INTERPOL operation with Swiss police led to eight arrested in West Africa for phishing

Eight individuals have been arrested in an ongoing international effort to combat cybercrime, significantly disrupting criminal activities in Côte d’Ivoire and Nigeria. These arrests were made during INTERPOL’s Operation Contender 2.0, which focuses on tackling cyber-enabled crimes in West Africa through improved international intelligence sharing.

The suspects were linked to extensive phishing scams aimed at Swiss citizens. They utilised QR codes to direct victims to fraudulent websites that closely resembled legitimate payment platforms, where they solicited sensitive personal information, including login credentials and credit card numbers. The hackers masqueraded as buyers on small advertising sites to build trust or pretended to be customer service agents.

INTERPOL reports that this scheme led to over $1.4 million in financial losses, with Swiss authorities receiving more than 260 reports about the scam between August 2023 and April 2024. As part of the investigation, law enforcement successfully apprehended the main suspect behind these attacks, who admitted to the scheme and revealed that he had made over $1.9 million from it.

Additionally, five other suspects were found engaging in cybercriminal activities at the same location. The investigation continues as authorities work to identify more victims, recover stolen funds, and trace items purchased with the proceeds from the scam.

Forrester: Cybercrime to cost $12 trillion in 2025

Forrester’s 2025 Predictions report outlines critical cybersecurity, risk, and privacy challenges on the horizon. Cybercrime costs are expected to cost $12 trillion by 2025, with regulators stepping up efforts to protect consumer data. Organisations are urged to adopt proactive security measures to mitigate operational impacts, particularly as AI technologies and IoT devices expand.

Another major prediction is that Western governments plan to prohibit certain third-party or open-source software due to rising concerns over software supply chain attacks, which are a leading cause of worldwide data breaches. Increased pressure from Western governments has prompted private companies to produce software bills of materials (SBOMs), enhancing transparency regarding software components.

However, these SBOMs also reveal the reliance on third-party and open-source software in government purchases. In 2025, armed with this knowledge, Forrester says that a government will impose restrictions on a specific open-source component for national security reasons. Consequently, software suppliers will need to eliminate the problematic components and find alternatives to maintain functionality.

Among the key forecasts is the EU issuing its first fine under the new EU AI Act to a general-purpose AI (GPAI) model provider. Forrester warns that companies unprepared for AI regulations will face significant third-party risks. As generative AI models become more widespread, businesses must thoroughly vet providers and gather evidence to avoid fines and investigations. Another major prediction is a large-scale Internet of Things (IoT) device breach, with malicious actors finding it easier to compromise common IoT systems. Such breaches could lead to widespread disruption, forcing organisations to engage in costly remediation efforts.

Forrester also anticipates that Chief Information Security Officers (CISOs) will reduce their focus on generative AI applications by 10%, citing a need for measurable value. Currently, 35% of global CISOs and CIOs prioritise AI to boost employee productivity, but growing disillusionment and limited budgets are expected to hinder further AI adoption. The report reveals that 18% of global AI decision-makers already see budget limitations as a major barrier, a figure projected to increase as organisations struggle to justify investment in AI initiatives.

The report also highlights a rise in cybersecurity incidents. In 2023, 28% of security decision-makers reported six or more data breaches, up 16 percentage points from 2022. Additionally, 72% of those decision-makers experienced data breach costs exceeding $1 million. Despite these alarming statistics, only 16% of global security leaders prioritised testing and refining their incident response processes in 2023, leaving many organisations unprepared for future attacks.

Human-related cybersecurity risks, such as deepfakes, insider data theft, generative AI misuse, and human error, are expected to become more complex as communication channels expand. Forrester also explores how generative AI could reshape identity and access management, addressing challenges like identity administration, audit processes, lifecycle management, and authentication. In conclusion, the report urges companies to brace for evolving threats and adopt forward-thinking strategies to protect their assets as cybersecurity landscapes shift.

Russia opens criminal case against Cryptex founders

Russian authorities have initiated a criminal investigation against the founders of UAPS and Cryptex, accusing them of generating over $40 million in illegal profits. It follows allegations of running unlicensed banking operations, unauthorised access to protected information, and creating a payment infrastructure that supported cybercriminal activities. The probe is being led by Moscow’s Investigative Committee.

UAPS, established in 2013, and Cryptex, launched in 2018, were primarily used by criminals for illegal currency exchanges and money laundering. In 2023 alone, the network saw more than $1.2 billion in illicit transactions. Russian law enforcement conducted 148 raids across 14 regions, detaining 96 suspects, many of whom face charges of organised crime and illegal banking.

The investigation comes just days after OFAC sanctioned Cryptex and its founder, Sergey Ivanov, accusing them of laundering funds linked to ransomware attacks and darknet markets. US authorities have labelled Ivanov’s other exchange, PM2BTC, as a major money laundering concern.

Thousands of Indians trapped in Southeast Asia cyber scams

Tens of thousands of Indian nationals are reportedly ensnared in Southeast Asia, coerced into participating in cyber scams, including cryptocurrency fraud and phishing schemes. These individuals are often lured by enticing job offers for IT and data entry positions, only to find their passports confiscated upon arrival in countries like Cambodia and Laos, leaving them trapped in guarded compounds under inhumane conditions.

The Indian government has taken action, launching rescue efforts and collaborating with international organisations and local authorities to repatriate citizens caught in these cyber slavery networks. Recent reports indicate that Indian nationals have lost approximately 500 crores (about $60 million) to these operations between October 2023 and March 2024. Alarmingly, nearly 30,000 Indians who travelled to Southeast Asia from January 2022 to May 2024 have not returned home.

Investigations suggest that these cyber scams may be part of a more extensive human trafficking operation, linking financial fraud to severe exploitation. This alarming connection has drawn the attention of international authorities, including the US Department of the Treasury, which recently imposed sanctions on a Cambodian senator involved in these illicit activities.

As the situation unfolds, the Indian government is intensifying its efforts to crack down on these networks, including blocking international spoofed calls and monitoring suspicious activity in Southeast Asia to protect its citizens.

Trustpair integrates JPMorgan blockchain to combat fraud

Trustpair, a fraud prevention platform, has announced the integration of JPMorgan’s blockchain-based solution, Confirm, into its system. The partnership enables Trustpair’s 200 clients, including companies such as Societe Generale, Decathlon, and Danone, to verify vendor bank accounts across 15 global markets, significantly reducing the risk of payment fraud and delays.

Confirm, built on JPMorgan’s private blockchain Liink, aims to improve decision-making for businesses by providing accurate vendor and payment data. The move enhances fraud prevention and the user experience, addressing a major issue in high-value transactions where inaccurate information can lead to costly errors.

JPMorgan’s engagement with blockchain technology has deepened in recent years, following the launch of JPM Coin in 2019 and its Onyx unit dedicated to blockchain solutions. With Confirm now part of its portfolio, JPMorgan continues to set new standards in secure digital payments and fraud prevention.

Kazakhstan freezes millions in crypto and bans Coinbase

Kazakhstan’s financial regulators have frozen $1.2 million in cryptocurrency and shut down 19 illegal over-the-counter platforms, marking a significant step in their ongoing crackdown on unlicensed crypto activity. These platforms, with a combined turnover exceeding $60 million, were operating illegally and posed risks related to money laundering and terrorism financing.

In addition to freezing funds, the Financial Monitoring Agency has targeted illegal crypto-mining operations. Since the start of the year, authorities have dismantled nine mining sites and seized around 4,000 mining rigs. Furthermore, more than 5,500 unlicensed online exchangers have been blocked as part of this broad regulatory effort.

Kazakhstan’s attempts to tighten its control over the crypto industry extend to major international players. In December 2023, the country banned the US-based crypto exchange Coinbase, accusing it of violating local laws regarding the trading of uninsured digital assets.

Fake crypto app drains $70,000 from users

Check Point Research has uncovered a crypto wallet drainer app that was active on the Google Play Store for over five months, stealing more than $70,000 from unsuspecting users. The malicious app masqueraded as WalletConnect, a popular tool for linking crypto wallets to decentralised finance (DeFi) apps. Despite being disguised as a legitimate app, it managed to evade detection through advanced techniques and fake reviews, gaining over 10,000 downloads.

The app, originally named ‘Mestox Calculator,’ tricked users into connecting their wallets and accepting permissions, allowing attackers to drain funds. Although not all users were affected, over 150 victims lost substantial sums. The app was eventually removed from the store, but its ability to avoid detection highlighted gaps in-app verification processes on platforms like Google Play.

Check Point Research emphasised the increasing sophistication of cybercriminals and urged both users and app stores to remain vigilant. The researchers warned that even seemingly harmless apps can pose a serious financial threat in the Web3 world, stressing the importance of educating users about these risks.

Hackers use auto-reply emails to deliver crypto mining malware

Cybersecurity experts have uncovered a novel tactic used by hackers to deliver malware for covert crypto mining. Hackers are now exploiting automated email replies from compromised accounts to infect businesses in Russia, including financial institutions, with the XMRig mining tool. Since May, over 150 emails containing this malicious software have been detected, but most were blocked by Facct, a leading threat intelligence firm.

This technique is particularly dangerous as it involves victims initiating contact, and expecting a reply from their initial email. Due to this established communication, many are unsuspecting of the malware attached. Facct urges organisations to stay vigilant by conducting regular cybersecurity training and adopting strong passwords with multifactor authentication.

The XMRig software, often used in crypto mining attacks, has been part of several widespread malware campaigns since 2020, highlighting the persistent threat of cybercriminals using innovative methods to target vulnerable systems.

US sanctions hit Russian crypto firm and individuals tied to cybercrime

The United States has imposed sanctions on Russian national Sergey Sergeevich Ivanov and cryptocurrency firm Cryptex, which operates in Russia despite being based in Saint Vincent and the Grenadines, according to the Treasury Department. The sanctions target individuals and organisations involved in facilitating cybercrime and illicit financial activity.

Additionally, the United States Treasury’s Financial Crimes Enforcement Network identified Russian crypto exchange PM2BTC as a ‘primary money laundering concern.’ Officials stressed their commitment to preventing cybercrime networks like PM2BTC and Cryptex from continuing operations, according to acting undersecretary Bradley Smith.

The US State Department has also announced rewards of up to $10 million for information leading to the arrest or conviction of Ivanov and Timur Shakhmametov for their involvement in transnational organised crime. It is also offering rewards of up to $1 million for information on the leaders of crypto exchange PM2BTC and stolen credit card marketplaces PinPays and Joker’s Stash.

These efforts underscore the US government’s continued crackdown on cybercriminal networks and illicit financial activities that threaten global security and economic stability.

Cyberattack disrupts Wi-Fi at major UK railway stations

British police announced on Thursday that they are investigating a cyberattack that displayed an Islamophobic message on Wi-Fi services at major railway stations. Passengers trying to connect to the Wi-Fi encountered a message referencing terror attacks, leading to the immediate shutdown of the system managed by communications group Telent. The British Transport Police reported that they received notifications about the incident at approximately 5:03 p.m. on September 25.

The incident occurred amid heightened tensions in Britain, where anti-Muslim riots erupted over the summer following the tragic killing of three young girls. Misinformation initially blamed the attack on an Islamist migrant, further inflaming community tensions. In response, the police are working closely with Network Rail to investigate the cyberattack promptly.

Following the incident, which impacted 19 stations including London Bridge, London Euston, Manchester Piccadilly, and Edinburgh Waverley, Network Rail confirmed that the Wi-Fi service remained offline. Telent stated that no personal data was compromised in the hack, explaining that an unauthorised change was made to the Network Rail landing page using a legitimate administrator account. As a precaution, Telent temporarily suspended all Global Reach services to verify that other customers were not affected. Network Rail expects the Wi-Fi service to be restored over the weekend after conducting final security checks.