Google’s Threat Intelligence Group (GTIG), partnering with Mandiant (a subsidiary of Google Cloud and a premier cybersecurity firm specialising in threat intelligence, incident response, and managed defence) and others, ended up exposing Chinese state-backed organisation UNC2814’s spy operations. The group has now been classified as an Advanced Persistent Threat (APT).

In the most recent campaign, the organisation used GridTide, a backdoor malware that had never been seen before and used the Google Sheets API for C2 infrastructure. The backdoor blends with regular company traffic and causes no concerns because it sends HTTPS queries to authentic Google infrastructure rather than connecting to a distant server to obtain commands and steal data.

Every command is kept in a spreadsheet cell within an attacker-owned document. The malware periodically examines, decodes, and executes the encoded instructions that the operators inject into designated rows or cells.

Exfiltrated data may occasionally be written back into the sheet. GTIG stated that it did not see any examples of data exfiltration. With reports of its activity dating back to 2017 or potentially earlier, UNC2814 is a somewhat well-known threat actor.

Google terminated all of the attackers’ authority over Google Cloud Projects as part of the disruption operations, cutting off their ongoing access to GridTide-compromised environments. They restricted access to the Google Sheets API requests, disabled attacker accounts, and located and stopped all known UNC2814 infrastructure. Lastly, it published a list of IoCs connected to the UNC2814 infrastructure that has been operational since at least 2023.

The campaign started in 2023 and affected at least 53 organisations in 42 countries. Google suspects that UNC2814 is present in at least 20 more countries. Most of Latin America, Eastern Europe, Russia, parts of Africa, and parts of South Asia seem to have been hit. Except for Portugal, Western Europe is mostly unscathed. The United States was not touched as well.

The activity is distinct from separate high-profile, telecommunications-focused Chinese hacking activity tracked as “Salt Typhoon,” Google told Reuters. That campaign, which the US government has linked to Beijing, targeted hundreds of American organisations, in addition to prominent political figures.

Chinese Embassy spokesperson Liu Pengyu, while reacting to the news, said, “Cybersecurity is a common challenge faced by all countries and should be addressed through dialogue and cooperation. China consistently opposes and combats hacking activities in accordance with the law, and at the same time firmly rejects attempts to use cybersecurity issues to smear or slander China.”

The post Google disrupts Chinese hacking operations in more than 40 nations appeared first on International Finance.

In this backdrop, Brooklyn-based Outtake, whose agentic cybersecurity platform helps enterprises detect, investigate, and take down identity fraud, has raised a USD 40 million Series B round of funding. While the amount may not sound huge compared to the capital raised by Outtake’s industry peers, the funding round hit the headlines due to the list of participating angel investors, which included Microsoft CEO Satya Nadella, Palo Alto Networks CEO Nikesh Arora, Pershing Square Holdings CEO Bill Ackman, Palantir CTO Shyam Sankar, Anduril co-founder Trae Stephens, former OpenAI VP Bob McGrew, Vercel CEO Guillermo Rauch, and former AT&T CEO John Donovan.

Knowing The Player In Detail

Outtake, established in 2023 by former Palantir engineer Alex Dhillon, has come up with a fix when it comes to automating what has largely been a manual problem: spotting and taking down digital identity posers, entities like impersonation accounts, malicious domains posing as companies’ official websites, rogue apps, fraudulent ads, and more.

Outtake has customers like OpenAI, British financial services company Pershing Square, and American mobile technology company AppLovin, along with several federal agencies. OpenAI even profiled the company in July 2025 as an example of an agentic start-up built on its reasoning models.

Outtake’s ARR (Annual Recurring Revenue) has increased six times year-over-year, while its customer base grew more than ten times. This shows one thing: while the demand for foolproof cybersecurity solutions is expanding rapidly, the 21st century’s global socio-economic order is also taking the threat of digital identity theft more seriously than ever.

According to Dhillon and his team, two-thirds of identity theft-related attacks now utilise some form of AI, remarking, “the question isn’t whether your organisation will be targeted, it’s whether your defences can match the sophistication of AI-powered threats that are reshaping the very nature of cybercrime.”

So, what is Outtake dealing with? The rising menace of bots, with a 2024 study claiming that 30% of accounts across major social media platforms are likely to be fake. These bots are used to spread scams, steal identities, or manipulate public opinion.

Then add the 703% increase in credential phishing attacks, thanks to the widespread availability of AI-generated phishing kits online. We also have a 202% increase in phishing emails, with generative AI tools and automation again helping hackers compose phishing emails up to 40% faster.

Making ‘Digital Trust’ Great Again

Talking about Outtake’s “AI-Driven Intelligence for Open Sources,” the start-up’s AI agents cut through noise and contextualise risks in real time by delivering the early warning security teams need to protect people, reputation, and operations.

“Manual OSINT (Open-Source Intelligence) workflows can’t keep pace with today’s threat landscape. Security analysts spend hours chasing false positives, triaging repetitive alerts, and piecing together fragments from multiple sources,” the venture stated, further pointing out issues like manual backlogs (with threat actors quickly shifting their campaign methods by the time analysts detect and manually remediate a threat), an endless streak of false alerts (with keyword-based monitoring generating endless dead ends, burying investigators in irrelevant hits and obscuring the real signals that matter), and manual correlation of findings (with cybersecurity teams seeing isolated incidents as big wins rather than uncovering the full campaign across platforms and sources).

To counter these, Outtake has bet big on AI agents, which continuously discover and analyse images, videos, audio, and text across the open web, delivering contextualised intelligence without the manual overhead. They track emerging narratives (upcoming cybercrime trends) and force-protection campaigns before they escalate into reputational or physical risks.

Legacy traditional tools often end up missing threats from social platforms, forums, and open sources, something that Outtake’s AI agents address thoroughly, taking things further to “Location-Based Risk Intelligence” by mapping chatter tied to physical locations to anticipate risks to executives, facilities, and events.

Also, “AI-Driven Intelligence for Open Sources” keeps its client businesses safe by monitoring third-party players like vendors, partners, and acquisition targets for emerging risks. After everything, Outtake distils millions of signals into clear, prioritised summaries before delivering threat digests directly to clients’ inboxes or collaboration tools, customised to the latter’s security priorities.

Next are “Digital Risk Protection” agents that, in the start-up’s language, provide “AI that tirelessly detects, prioritises, and dismantles impersonation threats across domains, social media, apps, and ads.” When it comes to proactively identifying and eliminating digital impersonation threats, traditional methods are trailing severely. How? First of all, they are drowning in AI-generated noise due to the widespread availability of AI-generated phishing kits online.

Attacks are getting sophisticated and fast-paced, with threat actors diversifying their mediums. Apart from missing threats hidden in images, videos, code, and visual brand abuse, legacy keyword tools end up chasing nodes while missing well-coordinated campaigns. These solutions are only capable of tackling isolated threats instead of going after the full attack ecosystem. They can’t connect signals across platforms, leaving coordinated campaigns intact and growing.

“Digital Risk Protection” agents have been tailored with social engineering scams in mind—criminal acts that exploit human psychology to trick individuals into divulging confidential information, transferring money, or installing malware. These attacks are known for impersonating trusted entities or businesses through phishing (emails), vishing (phone calls), or smishing (SMS). Outtake’s solution goes aggressively after these elements, removing fake brand and executive impersonations across all platforms while continuously mapping threat infrastructure across digital mediums, revealing the hidden links that single-point tools overlook.

Be it fraudulent phishing, malware domains, fake mobile apps, or deceptive marketplace listings, “Digital Risk Protection” agents have been tasked with one job: monitor, identify, and take down.

Redefining Digital Verification

Business Email Compromise (BEC), which targets organisations through deceptive emails, skyrocketed in 2025, with Barracuda’s “Email Security Breach Report” registering a staggering 78% of surveyed organisations worldwide experiencing an email security breach throughout the year, with the lack of expertise, automation, and awareness ending up costing companies money, reputation, customers, and growth prospects.

Against this backdrop, Outtake has launched a device- and identity-bound authentication tool via World ID or passkeys, as AI is known for generating both phishing and legitimate emails. “Outtake Verify” has evolved as a browser extension that cryptographically verifies a business’ identity (through mathematical proof instead of probabilistic guessing) and signs the company’s emails. Even if the official mail account gets hacked, Outtake still ensures that these compromised accounts can’t send verified emails by denying attackers device-bound authentication.

The solution not only improves internal email security for Outtake’s client organisations, but it also increases trust in third-party communications by making the whole digital environment secure. “Outtake Verify” also reduces the burden on human cybersecurity professionals within a team by taking over tasks like verifying executive payment approvals, eliminating out-of-band confirmations, ensuring sensitive documents come from authenticated sources with message integrity, and extending trust beyond organisational boundaries by requiring authentication from key vendors.

The post Start-up of the Week: Outtake tackles next-gen identity fraud appeared first on International Finance.

Recently, Cybernews confirmed a post on a popular hacker forum, likely made by the alleged perpetrators, claiming 353 gigabytes of data were stolen during a breach of Doctor Alliance’s network. For now, the data has not been leaked, with the user going by the alias “GOD” threatening to either post or sell the information on November 21, 2025, in case a ransom of USD 200,000 is not paid.

Alias “GOD,” who likely represents a group of individuals, released a small 200 MB sample to prove they have the files. As per Cybernews, the revealed files include “various medical records, riddled with sensitive personal data,” specifically details on patient prescriptions, treatment plans, names, health insurance numbers, phone numbers, home addresses, hospital orders and more.

In the United States, such data access would constitute a reportable breach under the terms of the Health Insurance Portability and Privacy Act (HIPAA). Cybersecurity researchers now believe the trove, if determined to be legitimate, poses a serious risk to patients and employees, as it could all be used for identity theft, blackmail or other nefarious purposes. This includes not only medical identity theft but also insurance fraud.

“This data leak poses a huge risk of identity theft and medical fraud for the patients involved, such as obtaining medical services or prescription drugs in the victim’s name. Both doctors and patients can fall victim to social engineering attacks,” remarked the researchers.

While promising that the data would be deleted if the ransom is paid, the alleged cybercriminals in a post refused to divulge details like when the attack took place and what vector was used. No known hacker outfit has claimed credit for the attack.

The post Cyberattack on healthcare firm Doctor Alliance: All you need to know appeared first on International Finance.

As industries are embracing AI and technology rapidly, so are the worries around cybersecurity. Enterprises prioritise protective measures against online attacks and hacks, prompting businesses to spend more on safeguarding their domains.

Against this backdrop, Chainguard, whose customers include Anduril, ANZ Bank, Canva, GitLab and Hewlett Packard Enterprise, has stood up to the occasion by providing tools and services to help clients keep their software secure. At the same time, it is also cementing its place as a key cybersecurity player, as it has so far raised USD 612 million. The start-up, founded in 2021, grew its annual recurring revenue seven times to USD 40 million in fiscal year 2025.

In today’s episode of the “Start-up of the Week,” International Finance will talk about the company in detail.

The Safe Source For Open Source

Chainguard has built a secure, trusted software supply chain that “empowers teams to build the future instead of patching the past.”

“The status quo in open source has led to high-profile security breaches, countless hours of engineering toil, and compliance failures. Enterprises need a new mechanism for open-source software delivery,” the start-up stated.

The safe open-source software has been rebuilt from source in secure environments with end-to-end integrity, with the vision of ensuring a future where security and innovation move in lockstep and every line of code makes software safer.

“As high-profile attacks exposed systemic weaknesses, organisations struggled to secure their development pipelines without adding friction for engineers. Existing solutions were complex, reactive, and often ineffective, so Chainguard set out to build a safe source for open source. Today, Chainguard helps organisations eliminate threats in their software supply chains by providing guarded open-source software, built from source and updated continuously,” the company added.

Chainguard’s software supply chain has enabled its client companies to save 288,000 engineering hours. Additionally, it has addressed more than 72,000 Common Vulnerabilities and Exposures (CVEs)—a widely recognized list of publicly disclosed security flaws in computer systems. Most importantly, this effort has resulted in an 80% reduction in the attack surface.

Chainguard’s software supply chain is run by “Container Image Security,” which builds, ships, and runs hardened, minimal container images.

The company commented, “Our suite of hardened, minimal container images help developers start secure and stay secure throughout the software development lifecycle. With 97.6% fewer vulnerabilities than alternatives, Chainguard Containers help you reach vulnerability requirements for compliance frameworks like NIST 800-53, FedRAMP, or StateRAMP.”

The software supply chain performs another crucial function called “Vulnerability Remediation,” where it prioritises speed and precision to eliminate CVEs daily in the open-source software the client companies consume, so the latter’s developers can spend their time honing their craft. No more constantly monitoring security spreadsheets, running known-vulnerable software, or manually patching images.

When it comes to compliance and risk mitigation, the Chainguard Containers solution eliminates vulnerabilities in the clients’ containers that repeatedly impact their compliance certifications for FedRAMP, PCI-DSS, SOC 2, and more. Human cybersecurity professionals get relieved of repetitive tasks like patching, updating, and hardening container images to meet and maintain compliance requirements faster.

The start-up also helps its clients build secure software with images that include Signatures, SLSA Provenance (verifiable information about software artefacts describing where, when and how something was produced), and SBOMs (Software Bill of Materials is a comprehensive inventory of all the software components, including their versions, dependencies, and associated metadata, that make up a software application), thereby providing the building blocks for a secure software supply chain.

On the AI/ML Security front, Chainguard AI Images are a suite of CPU and GPU-enabled container images, including popular frameworks like PyTorch, Conda, and Kafka. These images are hardened, minimal, and optimised for efficient AI development and deployment. By leveraging Chainguard AI Images, organisations can confidently secure their AI infrastructure, streamline vulnerability management, and maintain high performance with low-to-zero vulnerabilities.

PCI DSS (Payment Card Industry Data Security Standard) requirements for vulnerability management drive add significant worry and complexity for companies investing in their digital architectures, especially when it comes to the data authentication task.

Chainguard simplifies PCI compliance with minimal, zero-CVE containers built entirely from source. The start-up offers minimal, zero-CVE images by default, shrinking its clients’ compliance and auditing worries from day one.

Chainguard helps its clients eliminate PCI DSS overhead and costs with source build pipelines, supply chain transparency, and CVE management. The start-up mitigates the risk of costly security breaches and failed audits, which incite heavy fines and penalties from regulators.

Here Is The Product Line-up

Among Chainguard’s key products is “Chainguard Containers,” which helps companies build software better with minimal, zero-CVE container images guarded under the start-up’s industry-leading remediation SLA (Service-Level Agreement).

The solution enables companies to adopt inherently secure software, allowing engineers to focus more on delivering products and less on patching Common Vulnerabilities and Exposures (CVEs). Additionally, it leverages trusted open-source solutions to enhance security and minimize the attack surface for potential threats. Addressing critical compliance controls by default helps reduce overhead costs and accelerates the time to market for products.

Next is “Chainguard Libraries,” which stop software supply chain attacks without compromising developer experience and productivity with language dependencies built securely in SLSA-hardened build infrastructure.

Using the tool, companies can eliminate risks from compromised build systems and hijacked package distribution mechanisms to prevent attacks like XZ-Utils, MavenGate, and Lottie Player. Chainguard Libraries free up developers to ship faster by eliminating toil and productivity erosion associated with manual and/or policy-based package curation, apart from offloading the hard work of vendors in shared system libraries for dynamically linked languages.

These language libraries get built from source in Chainguard’s SLSA Level 2 build infrastructure, eliminating supply chain attacks at the build and distribution phases of the package lifecycle. Businesses can use the start-up’s language libraries anywhere to develop and deploy the code.

Chainguard helps IT companies standardise their developers on a safe and secure mechanism to consume language dependencies. Chainguard Libraries natively integrate with common artefact managers so developers can pull trusted dependencies without any additional friction.

Finally, we have Chainguard’s “Virtual Machine Software,” which hosts image containers on optimised, minimal, zero-CVE virtual machine images rebuilt from source daily for ephemeral cloud instances. The start-up described this particular solution as the security and innovation-friendly container host that meets “critical compliance controls by default with zero-CVE container hosts guarded under a CVE remediation SLA.”

The “Virtual Machine Software” also focuses on differentiated product experiences, in addition to reducing the burden on engineering and security teams for CVE triage, management, and remediation, while carrying out innovations on the security and performance optimisation front without costly and complex major upgrades.

Image Credits: Chainguard

The post Start-up of the Week: Armed with fresh funding, Chainguard eyes to become major cybersecurity player appeared first on International Finance.

While companies are adopting strategies such as making it mandatory for their employees to complete yearly cybersecurity training courses, human-driven cybersecurity breaches continue to occur. The situation could worsen in the coming days as generative AI increases the scale and personalisation of social engineering campaigns. To address this challenge, Anagram, formerly known as Cipher, is taking a new approach to employee cybersecurity training that the start-up hopes will keep pace with the evolving nature of these social engineering campaigns.

In today’s edition of the “Start-up of the Week,” International Finance will delve into the New York-based venture, which is now known for its virtual platform that offers hands-on security training for enterprises. This method includes bite-sized videos and personalised interactive puzzles designed to teach employees how to spot suspicious emails and communications. These training sessions are frequent and engaging, as opposed to the current standard of a once-yearly, lengthy training session. In this way, businesses and their employees stay updated on the latest trends in the world of cybercrime.

A Game-Changing Training Method

According to Harley Sugarman, founder and CEO of Anagram, the training activities primarily include tasks such as having employees create their own personalised phishing emails, which, in turn, teach them how to identify sophisticated campaigns aimed at them.

“We took very little, in fact, basically no inspiration from the existing stuff out there. What we really took were lessons from TikTok, Duolingo, and Khan Academy. We looked at these platforms that have done really well engaging and changing user behaviour outside the security space, and we asked ourselves, ‘OK, how can we apply those lessons within security?’” Sugarman explained to TechCrunch, highlighting what differentiates Anagram’s cybersecurity training from existing methods.

Harley Sugarman, a computer science professional, initially sought to apply the cybersecurity industry’s “capture the flag” training approach to upskill enterprise cybersecurity employees. This training method involves building software with vulnerabilities and having security researchers find the bugs and figure out how to write code without falling into the same traps.

That initiative evolved into Cipher in 2022 and gained some traction. However, Harley Sugarman faced another challenge: chief information security officers (CISOs) told him that their businesses had a bigger security issue they were looking to tackle—their non-security employees. He said CISOs described their employees as their weakest cybersecurity link.

“What sort of surprised me was actually just the amount of hopelessness I heard in their voices. This was an unsolvable problem for them,” Sugarman said.

Cipher then scaled up in January 2024 to focus on solving that problem. In 2025, the venture changed its name to Anagram to reflect its new focus and is winding down its original product. In addition to strong growth following its rebranding, Anagram has secured high-profile clients, including Thomson Reuters, MassMutual, and Disney, among others.

In February 2025, Anagram raised a $10 million Series A round led by Madrona, with participation from General Catalyst, Bloomberg Beta, and Operator Partners, among others. The company now plans to use the funds to expand its sales team and continue improving the product. Sugarman said that so far, the start-up has been able to reduce client companies’ phishing failure rates from 20% to 6%, but the goal is to continue moving closer to zero.

Understanding The Method In Detail

According to Harley Sugarman, Anagram launched its product at a pivotal moment for the cybersecurity industry. As generative AI advances, so do personalised social engineering campaigns, which can make it more difficult for people to distinguish between what is real and what isn’t.

“I think the side effect of that is that traditional email security platforms are actually going to have a much harder time detecting these AI-generated phishing attempts. The ability to generate and randomise is just so strong, and it’s really difficult, from an engineering perspective, to defend against that,” Sugarman explained.

To address this challenge, Anagram has divided its hands-on security training into two parts: “Security Awareness Training” and “Developer Training.” The first method operates under the motto “Bite-Sized Lessons, Big Results.” The start-up describes this approach as “quick, real-world training that leverages the science of learning so your (business’s) employees know how to spot and stop an attack.”

“Security Awareness Training” launches phishing simulations within minutes using Anagram’s best-in-class templates (even assisting companies in building their own campaigns). It also integrates a company’s cybersecurity policies directly into the training method, ensuring that everyone understands the rules and stays safe.

When it comes to combating cybersecurity threats, employees within a company—just like their varied roles and responsibilities—face different threats and challenges. To address this, Anagram offers both general and topic-specific modules so users can create programmes relevant to their operational needs.

Every October, the start-up offers a gamified “Awareness Month Programme” for companies. However, the most unique aspect of the “Security Awareness Training” is its content library, which covers cybersecurity challenges such as business email compromise, coding with AI, handling sensitive data, detecting deepfakes, holiday scams, insider threats, tax scams, sharing data externally, social engineering, wire fraud, and more.

Regarding “Developer Training,” the start-up focuses on real-world scenarios, whether protecting secret keys, tackling API vulnerabilities, or preventing software supply chain attacks. The training also includes interactive sandboxes where software developers and website builders can learn security best practices in a safe, realistic environment.

Since the threats developers face are constantly evolving, Anagram uses examples pulled from actual vulnerabilities and breaches, so developers can learn how to tackle the issues they are most likely to encounter.

The training method, which is updated multiple times a year to keep up with the ever-changing cyber landscape, covers topics such as SQL injection, managing secrets, broken access control, cross-site scripting (XSS), validating API design, cryptographic failures, insecure logging and monitoring, avoiding outdated components, protecting backups, detecting SSRF, securing cloud infrastructure, and ensuring software and data integrity.

The Road Ahead

Anagram is currently working on developing an AI agent that will be embedded in enterprise employees’ emails and will be trained to flag potential cybersecurity slip-ups before they happen.

According to Sugarman, the agent will be able to intervene by asking employees whether they really want to send their credit card information over email, among other similar safeguards.

Last but not least, Anagram is also currently partnering with renowned industry leaders, including Steve Zalewski (Levi Strauss), Lena Smart (MongoDB), Tim Youngblood (McDonald’s, T-Mobile), David Cross (Atlassian, Oracle), and Andrew Wilder (Nestlé). These collaborations underscore Anagram’s commitment to driving innovation and delivering impactful security solutions.

By blending customised microlearning with real-time security scenarios, the platform has disrupted cybersecurity training in a positive way. This approach has attracted the attention of leading global enterprises, including several from the Fortune 500. Expect the start-up to make even more waves in the coming days.

The post Start-up of the Week: Anagram’s cutting-edge approach to cybersecurity training appeared first on International Finance.

The banking industry’s resilience is demonstrated by data from the Central Bank of Kenya (CBK), which indicates that profits have increased from $1.09 billion during the same period last year.

CBK Governor Kamau Thugge claims that March was the banks’ best-performing month, with pre-tax profits hitting $184 million.

On the other hand, August saw the lowest profits of $119 million, the only month since January when profits fell below $136 million. Despite this minor decline, the banking industry has continued to grow while other economic sectors have experienced severe disruptions.

Kenya had a difficult year, marked by challenges such as severe flooding and rain from March to June, political turmoil with anti-government demonstrations in June and July, and limited liquidity.

Despite challenges, banks have shown resilience, with the finance and insurance industry expanding by 7% in the first quarter of 2024, according to the Kenya National Bureau of Statistics.

However, in the second quarter, this growth slowed to 5.1%. According to the CBK, the banking industry will expand by 6% for the entire year, which is the slowest growth since the COVID-19 pandemic hit the economy in 2020, when growth was only 5.9%.

The general economic outlook seems more muted. The CBK has revised its prediction for the growth of the national economy from 5.4% to 5.1%. This change follows a slowdown in the second quarter, when growth slowed to 4.6% compared to 5.6% during the same time last year. Lending has decreased, which has also affected Kenyan banks.

The loan book for this sector was $27.2 billion at the end of August, a $1 billion decrease from $28.2 billion at the end of 2023. As the value of the Kenyan shilling increased relative to the United States dollar, this indicates both a decrease in lending and a depreciation of loans denominated in dollars.

The expansion of private sector credit has decreased dramatically; in August, it was only 1.3%, the lowest level in over five years. At the same time, the non-performing loan ratio rose to 16.7%, the highest level in 18 years. High credit costs have coincided with an increase in defaults and a decrease in borrowing. In February 2024, Kenya’s benchmark lending rate reached a 12-year high of 13%.

The CBK implemented consecutive reductions to the benchmark rate, bringing it down to 12%, in an effort to alleviate the burden on borrowers in response to these economic pressures. Reviving economic activity and encouraging borrowing are the goals of this.

In a statement, CBK said, “The Monetary Policy Committee noted the sharp deceleration in private sector credit and the slowdown in economic growth during the second quarter of 2024. It concluded that there was scope for further easing of monetary policy to boost economic activity while ensuring exchange rate stability.”

The performance of the industry will still be strongly correlated with more general economic developments, such as initiatives to control inflation, exchange rate swings, and international financial circumstances.

Strong security over PoS rollout

Network International, a Middle Eastern and African digital commerce enabler, has reaffirmed its commitment to ensuring strong cybersecurity measures as it launches new payment solutions in Kenya.

Judy Waruiru, its Regional Managing Director for East and South Africa, said, “We are introducing our point-of-sale (POS) solutions as part of our strategy to enter the in-person payments market in Kenya, a key hub for East Africa.”

Network International is providing merchants with new point-of-sale solutions at no cost as part of this rollout, enabling companies of all sizes to conveniently accept payments in-store or while on the go.

In order to accommodate a variety of payment preferences, customers will also have the option to pay with cards or mobile wallets. As the number of digital transactions in the area rises, the business is expanding its service portfolio and addressing growing concerns about payment system security.

During an interaction with African Banker, Paul Mutethia, Head of Commercial at Network International Kenya, said, “The risks in cyberspace have increased, especially Denial of Service, malicious codes, botnets, and bugs which hamper operations. We secure our internal systems when they interact with the external environment. Our transactions are encrypted, and all our solutions are secure. We ensure there is no exposure to cyber-attacks because we hold sensitive customer data.”

He revealed that there is a dedicated department within the company that handles threat management and cyberspace monitoring. It would be better to close the business if you don’t make any investments in cybersecurity.

According to data from the Central Bank of Kenya, there are only slightly more than 55,000 point-of-sale machines in the country. This is insignificant when you consider that the Kenya National Bureau of Statistics reports that there are 7.4 million registered micro, small, and medium-sized businesses (MSMEs). This reveals a serious weakness in the infrastructure for digital payments for companies across the nation.

The most recent products from Network International include contactless payment systems, improved mobile payment gateways, and e-commerce solutions designed to increase convenience while upholding strict security regulations.

JPMorgan Chase eyes presence in Nairobi

JPMorgan Chase, the biggest bank in the world by market capitalisation, is expanding in Africa, with plans to open an office in Nairobi, Kenya.

The bank is the largest lender in the United States, with $4 trillion in assets and operations in more than 100 countries.

It received an operating license from the Central Bank of Kenya (CBK) just days before Jamie Dimon, the CEO of the bank, travelled to the country. The action is part of the bank’s strategy for global expansion and demonstrates its increasing interest in making investments in the African market.

The bank has identified Africa, which has the youngest population in the world, as a key growth region due to its fintech innovations and the rise in institutional bankers.

In October 2024, JPMorgan Chairman and CEO Jamie Dimon travelled to Kenya as part of a trip to Africa that also included stops in South Africa and Nigeria.

“We are opening our first branch in Kenya, which we are really happy to do. We want to add a country or two in Africa every couple of years or so. And when you do it, you are basically covering the government, maybe some big government enterprises, and the multinationals that are going in there with traditional banking services,” Jamie Dimon said during an event in Nigeria.

Sailepu Montet, a former executive at CBK, has been appointed as the bank’s new Country Manager for Kenya. He has more than 20 years of banking experience and a solid foundation in financial markets from both the public and private sectors.

According to Dimon, the bank’s primary areas of interest are treasury services, commercial and investment banking, and possibly some lending in Kenya. Nevertheless, it does not currently have any plans to provide asset and wealth management services in the country, which are already offered in Nigeria and South Africa.

“We are not doing asset and wealth management now, but that doesn’t mean it won’t happen in the next few years,” Dimon added.

Nairobi was selected as the site for JPMorgan Chase’s office because of its growing prominence as a technology hub and its status as the gateway to the wider East African market, which makes it a desirable location for companies wishing to grow throughout the region.

Ten international banks, including Bank of China, Access Bank of Nigeria, Bank of Kigali, First Rand Bank and Nedbank of South Africa, Rabobank of Mauritius, and French lender Societe Generale, have representative offices in Nairobi.

The bank must, however, differentiate its offerings in various markets, such as Kenya, where regional and local lenders are well-represented. There are 46 commercial banks in the nation, providing services to 55 million people.

Nigerian banks go big

One of Nigeria’s leading commercial banks, First Bank, is now planning to expand to at least three African countries in its next growth phase, starting in 2025.

According to the Deputy Managing Director of the bank, Ini Ebong, the countries being targeted include Ethiopia, Angola, Cameroon, and Ivory Coast.

He asserted that there are growing opportunities in markets across the African continent, similar to “what we saw in the early 2000s in some of the larger African markets. We believe it is an opportune time to take part in this phase of growth.”

In December 2024, the Ethiopian parliament passed a law that allows foreign banks to open subsidiaries in Ethiopia. Foreign firms will only be allowed to own 49% of shares.

Also, during a panel session at the recently concluded Africa Financial Industry Summit, Ethiopia’s central bank governor, Mamo Mihretu, said the country had been working on the legislation that would finally open the banking sector to foreign competition over the past year.

FirstBank, which has been operating in Nigeria for 130 years, began establishing subsidiaries in other African markets in 2011 when it acquired Banque International de Credit, one of the leading banks in the Democratic Republic of Congo.

In November 2013, it acquired subsidiaries of International Commercial Bank Financial Group Holdings AG (ICBFGH) in The Gambia, Sierra Leone, Ghana, and Guinea. It purchased ICB Senegal the following year, completing its acquisition of West African assets and operations of ICBFGH. FirstBank also has operations in London and Paris, France, as well as a representative office in Beijing, China.

In January 2025, news emerged about Bidvest Bank being sold to Nigerian-based Access Bank, which is set to expand the latter’s operations in South Africa substantially. Johannesburg Stock Exchange-listed Bidvest is now eyeing the disposal of 100% of its holdings to Access Bank.

Bidvest is expected to raise R2.8 billion from the sale, which will then be used to settle its existing debt. Access Bank, on the other hand, plans to implement Broad-Based Black Economic Empowerment (BBBEE) ownership, including an Employee Stock Ownership Plan. The acquisition is expected to close in the second half of 2025, subject to regulatory approvals in South Africa and Nigeria.

The Bidvest Bank book, which mainly consists of leased assets, loans and advances, totalled R6 billion in December, and was funded by deposits of R8 billion. In its most recent financial year, Bidvest Bank generated a trading profit of R371 million and an operating income of R377 million.

Speaking of Access Bank, the largest lender in Nigeria by assets, it has established itself as a full-service bank with over 60 million customers globally across three continents, serving three principal segments: retail, business, commercial, and corporate.

Following the acquisition, Bidvest Bank is set to be merged with Access Bank’s existing South African subsidiary to create an enlarged platform to anchor the regional growth strategy for the SADC region.

Using Bidvest Bank’s local capabilities and its established pan-African presence, Access Bank now hopes to have increased capacity for intra- and inter-Africa trade, connect businesses, and create new opportunities for regional integration.

The Nigerian-based company noted that South Africa’s banking sector is the largest in Africa, with a combined tier-one capital exceeding $42.2 billion in 2022. Despite a tough operating environment, the industry still achieved headline earnings growth of 2.5% year-on-year and maintained strong profitability (ROE of 17%) in the first half of 2024. Access Bank will now leverage the latest acquisition to strengthen its business and SME banking as well as its foreign exchange services, while also introducing new services tailored to the South African market.

Access Bank has already been operating in South Africa since 2021 after it acquired Grobank Limited. Grobank, which was previously known as Bank of Athens, was primarily focused on agriculture before Access Bank transformed it into a retail banking operation. The group currently offers personal, business, and corporate banking in South Africa.

Banks embrace WhatsApp banking

In order to process payments more quickly and interact with customers more effectively, Kenyan banks are increasingly using WhatsApp banking. Conversational banking is encouraged by this model, which also streamlines customer journeys and improves user intuitiveness.

Kenya’s Housing Finance Group, commonly referred to as HF Group, became the first major bank in the country to deploy WhatsApp banking in 2019.

HF Group CEO Robert Kibaara said, “Customers can simply add HF’s WhatsApp phone number to begin a secure banking chat session.”

Since 2019, the KCB Group, Kenya’s biggest bank by assets, has also adopted WhatsApp banking. KCB hopes to improve its communications by utilising widely used messaging platforms as part of a larger plan to offer individualised services.

A subsidiary of South Africa’s Absa Group, Absa Bank Kenya, followed suit in 2021 by launching the “Abby” WhatsApp banking service.

A Mumbai doctor’s loss of $2,000 from his WhatsApp wallet raised cybersecurity concerns, while many Kenyan consumers were ecstatic about the new banking model at the time.

“We have put up stringent measures to make WhatsApp banking secure for everyone. We have several security layers on the platform,” the bank’s head of digital channels, Andrew Mwithiga, told African Banker.

In 2022, Equity Group, which has the largest customer base in Kenya, introduced the Equity Virtual Assistant, a WhatsApp banking platform. With its open banking model, I&M Bank has also entered the WhatsApp banking space, initially providing customer service for non-transactional enquiries.

Through its AI-powered chatbot, Zuri, M-Pesa, the top mobile money platform in the world, has integrated WhatsApp banking since 2020. In Kenya, M-Pesa is used by more than 95% of households.

According to Statista, as of January 2024, 86% of Kenyan internet users were using WhatsApp, making it the most popular messaging app in the country. In Kenya, there were 7.9 million WhatsApp users as of 2023.

Meanwhile, an €8.51 million loan from the African Development Bank has been approved for Senegal’s “Programme to Promote Efficient Lighting Lamps” (PPLEEF), a groundbreaking project aimed at promoting energy efficiency in the nation. This establishes a new standard for sustainable development in Africa and is the bank’s first entirely focused demand-side energy efficiency investment project.

The post African banks post strong profits amidst hurdles appeared first on International Finance.

We have Israeli start-up Noma and United States-based competitors Hidden Layer and Protect AI. However, in today’s episode of the “Start-up of the Week,” International Finance will talk about British University spinoff Mindgard.

In the words of Professor Peter Garraghan, the CEO and CTO of the start-up, “AI is still software, so all the cyber risks that you probably heard about also apply to AI. But, if you look at the opaque nature and intrinsically random behaviour of neural networks and systems.”

The Mindgard Way Of Ensuring AI Security

Established in 2022, the start-up first hit the headlines in 2024, as it emerged as the winner of the “Cyber Innovation Prize,” at Infosecurity Europe 2024. Mindgard’s approach to ensuring “Security for AI” is a thing called “Dynamic Application Security Testing for AI” (DAST-AI), which targets vulnerabilities that can only be detected during runtime. The process involves continuous and automated red teaming, a way to simulate attacks based on Mindgard’s threat library.

Mindgard’s technology has been a brainchild of Professor Garraghan’s academic background as a researcher focused on AI security. For him, LLMs (Large Language Models, type of AI programme that can generate and recognise texts) are rapidly changing, and so do the threats around these models. Using his ties with Lancaster University, Professor Garraghan envisions Mindgard automatically own the IP to the work of 18 additional doctorate researchers for the next few years.

While it has ties to research and development activities in the “Security for AI” field, Mindgard has very much become a commercial product already, and more precisely, a SaaS (Software-as-a-Service) platform. Despite having enterprises as clients, Professor Garraghan’s company also works with AI start-ups, with many from the United States, that need to show their customers they do AI risk prevention.

After raising a 3-million-pound seed round in 2023, Mindgard is now announcing a new USD 8 million round led by Boston-based .406 Ventures, with participation from Atlantic Bridge, WillowTree Investments, and existing investors IQ Capital and Lakestar. The funding will help with building the team, product development, research and development, but also expand into the United States.

Key Products And Services

Talking about Mindgard’s R&D activities, we have DAST-AI or “Dynamic Application Security Testing for AI” to begin with, which, powered by the world’s largest attack library for AI, enables red teams (group of security professionals who simulate cyber-attacks to test an organisation’s security), security and developers to swiftly identify and remediate AI security vulnerabilities.

Tech professionals can find and remediate their AI vulnerabilities on a proactive basis, by integrating into existing CI/CD automation and all SDLC stages, as DAST-AI provides extensive model coverage beyond LLMS, including image, audio and multi-modal, thereby empowering the red teams to Identify AI risks that static code or manual testing cannot detect.

Also, DAST-AI helps its users to reduce testing times on their AI models from months to minutes, by helping them to gain actionable visibility with the most accurate AI security insights, thereby empowering teams to swiftly address emerging threats.

To access DAST-AI, the users need to point the Mindgard platform to their existing AI products and environments, following which the tool starts its things by effortlessly running custom or scheduled tests on the client’s AI models, generating a detailed view of scenarios and threats to the model, apart from quickly analysing them. The clients can integrate report viewing smoothly into their existing systems and SIEM (Security Information and Event Management).

DAST-AI works on the “Testing, Remediation and Training” model where world-class AI expertise from academia and industry is providing continuous security testing across the technology lifecycle, apart from integrating into existing organisational workflow and automation, thereby helping Mindgard’s clients to safeguard their AI assets by continuously testing and remediating security risks, ensuring the security of both third-party AI models and in-house solutions.

Next is “Artifact Scanning,” which ensures AI systems are secure and function as intended in live environments. It’s a real-time threat response tool that protects AI models with continuous monitoring and advanced security testing. Mindgard’s “Run-Time Artifact Scanning” identifies vulnerabilities, analyses risks, and integrates seamlessly into the user’s workflows to keep AI investments secure and compliant.

If a client connects his/her AI models with Mindgard for run-time artifact scanning, the process supports a variety of frameworks and deployment environments. “Artifact Scanning” carries out comprehensive tests on the AI model including adversarial attacks and configuration checks, to identify weaknesses in real-time, apart from getting a detailed view of scenarios and threats. The tool then integrates results into the client’s existing systems for streamlined monitoring and incident response, helping businesses gain immediate visibility into their AI security posture.

Artifact Scanning’s offline profiling leverages analytics and Mindgard’s AI threat intelligence repository to identify vulnerabilities and attack patterns that can be addressed before deployment. Run-time testing builds on this foundation by evaluating ML model artifacts in a secure staging environment, detecting dynamic risks such as prompt injection that static analysis cannot uncover.

Together, these processes ensure that both known and emerging threats are addressed, providing robust protection for businesses’ AI investments. Continuous monitoring ties everything together, enabling proactive threat detection and ongoing security assurance.

AI Red Teaming And Pentesting As A Service

Mindgard’s red teaming services combine deep expertise in cybersecurity, AI security, and threat research to complement its DAST-AI solution. The start-up’s security experts specialise in adversarial testing techniques that are tailored to 21st century enterprises’ specific business objectives and AI environments. By leveraging its unique skill set, Mindgard is empowering its clients’ data science and security teams with actionable insights to strengthen defences and fully protect commercial AI systems.

Mindgard conducts a thorough analysis of a business’ AI/ML operations lifecycle, along with a deep review of the client’s most critical models to identify risks that could threaten the organisation. The findings are mapped to industry best practices, including NIST, MITRE ATLAS, and OWASP, delivering actionable guidance to strengthen cyber defences and reduce organisational risk.

Mindgard delivers a training programme designed to equip data science and security personnel with a deep understanding of adversarial machine learning tactics, techniques, and procedures (TTPs), along with the most effective countermeasures to defend against them. The training includes actionable insights on integrating ML model testing into a company’s internal processes and an overview of leading offensive AI tools, such as PyRIT, Garak, PINCH and more.

The post Start-up of the Week: UK-based Mindgard eyes making ‘AI Security’ the new normal appeared first on International Finance.

According to HIBP, the breach occurred on October 19, following which on October 21, a threat actor operating under the alias “Satanic” claimed responsibility for the breach. In a post on the cybercrime forum BreachForums, Satanic claimed to have stolen 350 million user records from Hot Topic and its affiliated brands, Box Lunch and Torrid.

According to a report by cybersecurity firm Hudson Rock, the hacker initially attempted to sell the database for $20,000 and demanded a $100,000 ransom from Hot Topic to take down the information. When TechCrunch accessed a post on BreachForums, Satanic was seen offering the database for $3,500.

The menace called infostealing

As per Check Point Software’s October 2024 Global Threat Index, cybercriminals are leveraging increasingly sophisticated attack methods, including the strategic deployment of infostealers. The report also took cognisance of the ‘Lumma Stealer’ malware, which leverages fake CAPTCHA pages to infiltrate systems through phishing and cracked game downloads. The method has surged to the fourth rank in Check Point’s monthly global malware rankings. Once installed, the menace exfiltrates sensitive data, underscoring the effectiveness of today’s infostealers.

The report revealed that a new version of ‘Necro’ has moved up to the second position in the mobile malware rankings for October. This malware infects popular applications, including game mods available on Google Play, and has affected over 11 million devices. It employs obfuscation techniques to evade detection and utilises steganography to conceal information within another message or physical object, thereby hiding its payloads.

Then there is “New Glove Stealer,” a malware that can bypass Google Chrome’s Application-Bound (App-Bound) encryption to steal browser cookies. Gen Digital security researchers, who first spotted the threat element, while investigating a recent phishing campaign, said the information-stealing malware is “relatively simple and contains minimal obfuscation or protection mechanisms,” indicating that it’s very likely in its early development stages.

The Glove Stealer .NET malware has the capability to extract and exfiltrate cookies from both Firefox and Chromium-based browsers, such as Chrome, Edge, Brave, Yandex, and Opera. It can also steal cryptocurrency wallets from browser extensions, 2FA session tokens from applications like Google, Microsoft, Aegis, and LastPass, as well as password data from Bitwarden, LastPass, and KeePass. Additionally, it can access emails from mail clients like Thunderbird.

But that’s not all. Cybercriminals are deploying a new information-stealing malware on Windows systems that employs the “Bring Your Own Vulnerable Driver” (BYOVD) technique. This allows them to extract victims’ browser data, software information, credit card details, and other system data.

Kaspersky Labs, a global cybersecurity company, has recorded over 11,000 attack attempts in the past three months across several countries, including Russia, China, India, Brazil, and Mexico. The malware is also equipped with a crypto-mining module, which exploits the computing resources of infected systems.

Let’s explore the vast cybercrime industry that thrives on information-stealing attacks, targeting large businesses and posing a significant threat to the global economy.

A dark mess

According to award-winning investigative journalist Joseph Cox, on October 20, a hacker who calls themselves Dark X said they logged in to a server and stole the personal data of 350 million Hot Topic customers. The following day, Dark X listed the data for sale on an underground forum. The day after that, Dark X said Hot Topic kicked them out.

“Dark X told me that the apparent breach, which is possibly the largest hack of a consumer retailer ever, was partly due to luck. They just happened to get login credentials from a developer who had access to Hot Topic’s crown jewels. To prove it, Dark X sent me the developer’s login credentials for Snowflake, a data warehousing tool that hackers have repeatedly targeted recently. Alon Gal from cybersecurity firm Hudson Rock, which first found the link between infostealers and the Hot Topic breach, said he was sent the same set of credentials by the hacker,” Cox wrote in his article for The Wired, as he interacted with the threat actor.

“The luck part is true. But the claimed Hot Topic hack is also the latest breach directly connected to a sprawling underground industry that has made hacking some of the most important companies in the world child’s play,” he added.

In July 2024, hackers broke into a cloud platform used by AT&T and downloaded call and text records of “nearly all” of AT&T’s cellular customers across a several month period. In the same month, American ticket sales and distribution company Ticketmaster witnessed a similar incident, in which the hacking group that breached the venture released new data that they said could be used to create more than 38,000 concert tickets nationwide, including to sought after shows like Olivia Rodrigo, Bruce Springsteen, Hamilton, Tyler Childers, the Jonas Brothers, and Los Angeles Dodgers games.

The data would allow someone to create and print a ticket already sold to someone else, creating a situation where Ticketmaster and venues might have to sort out which tickets are from legitimate buyers and which are not. A month prior, American Luxury retailer Neiman Marcus confirmed a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks, impacting 64,472 people.

As per Cox, these were not entirely isolated incidents, as through these attacks, infostealers created a complex yet dangerous online ecosystem, where crimes are now getting committed through the method of pillaging passwords and cookies stored in the victims’ browsers.

“There are Russian malware coders continually updating their code; teams of professionals who use glitzy advertising to hire contractors to spread the malware across YouTube, TikTok, or GitHub; and English-speaking teenagers on the other side of the world who then use the harvested credentials to break into corporations. At the end of October, a collaboration of law enforcement agencies announced an operation against two of the world’s most prevalent stealers. But the market has been able to grow and mature so much that now law enforcement action against even one part of it is unlikely to make any lasting dent in the spread of infostealers,” he wrote.

How the ecosystem works

Online publication 404 Media interviewed malware developers, tracked the hackers who use the stolen credentials, and reviewed manuals instructing recruits how to spread the malware, thereby mapping out the infostealing ecosystem. The result is the creation of an innocent-looking piece of software, downloading which can lead to a data breach at a multibillion-dollar company, putting Google and other tech giants in an ever-escalating cat-and-mouse game with the malware developers to keep people and companies safe.

The infostealer ecosystem starts with the malware itself. Dozens of these exist, with names like Nexus, Aurora, META, and Raccoon. The most widespread infostealer is one called RedLine, according to cybersecurity firm Recorded Future. As per Cox, having a prepackaged piece of malware also dramatically lowers the barrier to entry for a budding new hacker. The administrator of LummaC2, which Recorded Future says is in the top 10 of infostealers, told the investigative journalist that it welcomes both beginner and experienced hackers.

“Initially, many of these developers were interested in stealing credentials or keys related to cryptocurrency wallets. Armed with those, hackers could empty a victim’s digital wallets and make a quick buck. Many today still market their tools as being able to steal Bitcoin and have even introduced OCR to detect seed phrases in images. But recently those same developers and their associates figured out that all of the other stuff stored in a browser—passwords to the victim’s place of work, for example—could generate a secondary stream of revenue,” Cox wrote.

“Malware developers and their clients have realised that personal and corporate credentials, such as login details for online accounts, financial data, and other sensitive information, hold substantial value on the black market,” RussianPanda, an independent security researcher who follows infostealers closely, told 404 Media, while adding, “Infostealer creators pivoted to capture this information too.”

As per 404 Media, “The exhaust from cryptocurrency-focused heists has created an entirely new industry in its own right that is causing even more destruction across healthcare, tech, and other industries.”

There are “Data Stealers,” who then sell these collected sensitive credentials and cookies, or logs, via bots on Telegram. What is known to us as a messaging app, becomes a critical selling point for these teams. The entire process from buying to selling stolen logs is automated through Telegram bots.

In July 2024, Google Chrome rolled out an update that was designed to lock applications other than Chrome, including malware, from accessing cookie data. For a moment, Chrome had the upper hand against the infostealers. Some malware developers made their grievances known more explicitly. In one update, a pair of infostealers included the phrase “ChromeF**kNewCookies” in their malware’s code.

“It’s a little bit of a cat and mouse, but we think that this is a game that we want to play as much as we can if the outcomes remain positive. We want to protect users, obviously, as much as we can,” Will Harris, staff software engineer on Google Chrome, told Cox.

However, the fight is not that easy, when it comes to securing Chrome itself and protecting more data from infostealers. Tech giants, especially Google, need to practice “disruption,” where the researchers will remain constantly updated about the evolving piracy techniques adopted by the infostealers and devise the perfect countermeasures, which in turn will constrain the tools available to the malware developers.

“Releasing updates one by one on a regular basis, rather than all at once, can also disrupt the malware developers. Instead of the criminal coders knowing what they need to fix all in one go, they can never be quite sure what Google is going to clamp down on next, wasting more of their time,” wrote Cox.

“After one update, a lot of the customers of a stealer were extremely upset, and they [the malware makers] had to work nights on coming up with a bypass,” Harris said, while adding that one stealer, called Vidar, increased the cost of its tool too. The staff software engineer on Google Chrome also pointed specifically to Microsoft Windows to explain his point.

“When you compare Windows with, say, Android, or ChromeOS, or even macOS, those platforms have this strong application isolation. Meaning, that malware has a harder time stealing data from other parts of the system. We noticed on Windows, which was obviously a major platform for us, that these protections didn’t exist,” Harris noted.

A dazzling recruitment drive

Any prolific ecosystem thrives on an equally good recruitment drive. This is what Cox wrote about how the universe of infostealers gets new people onboard, “With electronic rap music playing in the background, a man stretches his hands forward and leans back into a chair. The camera pans around their alleged apartment: huge floor-to-ceiling windows in a large dining room, wood-panelled floors, and a funky chandelier. In another shot, the man opens a laptop, types away, and then takes a sip of what looks like w****y. The implication: This could be you if we work together. This is one of a dizzying number of adverts on an underground forum called Lolz where ‘traffers’ (organised cybercrime workers responsible for redirecting victims’ traffic to malicious content operated by others) gather to look for new recruits.”

Mostly the “traffers” section-related recruitment happens to onboard “contractors,” who can help spread the malware or get traffic, with teams vying for attention in a crowded marketplace. Each tries to one-up the other with outrageous advertising and branding. They use names such as “Billionaire Boys Club,” “Baphomet,” and “Chemodan.” The adverts include animated GIFs of computer-generated luxury cars or private jets. Another for “Cryptoland Team” shows a knight in armour looking down at a skeleton in a hood writing on parchment paper.

“Each team’s ad lists the brand of infostealers its members use, what split of the profits a collaborator can expect, and whether they allow an associate to take any extra exfiltrated logs. And most explicitly say that anyone they work with is prohibited from targeting the Commonwealth of Independent States (СНГ), or former members of the Soviet Union, which includes Belarus, Ukraine, and Russia. Collaborators then leave reviews and screenshots proving they’ve made money working with the team,” Cox wrote.

Many of these teams accept new applications through their own Telegram bots. Some of them require applicants to have prior experience. For instance, 404 Media successfully navigated the application process for two trafficker teams by answering a few basic questions. Following that, the bots provided links to the manuals of the respective teams, which outline how to spread the malware.

One manual from Baphomet recommends bundling the stealer into cheating software for Roblox. It then describes how to set up a YouTube video advertising the cheat, and by extension helps propagate the malware.

Another advert from a traffic team claims to work with TikTok, Telegram, Instagram, Twitter, Facebook, YouTube, YouTube Shorts, email newsletters, bloggers, and influencers. Many of the team’s manuals reflect this and recommend distributing info stealers via other social media sites or point to GitHub as an effective trafficking method.

In October 2024, a global operation, supported by Eurojust (European Union Agency for Criminal Justice Cooperation), led to the takedown of servers of infostealers. The infostealers, RedLine and META, targeted millions of victims worldwide, making it one of the largest malware platforms globally. An international coalition of authorities from the Netherlands, the United States, Belgium, Portugal, the United Kingdom and Australia shut down three servers in the Netherlands, seized two domains, unsealed charges in the United States and took two people into custody in Belgium.

Will the news send any shockwave in the world of infostealing? Probably not, unless and until such coordinated global-level law enforcing operations become the new normal, in sync with the efforts of the tech giants to hire more researchers who constantly keep themselves updated with the evolving piracy techniques and come up with the perfect countermeasures.

The post New infostealers target global businesses appeared first on International Finance.

In this tense backdrop, a start-up named Axiado has emerged, by propagating the “Software+Hardware” approach to combat cyberattacks, as the venture has created a business out of designing “security” chips and apps to leverage them. Founded in 2017, Axiado makes chips to secure devices ranging from data centres to 5G base stations (critical components in a mobile network that connect devices, such as smartphones and IoT gadgets, to the core network and the internet), thereby giving companies the power to secure their digital infrastructure on an end-to-end basis fully.

In today’s episode of the “Start-up of the Week,” International Finance will talk in detail about the venture, which in November 2024 raised USD 60 million in Series C funding, led by Maverick Silicon with participation from Samsung Catalyst Fund, Atreides Management, and Crosslink Capital.

Explaining The ‘Software+Hardware’ Approach

As per CEO Gopi Sirineni, in some machines (computers), the boot sequence (the initial start-up process) is vulnerable to attack, as the units don’t check whether the sequence has been tampered with. In recent years, more secure boot chip- and software-based technologies have risen to prominence, but they’re far from universally deployed.

Axiado, through its chip, aims to protect against boot-level attacks by authenticating boot-level updates before they’re executed, and by regularly checking the integrity of the boot sequence. Sirineni told TechCrunch that the method will prevent boot-level attacks from penetrating systems where Axiado’s chip is installed.

Axiado’s chip also handles runtime security (security for software, apps, and workloads post-boot), similar to products like Microsoft’s Pluton, Google’s Titan, and Apple’s T2. As per Sirineni, the start-up’s chip mostly employs root-of-trust technology, which cryptographically protects against hardware tampering. In addition, the chip drives Axiado’s cybersecurity monitoring platform, which tries to detect potentially malicious activity in data patterns.

Axiado has grabbed the headlines, by manufacturing the world’s first purpose-built, fully integrated AI-driven hardware security platform, with the new AX2000 and AX3000 TCUs being customised to help prevent cybersecurity and ransomware attacks for the cloud and edge markets. Axiado’s breakthrough TCU brings stability and security to the control and management of these heterogeneous infrastructures by eliminating fundamental security problems from the ground up.

Axiado’s TCU is a proactive and intelligent security solution that engages a combination of multiple axes of innovation: silicon, AI & data collection, and software. These innovations comprise silicon IPs that are the focal building blocks of its product offering. It effectively works as the last line of defence, even when all other network functions have been compromised. The TCU detects and stops ongoing attacks and recovers the system from an attack by isolating it from the network, through hardware forensics and real-time, protective AI.

Here Are The Products

Axiado’s mission is to secure the end-to-end digital infrastructure by embedding a new breed of hardware-anchored AI-driven platform security in servers, 5G and network infrastructure, with the belief that data security should be the default solution, not an option.

While placing “DPP” (Detection, Protection and Prediction) at the forefront of its innovations, Axiado’s AX3000/AX2000 TCU with built-in AI provides the industry’s most robust, hardware-anchored solution to detect and defend against ransomware and cyberattacks in cloud data centres, 5G networks, and network switches. Compact yet powerful, the processor features anti-tamper and anti-counterfeit hardware, virtualization capabilities, and safeguards against sophisticated attacks.

Next is Smart-SCM (Axiado Smart Secure Control Module), powered by the TCU (Trusted Control/Compute Unit), which is ideal for data centres. Here, we are talking about a processor that combines silicon, artificial intelligence, data collection, and software into a compact, power-efficient TCU with unique AI functionality explicitly designed for security, safeguarding cloud data centres and 5G networks.

The existing data centres have limitations, when it comes to ensuring foolproof hardware security. To address this, Axiado has reimagined Open Compute Project’s (OCP) trusted platform datacenter-ready secure control module (DC-SCM) and created the Smart-SCM card, powered by the Axiado TCU.

Smart-SCM has evolved as a complete package, in terms of being a single chip that provides cybersecurity functions like Root of Trust, Baseboard Management Controller, Trusted Platform Module, Hardware Security Module and Firewall. Generally, a data security set-up requires a huge number of independent chips to perform all these functions.

Next is Secure-NCM (Axiado Compact Secure Network Compute Module), which provides smart network interfaces and security for network switches, 5G networks across campus, data centres and service providers.

“Network infrastructure products like switches, service provider routers, 5G base stations require a rethink from a security standpoint for inline data traffic. This includes protecting firmware, side-channel attack protection, DoS, privilege escalation, and detecting vulnerabilities at boot- and run-time. Axiado Secure-NCM based on TCU architecture offers a single-chip integration of platform security, network security and various anomaly detection capabilities. In summary, TCU-based solutions, in real time, help protect platform assets and detect vulnerabilities/attacks,” stated the start-up, while explaining the product.

The Axiado AI-Driven Secure Management Card powered by the TCU allows interoperability and provides enhanced security to next-generation servers, making it the best-in-class security solution for NVIDIA MGX platforms (modular server platform that offers a variety of server variations for different networking and compute requirements).

In addition to being compact and power-efficient, the card features integrated ASIC with trusted computing, BMC, TPM, HRoT, NC-SI, and AI/ML all in a single device, apart from protecting against insider and side-channel attacks through hardware agent-based behavioural ransomware detection. A few other important features of the device are its flexible platform ownership management, secure host connectivity and encrypted memory for data and code protection.

Making A Difference In The IT Spectrum

In 2020, researchers reportedly found an “unfixable” flaw in Apple’s T2 security chip that could open devices up to the very threats the tool was designed to prevent. Supply chain issues have led to secure boot failings, as well, especially during instances in which vendors didn’t follow best practices. Axiado claims that its chips haven’t faced T2-like difficulties yet.

“Recently, to tap the massive investment in AI data centre infrastructure, Axiado launched a system that dynamically adjusts data centre cooling to reduce costs. (Cooling is often a major line item in data centre operations — and an environmental headache.) Axiado’s system leverages the company’s chip to measure and adjust cooling automatically based on workloads, similar to systems from startups like Phaidra,” TechCrunch reported in November 2024.

As per the CEO Gopi Sirineni, the latest funding has brought the Silicon Valley-based start-up’s total raised to USD 140 million, and the amount will be put toward go-to-market efforts and expanding Axiado’s 100-person workforce across its San Jose, India, and Taiwan offices. Another immediate focus area will be taking the product to mass production, so that the venture starts continuous revenue generation from 2025 onwards.

The year 2024, in general, has been a busy one for the start-up. Take the months of October and November, where Axiado entered into tie-ups with globally recognised electronics and manufacturing service (EMS+) provider Pegatron Corporation, Giga Computing (a subsidiary of GIGABYTE and an industry leader in generative AI servers and advanced cooling technologies) and Jabil (a global manufacturing solutions provider). The similarity between all these pacts was the focus on implementing AI-driven, hardware-anchored platform security. Expect Axiado to make waves in the world of cybersecurity in the coming days as a disruptive force.

The post Start-up of the Week: Axiado combats cyberattacks with AI & hardware innovation appeared first on International Finance.

In this analysis, we examine the implications, goals, and potential impact of DORA, focusing on its four main pillars: ICT Risk Management, Incident Management, Third-Party Risk Management, and Threat-led Penetration Testing (TLPT). This data-driven piece highlights why DORA is more than just a regulatory framework; it is a guide for achieving proactive digital resilience in a globally interconnected financial ecosystem.

Strengthening digital defences

The first and foundational pillar of DORA is Information and Communications Technology (ICT) Risk Management, which mandates financial institutions enhance their digital defences. This requirement goes beyond basic cybersecurity measures. This is the basis upon which financial institutions must build their cybersecurity strategies. DORA requires that every financial entity under its jurisdiction develop a robust framework for managing ICT risks, one that moves beyond merely protecting systems from cyberattacks.

This approach ensures that all firms, regardless of their size, meet a consistent level of ICT risk management requirements. Larger institutions may already have sophisticated systems, but smaller firms or those formed through acquisitions may struggle with inconsistencies. Companies operating across multiple regulatory environments must now synchronise their ICT risk management practices, ensuring uniformity across all branches.

Firms managing ICT risk inconsistently, due to acquisitions across various jurisdictions or disparate ICT policies, will now face stringent new expectations under DORA. These include ongoing assessments of risks linked to new ICT initiatives and continuous reviews to ensure practices keep up with evolving threats.

Data from the European Commission shows that over 62% of cybersecurity incidents faced by European financial institutions involve vulnerabilities that could have been mitigated with standardised ICT procedures. In 2022 alone, over 280 major incidents were attributed to weak ICT practices. DORA’s approach to ICT risk management aims to close this gap by encouraging a proactive, risk-centred strategy. While this change will require considerable investment, particularly for those with disorganised risk management systems, the goal is a more secure digital environment through enhanced systems, dedicated staff, and consistent monitoring.

The second pillar of DORA is Incident Management, which ensures a quick and organised response to digital disruptions. In today’s digital world, incidents, ranging from minor errors to major cyberattacks, are unavoidable. DORA focuses not only on resolving these incidents but also on reporting them properly and learning from them to enhance resilience and prevent future occurrences.

Under DORA, financial institutions are required to report incidents promptly and in detail. This includes classifying incidents based on severity, according to the draft Regulatory Technical Standards (RTS). Seven classifications are used to standardise incident reporting, which promotes transparency and helps others learn from each event to strengthen their defences.

Financial institutions must update their Standard Operating Procedures (SOPs) to incorporate these new classification and incident management requirements. Detection systems, response frameworks, training programmes, and audit schedules must be revamped to support these standards.

Recent studies by IBM indicate that early detection and rapid response can reduce the cost of a data breach by nearly 30%. The average cost of a data breach for financial institutions is $5.85 million, meaning early detection could save approximately $1.76 million per incident. By mandating effective SOPs, combined with ongoing training, incident simulations, and audits, DORA aims to ensure financial institutions not only respond to incidents but do so in a way that builds systemic resilience. Although this approach requires substantial investment, it will foster a culture of preparedness and strength across the European financial sector.

Financial institutions are not isolated entities; they operate within interconnected systems that depend on numerous third-party service providers, each with risks. DORA’s third pillar, Third-Party Risk Management, acknowledges the risks that these partnerships pose and aims to eliminate vulnerabilities arising from them.

The interconnected nature of finance means that a cybersecurity breach involving a minor third-party provider can have major consequences for a financial institution. DORA mandates that financial institutions enforce strong ICT risk management protocols not only for themselves but also for their third-party suppliers. Regulators will oversee these suppliers to ensure that third-party entities do not become weak links in the financial chain.

One significant aspect of DORA’s approach is its emphasis on accountability. Financial entities cannot outsource their responsibility for compliance, even if a service is managed by an external party, the primary financial institution remains accountable for managing the related ICT risks. This fundamentally changes how financial institutions approach outsourcing, particularly in ICT, by requiring firms to set clear expectations for their suppliers and conduct regular audits to ensure compliance.

A survey by the Ponemon Institute found that 53% of organisations experienced at least one data breach involving a third-party vendor in the past two years, and the average cost of such a breach was approximately $4.29 million. Under DORA, financial institutions establish stricter controls over their outsourcing processes and conduct frequent audits to mitigate risk and meet regulatory requirements.

Implementing DORA’s third-party risk management standards will increase procurement costs and necessitate more complex contract negotiations. Financial institutions must align third-party contracts to ensure suppliers meet the same obligations as the primary institution. This will change how service providers are evaluated, prioritising their ICT resilience and regulatory adherence.

The fourth pillar of DORA introduces Threat-Led Penetration Testing (TLPT) as a proactive cybersecurity measure. TLPT, inspired by the Threat Intelligence Based Ethical Red Teaming (TIBER-EU) framework, involves simulating cyberattacks across the attack surfaces of major financial institutions. The purpose is straightforward: identify vulnerabilities before they can be exploited by malicious actors.

Unlike traditional audit exercises, TLPT is dynamic and strategic. It involves ethical hackers attempting to identify weaknesses within an institution’s security. The findings are crucial for understanding an institution’s vulnerabilities and enhancing cybersecurity defences. Systemically important financial institutions are the primary targets of TLPT, ensuring that critical parts of the financial system are prepared for real threats.

According to the European Central Bank, TLPT exercises provide insights that lead to improved incident response capabilities and better threat intelligence. Institutions that implemented TLPT saw a 25% reduction in the time to respond to simulated threats. TLPT isn’t just about compliance; it’s about developing preparedness through simulated attacks, ensuring that executives and boards are ready for real cyber threats.

To implement TLPT, financial institutions will need to invest in specialised expertise, both in-house and contracted. However, the benefits, including increased system integrity and reduced vulnerability, outweigh the costs. TLPT is an essential component of transitioning from a reactive to a proactive cyber risk management strategy.

Accountability in the digital age

Accountability and transparent governance are crucial components of DORA. Financial institutions are accountable not only to regulators but also to their boards of directors. Under DORA, the role of boards in overseeing cyber risk will expand, requiring executive teams to acquire the knowledge and skills needed to manage cybersecurity effectively.

This requirement aligns with the NIS 2 Directive, which mandates that senior management be trained to understand cyber risks and integrate these risks into broader operational strategies. Robust reporting structures ensure that boards remain informed about ICT risks and resilience efforts, shifting their role from passive recipients of information to active participants in digital risk management.

DORA encourages an asset-centric approach to ICT risk management. IT assets should be seen as just as important as business assets, forming the foundation of a financial institution’s capabilities. Failing to protect these assets adequately can disrupt business continuity.

The concept of Integrated Risk Management (IRM) is crucial here. Unlike traditional approaches that manage risks separately, IRM provides a comprehensive view, linking ICT risk directly to business continuity and resilience. By treating IT assets as core components of business capability, financial institutions can align risk management strategies to be more proactive and effective.

In practical terms, institutions will need to automate risk management processes. Automated systems allow financial institutions to efficiently identify, assess, and respond to risks, helping them build a fully integrated defence mechanism. The focus is on using digital tools to not only meet compliance standards but also improve efficiency through process automation.

DORA’s broader impact

Although DORA is an EU regulation, its influence will likely be felt globally. Over 45% of non-EU financial institutions with EU clients are already updating their risk management frameworks to align with DORA’s requirements. Financial institutions outside the EU that do business with EU clients or have operations in the EU must adhere to DORA’s stringent ICT and third-party risk management requirements. In this way, DORA sets a new global standard for digital resilience in finance.

Other jurisdictions may soon adopt similar frameworks to ensure that their financial institutions remain compliant and competitive when dealing with European counterparts. Just as GDPR sets a precedent for global privacy standards, DORA’s focus on ICT resilience may establish a benchmark for cybersecurity and operational risk management across the international financial sector.

DORA is more than just a set of regulatory requirements, as it represents a vision for the future of finance that is grounded in resilience, accountability, and proactive digital risk management. While these requirements may seem burdensome, especially for smaller firms, the long-term benefits are undeniable: a secure and stable financial system capable of handling the complexities of the digital age.

For financial institutions, successfully navigating DORA’s requirements will depend on adopting an integrated approach to compliance. ICT risk management, incident management, third-party oversight, and TLPT must all function as part of a cohesive strategy that protects digital infrastructure. Management must be prepared to transition from traditional, isolated risk management practices to a unified, future-oriented strategy that acknowledges the interconnected nature of digital threats.

The financial sector must understand that DORA requires more than just checking off compliance boxes, it calls for a cultural shift within organisations. Digital resilience should be as central to operational success as financial health. Executive management and boards play a critical role in driving this change, moving cybersecurity from a peripheral concern to a core element of strategic planning.

By setting high standards for ICT risk management, transparency, and third-party governance, DORA challenges financial institutions to advance their digital capabilities and build strong defences against an evolving threat landscape. Although these changes may be demanding, they promise a financial system that is compliant and genuinely resilient in the face of ongoing digital evolution.

The post DORA: A universal standard for financial resilience appeared first on International Finance.