Critical infrastructure

NatWest hit by 100 million cyber attacks every month

NatWest is defending itself against an average of 100 million cyber attacks each month, according to the bank’s head of cybersecurity.

Speaking to Holyrood’s Criminal Justice Committee, Chris Ulliott outlined the ‘staggering’ scale of digital threats targeting the bank’s systems. Around a third of all incoming emails are blocked before reaching staff, as they are suspected to be the start of an attack.

Instead of relying on basic filters, NatWest analyses every email for malicious content and has a cybersecurity team of hundreds, supported by a multi-million-pound budget.

Mr Ulliott also warned of the growing use of AI by cyber criminals to make scams more convincing—such as altering their appearance during video calls to build trust with victims.

Police Scotland reported that cybercrime has more than doubled since 2020, with incidents rising from 7,710 to 18,280 in 2024. Officials highlighted the threat posed by groups like Scattered Spider, believed to consist of young hackers sharing techniques online.

MSP Rona Mackay called the figures ‘absolutely staggering,’ while Ben Macpherson said he had even been impersonated by fraudsters.

Law enforcement agencies, including the FBI, are now working together to tackle online crime. Meanwhile, Age Scotland warned that many older people lack confidence online, making them especially vulnerable to scams that can lead to financial ruin and emotional distress.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Android adds new scam protection for phone calls

Google is introducing new protections on Android devices to combat phone call scams, particularly those involving screen-sharing and app installations. Users will see warning messages if they attempt to change settings during a call and Android will also block the deactivation of Play Protect features.

The system will now block users from sideloading apps or granting accessibility permissions while on a call with unknown contacts.

The new tools are available on devices running Android 16 and select protections are also rolling out to older versions, starting with Android 11

A separate pilot in the UK will alert users trying to open banking apps during a screen-sharing call, prompting them to end the call or wait before proceeding.

These features expand Android’s broader efforts to prevent fraud, which already include AI-based scam detection for phone calls and messages.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S breach linked to DragonForce hacking group

Marks & Spencer has confirmed that personal customer data was stolen in a recent cyberattack, including names, contact details, dates of birth, household information, and order histories. The company stressed that no useable payment details or account passwords were compromised.

The breach, which began over the Easter weekend, has disrupted online orders since April 25 and is reportedly costing M&S £43 million per week in lost sales.

Customers are being prompted to reset their passwords, and the retailer has warned users to be cautious of phishing emails or messages pretending to be from M&S.

The attack is linked to the DragonForce cybercrime group, known for double-extortion tactics—stealing and encrypting data while demanding ransom.

While no leaked M&S data has appeared online, experts say the risk of identity fraud remains high.

M&S has contacted website users, reported the breach to authorities, and is working with cybersecurity experts. The company has not disclosed how many of its 9.4 million online customers were affected.

Chief executive Stuart Machin said M&S is working ‘around the clock’ to restore services. Shares in the retailer have dropped 12% over the past month.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Amazon to invest in Saudi AI Zone

Amazon has announced a new partnership with Humain, an AI company launched by Saudi Arabia’s Crown Prince Mohammed bin Salman, to invest over $5 billion in creating an ‘AI Zone’ in the kingdom.

The project will feature Amazon Web Services (AWS) infrastructure, including servers, networks, and training programmes, while Humain will develop AI tools using AWS and support Saudi startups with access to resources.

A move like this adds Amazon to a growing list of tech firms—such as Nvidia and AMD—that are working with Humain, which is backed by Saudi Arabia’s Public Investment Fund. American companies like Google and Salesforce have also recently turned to the PIF for funding and AI collaborations.

Under a new initiative supported by former US President Donald Trump, US tech firms can now pursue deals with Saudi-based partners more freely.

Instead of relying on foreign data centres, Saudi Arabia has required AI providers to store data locally, prompting companies like Google, Oracle, and now Amazon to expand operations within the region.

Amazon has already committed $5.3 billion to build an AWS region in Saudi Arabia by 2026, and says the AI Zone partnership is a separate, additional investment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Masked cybercrime groups rise as attacks escalate worldwide

Cybercrime is thriving like never before, with hackers launching attacks ranging from absurd ransomware demands of $1 trillion to large-scale theft of personal data. Despite efforts from Microsoft, Google and even the FBI, these threat actors continue to outpace defences.

A new report by Group-IB has analysed over 1,500 cybercrime investigations to uncover the most active and dangerous hacker groups operating today.

Rather than fading away after arrests or infighting, many cybercriminal gangs are re-emerging stronger than before.

Group-IB’s May 2025 report highlights a troubling increase in key attack types across 2024 — phishing rose by 22%, ransomware leak sites by 10%, and APT (advanced persistent threat) attacks by 58%. The United States was the most affected country by ransomware activity.

At the top of the cybercriminal hierarchy now sits RansomHub, a ransomware-as-a-service group that emerged from the collapsed ALPHV group and has already overtaken long-established players in attack numbers.

Behind it is GoldFactory, which developed the first iOS banking trojan and exploited facial recognition data. Lazarus, a well-known North Korean state-linked group, also remains highly active under multiple aliases.

Meanwhile, politically driven hacktivist group NoName057(16) has been targeting European institutions using denial-of-service attacks.

With jurisdictional gaps allowing cybercriminals to flourish, these masked hackers remain a growing concern for global cybersecurity, especially as new threat actors emerge from the shadows instead of disappearing for good.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US scraps Biden AI chip export rule

The US Department of Commerce has scrapped the Biden administration’s Artificial Intelligence Diffusion Rule just days before it was due to come into force.

Introduced in January, the rule would have restricted the export of US-made AI chips to many countries for the first time, while reinforcing existing controls.

Rather than enforcing broad restrictions, the Department now intends to pursue direct negotiations with individual countries.

The original rule divided the world into three tiers, with countries like Japan and South Korea spared restrictions, middle-tier countries such as Mexico and Portugal facing new limits, and nations like China and Russia subject to tighter controls.

According to Bloomberg, a replacement rule is expected at a later date.

Instead of issuing immediate new regulations, officials released industry guidance warning companies against using Huawei’s Ascend AI chips and highlighted the risks of allowing US chips to train AI in China.

Secretary Jeffrey Kessler criticised the Biden-era policy, promising a ‘bold, inclusive’ AI strategy that works with allies while limiting access for adversaries.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU prolongs sanctions for cyberattackers until 2026

The EU Council has extended its sanctions on cyberattacks until May 18, 2026, with the legal framework for enforcing these measures now lasting until 2028. The sanctions target individuals and institutions involved in cyberattacks that pose a significant threat to the EU and its members.

The extended measures will allow the EU to impose restrictions on those responsible for cyberattacks, including freezing assets and blocking access to financial resources.

These actions may also apply to attacks against third countries or international organisations, if necessary for EU foreign and security policy objectives.

At present, sanctions are in place against 17 individuals and four institutions. The EU’s decision highlights its ongoing commitment to safeguarding its digital infrastructure and maintaining its foreign policy goals through legal actions against cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyber attack disrupts Edinburgh school networks

Thousands of Edinburgh pupils were forced to attend school on Saturday after a phishing attack disrupted access to vital online learning resources.

The cyber incident, discovered on Friday, prompted officials to lock users out of the system as a precaution, just days before exams.

Approximately 2,500 students visited secondary schools to reset passwords and restore their access. Although the revision period was interrupted, the council confirmed that no personal data had been compromised.

Scottish Council staff acted swiftly to contain the threat, supported by national cyber security teams. Ongoing monitoring is in place, with authorities confident that exam schedules will continue unaffected.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft expands cloud push across Europe

Microsoft has unveiled a new set of commitments aimed at strengthening its digital presence across Europe, pledging to expand cloud and AI infrastructure while supporting the region’s economic competitiveness.

Announced by Microsoft President Brad Smith in Brussels, the ‘European Digital Commitments’ include a promise to increase European data centre capacity by 40% within two years, bringing the total to over 200 across 16 countries.

Smith explained that Microsoft’s goal is to provide technology that helps individuals and organisations succeed, rather than simply expanding its reach. He highlighted AI as essential to modern economies, describing it as a driving force behind what he called the ‘AI economy.’

Alongside job creation, Microsoft hopes its presence will spark wider economic benefits for customers and partners throughout the continent.

To ease concerns around data security, particularly in light of USEU geopolitical tensions, Microsoft has added clauses in agreements with European institutions allowing it to legally resist any external order to halt operations in Europe.

If such efforts failed, Microsoft has arranged for European partners to access its code stored securely in Switzerland, instead of allowing disruptions to affect vital digital services.

Although Microsoft’s investments stand to benefit Europe, they also underscore the company’s deep dependence on the region, with over a quarter of its business based there.

Smith insisted that Microsoft’s global success would not have been possible without its European footprint, and called for continued cooperation across the Atlantic—even in the face of potential tariff disputes or political strains.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Starkville Utilities hit by cyberattack

Starkville Utilities, a Mississippi-based electricity and water provider that also services Mississippi State University, has revealed a data breach that may have exposed sensitive information belonging to over 11,000 individuals.

The breach, which was first detected in late October last year, led the company to disconnect its network in an attempt to contain the intrusion.

Despite these efforts, an investigation later found that attackers may have accessed personal data, including full names and Social Security numbers. Details were submitted to the Maine Attorney General’s Office, confirming the scale of the breach and the nature of the data involved.

While no reports of identity theft have emerged since the incident, Starkville Utilities has chosen to offer twelve months of free identity protection services to those potentially affected. The company maintains that it is taking additional steps to improve its cybersecurity defences.

Stolen data such as Social Security numbers often ends up on underground marketplaces instead of staying idle, where it can be used for identity fraud and other malicious activities.

The incident serves as yet another reminder of the ongoing threat posed by cybercriminals targeting critical infrastructure and user data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Diplo chatbot can make mistakes. Consider checking important information.