Cybercrime

China tops global data breach rankings in 2024, experts warn

In 2024, three countries entered the top 10 for the highest number of breached accounts. China topped the list, rising from 12th place in 2023, Germany moved up to fifth from 16th, and Poland secured the tenth spot, up from 17th, according to Surfshark, a cybersecurity firm. Despite these changes, Russia, the US, France, India, Brazil, Italy, and the UK remained in the top 10 for both years.

Brazil and Italy saw significant increases, climbing two spots each in 2024. Brazil experienced a 24-fold rise in breached accounts, while Italy saw a 21-fold surge. Russia and France maintained their positions in second and fourth place, though both saw dramatic increases, with Russia’s breaches rising 11 times and France’s nearly 14 times.

In 2024, regional data breach statistics show that Europe had the highest share, accounting for 29% of all breached accounts, totalling over 1.6 billion, with Russia leading the region. Asia followed as the second-most affected region, contributing 23% to the global total, or nearly 1.3 billion breached accounts, with China at the forefront. North America ranked third, representing 14% of all breaches, or about 770 million compromised accounts, primarily from the US.

The US, India, and the UK dropped in rankings in 2024, but the number of breached accounts in these regions still rose. The US saw a 39% increase, ranking third globally, while India recorded five times more breaches than in 2023, and the UK experienced a 14-fold surge. China had the most dramatic increase, with breached accounts jumping nearly 340 times compared to the previous year.

In 2024, Australian users also faced a cyber attack every second, marking a twelvefold increase compared to the previous year. This contributed to a global rise in data breaches, with 5.6 billion accounts compromised worldwide, averaging 176 breaches per second. This global figure represents an eightfold increase from 2023, when 23 accounts were breached per second.

CAR meme coin skyrockets but faces deepfake allegations

The Central African Republic made waves on 10 February by announcing the launch of its meme coin, CAR. The news came directly from President Faustin-Archange Touadéra’s official X account, presenting the token as an experiment to unite people and boost national development. The meme coin, launched on the Solana-based Pump.fun platform, saw its value surge rapidly as traders rushed to invest in what was described as the first-ever national meme coin.

However, excitement soon turned to scepticism. AI detection tools flagged the president’s announcement video as potentially AI-generated, raising concerns about its authenticity. The project’s official X account was swiftly suspended, and further scrutiny revealed that its domain had been registered just days before the announcement using Namecheap, a budget-friendly provider. Shortly after, Namecheap took the website offline, citing it as an ‘abusive service.’

Despite these red flags, the CAR token initially reached a peak valuation of $527 million before dropping to $460 million. The controversy comes amid a rise in fraudulent memecoin launches, with recent cases involving hacked X accounts of high-profile figures. While there is still no clear confirmation on whether CAR is an official government-backed initiative or an elaborate scam, the crypto community remains on high alert.

Italian activist targeted by spyware, Meta warns

Luca Casarini, a prominent Italian migrant rescue activist, was warned by Meta that his phone had been targeted with spyware. The alert was received through WhatsApp, the same day Meta accused surveillance firm Paragon Solutions of using advanced hacking methods to steal user data. Paragon, reportedly American-owned, has not responded to the allegations.

Casarini, who co-founded the Mediterranea Saving Humans charity, has faced legal action in Italy over his rescue work. He has also been a target of anti-migrant media and previously had his communications intercepted in a case related to alleged illegal immigration. He remains unaware of who attempted to hack his device or whether the attack had judicial approval.

The revelation follows a similar warning issued to Italian journalist Francesco Cancellato, whose investigative news outlet, Fanpage, recently exposed far-right sympathies within Prime Minister Giorgia Meloni’s political youth wing. Italy’s interior ministry has yet to comment on the situation.

Emerging cyber threats in Russia: Nova malware’s impact and the escalating cyber landscape

Multiple Russian cybersecurity firms have published research reports on emerging threats, including a large-scale information-stealing campaign targeting local organisations using the Nova malware.

According to a report from Moscow-based BI.ZONE, Nova is a commercial malware sold as a service on dark web marketplaces. Prices range from $50 for a monthly license to $630 for a lifetime license. Nova is a variant of SnakeLogger, a widely used malware known for stealing sensitive information.

While the developers of Nova remain unidentified, the code contains strings in Polish, and a Telegram group dedicated to promoting and supporting the malware was created in August 2024. The scale of the campaign and the full extent of its impact on Russian organisations remain unclear.

The BI.ZONE report comes at a time when Russian entities have been under increasing cyberattacks, many of which are suspected to be politically motivated and linked to state-sponsored groups.

Over the weekend, F.A.C.C.T. reported a cyberespionage campaign targeting chemical, food, and pharmaceutical companies in Russia, attributing the attacks to a state-backed group named Rezet (or Rare Wolf). Meanwhile, Solar reported an attack on Russian industrial facilities by the newly identified group APT NGC4020, which exploited a vulnerability in a SolarWinds tool.

The Nova malware collects a wide range of data, including saved authentication credentials, keystrokes, screenshots, and clipboard content. This stolen data can be used in a variety of malicious activities, such as facilitating ransomware attacks. The malware is distributed through phishing emails, often disguised as contracts, to trick employees in organisations that handle high volumes of email correspondence.

Crypto malware found in Android and iOS app-making kits

Kaspersky Labs has uncovered a dangerous malware hidden in software development kits used to create Android and iOS apps. The malware, known as SparkCat, scans images on infected devices to find crypto wallet recovery phrases, allowing hackers to steal funds without needing passwords. It also targets other sensitive data stored in screenshots, such as passwords and private messages.

The malware uses Google’s ML Kit OCR to extract text from images and has been downloaded around 242,000 times, primarily affecting users in Europe and Asia. It is embedded in dozens of real and fake apps on Google’s Play Store and Apple’s App Store, disguised as analytics modules. Kaspersky’s researchers suspect a supply chain attack or intentional embedding by developers.

While the origin of the malware remains unclear, analysis of its code suggests the developer is fluent in Chinese. Security experts advise users to avoid storing sensitive information in images and to remove any suspicious apps. Google and Apple have yet to respond to the findings.

Ex-Google worker indicted for alleged AI espionage

A former Google software engineer faces additional charges in the US for allegedly stealing AI trade secrets to benefit Chinese companies. Prosecutors announced a 14-count indictment against Linwei Ding, also known as Leon Ding, accusing him of economic espionage and theft of trade secrets. Each charge carries significant prison terms and fines.

Ding, a Chinese national, was initially charged last March and remains free on bond. His case is being handled by a US task force established to prevent the transfer of advanced technology to countries such as China and Russia.

Prosecutors claim Ding stole information on Google’s supercomputing data centres used to train large AI models, including confidential chip blueprints intended to give the company a competitive edge.

Ding allegedly began his thefts in 2022 after being recruited by a Chinese technology firm. By 2023, he had uploaded over 1,000 confidential files and shared a presentation with employees of a startup he founded, citing China’s push for AI development.

Google has cooperated with authorities but has not been charged in the case. Discussions between prosecutors and defence lawyers indicate the case may go to trial.

Belgium plans AI use for law enforcement and telecom strategy

Belgium‘s new government, led by Prime Minister Bart De Wever, has announced plans to utilise AI tools in law enforcement, including facial recognition technology for detecting criminals. The initiative will be overseen by Vanessa Matz, the country’s first federal minister for digitalisation, AI, and privacy. The AI policy is set to comply with the EU’s AI Act, which bans high-risk systems like facial recognition but allows exceptions for law enforcement under strict regulations.

Alongside AI applications, the Belgian government also aims to combat disinformation by promoting transparency in online platforms and increasing collaboration with tech companies and media. The government’s approach to digitalisation also includes a long-term strategy to improve telecom infrastructure, focusing on providing ultra-fast internet access to all companies by 2030 and preparing for potential 6G rollouts.

The government has outlined a significant digital strategy that seeks to balance technological advancements with strong privacy and legal protections. As part of this, they are working on expanding camera legislation for smarter surveillance applications. These moves are part of broader efforts to strengthen the country’s digital capabilities in the coming years.

Google: Over 57 cyber threat actors using AI for hacking

Google identified more than 57 cyber threat actors linked to China, Iran, North Korea, and Russia leveraging the company’s AI technology to enhance their cyber and information warfare efforts. According to a new report by Google’s Threat Intelligence Group (GTIG), the state-sponsored hacking groups, known as Advanced Persistent Threats (APTs), primarily use AI for tasks such as researching vulnerabilities, writing malicious code, and creating targeted phishing campaigns.

The company says that Iranian APT actors, particularly APT42, were identified as the most frequent users of Google’s AI tool, Gemini. They used it for reconnaissance on cybersecurity experts and organizations, and phishing operations.

Beyond APT groups, underground cybercriminal forums have begun advertising illicit AI models, such as WormGPT, WolfGPT, FraudGPT, and GhostGPT—AI systems designed to bypass ethical safeguards and facilitate phishing, fraud, and cyberattacks.

In the report, Google stated that the company has implemented countermeasures to prevent abuse of its AI system and has called for stronger collaboration between government and private industry to bolster cybersecurity defenses.

Ransomware attack locks energy contractor out of financial systems for six weeks

ENGlobal Corporation, a major contractor in the energy sector and federal government, was locked out of its financial systems for six weeks following a ransomware attack that began on 25 November 2024, the company disclosed in a filing with the US Securities and Exchange Commission (SEC).

The attack disrupted access to key business applications, affecting operational and corporate functions, including financial and reporting systems. However, ENGlobal stated that its systems have been fully restored, and the attackers no longer have access.

The Oklahoma-based company also confirmed that the breach involved unauthorised access to sensitive personal information stored on its IT systems. The company stated that affected individuals will be notified accordingly.

In an earlier SEC filing in December, ENGlobal revealed that the attackers had encrypted data files after gaining access, forcing the company to restrict IT system access and limit operations to essential functions. Despite the disruption, the company does not expect a material financial impact from the incident.

Founded in 1985, ENGlobal specialises in designing and constructing automation and instrumentation systems for commercial and government clients, including the US defence industry. The company reported $6 million in 2024 third-quarter revenue last quarter.

No ransomware group has claimed responsibility for the attack, which caused a longer-than-average outage.

German authorities on alert for election disinformation

With Germany’s parliamentary elections just weeks away, lawmakers are warning that authoritarian states, including Russia, are intensifying disinformation efforts to destabilise the country. Authorities are particularly concerned about a Russian campaign, known as Doppelgänger, which has been active since 2022 and aims to undermine Western support for Ukraine. The campaign has been linked to fake social media accounts and misleading content in Germany, France, and the US.

CSU MP Thomas Erndl confirmed that Russia is attempting to influence European elections, including in Germany. He argued that disinformation campaigns are contributing to the rise of right-wing populist parties, such as the AfD, by sowing distrust in state institutions and painting foreigners and refugees as a problem. Erndl emphasised the need for improved defences, including modern technologies like AI to detect disinformation, and greater public awareness and education.

The German Foreign Ministry recently reported the identification of over 50,000 fake X accounts associated with the Doppelgänger campaign. These accounts mimic credible news outlets like Der Spiegel and Welt to spread fabricated articles, amplifying propaganda. Lawmakers stress the need for stronger cooperation within Europe and better tools for intelligence agencies to combat these threats, even suggesting that a shift in focus from privacy to security may be necessary to tackle the issue effectively.

Greens MP Konstantin von Notz highlighted the security risks posed by disinformation campaigns, warning that authoritarian regimes like Russia and China are targeting democratic societies, including Germany. He called for stricter regulation of online platforms, stronger counterintelligence efforts, and increased media literacy to bolster social resilience. As the election date approaches, lawmakers urge both government agencies and the public to remain vigilant against the growing threat of foreign interference.