The digital landscape faces increasing threats from AI-fueled fraud, state-sponsored attacks, and ransomware. This report explores recent incidents, regulatory actions, and innovative countermeasures.
AI-Driven Fraud and Open Banking as a Countermeasure
The rise of AI-generated fraud in mortgage lending has prompted Australian lenders to adopt open banking and the Consumer Data Right (CDR) to combat forged documents and scams. According to a white paper by NextGen, 88% of lenders plan to use open banking for income verification, while 73% see it as critical for fraud detection.
The shift aims to replace manual document checks with real-time, consent-based data sharing via secure APIs. Key findings include:
- Fraud risks: AI-driven scams and doctored payslips are increasingly sophisticated, with the Commonwealth Bank of Australia (CBA) investigating up to $1 billion in suspected fraudulent loans.
- Open banking benefits: Direct data feeds reduce falsification risks, enable faster approvals (63%), and support tailored product recommendations (20%).
- Regulatory scrutiny: The Australian Securities and Investments Commission (ASIC) is probing CBA’s fraud cases, highlighting the urgency for lenders to integrate CDR-compliant workflows.
Tony Carn, NextGen’s chief customer officer: “Manual verification of documents is slow and vulnerable—it’s the worst of both worlds. Open banking creates a direct chain of trust between source accounts and credit decisions.”
Russian Phishing Campaign Targets Signal and WhatsApp Users
Dutch intelligence agencies warned of a large-scale Russian phishing campaign targeting Signal and WhatsApp users, including Dutch government officials and journalists. The attack involves hackers posing as “Signal support” to steal login credentials via fake messages. Germany and Google previously issued similar alerts, with Russian actors linked to phishing attempts against Ukrainian military personnel.
Key details include:
- Target profile: High-value individuals (government, military, media) are prioritized, exploiting Signal’s privacy features to mask suspicious activity.
- Mitigation: Signal advised users to never share login codes and enabled default end-to-end encryption. WhatsApp recommended its scam protection guide.
- Broader context: The campaign aligns with Russia’s hybrid warfare tactics, leveraging encrypted platforms to gather intelligence. Signal’s nonprofit status and quantum-resistant encryption make it a prime target for state actors. Read more about these trends in the cyber-scams phishing geopolitical cyber-warfare
Signal’s statement: “We take these attacks seriously. Account takeovers undermine the trust we’ve built with users who rely on Signal for secure communication.”
Ransomware Attacks: Costs and Trends in the Philippines and South Korea
Philippine firms hit by ransomware paid an average of $500,000 per incident in 2025, with remediation costs reaching $1.12 million, according to Sophos’ 2023 report. While the encryption rate dropped from 76% to 68%, attackers are shifting to data extortion without encryption. Notably, 97% of victims engaged external cybersecurity experts, up from 86% in 2022.
In South Korea, the Financial Supervisory Service (FSS) is sanctioning Seoul Guarantee Insurance (SGI) for a ransomware attack that paralyzed operations for nearly a month in late 2025. The investigation found SGI neglected basic cybersecurity and lacked a contingency plan. The FSS may impose fines or business suspensions, setting a precedent for financial sector cybersecurity enforcement.
Key trends include:
- Global vs. local costs: Philippine remediation costs ($1.12M) are below the global average ($1.82M), but the 42% ransom payment rate signals persistent vulnerabilities.
- Regulatory response: South Korea’s FSS action reflects growing scrutiny of cyber hygiene in critical infrastructure, with potential reputational and legal repercussions for negligent firms.
Sophos: “Organizations must prepare for the worst—ransomware crews are evolving faster than defenses. Backups and incident response plans are no longer optional.”
For more insights into the rising tide of ransomware attacks and their impact on global cybersecurity, refer to our internal blog article on data breaches.
U.S. Trade Probe into South Korea’s Digital Sector
The U.S. Trade Representative (USTR) launched a Section 301 investigation into South Korea’s digital policies, citing data localization requirements, platform regulations, and discriminatory practices against U.S. tech giants (Google, Apple, Meta). The probe follows complaints about Korea’s app store and in-app payment rules, which allegedly favor local competitors like Naver and Kakao.
Key issues include:
- Trade tensions: The USTR’s move escalates friction over AI, 5G, and cloud computing dominance. Potential outcomes range from tariffs to negotiated reforms. This geopolitical tension is a significant aspect of the broader cybersecurity landscape, as highlighted in the cyber warfare and supply chain vulnerabilities discussion.
- Korea’s defense: Seoul claims its policies promote competition and consumer protection. However, critics argue they create market barriers for foreign firms, particularly in the context of supply chain vulnerabilities and national security concerns.
- Stakeholder input: The USTR will hold hearings and solicit public comments, with a decision expected in mid-2026. This process underscores the importance of public-private collaboration in shaping cybersecurity policies.
USTR Katherine Tai: “The digital economy is critical for growth. We must ensure U.S. companies face a level playing field in Korea’s market.”
Final words
Cybersecurity threats are evolving rapidly, demanding proactive defenses and stricter enforcement. Collaboration between governments, industries, and individuals is crucial. Stay informed, verify sources, and prioritize cyber hygiene to mitigate risks.