Cybercrime

LEGO removes fake token scam after homepage hack

LEGO Group’s website was briefly compromised on 5 October, with a scam promoting a fake ‘LEGO Coin’ token appearing on the homepage. The message encouraged users to purchase the token in exchange for ‘secret rewards’ but redirected them to a phishing site. The scam was removed after about 75 minutes, and LEGO confirmed that no user accounts had been compromised.

LEGO has since assured customers that the issue has been resolved and steps are being taken to prevent future incidents. Despite earlier hints in 2021 about entering the NFT space, LEGO has not officially pursued any crypto-related ventures.

This incident highlights the ongoing threat of cryptocurrency scams, which saw $127 million stolen from victims in the third quarter of 2024, with September alone accounting for $46 million in losses.

Russian state media disrupted by cyberattack

VGTRK, Russia’s state media giant, has been hit by a large-scale cyberattack. The company, which operates key national TV and radio stations, confirmed its online services were disrupted, though broadcasting remains unaffected. Kremlin spokesman Dmitry Peskov described the attack as unprecedented, adding that specialists were investigating the source.

A Ukrainian government source claimed responsibility, stating that the attack coincided with President Vladimir Putin’s birthday. However, these assertions have not been independently verified. VGTRK’s website and online news channel were unavailable following the attack.

The disruption affected internal services, with reports of widespread damage. Some sources suggested hackers wiped critical data, including backups. VGTRK has yet to issue an official comment on the full extent of the breach or recovery efforts.

Maria Zakharova, Russia’s Foreign Ministry spokesperson, did not directly blame any group but linked the incident to a broader ‘hybrid war’ against media in Russia. Moscow plans to address the cyberattack at international forums like UNESCO.

UN report: Telegram used by Southeast Asian crime syndicates

Criminal networks in Southeast Asia are increasingly exploiting Telegram for large-scale illicit activities, according to a new report from the United Nations. The encrypted messaging app is used to trade hacked data, including credit card details and passwords, across sprawling, poorly-moderated channels. The report also notes that unlicensed cryptocurrency exchanges on the platform provide money laundering services.

Fraud tools, such as deepfake software and data-stealing malware, are widely sold, enabling organised crime syndicates to innovate and expand their operations. One vendor in Chinese reportedly claimed to move millions in stolen cryptocurrency daily. Southeast Asia has become a hub for these activities, where criminal groups target victims worldwide, generating up to $36.5 billion annually.

The controversy surrounding Telegram escalated when its founder, Pavel Durov, was arrested in Paris for allowing criminal activity on the platform. Durov, who is now out on bail, has since announced steps to cooperate with law enforcement by sharing users’ information when requested legally and removing certain features used for illegal purposes.

As the UNODC report warns, the widespread use of Telegram for underground markets places consumers’ data at heightened risk. Criminals are not only exploiting technology like artificial intelligence but are also leveraging the platform’s ease of use to target victims globally.

US and Poland sign cybersecurity MOU to enhance global digital security and cooperation

The US Department of Homeland Security (DHS) and the Polish Ministry of Digital Affairs (MDA) have signed a Memorandum of Understanding (MOU) to bolster their collaboration in cybersecurity and emerging technology. This MOU strengthens the longstanding partnership between the United States and Poland, providing a structured framework for coordinated efforts in addressing global security challenges, including cyber threats and responsible technology development.

By focusing on key areas such as cyber policy, Secure by Design practices, information sharing, incident response, human capital development, and the safe deployment of AI and the Internet of Things (IoT), both nations demonstrate a shared commitment to transatlantic security. The timing of this MOU, which coincides with the Fourth Counter Ransomware Initiative Summit, reflects a united stance against the growing ransomware threat, as nearly 70 countries gathered to reinforce global resilience against cybercrime.

Various agencies will spearhead the implementation of the MOU as part of the agreement. In the United States, DHS entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Strategy, Policy, and Plans, and the Science and Technology Directorate will drive projects that enhance cybersecurity and support critical infrastructure. On the Polish side, the National Research Institute (NASK) will be instrumental in coordinating these efforts, positioning Poland for its upcoming EU Council presidency in 2025, where it aims to strengthen US-EU relations and prioritise European information security.

Why does it matter?

Together, these agencies will focus on collaborative initiatives that ensure safe technology practices, build critical skills, and enable a proactive response to digital threats, securing a stronger digital future for both nations.

INTERPOL operation with Swiss police led to eight arrested in West Africa for phishing

Eight individuals have been arrested in an ongoing international effort to combat cybercrime, significantly disrupting criminal activities in Côte d’Ivoire and Nigeria. These arrests were made during INTERPOL’s Operation Contender 2.0, which focuses on tackling cyber-enabled crimes in West Africa through improved international intelligence sharing.

The suspects were linked to extensive phishing scams aimed at Swiss citizens. They utilised QR codes to direct victims to fraudulent websites that closely resembled legitimate payment platforms, where they solicited sensitive personal information, including login credentials and credit card numbers. The hackers masqueraded as buyers on small advertising sites to build trust or pretended to be customer service agents.

INTERPOL reports that this scheme led to over $1.4 million in financial losses, with Swiss authorities receiving more than 260 reports about the scam between August 2023 and April 2024. As part of the investigation, law enforcement successfully apprehended the main suspect behind these attacks, who admitted to the scheme and revealed that he had made over $1.9 million from it.

Additionally, five other suspects were found engaging in cybercriminal activities at the same location. The investigation continues as authorities work to identify more victims, recover stolen funds, and trace items purchased with the proceeds from the scam.

Forrester: Cybercrime to cost $12 trillion in 2025

Forrester’s 2025 Predictions report outlines critical cybersecurity, risk, and privacy challenges on the horizon. Cybercrime costs are expected to cost $12 trillion by 2025, with regulators stepping up efforts to protect consumer data. Organisations are urged to adopt proactive security measures to mitigate operational impacts, particularly as AI technologies and IoT devices expand.

Another major prediction is that Western governments plan to prohibit certain third-party or open-source software due to rising concerns over software supply chain attacks, which are a leading cause of worldwide data breaches. Increased pressure from Western governments has prompted private companies to produce software bills of materials (SBOMs), enhancing transparency regarding software components.

However, these SBOMs also reveal the reliance on third-party and open-source software in government purchases. In 2025, armed with this knowledge, Forrester says that a government will impose restrictions on a specific open-source component for national security reasons. Consequently, software suppliers will need to eliminate the problematic components and find alternatives to maintain functionality.

Among the key forecasts is the EU issuing its first fine under the new EU AI Act to a general-purpose AI (GPAI) model provider. Forrester warns that companies unprepared for AI regulations will face significant third-party risks. As generative AI models become more widespread, businesses must thoroughly vet providers and gather evidence to avoid fines and investigations. Another major prediction is a large-scale Internet of Things (IoT) device breach, with malicious actors finding it easier to compromise common IoT systems. Such breaches could lead to widespread disruption, forcing organisations to engage in costly remediation efforts.

Forrester also anticipates that Chief Information Security Officers (CISOs) will reduce their focus on generative AI applications by 10%, citing a need for measurable value. Currently, 35% of global CISOs and CIOs prioritise AI to boost employee productivity, but growing disillusionment and limited budgets are expected to hinder further AI adoption. The report reveals that 18% of global AI decision-makers already see budget limitations as a major barrier, a figure projected to increase as organisations struggle to justify investment in AI initiatives.

The report also highlights a rise in cybersecurity incidents. In 2023, 28% of security decision-makers reported six or more data breaches, up 16 percentage points from 2022. Additionally, 72% of those decision-makers experienced data breach costs exceeding $1 million. Despite these alarming statistics, only 16% of global security leaders prioritised testing and refining their incident response processes in 2023, leaving many organisations unprepared for future attacks.

Human-related cybersecurity risks, such as deepfakes, insider data theft, generative AI misuse, and human error, are expected to become more complex as communication channels expand. Forrester also explores how generative AI could reshape identity and access management, addressing challenges like identity administration, audit processes, lifecycle management, and authentication. In conclusion, the report urges companies to brace for evolving threats and adopt forward-thinking strategies to protect their assets as cybersecurity landscapes shift.

Russia opens criminal case against Cryptex founders

Russian authorities have initiated a criminal investigation against the founders of UAPS and Cryptex, accusing them of generating over $40 million in illegal profits. It follows allegations of running unlicensed banking operations, unauthorised access to protected information, and creating a payment infrastructure that supported cybercriminal activities. The probe is being led by Moscow’s Investigative Committee.

UAPS, established in 2013, and Cryptex, launched in 2018, were primarily used by criminals for illegal currency exchanges and money laundering. In 2023 alone, the network saw more than $1.2 billion in illicit transactions. Russian law enforcement conducted 148 raids across 14 regions, detaining 96 suspects, many of whom face charges of organised crime and illegal banking.

The investigation comes just days after OFAC sanctioned Cryptex and its founder, Sergey Ivanov, accusing them of laundering funds linked to ransomware attacks and darknet markets. US authorities have labelled Ivanov’s other exchange, PM2BTC, as a major money laundering concern.

Thousands of Indians trapped in Southeast Asia cyber scams

Tens of thousands of Indian nationals are reportedly ensnared in Southeast Asia, coerced into participating in cyber scams, including cryptocurrency fraud and phishing schemes. These individuals are often lured by enticing job offers for IT and data entry positions, only to find their passports confiscated upon arrival in countries like Cambodia and Laos, leaving them trapped in guarded compounds under inhumane conditions.

The Indian government has taken action, launching rescue efforts and collaborating with international organisations and local authorities to repatriate citizens caught in these cyber slavery networks. Recent reports indicate that Indian nationals have lost approximately 500 crores (about $60 million) to these operations between October 2023 and March 2024. Alarmingly, nearly 30,000 Indians who travelled to Southeast Asia from January 2022 to May 2024 have not returned home.

Investigations suggest that these cyber scams may be part of a more extensive human trafficking operation, linking financial fraud to severe exploitation. This alarming connection has drawn the attention of international authorities, including the US Department of the Treasury, which recently imposed sanctions on a Cambodian senator involved in these illicit activities.

As the situation unfolds, the Indian government is intensifying its efforts to crack down on these networks, including blocking international spoofed calls and monitoring suspicious activity in Southeast Asia to protect its citizens.

Trustpair integrates JPMorgan blockchain to combat fraud

Trustpair, a fraud prevention platform, has announced the integration of JPMorgan’s blockchain-based solution, Confirm, into its system. The partnership enables Trustpair’s 200 clients, including companies such as Societe Generale, Decathlon, and Danone, to verify vendor bank accounts across 15 global markets, significantly reducing the risk of payment fraud and delays.

Confirm, built on JPMorgan’s private blockchain Liink, aims to improve decision-making for businesses by providing accurate vendor and payment data. The move enhances fraud prevention and the user experience, addressing a major issue in high-value transactions where inaccurate information can lead to costly errors.

JPMorgan’s engagement with blockchain technology has deepened in recent years, following the launch of JPM Coin in 2019 and its Onyx unit dedicated to blockchain solutions. With Confirm now part of its portfolio, JPMorgan continues to set new standards in secure digital payments and fraud prevention.

Kazakhstan freezes millions in crypto and bans Coinbase

Kazakhstan’s financial regulators have frozen $1.2 million in cryptocurrency and shut down 19 illegal over-the-counter platforms, marking a significant step in their ongoing crackdown on unlicensed crypto activity. These platforms, with a combined turnover exceeding $60 million, were operating illegally and posed risks related to money laundering and terrorism financing.

In addition to freezing funds, the Financial Monitoring Agency has targeted illegal crypto-mining operations. Since the start of the year, authorities have dismantled nine mining sites and seized around 4,000 mining rigs. Furthermore, more than 5,500 unlicensed online exchangers have been blocked as part of this broad regulatory effort.

Kazakhstan’s attempts to tighten its control over the crypto industry extend to major international players. In December 2023, the country banned the US-based crypto exchange Coinbase, accusing it of violating local laws regarding the trading of uninsured digital assets.