Cybersecurity

UN and international agencies establish advisory body for submarine cables

The United Nationshas launched the International Advisory Body for Submarine Cable Resilience to protect critical underwater communication infrastructure.

The initiative, announced in October 2024, brings together the International Telecommunication Union (ITU), and the International Cable Protection Committee (ICPC) to address growing risks to submarine cables, facilitating over 99% of global data transmission.

The initiative follows high-profile incidents, including damage to undersea cables and will prioritise enhancing cable security, promoting global best practices, and expediting repairs. With around 150 to 200 cable damage incidents annually—mainly due to ship anchors, fishing activities, and natural disasters—the ICPC highlights the urgency of coordinated action.

Officials from Nigeria and Portugal will co-chair the 40-member advisory body. Scheduled to convene twice a year, the body’s first meeting will occur virtually in December, followed by an in-person session in Abuja, Nigeria, in February.

Submarine cable disruptions have significant consequences. Earlier this year, outages from cable cuts in Africa left 13 countries offline for days, while damage in the Red Sea caused widespread internet disruption in the Middle East.

Interpol and South Korea lead operation, arresting over 5,500 cybercrime suspects

A coordinated global effort involving law enforcement from 40 countries has resulted in over 5,500 arrests and the seizure of more than $400 million in virtual and fiat currencies during Operation HAECHI V (July–November 2024).

The operation, led by INTERPOL and financially supported by South Korea, targeted seven major types of cyber-enabled fraud, including voice phishing, romance scams, investment fraud, and business email compromise schemes.

In one significant success, Korean and Chinese authorities dismantled a voice phishing network that defrauded over 1,900 victims of 1,511 billion KRW ($1.1 billion). The syndicate, which impersonated law enforcement and used fake IDs, saw 27 members arrested, with 19 facing formal charges.

INTERPOL issued a Purple Notice during the operation to warn member countries of a new cryptocurrency scam targeting stablecoin users. Known as the USDT Token Approval Scam, fraudsters lured victims with romance-based schemes, directing them to buy Tether stablecoins through legitimate platforms. Victims were then tricked into granting scammers full access to their cryptocurrency wallets through phishing links, allowing unauthorized fund transfers.

Operation HAECHI V also achieved record-breaking results, solving 8,309 cases—nearly double those from the previous year—and blocking 1,023 virtual asset service provider (VASP) accounts, a threefold increase from 2023.

HAECHI V participating countries, territories and regions: Albania, Argentina, Australia, Brunei, Cambodia, Canada, Cayman Islands (UK), China, France, Ghana, Hong Kong (China), India, Indonesia, Ireland, Japan, Korea, Kyrgyzstan, Laos, Liechtenstein, Macao (China), Malaysia, Maldives, Mauritius, Nigeria, Pakistan, Philippines, Poland, Portugal, Romania, Seychelles, Singapore, Slovenia, Spain, Sweden, Thailand, Timor Leste, United Arab Emirates, United Kingdom, United States, Viet Nam.

How AI helped fraudsters steal £20,000 from a UK woman

Ann Jensen, a woman from Salisbury, was deceived into losing £20,000 through an AI-powered investment scam that falsely claimed endorsement by UK Prime Minister Sir Keir Starmer. The scammers used deepfake technology to mimic Starmer, promoting a fraudulent cryptocurrency investment opportunity. After persuading her to invest an initial sum, they convinced her to take out a bank loan, only to vanish with the funds.

The scam left Ms. Jensen not only financially devastated but also emotionally shaken, describing the experience as a “physical reaction” where her “body felt like liquid.” Now facing a £23,000 repayment over 27 years, she reflects on the incident as a life-altering crime. “It’s tainted me for life,” she said, emphasising that while she doesn’t feel stupid, she considers herself a victim.

Cybersecurity expert Dr. Jan Collie highlighted how AI tools are weaponised by criminals to clone well-known figures’ voices and mannerisms, making scams appear authentic. She advises vigilance, suggesting people look for telltale signs like mismatched movements or pixelation in videos to avoid falling prey to these sophisticated frauds.

Meta tightens financial ad rules in Australia

Meta Platforms announced stricter regulations for advertisers promoting financial products and services in Australia, aiming to curb online scams. Following an October initiative where Meta removed 8,000 deceptive ‘celeb bait’ ads, the company now requires advertisers to verify beneficiary and payer details, including their Australian Financial Services License number, before running financial ads.

This move is part of Meta’s ongoing efforts to protect Australians from scams involving fake investment schemes using celebrity images. Verified advertisers must also display a “Paid for By” disclaimer, ensuring transparency in financial advertisements.

The updated policy follows a broader regulatory push in Australia, where the government recently abandoned plans to fine internet platforms for spreading misinformation. The crackdown on online platforms is part of a growing effort to assert Australian sovereignty over foreign tech companies, with a federal election looming.

DMM Bitcoin to shut down after $320 million hack loss

DMM Bitcoin, a Japanese cryptocurrency exchange, is preparing to wind down its operations after suffering a significant loss of $320 million in Bitcoin due to a hack in May. The breach, which compromised a private key linked to a wallet holding over 4,500 Bitcoin, forced the company to halt its restructuring efforts and focus on safeguarding customer assets. In response, DMM Bitcoin has arranged to transfer all customer accounts and assets to SBI VC Trade, a crypto exchange operated by financial giant SBI Group, with the transition expected to be completed by March 2025.

The company confirmed that customer assets, including Japanese yen and cryptocurrencies, will be secure during the move. Despite initial assurances that customer deposits would be protected, DMM Bitcoin was forced to suspend withdrawals, new account registrations, and trading following the attack. The company also pledged to compensate affected users by procuring an equivalent amount of Bitcoin, backed by its group companies.

The hack is one of Japan’s largest crypto breaches, second only to the $530 million Coincheck hack in 2018. Blockchain analysts have linked the breach to the Lazarus Group, a North Korean cybercrime organisation, suggesting similarities in laundering techniques. DMM Bitcoin, which launched in 2018, has also been facing challenges with its Web3 gaming project and stablecoin initiatives, ultimately leading to the decision to wind down its operations.

This attack is part of a broader trend of rising cyberattacks on cryptocurrency exchanges in 2024, including major breaches of other exchanges such as WazirX, BingX, and BtcTurk. The growing frequency of such incidents underscores the ongoing risks facing centralized crypto platforms.

SEMI calls for stronger EU semiconductor policy

Industry group SEMI Europe has urged the incoming European Commission to adopt a more unified industrial strategy and expand on the existing European Chips Act. The group highlighted the importance of Mario Draghi’s recommendations, including a centralised EU budget and expedited approvals for strategic high-tech initiatives, to maintain competitiveness against the US and China.

SEMI emphasised the need for additional funding to bolster Europe’s semiconductor ecosystem, particularly in light of global export restrictions on chip technology and critical minerals. Quick action on EU export policies is vital to protect strategic interests and strengthen Europe’s global influence, the group said.

While the Chips Act focuses on attracting new manufacturing, SEMI and other industry voices, like ESIA, have called for broader support. This includes incentives for ‘legacy and foundational’ chip production and innovations essential for Europe’s green transition. Together, SEMI and ESIA represent leading players such as ASML, Infineon, and STMicroelectronics.

A revamped Chips Act would not only counter state-subsidised competition from China but also enhance Europe’s semiconductor supply chain resilience, crucial for its economic and technological independence.

Australia begins trial of teen social media ban

Australia‘s government is conducting a world-first trial to enforce its national social media ban for children under 16, focusing on age-checking technology. The trial, set to begin in January and run through March, will involve around 1,200 randomly selected Australians. It will help guide the development of effective age verification methods, as platforms like Meta, X (formerly Twitter), TikTok, and Snapchat must prove they are taking ‘reasonable steps’ to keep minors off their services or face fines of up to A$49.5 million ($32 million).

The trial is overseen by the Age Check Certification Scheme and will test several age-checking techniques, such as video selfies, document uploads for verification, and email cross-checking. Although platforms like YouTube are exempt, the trial is seen as a crucial step for setting a global precedent for online age restrictions, which many countries are now considering due to concerns about youth mental health and privacy.

The trial’s outcomes could influence how other nations approach enforcing age restrictions, despite concerns from some lawmakers and tech companies about privacy violations and free speech. The government has responded by ensuring that no personal data will be required without alternatives. The age-check process could significantly shape global efforts to regulate social media access for children in the coming years.

India introduces new rules for critical telecom infrastructure

The government of India introduced the Telecommunications (Critical Telecommunication Infrastructure) Rules, 2024, on 22 November, which require telecom entities designated as Critical Telecommunication Infrastructure (CTI) to grant government-authorised personnel access to inspect hardware, software, and data. These rules are part of the Telecommunications Act, 2023, empowering the government to designate telecom networks as CTI if their disruption could severely impact national security, the economy, public health, or safety.

The rules mandate that telecom entities appoint a Chief Telecom Security Officer (CTSO) to oversee cybersecurity efforts and report incidents within six hours, a revised deadline from the original two hours proposed in the draft rules. This brings the telecom sector in India in line with existing Telecom Cyber Security Rules and CERT-In directions, though experts argue that the six-hour window does not meet global standards and may contribute to over-regulation.

Telecom networks are already governed under the Information Technology Act, creating potential overlaps with other regulatory frameworks such as the National Critical Information Infrastructure Protection Centre (NCIIPC). The rules also raise concerns about inspection protocols and data access, as they lack clarity on when inspections can be triggered or what limitations should be placed on government personnel accessing sensitive information.

Experts have also questioned the accountability measures in case of abuse of power and the potential for government officials to access the personal data of telecom subscribers during these inspections. To implement these rules, telecom entities must provide detailed documentation to the government, including network architecture, access lists, cybersecurity plans, and security audit reports. They must also maintain logs and documentation for at least two years to assist in detecting anomalies.

Additionally, remote maintenance or repairs from outside India require government approval, and upgrades to hardware or software must be reviewed within 14 days. Immediate upgrades are allowed during cybersecurity incidents, with notification to the government within 24 hours. A digital portal will be established to manage these rules, but concerns about the lack of transparency in communications have been raised. Finally, all CTI hardware, software, and spares must meet Indian Telecommunication Security Assurance Requirements.

Spotify misused for scams and malware

Scammers are misusing Spotify’s playlist and podcast features to promote pirated software, malware, and phishing schemes. By embedding popular search terms like ‘free download’ or ‘crack’ in playlists and podcast titles, these bad actors ensure their spam appears in Google search results. Users who click on these links often land on unsafe sites designed to install malicious software or steal personal data.

The schemes include playlists and short podcast episodes featuring synthetic voice prompts that redirect listeners to risky external sites. These scams exploit Spotify’s trusted reputation and indexed pages to rank high in search results. Scammers profit through ad clicks, fake surveys, and affiliate links while spreading malware or engaging in phishing attempts.

Experts warn users to avoid clicking on suspicious links, verify playlist or podcast creators, and stick to official sources for downloads. Spotify and search engines like Google face calls to strengthen safeguards to prevent misuse of their platforms. In the meantime, users are encouraged to report fraudulent content and use antivirus software to stay protected.

Dubai Police partners with Crystal Intelligence to bolster security in digital asset sector

Crystal Intelligence and Dubai Police have collaborated to address economic crimes within the rapidly growing digital asset space. By combining advanced blockchain analytics with law enforcement expertise, the two entities aim to predict and prevent financial crimes, ensuring robust security within the digital asset ecosystem.

That collaboration reflects Dubai’s commitment to remaining at the forefront of global blockchain innovation. Moreover, as part of its broader strategy, the UAE, particularly Dubai, has positioned itself as a leader in digital assets by creating a regulatory framework that fosters innovation while ensuring security and compliance.

Notably, establishing the Virtual Assets Regulatory Authority (VARA), the world’s first regulator for virtual assets, has attracted numerous blockchain companies and service providers to the city, further solidifying Dubai’s role as a central hub for digital assets. This collaboration also involves strengthening Dubai Police’s capabilities through Crystal Intelligence’s advanced tools in transaction monitoring, risk management, and predictive analytics.

Why does it matter?

These tools will enable law enforcement to proactively detect and address fraudulent activities across blockchain networks, thereby ensuring the integrity of Dubai’s digital asset market. By combining regulatory foresight with cutting-edge technology, Dubai demonstrates its leadership in integrating innovation with security. Ultimately, this partnership sets a new global standard for digital asset security and offers a model for other jurisdictions to follow as they navigate the complexities of financial crimes in the digital asset space.

Diplo chatbot can make mistakes. Consider checking important information.