Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.

Retailer reports issue to National Cyber Security Centre after tills stopped working in some stores from Saturday

Marks & Spencer has apologised to customers after a “cyber incident” affected contactless payments and the pick up of online orders in it stores in recent days.

The retailer told shoppers that delays to click and collect orders currently continued but it was “working hard to resolve” the issue.

Continue reading...

A haul of items seized by police reveals the scale and threat of payment fraud – a crime that can have significant emotional impact on victims

On a shelf between Alexander McQueen shoes, Louis Vuitton handbags and Versace heels in the police evidence room are an 18-inch machete and a serrated zombie knife. Alongside the expensive fashions bought with the proceeds of serious fraud are the tools needed to achieve it, says DCI Paul Curtis.

“These are serious offenders and for whatever reason they felt the need to have these to protect themselves,” he says. Among the other tools are “Sim farms” bought on the dark web, which scammers use to send out numerous text messages at once; stacks of laptops; and mobile phones and payment card readers.

Continue reading...

Organisations including energy and transport firms told to guard systems against powerful new computers

The UK’s cybersecurity agency is urging organisations to guard their systems against quantum hackers by 2035, as the prospect of breakthroughs in powerful computing threaten digital encryption.

The National Cyber Security Centre (NCSC) has issued new guidance recommending large entities including energy and transport providers introduce “post-quantum cryptography” in order to prevent quantum technology being deployed to break into their systems.

Continue reading...

Proxies deploying tactics including migrant smuggling in destabilisation efforts across EU, enforcement agency finds

• Europe live – latest updates

Russia and other state actors are driving an increase in politically motivated cyber-attacks and sabotage of infrastructure and public institutions in the EU, the bloc’s police enforcement agency has found.

Europol’s 80-page serious and organised crime threat assessment for 2025 also describes in detail how “hybrid threat” actors have established a “shadow alliance” with organised criminal gangs in Europe to try to destabilise the functioning of the EU and its member states.

Continue reading...

There’s a growing collaboration between hacking groups engaging in espionage on behalf of nation-states and those seeking financial gains through ransomware and other forms of cybercrime, researchers noted this week .

There has always been some level of overlap between these two groups, but it has become more pronounced in recent years. On Tuesday, the Google-owned Mandiant security firm said the uptick comes amid tighter purse strings and as a means for concealing nation-state-sponsored espionage by making it blend in with financially motivated cyberattacks.

Opportunities abound

“Modern cybercriminals are likely to specialize in a particular area of cybercrime and partner with other entities with diverse specializations to conduct operations,” Mandiant researchers explained. “The specialization of cybercrime capabilities presents an opportunity for state-backed groups to simply show up as another customer for a group that normally sells to other criminals. Purchasing malware, credentials, or other key resources from illicit forums can be cheaper for state-backed groups than developing them in-house, while also providing some ability to blend in to financially motivated operations and attract less notice."

Read full article

Comments

An international coalition of police agencies has taken a major whack at criminals accused of running a host of online scams, including phishing, the stealing of account credentials and other sensitive data, and the spreading of ransomware, Interpol said recently.

The operation, which ran from the beginning of April through the end of August, resulted in the arrest of 41 people and the takedown of 1,037 servers and other infrastructure running on 22,000 IP addresses. Synergia II, as the operation was named, was the work of multiple law enforcement agencies across the world, as well as three cybersecurity organizations.

A global response

“The global nature of cybercrime requires a global response which is evident by the support member countries provided to Operation Synergia II,” Neal Jetton, director of the Cybercrime Directorate at INTERPOL, said . “Together, we’ve not only dismantled malicious infrastructure but also prevented hundreds of thousands of potential victims from falling prey to cybercrime. INTERPOL is proud to bring together a diverse team of member countries to fight this ever-evolving threat and make our world a safer place.”

Read full article

Comments

ShinyHunters stole information including bank and credit card numbers, as well as staff HR details

Hackers are attempting to sell confidential information including the bank and credit card numbers of millions of Santander customers to the highest bidder.

ShinyHunters posted an advert on a hacker forum for the data, which it says also includes staff HR details, with an asking price of $2m (£1.6m). It is the same organisation which claims to have hacked Ticketmaster .

Continue reading...

Hong Kong employee was duped into sending cash to criminals by AI-generated video call

• Business live – latest updates

The British engineering company Arup has confirmed it was the victim of a deepfake fraud after an employee was duped into sending HK$200m (£20m) to criminals by an artificial intelligence-generated video call.

Hong Kong police said in February that a worker at a then-unnamed company had been tricked into transferring vast sums by people on a hoax call “posing as senior officers of the company”.

Continue reading...