Cybercriminals stole billions of login credentials last year using infostealer malware, putting businesses worldwide at serious risk.
These malicious tools quietly harvest passwords and session tokens from infected devices, often within minutes.
To fight back, companies must use strong multi-factor authentication, store passwords in dedicated managers, and protect devices with advanced endpoint security.
Simple browser-stored logins are no longer safe, and attackers are getting better at bypassing weak defences.
Reducing session lifespans, using hardware-backed logins, and training staff to spot phishing threats are all key to staying secure.
By combining tech with human vigilance, organisations can stay ahead of attackers and safeguard their systems and data.
For more information on these topics, visit diplomacy.edu.
US authorities will return $7 million to victims of a crypto investment scam. Fraudsters tricked investors into sending money to fake platforms before funnelling funds through 75 bank accounts. The US Secret Service seized assets from a foreign bank in 2023 and settled.
Victims were misled into believing their investments were growing, only to face demands for more money. When they attempted withdrawals, scammers claimed additional tax payments were required. The recovered funds will now be distributed to affected investors.
The 2025 Crypto Crime Report highlights the rise of sophisticated cyber scams. Australian police recently warned about fraudulent messages mimicking major exchanges. Other scams have involved malware disguised as legitimate trading software.
Microsoft’s security team has identified a new trojan targeting crypto wallets in Chrome extensions. As cybercriminals refine their tactics, authorities urge investors to stay vigilant and verify platforms before transferring funds.
For more information on these topics, visit diplomacy.edu.
The hacker behind the $1.4 billion Bybit exploit has already laundered more than half of the stolen Ethereum, primarily swapping it for Bitcoin via THORChain. Blockchain analysts report that over $614 million has been moved in just five days, pushing THORChain’s daily transaction volumes from an average of $80 million to an astonishing $580 million. On 26 February alone, swaps reached a record $859 million.
The US Federal Bureau of Investigation has officially linked the attack to North Korean state-sponsored hackers, identifying it as part of a wider cybercrime operation. Security experts confirmed that Bybit’s core infrastructure remained intact, with the breach traced back to a compromised developer machine that injected malicious code into the Gnosis Safe UI. While the attack targeted Bybit’s cold wallet, the platform’s smart contracts were not affected.
In response, Bybit has launched a dedicated website to track the movement of stolen funds and is offering a bounty to exchanges that assist in their recovery. The incident underscores a growing trend where hackers are shifting focus from exchanges themselves to the infrastructure providers that support them.
For more information on these topics, visit diplomacy.edu.
North Korean hackers have recorded the largest cryptocurrency theft, stealing approximately $1.5bn from the Dubai-based exchange ByBit. According to the FBI, the stolen funds have already been converted into Bitcoin and spread across thousands of blockchain addresses. The attack highlights North Korea’s growing expertise in cybercrime, with proceeds believed to be funding its nuclear weapons programme.
The notorious Lazarus Group, linked to the regime, has been responsible for several high-profile hacks, including the theft of over $1.3bn in cryptocurrency last year. Experts say the group employs advanced malware and social engineering tactics to breach exchanges and launder stolen assets into fiat currency. These funds are critical for bypassing international sanctions and financing North Korea’s military ambitions.
Beyond cybercrime, Pyongyang has deepened its ties with Russia, allegedly supplying troops and weapons in exchange for financial backing and technological expertise. Meanwhile, the regime has recently reopened its borders to a limited number of international tourists, aiming to generate much-needed foreign income. As global scrutiny intensifies, concerns are growing over North Korea’s increasing reliance on illicit activities to prop up its economy and expand its military power.
For more information on these topics, visit diplomacy.edu.
A new report from Google states that cybercrime continues to expand, intersecting with state-backed cyber operations. Released ahead of the Munich Security Conference, research from Google’s Threat Intelligence Group and Mandiant outlines findings from their investigations in 2024 and trends observed over the past four years.
According to Google, financially motivated and state-backed cyber activities are becoming more interconnected. Cybercriminal ecosystems facilitate the acquisition of malware, vulnerabilities, and operational support, offering lower-cost alternatives to state-developed capabilities.
The report emphasises that while cybercrime and state-backed cyber operations increasingly overlap, responses to these threats require distinct strategies. Cybercrime often involves networks operating across jurisdictions, necessitating international collaboration to address its impact effectively.
For more information on these topics, visit diplomacy.edu.
Authorities have arrested four Russian nationals suspected of deploying Phobos ransomware to extort payments from victims across Europe and beyond. Europol announced that law enforcement agencies from 14 countries worked together to dismantle the network, taking down 27 servers linked to the cybercriminals. The individuals arrested were reportedly leaders of the 8Base ransomware group, a key player in distributing Phobos malware.
The operation follows a series of recent arrests targeting Phobos-related cybercrime. In June 2024, a key administrator of the ransomware was apprehended in South Korea and later extradited to the United States, while another major affiliate was arrested in Italy last year. Authorities have since issued warnings to over 400 companies worldwide about imminent cyberattacks.
Phobos ransomware has been particularly damaging to small and medium-sized businesses, which often lack strong cybersecurity protections. Europol’s latest Russian crackdown is a significant step in weakening the ransomware network and preventing further cyber extortion efforts.
For more information on these topics, visit diplomacy.edu
A global law enforcement operation has shut down a series of cybercrime websites used for selling stolen data, pirated software, and hacking tools. The FBI and Europol coordinated the takedown as part of ‘Operation Talent’, targeting platforms associated with Cracked, Nulled, StarkRDP, Sellix, and MySellix.
Seizure notices appeared on the affected websites, and officials confirmed that information on customers and victims had also been obtained. Europol stated that further details would be released within 24 hours, while the FBI has not yet commented on the operation.
Reports suggest that the targeted sites played various roles in the cybercrime ecosystem, facilitating the trade of stolen login credentials, compromised credit card details, and video game cheats. A message in a Cracked Telegram channel acknowledged the seizure, with administrators expressing uncertainty over the next steps.
Authorities continue to investigate, with the crackdown highlighting ongoing efforts to disrupt cybercriminal networks. More updates are expected as officials analyse the seized data and determine potential follow-up actions.
The United States has charged Rostislav Panev, a Russian-Israeli dual citizen, for his alleged role as a developer for the Lockbit ransomware group, which authorities describe as one of the world’s most destructive cybercrime operations. Panev, arrested in Israel in August, awaits extradition.
Lockbit, active since 2019, targeted over 2,500 victims across 120 countries, including critical infrastructure and businesses, extorting $500 million. Recent arrests, guilty pleas, and international law enforcement efforts have significantly disrupted the group’s activities.
Experts say law enforcement actions have tarnished Lockbit’s reputation, reducing its attacks and deterring affiliates. Authorities emphasise the importance of holding cybercriminals accountable.
A panel discussion at the Internet Governance Forum (IGF) raised serious concerns over the UN Cybercrime Treaty and its potential to undermine human rights. Experts from organisations such as Human Rights Watch and the Electronic Frontier Foundation criticised the treaty’s broad scope and lack of clear safeguards for individual freedoms. They warned that the treaty’s vague language, particularly around what constitutes a ‘serious crime,’ could empower authoritarian regimes to exploit its provisions for surveillance and repress dissent.
Speakers such as Joey Shea from Human Rights Watch and Lina al-Hathloul, a Saudi human rights defender, pointed out the risks posed by the treaty’s expansive investigative powers, which extend beyond cybercrimes to any crimes defined by domestic law. Flexibility like this one could force countries to assist in prosecuting acts that are not crimes within their own borders. They also highlighted the treaty’s weak privacy protections, which could jeopardise encryption standards and further harm cybersecurity researchers.
Deborah Brown from Human Rights Watch and Veridiana Alimonti of the Electronic Frontier Foundation shared examples from Saudi Arabia and Latin America, where existing cybercrime and anti-terrorism laws have already been used to target journalists and activists. The panelists expressed concern that the treaty could exacerbate these abuses globally, especially for cybersecurity professionals and civil society.
Fionnuala Ni Aolain, a former UN Special Rapporteur on counterterrorism and human rights, emphasised that the treaty’s provisions could lead to criminalising the vital work of cybersecurity researchers. She joined other experts in urging policymakers and industry leaders to resist ratification in its current form. They called for upcoming protocol negotiations to address these human rights gaps and for greater involvement of civil society voices to prevent the treaty from becoming a tool for transnational repression.
Discussions at the IGF 2024 in Riyadh shed light on growing challenges to freedom of expression in Africa and the Middle East. Experts from diverse organisations highlighted how restrictive cybercrime legislation and content regulation have been used to silence dissent, marginalise communities, and undermine democracy. Examples from Tunisia and Nigeria revealed how critics and activists often face criminalisation under these laws, fostering fear and self-censorship.
Panellists included Annelies Riezebos from the Dutch Ministry of Foreign Affairs, Jacqueline Rowe of the University of Edinburgh, Adeboye Adegoke from Paradigm Initiative, and Aymen Zaghdoudi of AccessNow. They discussed the negative effects of vague cybercrime regulations and overly broad restrictions on online speech, which frequently suppress political discourse. Maria Paz Canales from Global Partners Digital added that content governance frameworks need urgent reform to balance addressing online harms with protecting fundamental rights.
The speakers emphasised that authoritarian values are being enforced through legislation that criminalises disinformation and imposes ambiguous rules on online platforms. These measures, they argued, contribute to a deteriorating climate for free expression across the region. They also pointed out the need for online platforms to adopt responsible content moderation practices while resisting pressures to conform to repressive local laws.
Panellists proposed several strategies to counter these trends, including engaging with parliamentarians, building capacity among legal professionals, and ensuring civil society’s involvement during the early stages of policy development. The importance of international collaboration was underlined, with the UN Cybercrime Treaty cited as a key opportunity for collective advocacy against repressive measures.
Participants also stressed the urgency of increased representation of Global South organisations in global policy discussions. Flexible funding for civil society initiatives was described as essential for supporting grassroots efforts to defend digital rights. Such funding would enable local groups to challenge restrictive laws effectively and amplify their voices in international debates.
The event concluded with a call for multi-stakeholder approaches to internet governance. Collaborative efforts involving governments, civil society, and online platforms were deemed critical to safeguarding freedom of expression. The discussions underscored the pressing need to balance addressing legitimate online harms with protecting democratic values and the voices of vulnerable communities.
