Cybercrime

Ransomware gangs feud after M&S cyberattack

A turf war has erupted between two significant ransomware gangs, DragonForce and RansomHub, following cyberattacks on UK retailers including Marks and Spencer and Harrods.

Security experts warn that the feud could result in companies being extorted multiple times as criminal groups compete to control the lucrative ransomware-as-a-service (RaaS) market.

DragonForce, a predominantly Russian-speaking group, reportedly triggered the conflict by rebranding as a cartel and expanding its affiliate base.

Tensions escalated after RansomHub’s dark-web site was taken offline in what is believed to be a hostile move by DragonForce, prompting retaliation through digital vandalism.

Cybersecurity analysts say the breakdown in relationships between hacking groups has created instability, increasing the likelihood of future attacks. Experts also point to a growing risk of follow-up extortion attempts by affiliates when criminal partnerships collapse.

The rivalry reflects the ruthless dynamics of the ransomware economy, which is forecast to cost businesses $10 trillion globally by the end of 2025. Victims now face not only technical challenges but also the legal and financial fallout of navigating increasingly unpredictable criminal networks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

How agentic AI is transforming cybersecurity

Cybersecurity is gaining a new teammate—one that never sleeps and acts independently. Agentic AI doesn’t wait for instructions. It detects threats, investigates, and responds in real-time. This new class of AI is beginning to change the way we approach cyber defence.

Unlike traditional AI systems, Agentic AI operates with autonomy. It sets objectives, adapts to environments, and self-corrects without waiting for human input. In cybersecurity, this means instant detection and response, beyond simple automation.

With networks more complex than ever, security teams are stretched thin. Agentic AI offers relief by executing actions like isolating compromised systems or rewriting firewall rules. This technology promises to ease alert fatigue and keep up with evasive threats.

A 2025 Deloitte report says 25% of GenAI-using firms will pilot Agentic AI this year. SailPoint found that 98% of organisations will expand AI agent use in the next 12 months. But rapid adoption also raises concern—96% of tech workers see AI agents as security risks.

The integration of AI agents is expanding to cloud, endpoints, and even physical security. Yet with new power comes new vulnerabilities—from adversaries mimicking AI behaviour to the risk of excessive automation without human checks.

Key challenges include ethical bias, unpredictable errors, and uncertain regulation. In sectors like healthcare and finance, oversight and governance must keep pace. The solution lies in balanced control and continuous human-AI collaboration.

Cybersecurity careers are shifting in response. Hybrid roles such as AI Security Analysts and Threat Intelligence Automation Architects are emerging. To stay relevant, professionals must bridge AI knowledge with security architecture.

Agentic AI is redefining cybersecurity. It boosts speed and intelligence but demands new skills and strong leadership. Adaptation is essential for those who wish to thrive in tomorrow’s AI-driven security landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ransomware disrupts Ingram Micro’s systems and operations

Ingram Micro has confirmed a ransomware attack that affected internal systems and forced some services offline. The global IT distributor says it acted quickly to contain the incident, implemented mitigation steps, and involved cybersecurity experts.

The company is working with a third-party firm to investigate the breach and has informed law enforcement. Order processing and shipping operations have been disrupted while systems are being restored.

While details remain limited, the attack is reportedly linked to the SafePay ransomware group.

According to BleepingComputer, the gang exploited Ingram’s GlobalProtect VPN to gain access last Thursday.

In response, Ingram Micro shut down multiple platforms, including GlobalProtect VPN and its Xvantage AI platform. Employees were instructed to work remotely as a precaution during the response effort.

SafePay first appeared in late 2024 and has targeted over 220 companies. It often breaches networks using password spraying and compromised credentials, primarily through VPNs.

Ingram Micro has not disclosed what data was accessed or the size of the ransom demand.

The company apologised for the disruption and said it is working to restore systems as quickly as possible.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

SatanLock ends operation amid ransomware ecosystem turmoil

SatanLock, a ransomware group active since April 2025, has announced it is shutting down. The group quickly gained notoriety, claiming 67 victims on its now-defunct dark web leak site.

Cybersecurity firm Check Point says more than 65% of these victims had already appeared on other ransomware leak pages. However, this suggests the group may have used shared infrastructure or tried to hijack previously compromised networks.

Such tactics reflect growing disorder within the ransomware ecosystem, where victim double-posting is rising. SatanLock may have been part of a broader criminal network, as it shares ties to families like Babuk-Bjorka and GD Lockersec.

A shutdown message was posted on the gang’s Telegram channel and leak page, announcing plans to leak all stolen data. The reason for the sudden closure has not been disclosed.

Another group, Hunters International, announced its disbandment just days earlier.

Unlike SatanLock, Hunters offered free decryption keys to its victims in a parting gesture.

These back-to-back exits signal possible pressure from law enforcement, rivals, or internal collapse in the ransomware world. Analysts are watching closely to see whether this trend continues.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Scammers shift focus to businesses amid surge in attacks

Businesses increasingly fall prey to scams, with more than 74,000 attacks reported to the FBI between 2023 and 2024. The Better Business Bureau (BBB) warns that companies face significant threats from data breaches, impersonation, and fake services.

In the US, losses from data breaches alone averaged $4.9 million per company in 2024, up to $1.4 billion. Scammers use familiar tactics, such as posing as trusted individuals and making urgent demands for payment or sensitive data.

Smaller businesses are especially at risk, often lacking dedicated IT support or robust security teams. Juggling multiple responsibilities makes them easier targets for sophisticated scam operations.

The BBB advises businesses to train staff to recognise suspicious behaviour and to enforce secure payment processes. Strengthening cybersecurity with tools like firewalls and multi-factor authentication can also reduce the attack risk.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Survey reveals sharp rise in cyberattacks on Japan’s small businesses

A May 2025 survey by Teikoku Databank reveals that nearly one in three Japanese companies have experienced a cyberattack. The survey targeted over 26,000 businesses and received 10,645 valid responses.

Among respondents, 32% reported having been targeted by cyberattacks. Large firms in Japan were more likely to be affected at 41.9%, compared to 30.3% for small and medium-sized businesses and just 28.1% for small firms.

Interestingly, while larger firms showed a higher lifetime rate, cyber incidents over the past month were more common among smaller enterprises. Around 6.9% of SMEs and 7.9% of small firms were affected, compared to the overall rate of 6.7%.

Teikoku Databank warned of a sharp increase in risk for small businesses, which often lack the robust cybersecurity infrastructure of larger corporations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Inside Visa’s war room: How AI battles $15 trillion in threats

In Virginia’s Data Centre Alley, Visa operates a high-security fraud command centre to protect $15 trillion in annual transactions — nearly 15% of the global economy. With cybercrime growing more sophisticated, the company has spent $12 billion in five years to bolster its AI-powered defences.

‘From lone hackers to criminal syndicates generating hundreds of millions, fraud today is highly structured,’ said Michael Jabbara, Visa’s global head of fraud solutions. Some groups now operate like corporations, with risk managers and customer support.

Much of today’s fraud preys on emotions. Scammers trick people into making payments by posing as romantic interests or sellers. Victims are often lured into schemes run by trafficked workers in scam centres in Myanmar.

Once card details are stolen, criminals test them across websites using recurring micro-charges. These fly under the radar for months, draining money slowly but steadily. Some operations mimic tech firms, offering fraud-as-a-service tools on the dark web.

‘You can buy a full toolkit — the software, instructions, bot access and even a mule network,’ Jabbara said. Brute-force payment attacks are now industrial in scale, enabled by the same cloud infrastructure that powers startups.

Visa’s defence includes round-the-clock global monitoring centres in Virginia, London and Singapore. Inside its Cyber Fusion Centre, teams handle millions of threats daily, mostly stopped automatically. But it’s an arms race — one that never sleeps.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Ukraine strengthens cybersecurity ties with EU

Ukraine participated for the first time in the EU National Cybersecurity Coordination Centers meeting and the European Cybersecurity Competence Centre (ECCC) Steering Board in Rome.

The event, supported by Italy’s National Agency for Cybersecurity, focused on enhancing cooperation among EU member states and fostering a unified cyber community.

Natalia Tkachuk, Secretary of Ukraine’s National Coordination Center for Cybersecurity, highlighted the nation’s challenges and experiences in countering cyber threats amidst ongoing conflict.

She emphasized Ukraine’s role in both receiving and sharing cybersecurity knowledge to strengthen collective European security.

Discussions included the establishment of a joint Center of Competence for Cyber Resilience in Ukraine, aiming to counter Russian cyberattacks, disinformation, and sabotage.

The center will utilize artificial intelligence trained on unique Ukrainian data to enhance response capabilities.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Global instability fuels surge in cyberattacks

A surge in cyberattacks is fuelled by global instability, with businesses worldwide now facing heightened risks. A new report by GlobalData warns that rising geopolitical tensions are giving state actors, terrorists, hacktivists and cybercriminals more opportunities to strike.

Conflicts in Ukraine and the Middle East have created a volatile digital landscape. Cyberattackers are exploiting weakened defences, targeting both national infrastructure and private enterprises.

‘Those not after money are often motivated by revenge,’ the report states. The key perpetrators are disgruntled employees, unhappy customers, and ideologically driven hackers. While some attackers aim to cause reputational harm or attract attention, others seek to turn off critical systems.

Nation states, in particular, use cyberwarfare as a strategic tool against rival governments. Businesses are warned to prepare for disruption as cyber threats become more frequent and sophisticated. The report concludes that no organisation is immune in today’s digital and geopolitical uncertainty climate.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Regions seek role in EU hospital cyber strategy

The European Commission’s latest plan to strengthen hospital cybersecurity has drawn attention from regional authorities across the EU, who say they were excluded from key decisions.

Their absence, they argue, could weaken the strategy’s overall effectiveness.

With cyberattacks on healthcare systems growing, regional representatives insist they should have a seat at the table.

As those directly managing hospitals and public health, they warn that top-down decisions may overlook urgent local challenges and lead to poorly matched policies.

The Commission’s plan includes creating a dedicated health cybersecurity centre under the EU Agency for Cybersecurity (ENISA) and setting up an EU-wide threat alert system.

Yet doubts remain over how these goals will be met without extra funding or clear guidance on regional involvement.

The concerns point to the need for a more collaborative approach that values regional knowledge.

Without it, the EU risks designing cybersecurity protections that fail to reflect the realities inside Europe’s hospitals.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!