Tanzanian President Samia Suluhu Hassan has called for the integration of AI into the strategies of the Tanzania Police Force to address the escalating threat of cybercrime. Speaking at the 2024 Annual Senior Police Officers’ Meeting and the 60th Anniversary of the Tanzania Police Force, President Samia emphasised that in today’s digital age, leveraging advanced technology is crucial for effectively combating online threats. She highlighted the necessity for the police to adapt technologically to stay ahead of sophisticated cybercriminals, underlining the importance of embracing these advancements.
In her address, President Samia also drew attention to a troubling surge in cybercrime, with incidents increasing by 36.1% from 2022 to 2023. She noted that crimes such as fraud, false information dissemination, pornography distribution, and harassment have become more prevalent, with offenders frequently operating from outside Tanzania. The President’s remarks underscore the urgency of adopting advanced technological tools to address these growing challenges effectively and to enhance the police’s capability to counteract such threats.
Furthermore, President Samia emphasised the need to maintain peace and stability during the upcoming local government and general elections. She tasked the police with managing election-related challenges, including defamatory statements and misinformation, without resorting to internet shutdowns. President Samia underscored that while elections are temporary, safeguarding a stable environment is essential for ongoing development and progress by stressing the importance of preserving national peace amidst political activities.
American personal genomics and biotechnology company 23andMe has agreed to a $30 million settlement after a data breach exposed the personal information of 6.9 million users. The breach, which occurred last year, compromised sensitive data, including DNA Relatives profiles and Family Tree information. Affected users will receive financial compensation and three years of security monitoring under the Privacy & Medical Shield + Genetic Monitoring program.
The lawsuit also accused 23andMe of failing to inform customers of Chinese and Ashkenazi Jewish descent that they were specifically targeted in the breach. The stolen information was later found for sale on the dark web. A federal judge must now approve the proposed settlement, which the company considers fair and beneficial for its users.
Despite its financial challenges, the company expects to cover $25 million of the settlement with cyber insurance. The breach, which began in April 2023 and lasted five months, affected nearly half of the company’s 14.1 million customers at the time. 23andMe disclosed the incident in an October 2023 blog post.
The company, led by co-founder Anne Wojcicki, is also facing financial difficulties. It posted a significant quarterly loss and has been attempting to go private. Shares of 23andMe have been trading below $1 since December 2023, a sharp drop from its original public offering price.
BT has reported detecting 2,000 potential cyberattacks on its network every second. The rise is attributed to criminals deploying disposable ‘bots’ to bypass existing security measures.
In July, digital surveillance activity by hackers using malicious scanning bots surged by 1,200% compared to the previous year. The telecom giant revealed that these attacks are targeting a wide range of sectors, including retail, education, hospitality, defence, and financial services.
Tris Morgan, BT’s managing director of security, stated that hackers are probing connected devices every 90 seconds in their attempts to breach systems. However, this reflects a significant escalation in cyber threats.
At its Secure Tomorrow cybersecurity event, BT showcased its advanced quantum secure communications and AI-driven cyber defence technologies.
The National Crime Agency (NCA), once regarded as the UK’s frontline defense against serious and organized crime, including cybercrime, is now in a state of crisis, according to a new report from Spotlight on Corruption, a British nonprofit organisation which focuses on financial corruption.
The report highlights a severe ‘brain drain’ within the agency, with a significant number of experienced personnel leaving, leading to a concerning loss of nearly 20% of its cyber expertise annually. This exodus is primarily blamed on a dysfunctional pay system, which has not only resulted in a high number of vacancies but has also driven up costs. To fill the gaps, the NCA has increasingly relied on temporary workers and consultants, who account for over 10% of the agency’s budget.
The report calls for urgent reform and increased investment in the NCA, warning that the agency’s ability to protect the UK from serious threats, including fraud, corruption, and organized crime, is at a tipping point. Without major changes to pay and working conditions, the agency’s effectiveness is at risk of further deterioration.
The report also contrasts the NCA with the FBI, noting that while the NCA is sometimes referred to as Britain’s equivalent, there are significant differences between the two agencies. The FBI is considered a desirable career path due to its competitive pay, benefits, and opportunities for professional development, resulting in a low staff turnover rate of just 1.7% in 2023. In comparison, British police officers would have to accept a pay cut to join the NCA, which lacks similar financial incentives.
It’s worth noting that the report doesn’t go into the details of the recent successful operations conducted with the participation of the NCA.
Enzo Biochem has agreed to pay $4.5 million to settle claims that it failed to protect sensitive patient data, leading to a significant cyberattack in April 2023. The breach compromised the personal and health information of approximately 2.4 million patients, including Social Security numbers and health histories. The settlement, announced by New York Attorney General Letitia James, involves payments to New York, New Jersey, and Connecticut.
The attack was made possible by shared login credentials among Enzo employees, including one password that hadn’t been updated in ten years. The attackers installed malware on the company’s systems, which went undetected for several days due to insufficient monitoring. The company has since taken steps to enhance its security measures, such as enforcing stronger passwords, implementing two-factor authentication, and improving its response plan for future incidents.
Enzo began notifying affected patients in June 2023. The breach impacted 1.46 million New Yorkers, including 405,000 whose Social Security numbers were compromised. New York will receive $2.8 million from the settlement. Attorney General James emphasised the importance of protecting patient information, particularly in the context of medical services.
Enzo Biochem has not commented on the settlement. The company previously exited the clinical lab testing business in August of the previous year. The settlement marks a significant reminder of the importance of robust cybersecurity protocols in protecting sensitive data.
An international operation has dismantled the criminal ransomware group Radar/Dispossessor, which had been targeting companies across various sectors, including healthcare and transport. Authorities from the United States and Germany led the effort to bring down the group, which was founded in August 2023 and initially focused on the US before expanding its attacks globally.
The investigation has identified 43 companies as victims, spanning countries such as the UK, Germany, Brazil, and Australia. The group, led by an individual using the alias ‘Brain’, primarily targeted small to medium-sized enterprises. Many more companies are believed to have been affected, with some cases still under investigation.
Radar/Dispossessor exploited vulnerable computer systems, often through weak passwords and the absence of two-factor authentication, to hold data for ransom. Authorities successfully dismantled servers and domains associated with the group in Germany, the US, and Britain.
Twelve suspects have been identified, hailing from various countries, including Germany, Russia, Ukraine, and Kenya. Investigations are ongoing to identify further suspects and uncover more companies that may have been victimised.
On 8 August, UN member states approved a groundbreaking comprehensive treaty to address cybercrime, marking the organization’s first-ever agreement on the issue. Following three years of negotiations in the Ad-Hoc Committee (AHC) and a concluding two-week session in New York, the United Nations Convention Against Cybercrime was approved by consensus. The treaty will now be presented to the General Assembly for formal adoption.
The negotiation process was initiated in 2017 by Russia, despite initial resistance from the United States and European nations. The adoption of the convention also comes despite significant opposition from human rights groups and technology companies, who have expressed concerns over potential risks of increased surveillance.
The treaty is set to take effect once ratified by 40 member countries, and establishes ‘a global criminal justice policy,” to protect society against cybercrime by ‘fostering international cooperation’.
Civil society organisations and more than 150 tech companies within the Cybersecurity Tech Accord urged the United Nations to revise the final draft of the UN Cybercrime Convention. Non-state stakeholders share concerns that the current language of the convention could lead to human rights abuses and criminalise the work of penetration testers, ethical hackers, security researchers, and journalists.
The UN member states are currently in the final round of negotiations for what will become the first global treaty on cybercrime, with talks running from 29 July to 8 August. The current draft, published on 23 May, has seen some positive changes, but the Tech Accord, in particular, calls for further revisions. The office of the UN High Commissioner for Human Rights also noted that the revised draft of the UN Cybercrime Convention includes some welcome improvements, however significant concerns remain about many provisions that fail to meet international human rights standards. The Electronic Frontier Foundation (EFF) added that the proposed UN Cybercrime Convention mandates intrusive domestic surveillance measures and requires states to cooperate in surveillance and data sharing. It allows the collection, preservation, and sharing of electronic evidence for any crime deemed serious by a country’s domestic law, with minimal human rights safeguards, even with countries that have poor human rights records.
These shortcomings are particularly concerning given the already expansive use of existing cybercrime laws in some jurisdictions, which have been used to unduly restrict freedom of expression, target dissenting voices, and arbitrarily interfere with the privacy and anonymity of communications, according to the office’s analysis. A key concern of the Tech Accord is the need for more transparency in the convention’s current form, while the EFF calls to address the currently formulated highly intrusive secret spying powers without robust safeguards and insufficient protection for security researchers, among other concerns.
Malaysia is urging social media platforms to strengthen their efforts in combating cybercrimes, including scams, cyberbullying, and child pornography. The government has seen a significant rise in harmful online content and has called on companies like Meta and TikTok to enhance their monitoring and enforcement practices.
In the first quarter of 2024 alone, Malaysia reported 51,638 cases of harmful content referred to social media platforms, surpassing the 42,904 cases from the entire previous year. Communications Minister Fahmi Fadzil noted that some platforms are more cooperative than others, with Meta showing the highest compliance rates—85% for Facebook, 88% for Instagram, and 79% for WhatsApp. TikTok followed with a 76% compliance rate, while Telegram and X had lower rates.
The government has directed social media firms to address these issues more effectively, but it is up to the platforms to remove content that violates their community guidelines. Malaysia’s communications regulator continues highlighting problematic content to these firms, aiming to curb harmful online activity.
Europol’s latest report predicts a surge in AI-assisted cybercrimes across the EU. The ‘Internet Organised Crime Threat Assessment 2024’ highlights how AI tools are enabling non-technical individuals to execute complex online crimes. These tools, such as deep fakes and false advertisements, are making it easier for bad actors to engage in cybercrime.
The agency stresses the need for law enforcement to enhance their capabilities to counter these threats. Europol’s Executive Director, Catherine De Bolle, emphasises the importance of building robust human and technical resources. Future advancements in deepfake technology could lead to severe cases of sexual extortion, requiring sophisticated detection tools.
🚨In 2023, millions of victims across the EU were attacked and exploited online on a daily basis.
📍Today, Europol published the Internet Organised Crime Threat Assessment (IOCTA) on:
🔴Key developments, changes & emerging threats in cybercrime.
Concerns also extend to the cryptocurrency ecosystem. Europol’s report flags the potential for increased fraud involving non-fungible tokens (NFTs) and Bitcoin exchange-traded funds (ETFs). As more people adopt these financial instruments, those without extensive cryptocurrency knowledge may become prime targets for scammers.
Recently, Europol seized €44.2 million in cryptocurrency assets from ChipMixer, linked to money laundering. This operation underscores the growing challenges law enforcement faces in combating sophisticated financial crimes facilitated by emerging technologies.
