Cybercrime

How to protect your business from infostealer malware and credential theft

Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.

These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.

To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.

Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.

Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.

By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.

For more information on these topics, visit diplomacy.edu.

Russian hackers exploit smart home devices for crypto mining and cyberattacks

The Russian Ministry of Internal Affairs has warned citizens that hackers are infecting smart home devices with crypto mining malware.

Officials claim cybercriminals aim to create networks of compromised devices that could also be used for DDoS attacks, surveillance, and even robbery.

To mitigate risks, the ministry advises regularly changing passwords, updating firmware, and purchasing devices from reputable manufacturers.

Crypto-related fraud is also rising in Russia, with criminals posing as brokerage employees to lure victims into fake exchanges.

Prosecutors in Yakutsk are investigating a case where a resident allegedly lost $4,600 to such a scheme. Authorities have launched a criminal case and a broader inquiry into fraudulent crypto operations.

Illegal crypto mining remains a pressing issue, particularly in regions like the North Caucasus and Siberia. Moscow has enforced seasonal bans on crypto mining until 2031, aiming to conserve electricity during peak winter months.

However, officials in Irkutsk report that while 308 MW of power was freed up, the unused capacity provided no tangible benefit to consumers.

Despite concerns, some government officials argue that mining bans are improving energy reliability. Transbaikal authorities claim no legal mining operations remain in the region and have found no evidence of illegal mining activity. Industry experts remain sceptical about the overall impact of these restrictions.

For more information on these topics, visit diplomacy.edu.

Canada warns of foreign election interference

Canada’s intelligence agency has warned that China and India are highly likely to interfere in the country’s general election on 28 April, with Russia and Pakistan also having the potential to do so.

The Canadian Security Intelligence Service (CSIS) stated that while previous interference attempts in the 2019 and 2021 elections did not alter the results, the country had been slow to respond at the time. Both China and India have denied previous allegations of meddling in Canada’s internal affairs.

Vanessa Lloyd, CSIS’s deputy director of operations, said hostile states are increasingly using AI to influence elections, with China being particularly likely to exploit such tools.

The warning comes amid tense diplomatic relations between Canada and Beijing, following China’s recent tariffs on $2.6 billion worth of Canadian agricultural products and Ottawa’s strong condemnation of China’s execution of four Canadian citizens on drug charges.

India has also been under scrutiny, with Canada expelling six Indian diplomats last year over allegations of involvement in a plot against Sikh separatists.

Lloyd stated that India has both the intent and capability to interfere in Canadian politics and communities, though the Indian diplomatic mission in Ottawa has yet to comment.

She added that while it is difficult to directly link foreign interference with election outcomes, such activities undermine public trust in Canada’s democratic institutions.

For more information on these topics, visit diplomacy.edu.

Hackers use fake Semrush ads to steal Google accounts

Cybercriminals are using fake adverts for popular SEO platform Semrush to trick users into giving up access to their Google accounts, researchers have warned.

The malvertising campaign features ads that link to a bogus Semrush login page, which only allows users to sign in via Google, a tactic designed to steal high-value credentials.

According to Malwarebytes, Semrush accounts are often linked to critical Google services such as Analytics and Search Console.

These tools store confidential business insights, which threat actors could exploit for strategic and financial gain. The scammers may also access names, phone numbers, business details, and partial card information through compromised Semrush accounts.

By impersonating Semrush support, attackers could deceive users into revealing full card details under the pretence of payment or billing updates. However, this may open the door to wider fraud, such as redirecting funds from vendors or business partners.

With Semrush serving over 117,000 customers, including a significant share of Fortune 500 firms, the attack underscores the growing risks of malvertising on platforms like Google.

Security experts are urging businesses to tighten account access controls and remain cautious when engaging with search ads, even from seemingly reputable brands.

For more information on these topics, visit diplomacy.edu.

Australian police warn of Binance-themed crypto scam targeting users

Australian authorities have issued warnings about a sophisticated scam in which fraudsters impersonate Binance via SMS, tricking users into transferring their crypto assets.

The Australian Federal Police (AFP) revealed that scammers use sender ID spoofing to make fraudulent messages appear in the same thread as legitimate Binance communications.

Victims are falsely informed of a security breach and urged to move their funds to a ‘trust wallet,’ which is controlled by the scammers.

The AFP has identified at least 130 potential victims and launched a campaign to warn them. Cybercrime officials explained that once funds are transferred to the scammers’ wallets, they are swiftly moved across multiple accounts, making recovery difficult.

Similar scams have also targeted users of Coinbase and Gemini, exploiting pre-generated recovery phrases to seize control of wallets.

Binance Chief Security Officer Jimmy Su advised users to verify official communications through Binance’s security tools and website.

The Australian government is taking steps to combat these scams, planning to launch an SMS Sender ID Register in late 2025. The initiative will require telecom providers to verify brand-name messages, reducing the risk of spoofing.

Investment scams remain a significant issue in Australia, with AU$382 million ($269 million) lost in the past year, nearly half of which was crypto-related.

Authorities continue to urge caution, warning users to be sceptical of unsolicited messages and requests for seed phrases or urgent transfers.

For more information on these topics, visit diplomacy.edu

Cyberattack exploits a flaw in ZoneAlarm’s vsdatant.sys driver

A sophisticated cyberattack has targeted vulnerabilities in the vsdatant.sys driver, a component of Checkpoint’s ZoneAlarm antivirus software, allowing attackers to bypass critical Windows security features.

The driver, released in 2016, has been exploited in a Bring Your Own Vulnerable Driver (BYOVD) attack, enabling attackers to elevate privileges and access sensitive data.

The vsdatant.sys driver operates with high kernel-level privileges, containing long-known vulnerabilities that allow attackers to exploit crafted Interrupt Request Packets (IRPs).

These flaws, affecting versions of the driver prior to 7.0.362, allow for arbitrary code execution by improperly validating arguments passed to system function handlers.

BYOVD attacks have become increasingly common, with attackers leveraging legitimate but vulnerable drivers to bypass security measures undetected.

In this case, attackers were able to disable Windows’ Memory Integrity feature, which is designed to protect critical system processes.

By exploiting flaws in vsdatant.sys, the attackers gained full access to the compromised system, enabling them to steal sensitive information.

To mitigate the risk of such attacks, security experts recommend implementing driver blocklisting, enabling Memory Integrity, and ensuring that all security products are kept up to date.

Users are urged to update their ZoneAlarm installations to the latest version to avoid exposure to these vulnerabilities.

For more information on these topics, visit diplomacy.edu.

Spanish police dismantle Bitcoin-themed crypto scam

Spanish police have successfully dismantled a Bitcoin-themed pyramid scam, uncovering a fraudulent network that swindled around $32.6 million from unsuspecting victims.

According to the National Police Corps (CNP), eight individuals were arrested, including the mastermind, a computer programmer detained in Malaga. The scam targeted over 3,600 people, mostly in Spain, but extended its reach to 36 countries.

The group operated a seemingly legitimate platform offering various Bitcoin investment plans. Promoted through websites and social media, victims were promised significant returns, with some reportedly offered dividends of 40% in just a month.

However, once funds were invested, obstacles were fabricated to delay or prevent withdrawals.

The police first uncovered the operation in 2022, following a report from a victim in Murcia. Their investigation revealed the scam’s pyramid structure, where older investors were paid with funds from newer ones.

Some victims were even tricked into handing over control of their devices for crypto transfers.

In total, the fraudsters amassed approximately 400 Bitcoin and created a worthless token for investors. Authorities have since frozen 73 bank accounts, seized cars, and impounded various assets as part of the investigation.

For more information on these topics, visit diplomacy.edu

Microsoft warns of new malware targeting cryptocurrency wallets

Microsoft has issued a warning about StilachiRAT, a newly discovered malware that steals cryptocurrency wallet data and sensitive browser information.

The trojan is designed to evade detection while extracting credentials from over 20 different wallets, including MetaMask, Trust Wallet, and Coinbase.

The malware actively scans for cryptocurrency wallet extensions in Google Chrome and monitors clipboard actions for copied keys and passwords.

Attackers can use the stolen data to drain victims’ funds. StilachiRAT also enables remote command execution, allowing cybercriminals to manipulate system settings and maintain control over infected devices.

Beyond stealing data, the malware gathers detailed information about the compromised system, including OS details and hardware identifiers.

It even monitors Remote Desktop Protocol sessions, enabling attackers to impersonate users and spread further across networks.

Microsoft has not yet linked StilachiRAT to a specific threat actor but emphasises the need for caution. Users are advised to download software only from official sources, enable Microsoft Defender real time protection, and use SmartScreen to block malicious websites.

For more information on these topics, visit diplomacy.edu

ICC Office of the Prosecutor invites public input on draft policy for cyber-enabled crimes

The Office of the Prosecutor of the International Criminal Court invites public comments on its draft policy addressing cyber-enabled crimes under the Rome Statute.

The Office encourages participation from all relevant stakeholders, including States Parties, civil society organisations, private sector entities, and experts in the field.

Contributions will support the development of a final policy paper that will guide the Office’s approach to cyber-related conduct within its jurisdiction, including its investigative and prosecutorial activities.

The policy paper builds on the crimes outlined in the Rome Statute, assessed within the broader framework of international law.

It aims to enhance transparency regarding the Office’s work in this area and contribute to discussions on legal standards, best practices, and frameworks for cooperation, including those relevant to national authorities.

The draft policy clarifies that the Court does not have jurisdiction over common cybercrimes, such as fraud or unauthorised access to computer systems, which are typically addressed under national laws.

While some countries have international obligations to prosecute these crimes under specific treaties, they do not fall within the mandate of the Court. However, national efforts to combat such crimes may sometimes overlap with the Court’s work where they intersect with crimes under its jurisdiction.

To date, cyber-related issues have only been considered at the periphery of the Court’s work, and their legal and practical implications have yet to be fully explored.

Investigating and prosecuting cyber-enabled crimes presents new and complex challenges. This policy sets out the Office’s current position on these issues while recognising that certain matters may only be fully addressed as the Court’s practice in this area develops.

As with any crime under the Court’s jurisdiction, cyber-enabled crimes will be assessed based on their gravity—including their scale, nature, manner of commission, and impact.

The Court focuses on crimes of the most serious international concern, typically those causing widespread harm to large populations.

An exception applies to offences against the administration of justice, which are not subject to a gravity threshold but are considered serious due to their impact on the Court’s ability to function.

For more information on these topics, visit diplomacy.edu.

Indian police arrest Garantex administrator wanted by US

Indian authorities have arrested Aleksej Besciokov, an administrator of the Russian cryptocurrency exchange Garantex, at the request of the US.

Besciokov, a Russian resident and Lithuanian national, was taken into custody in Kerala on charges of money laundering and violating sanctions. The Central Bureau of Investigation (CBI) said he was planning to flee India, and Washington is expected to seek his extradition.

The arrest follows a joint operation by the US, Germany, and Finland to dismantle Garantex’s online infrastructure.

The exchange, under US sanctions since 2022, has processed at least $96 billion in cryptocurrency transactions since 2019. The US Justice Department recently charged two administrators, including Besciokov, with operating an unlicensed money-transmitting business.

Experts warn that sanctioned exchanges often attempt to bypass restrictions by setting up new entities. Blockchain research firm TRM Labs called the Garantex takedown a significant step in combating illicit finance but emphasised the need for continued vigilance against evasion tactics.

For more information on these topics, visit diplomacy.edu.