Cybercrime

NatWest hit by 100 million cyber attacks every month

NatWest is defending itself against an average of 100 million cyber attacks each month, according to the bank’s head of cybersecurity.

Speaking to Holyrood’s Criminal Justice Committee, Chris Ulliott outlined the ‘staggering’ scale of digital threats targeting the bank’s systems. Around a third of all incoming emails are blocked before reaching staff, as they are suspected to be the start of an attack.

Instead of relying on basic filters, NatWest analyses every email for malicious content and has a cybersecurity team of hundreds, supported by a multi-million-pound budget.

Mr Ulliott also warned of the growing use of AI by cyber criminals to make scams more convincing—such as altering their appearance during video calls to build trust with victims.

Police Scotland reported that cybercrime has more than doubled since 2020, with incidents rising from 7,710 to 18,280 in 2024. Officials highlighted the threat posed by groups like Scattered Spider, believed to consist of young hackers sharing techniques online.

MSP Rona Mackay called the figures ‘absolutely staggering,’ while Ben Macpherson said he had even been impersonated by fraudsters.

Law enforcement agencies, including the FBI, are now working together to tackle online crime. Meanwhile, Age Scotland warned that many older people lack confidence online, making them especially vulnerable to scams that can lead to financial ruin and emotional distress.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Valve denies Steam data breach

Valve has confirmed that a cache of old Steam two-factor authentication codes and phone numbers, recently circulated by a hacker known as ‘Machine1337’, is indeed real, but insists it did not suffer a data breach.

Instead of pointing to its own systems, Valve explained that the leak involves outdated SMS messages, which are typically sent unencrypted and routed through multiple providers. These codes, once valid for only 15 minutes, were not linked to specific Steam accounts, passwords, or payment information.

The leaked data sparked early speculation that third-party messaging provider Twilio was the source of the breach, especially after their name appeared in the dataset. However, both Valve and Twilio denied any direct involvement, with Valve stating it does not even use Twilio’s services.

The true origin of the breach remains uncertain, and Valve acknowledged that tracing it may be difficult, as SMS messages often pass through several intermediaries before reaching users.

While the leaked information may not immediately endanger Steam accounts, Valve advised users to remain cautious. Phone numbers, when combined with other data, could still be used for phishing attacks.

Instead of relying on SMS for security, users are encouraged to activate the Steam Mobile Authenticator, which offers a more secure alternative for account verification.

Despite the uncertainty surrounding the source of the breach, Valve reassured users there’s no need to change passwords or phone numbers. Still, it urged vigilance, recommending that users routinely review their security settings and remain wary of any unsolicited account notifications.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use fake PayPal email to seize bank access

A man from Virginia fell victim to a sophisticated PayPal scam that allowed hackers to gain remote control of his computer and access his bank accounts.

After receiving a fake email about a laptop purchase, he called the number listed in the message, believing it to be legitimate. The person on the other end instructed him to enter a code into his browser, which unknowingly installed a program giving the scammer full access to his system.

Files were scanned, and money was transferred between his accounts—all while he was urged to stay on the line and visit the bank, without informing anyone.

The scam, known as a remote access attack, starts with a convincing email that appears to come from a trusted source. Instead of fixing any problem, the real aim is to deceive victims into granting hackers full control.

Once inside, scammers can steal personal data, access bank accounts, and install malware that remains even after the immediate threat ends. These attacks often unfold in minutes, using fear and urgency to manipulate targets into acting quickly and irrationally.

Quick action helped limit the damage in this case. The victim shut down his computer, contacted his bank and changed his passwords—steps that likely prevented more extensive losses. However, many people aren’t as fortunate.

Experts warn that scammers increasingly rely on psychological tricks instead of just technical ones, isolating their victims and urging secrecy during the attack.

To avoid falling for similar scams, it’s safer to verify emails by using official websites instead of clicking any embedded links or calling suspicious numbers.

Remote control should never be granted to unsolicited support calls, and all devices should have up-to-date antivirus protection and multifactor authentication enabled. Online safety now depends just as much on caution and awareness as it does on technology.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

European crypto crime ring dismantled

European authorities have broken up a crypto laundering ring that moved over €21 million for criminal groups tied to China and the Middle East. Dubbed the ‘mafia crypto bank,’ the group used the hawala method and cryptocurrency to obscure illicit fund transfers.

Seventeen suspects were arrested in a Spanish-led operation, with additional arrests in Austria and Belgium. Most of those detained were of Chinese and Syrian origin, allegedly serving clients involved in drug trafficking and migrant smuggling.

Police seized €4.5 million in assets, including digital currencies, cash, vehicles, shotguns, and luxury goods.

The group posed as a remittance business and advertised its services on social media. The crackdown highlights growing concern over crypto’s role in organised crime, with illicit transactions reaching $51.3 billion in 2024.

Crypto crime continues to surge in 2025, with $1.74 billion in losses reported already—exceeding all of last year.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Ethereum launches new security initiative

The Ethereum Foundation has launched the Trillion Dollar Security Initiative to boost security across its network. The project aims to improve user experience, wallet protection, smart contract safety, and infrastructure resilience.

It is led by Fredrik Svantes and Josh Stark, with support from ecosystem experts samczsun, Medhi Zerouali, and Zach Obront.

Ethereum remains the leading platform for decentralized finance (DeFi), holding 50-60% of total value locked across blockchains, with nearly $80 billion as of mid-May. The Foundation emphasises that billions of users collectively secure trillions of dollars on the Ethereum network.

Ethereum’s recent Pectra upgrade, the most significant since The Merge, has introduced key enhancements including smart contract external accounts, higher staking limits, and data blobs per block.

Since the upgrade, Ethereum’s native token ETH has surged over 43%, signalling renewed market confidence.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Android adds new scam protection for phone calls

Google is introducing new protections on Android devices to combat phone call scams, particularly those involving screen-sharing and app installations. Users will see warning messages if they attempt to change settings during a call and Android will also block the deactivation of Play Protect features.

The system will now block users from sideloading apps or granting accessibility permissions while on a call with unknown contacts.

The new tools are available on devices running Android 16 and select protections are also rolling out to older versions, starting with Android 11

A separate pilot in the UK will alert users trying to open banking apps during a screen-sharing call, prompting them to end the call or wait before proceeding.

These features expand Android’s broader efforts to prevent fraud, which already include AI-based scam detection for phone calls and messages.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S breach linked to DragonForce hacking group

Marks & Spencer has confirmed that personal customer data was stolen in a recent cyberattack, including names, contact details, dates of birth, household information, and order histories. The company stressed that no useable payment details or account passwords were compromised.

The breach, which began over the Easter weekend, has disrupted online orders since April 25 and is reportedly costing M&S £43 million per week in lost sales.

Customers are being prompted to reset their passwords, and the retailer has warned users to be cautious of phishing emails or messages pretending to be from M&S.

The attack is linked to the DragonForce cybercrime group, known for double-extortion tactics—stealing and encrypting data while demanding ransom.

While no leaked M&S data has appeared online, experts say the risk of identity fraud remains high.

M&S has contacted website users, reported the breach to authorities, and is working with cybersecurity experts. The company has not disclosed how many of its 9.4 million online customers were affected.

Chief executive Stuart Machin said M&S is working ‘around the clock’ to restore services. Shares in the retailer have dropped 12% over the past month.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S urges password reset after major cyber incident

Marks & Spencer has confirmed that hackers accessed personal customer information in a cyber-attack that began in late April. The retailer stated that no payment details or account passwords were compromised, and there is currently no evidence the stolen data has been shared.

Customers will be prompted to reset their passwords as a precaution. Chief executive Stuart Machin called the breach a result of a sophisticated attack and apologised for the disruption, which has impacted online orders, app functionality, and some in-store services.

Although stores remain open, the company has been unable to process online purchases since 25 April. A hacking group known as Scattered Spider is believed to be behind the incident.

M&S has contacted affected customers and provided guidance on online safety. The company said it is working ‘around the clock’ to resolve the issue and restore normal operations. Customers are thanked for their patience and continued support.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Masked cybercrime groups rise as attacks escalate worldwide

Cybercrime is thriving like never before, with hackers launching attacks ranging from absurd ransomware demands of $1 trillion to large-scale theft of personal data. Despite efforts from Microsoft, Google and even the FBI, these threat actors continue to outpace defences.

A new report by Group-IB has analysed over 1,500 cybercrime investigations to uncover the most active and dangerous hacker groups operating today.

Rather than fading away after arrests or infighting, many cybercriminal gangs are re-emerging stronger than before.

Group-IB’s May 2025 report highlights a troubling increase in key attack types across 2024 — phishing rose by 22%, ransomware leak sites by 10%, and APT (advanced persistent threat) attacks by 58%. The United States was the most affected country by ransomware activity.

At the top of the cybercriminal hierarchy now sits RansomHub, a ransomware-as-a-service group that emerged from the collapsed ALPHV group and has already overtaken long-established players in attack numbers.

Behind it is GoldFactory, which developed the first iOS banking trojan and exploited facial recognition data. Lazarus, a well-known North Korean state-linked group, also remains highly active under multiple aliases.

Meanwhile, politically driven hacktivist group NoName057(16) has been targeting European institutions using denial-of-service attacks.

With jurisdictional gaps allowing cybercriminals to flourish, these masked hackers remain a growing concern for global cybersecurity, especially as new threat actors emerge from the shadows instead of disappearing for good.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

EU prolongs sanctions for cyberattackers until 2026

The EU Council has extended its sanctions on cyberattacks until May 18, 2026, with the legal framework for enforcing these measures now lasting until 2028. The sanctions target individuals and institutions involved in cyberattacks that pose a significant threat to the EU and its members.

The extended measures will allow the EU to impose restrictions on those responsible for cyberattacks, including freezing assets and blocking access to financial resources.

These actions may also apply to attacks against third countries or international organisations, if necessary for EU foreign and security policy objectives.

At present, sanctions are in place against 17 individuals and four institutions. The EU’s decision highlights its ongoing commitment to safeguarding its digital infrastructure and maintaining its foreign policy goals through legal actions against cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!