cybersecurity Archives | Page 23 of 35 | Digital Watch Observatory

Digital Robin Hood scam hits crypto thieves

A crafty new scam is ensnaring would-be crypto thieves by baiting them with fake wallet seed phrases. Cybersecurity experts at Kaspersky have revealed how scammers post these phrases in YouTube comments, claiming the wallets hold significant funds. The wallets, however, are traps designed to exploit anyone attempting to steal the assets.

One wallet discovered by Kaspersky analyst Mikhail Sytnik reportedly held $8,000 in USDT on the Tron network. A thief must send Tron (TRX) tokens to move the funds to cover transaction fees. Unbeknownst to them, the wallet is a multi-signature account, meaning the TRX sent for fees is instantly redirected to another wallet controlled by the scammers.

Sytnik described the scammers as “digital Robin Hoods” for targeting other opportunists. He advised people never to try accessing others’ wallets, even if given a seed phrase, and to remain cautious of strangers’ claims about cryptocurrency online.

This isn’t the first time fraudsters have exploited greed in the crypto space. In July, Kaspersky exposed a similar scam on Telegram, where users were tricked into downloading malware disguised as legitimate crypto tools, potentially compromising their devices and funds.

The Philippine SEC proposes new crypto regulations

The Philippine Securities and Exchange Commission (SEC) has unveiled a draft of its ‘SEC Rules on Crypto-Assets Service Providers’ to regulate the country’s booming crypto market. The new proposal aims to establish clear guidelines for service providers involved in activities like trading, custody, and public offerings of crypto-assets, which are defined as digital representations of value using distributed ledger technology.

As the Philippines continues to attract a growing number of cryptocurrency users, especially among its tech-savvy population, the SEC’s rules focus on mitigating risks like fraud and market manipulation while promoting innovation. Under the draft rules, service providers must register with the SEC and comply with the standards outlined in the Financial Products and Services Consumer Protection Act. They will also face strict capital requirements and must submit detailed disclosure documents before marketing crypto-assets to the public.

The proposal also places heavy emphasis on cybersecurity and anti-money laundering measures. Service providers will need to align their systems with the National Cybersecurity Plan and undergo regular audits. Additionally, practices to prevent insider trading and market manipulation will be closely monitored.

The public has until 18 January 2025, to provide feedback on the draft rules, marking an important step in shaping the future of the crypto industry in the Philippines.

MCU and Fortinet to enhance cybersecurity education in the Philippines

Manila Central University (MCU) has partnered with Fortinet, a global leader in cybersecurity, through its Academic Partner Program to address the growing talent shortage in the Philippines. That collaboration aims to equip students with essential skills to meet industry demands by integrating Fortinet’s Network Security Expert (NSE) training and certification program into the university’s curriculum, either as coursework or standalone offerings.

Faculty members will receive advanced training, and students will benefit from guest lectures, practical exercises, and hands-on learning in areas like network security, malware analysis, and defence strategies. Additionally, the partnership includes establishing a state-of-the-art Cyber Innovation Lab to provide immersive learning experiences.

The initiative aligns with findings from Fortinet’s ‘Cybersecurity Skills Gap 2024 Global Research Report,’ which revealed that 94% of organisations in the Philippines experienced security breaches in 2023, with 77% partly attributed to a lack of cybersecurity skills. MCU joins nine other institutions, including Mapúa University and Mindanao State University-Sulu, in Fortinet’s nationwide effort to strengthen cybersecurity education.

The partnership also represents a significant step toward bridging the cybersecurity skills gap in the Philippines. By combining Fortinet’s expertise with MCU’s academic foundation, the program offers students industry-recognised certifications and practical knowledge needed to excel as cybersecurity professionals.

Why does it matter?

The initiative addresses immediate challenges highlighted in the report and strengthens the country’s capacity to defend against evolving digital threats, ensuring a robust pipeline of future professionals ready to meet global cybersecurity standards.

NETSCOUT enhances DDoS protection with AI/ML-Driven adaptive solutions

NETSCOUT SYSTEMS announced significant updates to its Arbor Edge Defense (AED) and Arbor Enterprise Manager (AEM) products as part of its Adaptive DDoS Protection solution. These enhancements are designed to address the growing threats of AI-enabled DDoS attacks, which have surged in sophistication and frequency.

Application-layer and volumetric attacks have increased by 43% and 30%, respectively, with DDoS-for-hire services making attacks easier to execute. To combat these evolving threats, NETSCOUT leverages AI and machine learning (ML) within its ATLAS Threat Intelligence system, which monitors over 550 Tbps of real-time internet traffic across 500 ISPs and 2,000 enterprise sites worldwide.

The AI/ML-powered solution enables dynamic threat identification and mitigation, creating a scalable, proactive defence mechanism. The updated AED and AEM products automate a closed-loop DDoS attack detection and mitigation process, providing real-time protection by adapting to changing attack vectors and applying mitigation recommendations automatically.

NETSCOUT’s solution also offers comprehensive protection across hybrid IT environments, including on-premise infrastructure, private data centres, and public cloud platforms like AWS and Microsoft Azure, with enhancements such as 200 Gbps mitigation capacity, high-performance decryption, and visibility into non-DDoS threats.

By minimising downtime and safeguarding business-critical services, NETSCOUT’s Adaptive DDoS Protection reduces business risks and protects productivity and reputation. As the threat landscape continues to evolve, organisations can rely on NETSCOUT’s innovative technology to stay ahead of attackers and maintain IT resilience. Industry experts and agencies like the Cybersecurity & Infrastructure Security Agency (CISA) highlight the need for adaptive cybersecurity measures. NETSCOUT’s AI/ML-driven solutions meet these demands by offering robust, future-proof protection for critical IT infrastructure.

stc Bahrain and Huawei to drive digital innovation and talent development

Stc Bahrain has partnered with Huawei to launch the fourth edition of its successful Technical Capacity Program, aligning with Bahrain’s Economic Vision 2030 to foster digital innovation and talent development. The program aims to advance Bahrain’s digital economy by providing extensive training in critical ICT sectors, including networking, cybersecurity, cloud computing, AI, and emerging technologies.

Participants will gain hands-on experience through technology showcases, engaging with the latest industry advancements and best practices. This year, the program will expand across stc Bahrain’s entire technology divisions, including Digital, Business, Wholesale, Consumer, and Customer Experience, reflecting the company’s commitment to empowering its workforce and driving the country’s digital transformation.

The initiative plays a key role in stc Bahrain’s broader digital transformation strategy by equipping employees with the skills necessary to innovate and lead in the telecommunications sector. The program is vital for nurturing a culture of continuous learning and talent development.

Through this collaboration, stc Bahrain is contributing to developing a highly skilled ICT workforce in Bahrain and supporting the kingdom’s goal of achieving sustainable economic growth and leadership in the digital space.

US CISA unveils draft update to National Cyber Incident Response Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a draft update to the National Cyber Incident Response Plan (NCIRP) for public feedback, reflecting changes in cybersecurity, law, policy, and operational processes since the plan’s 2016 release. Developed in collaboration with the Joint Cyber Defense Collaborative (JCDC) and the Office of the National Cyber Director (ONCD), the update aims to improve national preparedness for the growing complexity of cyber threats.

Key updates include clarifying how non-federal stakeholders, such as private sector entities, can participate in cyber incident response efforts, enhancing usability by aligning the plan with the incident response lifecycle, and incorporating the latest legal and policy changes. The NCIRP will now undergo regular updates to stay relevant as threats and technologies evolve.

The NCIRP coordinates efforts across federal agencies, state and local governments, the private sector, and international partners as a strategic framework. It outlines four critical lines of effort (LOEs): Asset Response, Threat Response, Intelligence Support, and Affected Entity Response, ensuring cohesive and coordinated actions during a cyber incident.

The plan also defines two key phases—Detection and Response—focusing on identifying significant incidents and then containing, eradicating, and recovering from them. Coordination between government agencies, private sector entities, and other stakeholders is vital to managing the response and minimising the impact on national security, the economy, and public health.

Collaboration and continuous improvement are central to the NCIRP’s success. The JCDC, Cyber Unified Coordination Group (Cyber UCG), and Cyber Response Group (CRG) ensure all stakeholders are aligned in their efforts, with the CRG overseeing policy coordination and broader strategic responses.

The NCIRP will be regularly reviewed and updated based on feedback and post-incident assessments, allowing it to adapt to new threats and technological changes. CISA is committed to strengthening the nation’s ability to respond to cyber incidents, emphasising the need for an agile, effective framework to keep pace with evolving cyber risks.

Crypto scam revealed at freelancer gathering in Paris

During a freelancer meetup at Café Oz in Paris on 3 December, Scott Horlacher, a software engineer, found himself caught in a crypto scam. While discussing with two individuals who claimed to represent a new crypto exchange called Lainchain, Horlacher grew suspicious. The platform’s design and its request for users to input wallet seed phrases instead of standard security measures made Horlacher realise he was dealing with a scam.

After confronting the duo, they swiftly left the event. Horlacher, along with others, began to warn fellow attendees. A subsequent investigation by AMLBot, a blockchain forensics firm, revealed that Lainchain was a sophisticated phishing scam designed to steal personal and wallet information from users. The scam relied on fake identities and social engineering tactics to deceive victims.

Lainchain’s website appeared professional but was full of red flags, including the manipulation of wallet access and demands for seed phrases. The platform’s hosts were found to be connected to other fraudulent websites, and investigations showed their use of stolen identities to create false legitimacy. The scammers also exploited Telegram and other social media platforms to lure victims.

This case serves as a reminder of the growing threat of phishing scams in the crypto space. Users are urged to be cautious of any platform requesting private keys or seed phrases and to verify the legitimacy of any crypto-related website or service before engaging with it.

IGF 2024 and the future of AI, digital divides, and internet governance

Dear readers,

It has been a busy week as the Internet Governance Forum (IGF) 2024 has been at the centre of Diplo’s attention and that of the entire digital governance realm, addressing the most pressing digital issues of our time: the rapid evolution of AI, the digital divide, and the delicate balance of governance framework processes revolutionising the world. On 15 – 19 December, Diplo was closely involved in IGF 2024, this time in Riyadh, Saudi Arabia, reporting and contributing its knowledge to shape a human-centred digital future.

The forum brought together experts, policymakers, and stakeholders from around the globe, and discussions highlighted three dominant themes: AI governance, bridging the digital divide, and enhancing cybersecurity, underscoring the need for inclusive solutions and forward-thinking strategies.

Advertisement, Sign, Symbol, Outdoors, Road

AI governance

AI took centre stage, as expected, with debates on governance, ethics, and its societal impact. Discussions explored a multifaceted approach, combining international regulatory frameworks, voluntary industry commitments, and bottom-up governance models sensitive to local contexts. The Council of Europe’s Framework Convention on AI and the G7 Hiroshima AI Process were spotlighted as global initiatives striving to balance innovation and the protection of human rights.

The potential of AI to deepen inequalities was another focal point, with calls to address AI divides between developed and developing nations. Discussions stressed the importance of building local AI ecosystems, promoting capacity development in the Global South, and ensuring equitable access to AI infrastructure. As concerns about AI transparency and accountability grew, frameworks like the ethical principles of the Digital Cooperation Organisation (DCO) offered pathways to mitigate AI’s societal risks.

Diplo’s contribution to IGF 2024

Dr Jovan Kurbalija, Director of Diplo, approached the IGF in Riyadh with a historical perspective on AI’s roots in the Islamic Golden Age. He underscored the contribution of the Islamic mathematicians and the Islamic culture, which is at the foundation of the digital world.

In the ‘Intelligent machines and society: An open-ended conversation’ session led by Diplo experts, attendees had the opportunity to explore AI’s profound philosophical, ethical, and practical implications, focusing on its impact on human identity, agency, and communication. Kurbalija introduced the concept of the ‘right to human imperfection’, urging the preservation of human flaws and agency amid AI-driven optimisation.

Another leading expert and Director of Knowledge at Diplo, Sorina Teleanu, warned against the anthropomorphisation of AI and highlighted the risks surrounding brain data processing and questions of AI personhood, particularly with the emergence of artificial general intelligence (AGI).

Diplo ‘Unpacking the Global Digital Compact’

Sorina’s recent publication, Unpacking the Global Digital Compact: Actors, Issues and Processes, presented at the IGF, provides a detailed account of the GDC negotiations over an 18-month process, tracking and analysing changes across different versions of GDC drafts. The publication presents a unique interplay between zooming in on specific provisions, sometimes on the edge of linguistic pedantry, and zooming out to provide a broader perspective on digital governance and cooperation. The publication also places the GDC in the broader context of global digital governance and cooperation mechanisms. It offers a set of questions to reflect on as stakeholders explore the interplay between the processes, implementation, and follow-up of the GDC, WSIS, and Agenda 2030.

The panel also addressed AI governance, with Kurbalija advocating for decentralised development to prevent power centralisation, while Henri-Jean Pollet from ISPA Belgium stressed open-source models to ensure reliability. The evolving human-AI dynamic was discussed, including changes in communication and the need for AI ethics education, as raised by Mohammad Abdul Haque Anu. Kurbalija underscored Diplo’s focus on AI tools that augment human knowledge without replacing decision-making, ending the session with a call for continued exploration of the role of AI’ in shaping the future of humanity.

Digital divides: meaningful connectivity and inclusion

The persistent digital divide remained a complex challenge, with one-third of the global population still offline. IGF discussions moved beyond simple access, championing the concept of ‘meaningful connectivity’, which ensures a safe, productive, and enriching online experience. Targeted investments in rural infrastructure, unlicensed spectrum use, and satellite technology like low Earth orbit (LEO) satellites were proposed as solutions to connect underserved communities.

Gender disparities also took the spotlight. Statistics revealed stark inequalities, with women representing just 10% of executive roles in tech. Speakers called for mentorship programmes, cultural sensitivity, and capacity development to increase women’s participation in digital spaces. Examples like India’s Unified Payments Interface and Brazil’s PIX system showcased how the digital public infrastructure (DPI) can bridge economic gaps, provided they include robust consumer protections and digital literacy programmes.

IGF 2024 explores empowering Africa through digital legislation

Cybersecurity: resilience in a complex landscape

Cybersecurity sessions underscored the growing sophistication of cyber threats and the need for resilient digital infrastructure. Discussions called for universal cybersecurity standards flexible enough to adapt to diverse local contexts, while AI was recognised as both a solution and a risk for cybersecurity. AI enhances threat detection and automates responses, yet its vulnerabilities—like adversarial attacks and data poisoning—pose significant challenges.

Developing countries’ struggles to build cyber resilience were a recurring concern. Panellists emphasised capacity development, existing framework implementation, and tailored strategies. Cyber diplomacy emerged as a crucial tool, particularly in regions like Africa and the Middle East, where greater participation in global negotiations is needed to shape cyber norms and ensure equitable protections.

Adult, Female, Person, Woman, People, Accessories, Glasses, Chair, Furniture, Electrical Device, Microphone, Crowd, Computer, Electronics, Laptop, Pc, Indoors, Computer Hardware, Hardware, Monitor, Screen, Bag, Handbag, Jewelry, Necklace, Lisa Badum, Mariah Gale

Content governance and environmental sustainability

The complexities of content moderation in diverse cultural contexts raised critical questions. While AI offers potential solutions for content moderation, its ethical implications and biases remain unresolved. Disinformation was another urgent issue, with experts advocating for digital literacy, fact-checking initiatives, and multistakeholder collaborations to preserve democratic integrity.

Sustainability intertwined with digital policy discussions, as the environmental impact of AI, e-waste, and data infrastructure came into focus. The digital sector’s 4% contribution to global emissions sparked calls for sustainable IT procurement, circular economy strategies, and greener AI standards. Harnessing AI to achieve sustainable development goals (SDGs) was also discussed, with its potential to accelerate progress through real-time data analysis and climate prediction.

Looking ahead: local realities and global cooperation

IGF expertise offered some advice for the future with discussions that stressed the importance of multistakeholder cooperation in translating global frameworks like the WSIS+20 and the Global Digital Compact into actionable local policies. In Riyadh, IGF 2024 reinforced that tackling digital challenges—from AI ethics to digital divides—requires a nuanced, multifaceted, holistic, and inclusive approach. The forum served as a sounding board for innovative ideas and a call to action: to build an equitable, sustainable, secure digital future for all.

See you in Norway for the IGF 2025!

Diplo Foundation explores AI’s ethical and philosophical challenges at IGF 2024

Jovan Kurbalija, Director of Diplo, stressed the importance of understanding fundamental AI concepts to facilitate deeper conversations beyond the usual concerns about bias and ethics.

In other news..

Norway to host the 2025 Internet Governance Forum

Norway has been selected by the UN to host the 2025 Internet Governance Forum (IGF), marking a significant milestone as the largest UN meeting ever held in the country.

Musk faces scrutiny over national security concerns

Elon Musk and his company SpaceX are facing multiple federal investigations into their compliance with security protocols designed to protect national secrets.

Other topics and updates

Visit dig.watch now for more detailed info on IGF 2024 sessions, related updates, and other topics!

Marko and the Digital Watch team

Highlights from the week of 13-20 December 2024

Saudi Arabia hosts 19th annual Internet Governance Forum in Riyadh

The forum, under the theme ‘Building our multistakeholder digital future’, will explore four key areas: harnessing innovation while managing risks, enhancing digital contributions to peace and development, advancing human rights…

Experts at the IGF address the growing threat of misinformation in the digital age

Experts from government, international bodies, and the private sector highlighted social media platforms as primary sources of rapidly spreading misinformation…

Ethical AI governance highlighted at the IGF: Developing tools for human rights-focused solutions

The session included interactive exercises and highlighted the necessity of a multistakeholder approach to address global disparities in AI technology distribution…

IGF 2024 panel tackles global digital identity challenges

Digital identity systems were deemed essential infrastructure for economic inclusion.

TikTok’s request to temporarily halt the US ban rejected by US court

TikTok and ByteDance sought more time from the US Court of Appeals to argue their case at the Supreme Court, but this request was denied.

IGF 2024 digital innovation unhcr unicef UN pension fund unicc blockchain AI

UN discusses ethical tech and inclusion at IGF 2024

UN leaders at IGF 2024 explored digital transformation, showcasing refugee-focused apps, child data rights frameworks, and blockchain security systems. Panellists stressed collaboration, inclusion, and ethical technology use for sustainable progress.

Protecting journalists online with global solutions from IGF 2024

Gender-based harassment and marginalisation were key themes at IGF 2024’s forum on journalist safety online.

Democratising AI: the promise and pitfalls of open-source LLMs

The session focused on the potential of open-source large language models (LLMs) to democratise access to AI, particularly in fostering innovation and empowering smaller economies and the Global South.

Human rights concerns over UN Cybercrime Treaty raised at IGF 2024

Experts at IGF 2024 raised concerns over vague provisions in the UN Cybercrime Treaty threatening freedoms worldwide.

Protecting critical infrastructure in a fragile cyberspace

The discussion highlighted the importance of baseline cybersecurity measures, such as asset inventory and vulnerability management, and emphasised employee training and awareness.

Election integrity in the digital age: insights from IGF 2024

Panelists from diverse sectors and regions discussed the significant challenges of misinformation, disinformation, and emerging technologies such as AI and deepfakes, which threaten democratic processes.

View all updates

Reading corner

dig.watch

The US clock is ticking (for) TikTok

Bytedance, the TikTok’s parent company, is going to divest its US operations by 19 January 2025 or face a ban in the country.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

Krispy Kreme hit by IT disruption affecting US online orders

Krispy Kreme has reported a cybersecurity incident that disrupted online ordering systems across the United States. The doughnut chain discovered the unauthorised activity on 29 November and immediately launched an investigation with external cybersecurity experts.

While the company’s stores remain open for in-person orders, it warned that revenue losses from digital sales could materially impact its financial results. Shares of Krispy Kreme fell by around 2% in premarket trading following the announcement.

The company said it is actively working to mitigate the effects of the incident while maintaining operations at its global locations.