Cybercrime

Switzerland mandates cyberattack reporting for critical infrastructure from 1 April 2025

As of 1 April 2025, operators of critical infrastructure in Switzerland will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. This measure, introduced by the Federal Council, is part of an amendment to the Information Security Act (ISA) and aims to enhance cybersecurity coordination and response capabilities.

The reporting obligation applies to key sectors, including energy and water suppliers, transport companies, and public administrations at the cantonal and communal levels. Reports must be submitted when an attack disrupts critical infrastructure, compromises or manipulates information, or involves blackmail, threats, or coercion. Failure to comply may result in financial penalties, which will be enforceable from 1 October, allowing a six-month adjustment period before sanctions take effect.

To facilitate compliance, the NCSC will provide a reporting form on its Cyber Security Hub, with an alternative email submission option for organisations not yet registered on the platform. Initial reports must be submitted within 24 hours, followed by a detailed report within 14 days.

The Federal Council has also approved the Cybersecurity Ordinance, which outlines implementation provisions, reporting exemptions, and mechanisms for information exchange between the NCSC and other authorities. Consultations on the ordinance reflected broad support for streamlined reporting processes, ensuring alignment with existing obligations, such as those under data protection laws.

Additionally, from 1 April, the National Cyber Security Centre will officially change its name as part of its transition into a federal office within the Department of Defence, Civil Protection and Sport (DDPS).

This regulatory update aligns Switzerland with international cybersecurity practices, including the EU’s NIS Directive, which has required cyber incident reporting since 2018.

For more information on these topics, visit diplomacy.edu

Geopolitical tensions drive OT and ICS cyberattacks, a new report warns

Attacks on operational technology (OT) networks have increased, driven in part by geopolitical factors, with OT security gaining broader attention, according to the annual report from Dragos.

In 2024, two additional threat groups began targeting OT systems, bringing the total number of known active groups to nine.

Additionally, researchers from Dragos identified two new malware families designed to compromise industrial control systems (ICS).

According to Dragos’ annual report, barriers to OT/ICS attacks have lowered, making these systems more accessible targets for adversaries.

Ransomware attacks against OT/ICS asset owners also increased by 87% in 2024, with the number of ransomware groups targeting these systems growing by 60%.

Dragos monitors 23 threat groups that engage with OT networks for intelligence gathering or system manipulation. Nine of these groups were active in 2024, including two newly identified ones.

For more information on these topics, visit diplomacy.edu

Coinbase calls for a unified crypto scam reporting system

The reporting system for crypto scams in the US is fragmented and needs to be unified, according to Coinbase’s chief security officer, Philip Martin. Speaking at the SXSW conference, Martin explained that victims often struggle to know where to report scams, with different organisations handling cases in a disjointed manner. He called for a single reporting system that would help track the scale of the issue and improve coordination between organisations.

Martin pointed out that victims of crypto scams often feel frustrated, as many reports seem to go unnoticed, especially with platforms like the FBI’s Internet Crime Complaint Centre (IC3). He suggested that a more centralised approach would provide better visibility for victims and more effective resources to address the problem.

In addition, Martin noted that many crypto scams originate from outside the US, making it harder for law enforcement to take action. He advocated for stronger international cooperation to ensure scammers have no safe havens. Meanwhile, California’s financial regulator reported over 2,600 complaints last year, revealing new types of scams in the crypto space.

For more information on these topics, visit diplomacy.edu

Musk blames ‘major cyberattack’ for X outage, points to Ukraine

Elon Musk’s social media platform, X, experienced widespread disruptions on Monday, which the billionaire attributed to a major cyberattack.

Musk claimed the platform was targeted by an unusually powerful denial-of-service (DoS) attack, suggesting that a well-coordinated group or nation-state might be responsible. However, he offered no concrete evidence to support the claim, leaving cybersecurity experts sceptical.

Many pointed out that DoS attacks, which flood websites with excessive traffic to overwhelm their servers, are commonly executed by small groups or individuals with relatively limited resources.

Reports of outages spiked early in the day, with Downdetector tracking over 39,000 complaints from users in the US at the peak of the disruption. By the afternoon, the number had dwindled significantly, though intermittent service issues persisted for some.

According to an anonymous industry source, the attack consisted of multiple waves of rogue traffic bombarding X’s servers, beginning around 9:45 UTC.

While Musk later asserted in an interview with Fox Business that the cyberattack originated from Ukraine, the same industry source disputed this claim, stating that the bulk of the malicious traffic came from various locations, including the USA, Vietnam, and Brazil, with only a minimal amount from Ukraine.

Tracing the true origin of DoS attacks is notoriously tricky, as attackers often use proxy servers and botnets to disguise their locations.

Cybersecurity specialists have noted that assigning blame based solely on IP addresses can be misleading, as they rarely indicate the actual perpetrators. Despite Musk’s insistence on a Ukraine-based origin, no definitive proof has been presented to substantiate the claim.

Musk’s comments come amid his increasingly vocal criticisms of Ukraine’s ongoing war efforts against Russia, aligning with sentiments echoed by US President Donald Trump, whom he advises.

Over the weekend, Musk suggested that Ukraine’s battlefield operations would collapse without his Starlink satellite communication system, although he clarified that he had no intention of cutting off access.

The latest controversy surrounding X’s cyberattack has further fueled speculation about Musk’s political and strategic positioning in the ongoing geopolitical conflict.

For more information on these topics, visit diplomacy.edu.

Google acknowledges AI being used for harmful content

Google has reported receiving over 250 complaints globally about its AI software being used to create deepfake terrorist content, according to Australia’s eSafety Commission.

The tech giant also acknowledged dozens of user reports alleging that its AI program, Gemini, was being exploited to generate child abuse material. Under Australian law, companies must provide regular updates on their efforts to minimise harm or risk hefty fines.

The eSafety Commission described Google’s disclosure as a ‘world-first insight’ into how AI tools may be misused to produce harmful and illegal content.

Between April 2023 and February 2024, Google received 258 reports of suspected AI-generated extremist material and 86 related to child exploitation. However, the company did not specify how many of these reports were verified.

A Google spokesperson stated that the company strictly prohibits AI-generated content related to terrorism, child abuse, and other illegal activities.

While it uses automated detection to remove AI-generated child exploitation material, the same system is not applied to extremist content.

Meanwhile, the regulator has previously fined platforms like X (formerly Twitter) and Telegram for failing to meet reporting requirements, with both companies planning to appeal.

For more information on these topics, visit diplomacy.edu.

Singapore minister warns against crypto investments amid rising fraud

Singapore’s Minister of State for Home Affairs, Sun Xueling, has issued a strong warning about the risks of investing in cryptocurrency, citing an alarming rise in fraud cases.

During a parliamentary debate on 4 March, she explained that the anonymous nature of digital assets makes them easy targets for criminals, contributing to a sharp increase in financial losses. Fraud linked to cryptocurrency scams now accounts for a quarter of the $1.1 billion in fraud cases reported in the country.

Scammers increasingly use digital assets to evade traditional banking security checks, often instructing victims to convert their money into cryptocurrency.

Hacking, phishing, and fraudulent investment schemes have become more common, with one of the largest scams last year resulting in a loss of $125 million. Sun urged the public to avoid cryptocurrencies, stressing the high risk and slim chances of recovering stolen funds.

Despite the rise in scams, Singapore’s regulatory landscape continues to evolve. The Monetary Authority of Singapore oversees local cryptocurrency operations under the Payment Services Act, but many foreign exchanges remain outside its jurisdiction.

To combat rising fraud, the country recently passed the Anti-Fraud Protection Bill, which allows authorities to block transactions from suspected victims who ignore warnings.

As Singapore balances crypto adoption and consumer protection, businesses are increasingly embracing digital payments, particularly stablecoins. The entry of major players, such as Robinhood, into Singapore’s crypto market is set to boost the adoption of blockchain-based transactions.

For more information on these topics, visit diplomacy.edu

US hits Chinese hackers with indictments and sanctions over cyber espionage

The United States has indicted ten individuals, including employees of the Chinese tech company i-Soon, for their involvement in a years-long cyber espionage campaign that targeted various US government agencies and organisations worldwide.

The campaign allegedly stole sensitive data from entities such as the US Defense Intelligence Agency, the Department of Commerce, and foreign ministry of Taiwan. The hackers, associated with i-Soon, were reportedly hired by Chinese intelligence agencies to breach email systems for substantial payments.

Along with the indictments, the US Treasury Department has imposed sanctions on Shanghai-based Heiying Information Technology and its founder, Zhou Shuai, accusing them of selling stolen data and providing access to compromised networks.

The data reportedly included information from US critical infrastructure networks. Some of this stolen data was later acquired by a previously sanctioned Chinese hacker, Yin Kecheng.

The Chinese embassy in Washington responded by condemning the sanctions and stating that it would take necessary actions to protect Chinese companies and citizens.

The US government’s aggressive stance is part of an ongoing effort to curb Chinese cyber espionage activities and defend its digital infrastructure.

For more information on these topics, visit diplomacy.edu.

CoinDCX to manage seized crypto assets for India’s enforcement directorate

India’s Enforcement Directorate (ED) has chosen CoinDCX to manage and store seized digital assets as part of a crackdown on cryptocurrency-related financial crimes.

The partnership follows high-profile fraud cases like GainBitcoin and BitConnect, which have raised concerns over investor protection. CoinDCX will offer secure custody services to safeguard these assets, implementing advanced security protocols to ensure their integrity.

In a recent case, the ED seized digital assets worth approximately $198 million linked to the BitConnect scam, which defrauded investors worldwide.

Earlier, the Central Bureau of Investigation (CBI) had seized $2.88 million in the GainBitcoin scam, uncovering evidence of financial misappropriation and cross-border transactions. These actions highlight the increasing efforts by authorities to tackle large-scale cryptocurrency fraud.

As cryptocurrency adoption rises in India, regulatory bodies are focusing on stronger enforcement to protect investors from fraudulent schemes.

The collaboration with CoinDCX is part of a broader strategy to ensure transparency in the handling of seized funds and to maintain the integrity of ongoing investigations.

For more information on these topics, visit diplomacy.edu

UK regulator sets deadline for assessing online content risks

Britain’s media regulator, Ofcom, has set a 31 March deadline for social media and online platforms to submit a risk assessment on the likelihood of users encountering illegal content. This move follows new laws passed last year requiring companies such as Meta’s Facebook and Instagram, as well as ByteDance’s TikTok, to take action against criminal activities on their platforms. Under the Online Safety Act, these firms must assess and address the risks of offences like terrorism, hate crimes, child sexual exploitation, and financial fraud.

The risk assessment must evaluate how likely it is for users to come across illegal content, or how user-to-user services could facilitate criminal activities. Ofcom has warned that failure to meet the deadline could result in enforcement actions against the companies. The new regulations aim to make online platforms safer and hold them accountable for the content shared on their sites.

The deadline is part of the UK‘s broader push to regulate online content and enhance user safety. Social media giants are now facing stricter scrutiny to ensure they are addressing potential risks associated with their platforms and protecting users from harmful content.

For more information on these topics, visit diplomacy.edu.

US reassessment of Russian cyber threat signals strategic shift in cyber geopolitics

The Guardian reports on the shift in the USA digital diplomacy with a major impact on global cyber geopolitics. After rumours of dropping Russia as a cyber threat, the first public signal on this shift was the USA’s statement at the UN working group meeting on cybersecurity when Liesyl Franz, a US representative, did not indicate Russia as a cyber threat alongside China and Iran. It is a significant shift in the USA digital diplomacy and cyber geopolitics.

The US representative also omitted usual USA references to allies and partners in cyber politics. The Guardian reports on various concerns of this shift, including a view of James Lewis, USA cybersecurity veteran: ‘It’s incomprehensible to give a speech about threats in cyberspace and not mention Russia, and it’s delusional to think this will turn Russia and the FSB [the Russian security agency] into our friends.’

This repositioning aligns with ongoing efforts to improve US-Russia relations, contrasting starkly with European allies’ views on the threat posed by Russia. It remains to be seen if this shift relates only to cybersecurity or it the US will revisit other aspects related to AI and digital governance.

For more information on these topics, visit diplomacy.edu.