late 2025. The initiative will require telecom providers to verify brand-name messages, reducing the risk of spoofing.

Investment scams remain a significant issue in Australia, with AU$382 million ($269 million) lost in the past year, nearly half of which was crypto-related.

Authorities continue to urge caution, warning users to be sceptical of unsolicited messages and requests for seed phrases or urgent transfers.

For more information on these topics, visit diplomacy.edu

Cyberattack exploits a flaw in ZoneAlarm’s vsdatant.sys driver

A sophisticated cyberattack has targeted vulnerabilities in the vsdatant.sys driver, a component of Checkpoint’s ZoneAlarm antivirus software, allowing attackers to bypass critical Windows security features.

The driver, released in 2016, has been exploited in a Bring Your Own Vulnerable Driver (BYOVD) attack, enabling attackers to elevate privileges and access sensitive data.

The vsdatant.sys driver operates with high kernel-level privileges, containing long-known vulnerabilities that allow attackers to exploit crafted Interrupt Request Packets (IRPs).

These flaws, affecting versions of the driver prior to 7.0.362, allow for arbitrary code execution by improperly validating arguments passed to system function handlers.

BYOVD attacks have become increasingly common, with attackers leveraging legitimate but vulnerable drivers to bypass security measures undetected.

In this case, attackers were able to disable Windows’ Memory Integrity feature, which is designed to protect critical system processes.

By exploiting flaws in vsdatant.sys, the attackers gained full access to the compromised system, enabling them to steal sensitive information.

To mitigate the risk of such attacks, security experts recommend implementing driver blocklisting, enabling Memory Integrity, and ensuring that all security products are kept up to date.

Users are urged to update their ZoneAlarm installations to the latest version to avoid exposure to these vulnerabilities.

For more information on these topics, visit diplomacy.edu.

Spanish police dismantle Bitcoin-themed crypto scam

Spanish police have successfully dismantled a Bitcoin-themed pyramid scam, uncovering a fraudulent network that swindled around $32.6 million from unsuspecting victims.

According to the National Police Corps (CNP), eight individuals were arrested, including the mastermind, a computer programmer detained in Malaga. The scam targeted over 3,600 people, mostly in Spain, but extended its reach to 36 countries.

The group operated a seemingly legitimate platform offering various Bitcoin investment plans. Promoted through websites and social media, victims were promised significant returns, with some reportedly offered dividends of 40% in just a month.

However, once funds were invested, obstacles were fabricated to delay or prevent withdrawals.

The police first uncovered the operation in 2022, following a report from a victim in Murcia. Their investigation revealed the scam’s pyramid structure, where older investors were paid with funds from newer ones.

Some victims were even tricked into handing over control of their devices for crypto transfers.

In total, the fraudsters amassed approximately 400 Bitcoin and created a worthless token for investors. Authorities have since frozen 73 bank accounts, seized cars, and impounded various assets as part of the investigation.

For more information on these topics, visit diplomacy.edu

Microsoft warns of new malware targeting cryptocurrency wallets

Microsoft has issued a warning about StilachiRAT, a newly discovered malware that steals cryptocurrency wallet data and sensitive browser information.

The trojan is designed to evade detection while extracting credentials from over 20 different wallets, including MetaMask, Trust Wallet, and Coinbase.

The malware actively scans for cryptocurrency wallet extensions in Google Chrome and monitors clipboard actions for copied keys and passwords.

Attackers can use the stolen data to drain victims’ funds. StilachiRAT also enables remote command execution, allowing cybercriminals to manipulate system settings and maintain control over infected devices.

Beyond stealing data, the malware gathers detailed information about the compromised system, including OS details and hardware identifiers.

It even monitors Remote Desktop Protocol sessions, enabling attackers to impersonate users and spread further across networks.

Microsoft has not yet linked StilachiRAT to a specific threat actor but emphasises the need for caution. Users are advised to download software only from official sources, enable Microsoft Defender real time protection, and use SmartScreen to block malicious websites.

For more information on these topics, visit diplomacy.edu