cybersecurity

Italian defence firm Leonardo targets cybersecurity deals

Leonardo, the defence company from Italy, is actively pursuing acquisitions in the cybersecurity sector, targeting a dozen companies both domestically and abroad. CEO Roberto Cingolani mentioned that some deals could be finalised by the end of the year. The company has been working on these acquisition processes for the past several months.

No acquisition will exceed 15% of the cyber division’s turnover, following guidelines set in Leonardo’s strategic plan. The company is prioritising cyber security as a key growth area, expecting strong double-digit expansion in this field in the coming years.

Leonardo aims to establish itself as a significant player in Europe’s cyber security market. Cingolani highlighted that the sector is at the heart of the group’s strategic development, especially as digitalisation continues to offer new opportunities.

The company’s 2024-2028 industrial plan outlines its commitment to strengthening its core businesses while also focusing on cybersecurity. Over the next five years, Leonardo forecasts a 16% rise in orders and a 13% growth in revenue in this area.

Indian crypto exchange faces investigation after $235 million crypto hack

India’s Financial Intelligence Unit is investigating the Indian cryptocurrency exchange WazirX following a significant cyberattack that resulted in the theft of $235 million. The exchange is cooperating with government agencies and has provided authorities with extensive server logs and transaction data related to the incident, which occurred in July. Although no physical assets have been seized, WazirX is actively engaging with regulatory bodies to understand the broader implications of the hack on the unregulated crypto sector.

In a bid to enhance transparency, WazirX plans to publicly disclose wallet addresses through court affidavits and has committed to addressing user concerns. The exchange aims to establish a 10-member committee of creditors by 9 October to assist in its restructuring efforts, to return 52-55% of the remaining crypto assets to affected clients within six months.

Additionally, WazirX’s parent company, Zettai, is in discussions with 11 potential partners to explore capital injections and profit-sharing strategies that could aid in user recoveries. Following the hack, WazirX has sought a Scheme of Arrangement in Singapore under local insolvency laws. An independent audit revealed no evidence of wrongdoing by its custodian partner, Liminal Custody.

US and Poland sign cybersecurity MOU to enhance global digital security and cooperation

The US Department of Homeland Security (DHS) and the Polish Ministry of Digital Affairs (MDA) have signed a Memorandum of Understanding (MOU) to bolster their collaboration in cybersecurity and emerging technology. This MOU strengthens the longstanding partnership between the United States and Poland, providing a structured framework for coordinated efforts in addressing global security challenges, including cyber threats and responsible technology development.

By focusing on key areas such as cyber policy, Secure by Design practices, information sharing, incident response, human capital development, and the safe deployment of AI and the Internet of Things (IoT), both nations demonstrate a shared commitment to transatlantic security. The timing of this MOU, which coincides with the Fourth Counter Ransomware Initiative Summit, reflects a united stance against the growing ransomware threat, as nearly 70 countries gathered to reinforce global resilience against cybercrime.

Various agencies will spearhead the implementation of the MOU as part of the agreement. In the United States, DHS entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Office of Strategy, Policy, and Plans, and the Science and Technology Directorate will drive projects that enhance cybersecurity and support critical infrastructure. On the Polish side, the National Research Institute (NASK) will be instrumental in coordinating these efforts, positioning Poland for its upcoming EU Council presidency in 2025, where it aims to strengthen US-EU relations and prioritise European information security.

Why does it matter?

Together, these agencies will focus on collaborative initiatives that ensure safe technology practices, build critical skills, and enable a proactive response to digital threats, securing a stronger digital future for both nations.

Rising fears of foreign interference in US election

Concerns are rising ahead of the US presidential election, with the latest intelligence suggesting interference from foreign nations like Russia, Iran, and China. The annual threat assessment released by the Department of Homeland Security highlights the use of AI by these countries to spread misinformation and create fake websites.

Russian actors have focused on amplifying divisive narratives, particularly around immigration. Iran has adopted a more aggressive approach, posing as activists online to encourage protests related to the conflict in Gaza. China is also seen as a potential player in efforts to undermine confidence in US democratic institutions.

The upcoming election, expected to be highly contested between Kamala Harris and Donald Trump, presents further opportunities for foreign interference. Tensions within the US could be exacerbated by these external efforts, along with potential threats from domestic extremists.

Domestic violent extremism also remains a serious concern. The report warns of the risk posed by lone actors or small cells driven by grievances related to race, religion, or anti-government views. These groups may attempt violent actions to instill fear or disrupt the electoral process.

Indian government redefines ministry roles in telecom and cybersecurity

The Indian government has recently redefined the roles of key ministries concerning telecom network security, cybersecurity, and cybercrime through amendments to the business allocation rules. As a result, this strategic reorganisation ensures that each ministry is assigned clear responsibilities, streamlining efforts to manage these vital areas more effectively.

The roles have been precisely delineated to enhance governance. Specifically, the Ministry of Communications is responsible for telecom security under the Telecommunication Act of 2023, which enables authorities to access traffic data, including from OTT services like WhatsApp. Meanwhile, cybersecurity falls under the Ministry of Electronics and Information Technology (MeitY), as outlined in the IT Act of 2000, with strategic guidance provided by the National Security Council Secretariat.

Furthermore, the Ministry of Home Affairs (MHA) oversees cybercrime, working closely with the Department of Telecommunications to address fraud and utilising tools such as Pratibimb to track mobile numbers involved in cybercriminal activities.

There is an ongoing debate on regulating OTT communication services. While telecom companies continue to push to regulate these services under the Telecom Act, the government in India has reiterated that OTT services like WhatsApp and Telegram fall under the Information Technology Act. This differentiation reflects the broader scope of the IT Act in handling digital communication services, even as pressure mounts for more stringent telecom-specific regulations.

Fake crypto app drains $70,000 from users

Check Point Research has uncovered a crypto wallet drainer app that was active on the Google Play Store for over five months, stealing more than $70,000 from unsuspecting users. The malicious app masqueraded as WalletConnect, a popular tool for linking crypto wallets to decentralised finance (DeFi) apps. Despite being disguised as a legitimate app, it managed to evade detection through advanced techniques and fake reviews, gaining over 10,000 downloads.

The app, originally named ‘Mestox Calculator,’ tricked users into connecting their wallets and accepting permissions, allowing attackers to drain funds. Although not all users were affected, over 150 victims lost substantial sums. The app was eventually removed from the store, but its ability to avoid detection highlighted gaps in-app verification processes on platforms like Google Play.

Check Point Research emphasised the increasing sophistication of cybercriminals and urged both users and app stores to remain vigilant. The researchers warned that even seemingly harmless apps can pose a serious financial threat in the Web3 world, stressing the importance of educating users about these risks.

Hackers use auto-reply emails to deliver crypto mining malware

Cybersecurity experts have uncovered a novel tactic used by hackers to deliver malware for covert crypto mining. Hackers are now exploiting automated email replies from compromised accounts to infect businesses in Russia, including financial institutions, with the XMRig mining tool. Since May, over 150 emails containing this malicious software have been detected, but most were blocked by Facct, a leading threat intelligence firm.

This technique is particularly dangerous as it involves victims initiating contact, and expecting a reply from their initial email. Due to this established communication, many are unsuspecting of the malware attached. Facct urges organisations to stay vigilant by conducting regular cybersecurity training and adopting strong passwords with multifactor authentication.

The XMRig software, often used in crypto mining attacks, has been part of several widespread malware campaigns since 2020, highlighting the persistent threat of cybercriminals using innovative methods to target vulnerable systems.

PwC report reveals only 2% of organisations achieve firm-wide cyber resilience

A new report from PwC has uncovered alarming gaps in global cybersecurity practices among organisations. The 2025 Global Digital Trust Insights survey, which gathered insights from 4,042 business and technology executives across 77 countries, revealed that only 2% of organisations have fully implemented cyber resilience measures in all areas assessed.

Specifically the survey evaluated 12 key resilience actions related to people, processes, and technology. Fewer than 42% of executives believe their organisations have fully adopted any one of these measures. Among the most critical gaps are:

  • Establishing a resilience team, with only 34% reporting implementation organization-wide
  • Developing a cyber recovery playbook for IT-loss scenarios, achieved by just 35%
  • Mapping technology dependencies, with only 31% completed

These findings highlight a concerning vulnerability, leaving many organisations exposed to cyber attacks that could jeopardise their entire operations.

Another critical issue raised in the report is the insufficient involvement of Chief Information Security Officers (CISOs) in essential business activities. Fewer than 50% of CISOs are significantly engaged in strategic planning for cyber investments, board reporting, or overseeing technology deployments. This lack of participation at high decision-making levels creates the risk of misaligned strategies and weaker security postures. The report advocates for granting CISOs a seat at the table to ensure cybersecurity considerations are embedded within core business strategies.

The rapid integration of new technologies is introducing additional cybersecurity challenges. According to the report, 67% of security executives indicated that the rise of generative AI has expanded their attack surface over the past year. Vulnerabilities are also increasing due to the adoption of cloud technologies and connected devices. Despite these risks, organisations continue to invest in new technologies, with 78% of executives reporting increased spending on generative AI in the last year, underscoring the tension between innovation and security.

Cybersecurity regulations are emerging as a significant catalyst for investment, with 96% of executives acknowledging that regulatory requirements have driven enhancements in their security measures. Furthermore, 78% believe that regulations have prompted improvements or challenges to their cybersecurity posture. However, the report also highlights a notable confidence gap between CISOs/CSOs and CEOs concerning compliance with AI and resilience regulations. This 13-point disparity indicates a disconnect in how different executives view their organisation’s readiness to meet regulatory demands.

US bolsters digital security with the ROUTERS Act to counter foreign cyber threats

The United States is making a pivotal move to bolster its digital security by introducing the ROUTERS Act, a bill specifically designed to address vulnerabilities in consumer internet routers and wireless infrastructure. Since these devices are crucial in connecting users to the internet, they have increasingly become prime targets for cyberattacks, particularly by foreign adversaries such as China.

Consequently, the legislation, which has already passed the House of Representatives, focuses on hardware developed or manufactured by companies based in countries of concern, including China, Iran, Russia, North Korea, and Venezuela. Notably, Chinese-made routers, such as those from TP-Link, are widely used in American households and even government agencies, presenting significant security risks.

To counter these threats, the ROUTERS Act mandates that the Department of Commerce conduct a study to assess the national security dangers posed by these devices. This crucial step could pave the way for future legislative actions to mitigate the vulnerabilities that threaten the US’s digital infrastructure.

Furthermore, the United States has already experienced the damaging effects of cyberattacks, particularly from Chinese-backed hacker groups exploiting router vulnerabilities to infiltrate networks and conduct espionage. Various reports and investigations have consistently highlighted the dangers posed by outdated and insecure routers, particularly those from manufacturers like TP-Link, which remain used by consumers and critical government agencies, including the Department of Defense.

As a result, the ROUTERS Act seeks to address these threats by requiring a comprehensive study of the national security risks posed by such devices, particularly those originating from adversarial nations. As the Senate prepares to review the bill, there is bipartisan support to strengthen it further by designating the National Telecommunications and Information Administration (NTIA) as the lead agency overseeing the study.

Given its expertise in managing digital infrastructure and cybersecurity threats, the NTIA is well-positioned to ensure a thorough evaluation of the risks. Ultimately, this would enable the United States to coordinate better efforts across federal agencies to secure its digital infrastructure and safeguard against foreign cyber threats.

MoneyGram faces challenges amid cybersecurity outage

MoneyGram has acknowledged that its recent multiday outage is due to a cybersecurity issue, and the firm is progressing in restoring its services. The company revealed on X that it had identified the problem affecting certain systems and launched an investigation after users reported disruptions beginning on 20 September.

The Dallas-based financial services company stated that it took immediate protective measures, including taking some systems offline to address the connectivity issues. MoneyGram is collaborating with law enforcement and external cybersecurity experts to mitigate the impact of the breach. In a follow-up post on 24th September, the firm announced that it is successfully restoring some key transactional systems.

Although MoneyGram has assured users that pending transactions will be processed once systems are back online, it has not disclosed details about the nature of the cybersecurity issue, including whether any sensitive data may have been compromised. Additionally, there is no timeline yet for when full service will be resumed.

This incident occurs amid a notable increase in crypto-related ransomware attacks, with reports indicating a significant rise in ransom payments this year. MoneyGram, a major player in money transmission, recently ventured into the crypto space, launching fiat exchange services and partnering with CEX.io to offer fiat-to-stablecoin options.