cybersecurity

European groups back new cybersecurity label for cloud services

Twenty-three industry groups across Europe have urged EU officials to approve a draft cybersecurity certification for cloud services.

The certification scheme, which was introduced in 2020 by the European Union Agency for Cybersecurity (ENISA), aims to provide governments and businesses with reliable, secure cloud service providers.

It has been under revision since last year, with changes that favour major tech firms such as Microsoft, Google, and Amazon.

The groups, including the American Chamber of Commerce and various EU trade associations, argue that the updated draft, which will be finalised in March 2024, strikes a balance between robust security standards and an open market.

These revisions removed political provisions, such as requirements for US tech companies to partner with EU firms for data storage, focusing instead on technical security criteria.

Despite this, concerns linger about the European Commission potentially delaying or even scrapping the certification scheme altogether. The groups have strongly urged the EU to push forward with its adoption, believing it will support Europe’s digital economy while promoting secure cloud computing solutions.

For more information on these topics, visit diplomacy.edu.

Philippine army investigates cyberattack on its networks

The Philippine Army has acknowledged a cyberattack after a local hacking group claimed responsibility for breaching its systems and accessing sensitive documents.

Army spokesperson Col. Louie Dema-ala confirmed the event, describing it as an “illegal access attempt” that was quickly contained. While the group behind the attack has been identified, no damage or data theft has been reported at this time.

Earlier this week, the Philippine digital security advocacy group Deep Web Konek reported that the hacker group Exodus Security claimed to have compromised 10,000 records of active and retired service members. The leaked information allegedly includes personal and military data, such as names, ranks, addresses, medical records, financial information, and criminal histories. However, the authenticity and exact scope of the data have yet to be independently verified.

Philippine authorities have also reported recent attempts by foreign actors to access intelligence data. Minister for Information and Communications Ivan Uy stated that foreign state-sponsored hackers had attempted but failed to infiltrate government systems.

In January, authorities arrested a Chinese national and two Filipino citizens accused of surveilling critical infrastructure, including military sites.

For more information on these topics, visit diplomacy.edu.

Cyber threats in 2024 shift to AI-driven attacks and cloud exploits, says CrowdStrike

A new report from CrowdStrike, the US-based cybersecurity company, examines the evolution of cyber threats in 2024, identifying shifts toward malware-free intrusions, artificial intelligence-assisted social engineering, and cloud-related vulnerabilities.

The researchers highlight an increase in cyber activity attributed to state-linked actors, a rise in identity-based attacks, and the growing role of generative AI in cyber operations. According to the report, 79% of cyber intrusions in 2024 did not involve traditional malware, compared to 40% in 2019. Attackers increasingly relied on remote management and monitoring tools to evade security measures. The average breakout time—the time taken for an attacker to move laterally within a compromised network—decreased to 48 minutes, with some intrusions occurring in under one minute.

The report also highlights an increased reliance on exploiting vulnerabilities, particularly for initial access. More than 52% of vulnerabilities observed in 2024 were related to gaining an initial foothold in a system, underscoring the importance of securing entry points. Attackers increasingly leveraged chained vulnerability exploits—where multiple flaws are exploited in succession—to enhance their chances of success.

Cloud security incidents also saw an increase, with valid account abuse accounting for 35% of cloud-related intrusions. Attackers focused on services such as Microsoft 365 and SharePoint, as well as enterprise APIs, to gain unauthorized access and extract data. The report emphasizes that more than half of observed vulnerabilities in 2024 were related to initial access, with an increase in attacks using chained vulnerability exploits.

Generative AI played a growing role in cyber operations, including phishing, deepfake-based social engineering, and automated disinformation campaigns. The report cites activity from groups leveraging AI-powered tactics, such as the use of fake job interviews to infiltrate technology firms.

For more information on these topics, visit diplomacy.edu.

Microsoft and Veeam expand partnership with undisclosed investment

Microsoft has made an undisclosed equity investment in Veeam Software as part of an expanded partnership to develop AI-powered data protection tools.

The deal will strengthen Veeam’s ability to help customers recover data after cyberattacks, ransomware incidents, or accidental loss. The company’s core technology ensures immutable backups, preventing hackers from modifying or deleting critical files.

With Microsoft‘s support, Veeam plans to enhance research and development, integrate AI-driven capabilities into its software, and expand design collaboration.

The move follows Microsoft’s previous investment in cybersecurity firm Rubrik, another company specialising in data backup and recovery.

Veeam, which was acquired by private equity firm Insight Partners for $5 billion in 2020, was valued at $15 billion after a secondary sale last year.

Founded in 2006, Veeam serves over 550,000 customers globally, including major corporations such as Deloitte and Canon. The partnership with Microsoft underscores the growing demand for advanced data security solutions as businesses face increasing cyber threats.

For more information on these topics, visit diplomacy.edu.

Kaspersky warns of widespread malware on GitHub

Cybersecurity firm Kaspersky has issued a warning about a large-scale malware campaign targeting GitHub users. Hackers have created hundreds of fake repositories to deceive users into downloading malware designed to steal cryptocurrency, login credentials, and browsing data. The campaign, known as ‘GitVenom,’ uses fraudulent projects that appear legitimate, offering tools like a Telegram bot for managing Bitcoin wallets or an Instagram automation tool. However, these projects run malicious software in the background, including remote access trojans (RATs), info-stealers, and clipboard hijackers.

The fake repositories were made to look convincing by including detailed documentation and manipulated version histories, which were designed to mimic active development. Despite appearing professional, these projects fail to deliver their promised functions while quietly extracting sensitive information from users. Kaspersky’s investigation revealed that some of these malicious repositories have been active for at least two years, suggesting the attackers have successfully lured victims over an extended period.

Once users have downloaded the malware, it targets saved login details, cryptocurrency wallet information, and browsing history, sending the stolen data to the attackers via Telegram. Some malware even hijacks clipboard contents, replacing cryptocurrency wallet addresses with those controlled by the hackers, potentially redirecting funds. The campaign has caused considerable impact, with one documented case involving the theft of five Bitcoins, worth around $442,000.

Although the GitVenom campaign has been detected worldwide, it has particularly affected users in Russia, Brazil, and Turkey. Kaspersky warns that, given GitHub’s popularity among developers, hackers are likely to continue using fake software projects as a method of infection.

For more information on these topics, visit diplomacy.edu

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.

EU Commission proposes enhanced cyber crisis management framework

The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks. This recommendation to the Council of Ministers seeks to update the existing EU framework for crisis management in cybersecurity and outline the roles of relevant EU actors, including civilian and military entities as well as NATO.

Specifically, the proposal aims to establish coordination points with NATO to facilitate information sharing during cyber crises, including interconnections between systems. If Member States deploy defense initiatives during a cybersecurity incident, they must inform EU-CyCLONe and the EU Cyber Commanders Conference.

The High Representative, in collaboration with the Commission and relevant entities, should facilitate information flow with strategic partners during identified incidents and enhance coordination against malicious cyber activities using the cyber diplomacy toolbox. Joint exercises should be organized to test cooperation between civilian and military components during significant incidents, including those affecting NATO allies and candidate countries.

The Commission noted that a significant cybersecurity incident could overwhelm the response capabilities of individual Member States and impact multiple EU countries, potentially leading to a crisis that disrupts the internal market and poses risks to public safety. It encourages the establishment of voluntary collaborative clusters to foster cooperation and trust in cybersecurity. Member States can create these clusters based on existing information-sharing frameworks, focusing on common threats while adhering to the mandates of participating actors.

The document emphasizes the importance of a comprehensive and integrated approach to crisis management across all sectors and levels of government. It highlights that if cybersecurity incidents are part of a broader hybrid campaign, stakeholders should collaborate to develop a unified situational awareness across sectors.

Within twelve months of adopting the cybersecurity blueprint, Member States must develop a unified taxonomy for cyber crisis management and establish guidelines for the secure handling of cybersecurity information. The proposal emphasises avoiding over-classification to promote the sharing of non-classified information through established cooperation platforms.

To enhance preparedness for crises and improve organizational efficiency, Member States and relevant entities should conduct ongoing cyber exercises based on scenarios derived from EU-coordinated risk assessments, aligning with existing crisis response mechanisms. Smaller exercises should test interactions during escalating incidents, while the Commission, EEAS, and ENISA will organize an exercise within eighteen months to evaluate the cybersecurity blueprint, involving all relevant stakeholders, including the private sector.

The proposal also recommends that Member States and critical infrastructure operators integrate at least one Union-based DNS infrastructure, such as DNS4EU, to ensure reliable services during crises. ENISA and EU-CyCLONe are tasked with creating emergency failover guidelines for transitioning to Union-based DNS in case of service failures.

While the cybersecurity blueprint does not interfere with how entities define their internal procedures, each entity should clearly define the interfaces used for working with other entities. These interfaces should be jointly agreed upon between the entities concerned and documented.

National and cross-border cyber hubs should share threat information to bolster protection against Union-specific threats, and Member States are encouraged to engage in a multistakeholder forum to identify best practices and standards for securing critical Internet infrastructure. Public and private entities should implement threat-informed detection strategies to proactively identify potential disruptions. They must share information about covert operations with partners before crises escalate and report potential cyber crises to relevant networks, while the CSIRTs Network and EU-CyCLONe establish procedures for coordinating responses to large-scale incidents.

For more information on these topics, visit diplomacy.edu.

Hackers steal $1.5 billion in largest-ever crypto heist

Hackers have stolen $1.5 billion from Dubai-based cryptocurrency exchange Bybit in what is believed to be the largest digital heist in history. The attacker gained access to an Ethereum wallet during a routine transfer and moved the funds to an unknown address, sparking concerns across the cryptocurrency sector.

Bybit quickly reassured users that their funds remained secure, with chief executive Ben Zhou pledging to fully compensate affected customers. Despite this, the platform saw a surge of over 350,000 withdrawal requests, leading to potential delays. The company remains solvent, holding $20 billion in customer assets and is prepared to cover losses if necessary.

The price of Ethereum briefly dipped by nearly 4% following the breach but has since stabilised. Bybit has called upon leading cybersecurity experts to assist in recovering the stolen assets, offering a reward of up to $140 million. Speculation has emerged regarding the hackers’ identity, with reports suggesting possible links to the North Korean state-sponsored Lazarus group known for previous large-scale cryptocurrency thefts.

For more information on these topics, visit diplomacy.edu

New Microsoft’s quantum chip sparks fresh debate over Bitcoin’s security

According to Bitcoin exchange River, Microsoft’s latest quantum computing chip, Majorana 1, could accelerate the timeline for making Bitcoin resistant to quantum threats. While the risk of a quantum attack remains distant, experts warn that preparations must begin now. The chip, launched on 19 February, is part of a growing race in quantum technology, with Google’s Willow chip also making headlines in December.

River suggests that if quantum computers reach one million qubits by 2027-2029, they could crack Bitcoin addresses in long-range attacks. Though some argue such a scenario is still decades away, River insists early action is key. The potential threat has reignited discussions on BIP-360, a proposed upgrade to strengthen Bitcoin’s defences against future quantum advancements.

Critics remain sceptical, arguing that quantum computing is still in its infancy, with major technical challenges to overcome. Some believe traditional banking systems, which hold far greater assets than Bitcoin, would be targeted first. Others see quantum developments as an opportunity, suggesting they could help fortify Bitcoin’s security rather than weaken it.

For more information on these topics, visit diplomacy.edu.