Episode 152

7th April – 13th April 2025

Sanctions

This week’s sanctions news starts in China which has imposed sanctions on 11 leading US drone manufacturers, citing their alleged military cooperation with Taiwan, and added 16 more companies to its export control list. While the US does not currently impose similar restrictions on Chinese drone manufacturers, various US agencies have labelled these foreign-made drones as national security risks. The sanctions, along with China's recent ban on rare earth mineral exports to the US, threaten global supply chain stability and the advancement of secure technologies.

In response, AUVSI President & CEO Michael Robbins has emphasised the need for the US to prioritise supply chain security, expand domestic drone manufacturing, and strengthen alliances with trusted nations. He called for immediate government action, including regulatory support, financial incentives, and strategic partnerships, to build a resilient, domestically driven drone ecosystem.

In other news from the US this week, the US Department of the Treasury Office of Foreign Assets Control (‘OFAC’) has sanctioned Jugwinder Singh Brar, an Indian national based in the UAE, for operating a network of shipping companies which transport hundreds of millions of dollars’ worth of Iranian petroleum. Brar’s fleet of nearly 30 vessels engages in high-risk ship-to-ship transfers, blending Iranian oil with other products and falsifying shipping documents to evade sanctions. The sanctions, imposed under Executive Order 13902, target Brar and his UAE- and India-based entities for facilitating Iran’s oil exports. Additionally, OFAC has imposed sanctions on five Iranian entities and one individual for supporting Iran’s nuclear program, particularly the Atomic Energy Organisation of Iran (AEOI) and its subordinate Iran Centrifuge Technology Company (TESA). These entities, including Atbin Ista Technical and Engineering Company (AIT) and Pegah Aluminium Arak Company, have facilitated the procurement and manufacturing of centrifuge components for uranium enrichment. Additionally, Thorium Power Company (TPC) and Azarab Industries Co. have been designated for their involvement in nuclear reactor projects. The sanctions, issued under Executive Order 13382, block all US-based assets of the designated parties and prohibit transactions with them. And finally on new OFAC designations this week, it has sanctioned Jesus Alfredo Beltran Guzman, a key leader of the Beltran Leyva Organisation (BLO), for his role in trafficking fentanyl, cocaine, heroin, and methamphetamine into the United States. The BLO, one of the most violent drug cartels in Mexico, has been a major supplier of illicit drugs for over two decades. Beltran Guzman, also known as El Mochomito, is the son of former BLO leader Alfredo Beltran Leyva and the nephew of Joaquin “El Chapo” Guzman. His criminal activities include drug trafficking, extortion, and murder, with operations centred in Mexico’s Golden Triangle. As a result of these sanctions, all US-based assets linked to Beltran Guzman are blocked.

On the subject of US sanctions this week, an article critiques US President Donald Trump's proposal for secondary tariffs on Russian oil, arguing that such measures are ineffective and potentially harmful to global economic stability. Secondary tariffs are a form of economic sanction imposed on countries which trade with a nation the US is targeting. The author contends that these tariffs, intended to pressure Russia into accepting unfavourable ceasefire terms, risk punishing not just Russian oil suppliers but also third-party countries engaging in trade with Russia. The approach marks a shift from targeting individual companies to penalising entire nations whose businesses purchase Russian oil, potentially disrupting supply chains and straining diplomatic relations.

The article highlights several flaws in the strategy, including the indirect nature of its intended pressure on Russia and the risk of economic retaliation. If secondary tariffs significantly deter oil purchases from Russia, the global economy might struggle to compensate for lost supply, leading to price volatility and political uncertainty. Additionally, the article questions whether the US would enforce penalties in the face of potential international economic crises, raising doubts about the credibility and effectiveness of Trump's economic statecraft. Ultimately, the author argues that secondary tariffs pose a lose-lose scenario which could escalate tensions rather than achieve their intended goals.

In sanctions news from the UK this week, the Office of Financial Sanctions Implementation (‘OFSI’) has issued a Financial Sanctions Notice detailing updates to the UK's Counter-Terrorism financial sanctions framework. Four individuals have been disqualified as directors in addition to either an asset freeze, or both an asset freeze and travel ban. Additionally, there have been four additions to the Global Human Rights Regime with the designation of four Georgian Officials responsible for allowing serious human rights abuses. The Notice is here.

In other news this week, OFSI has a Threat Assessment on property and related services in the UK. It examines risks related to financial sanctions breaches, particularly in connection with Russian Designated Persons (‘DPs’) following the UK’s financial sanctions regime which intensified after Russia’s 2022 invasion of Ukraine. It highlights concerns including: (1) Underreporting of financial sanctions breaches by UK property firms; (2) Attempts by Russian DPs to circumvent sanctions by using intermediaries or transferring property ownership; (3) Professional enablers in the property sector who facilitate breaches; and, (4) compliance challenges, including changes to reporting obligations for UK letting agents. It also provides red flags to help firms strengthen compliance, including suspicious ownership structures and unexplained wealth sources. This is the latest in a series of threat assessments published by OFSI, with earlier coverage of the threats to financial services and the legal profession.

In other news from the UK, the government has published a Notice to Exporters (NTE 2025/08), detailing an agreed compound settlement for breaches of export control. In terms of its key points, it provides that HM Revenue and Customs (HMRC) reached three compound settlements from January to March 2025, totalling £3.7m. These settlements relate to unlicensed exports of military-listed goods, in violation of the Export Control Order 2008 and the Customs and Excise Management Act 1979. Unlike financial sanctions cases, these breaches do not relate to sanctions offences. Strategic export controls are enforced by HMRC, which can offer settlements instead of prosecution when breaches occur, provided they are not intentional. Exporters are advised to comply with licensing requirements and can seek guidance from the Export Control Joint Unit.

And finally from the UK this week, the National Crime Agency has announced its first ever conviction for breaching Russia-related sanctions. Dmitrii Ovsiannikov, a former Russian-appointed Governor of Sevastopol, Crimea, was convicted for circumventing UK financial sanctions and money laundering. His brother, Alexei Owsjanikow, was also convicted for making economic resources available to him. Dmitrii received £76,000 from his wife and bought a Mercedes-Benz SUV, but his bank later froze the account upon recognising his sanctioned status. To bypass restrictions, Alexei purchased and insured the car for Dmitrii to drive, and later paid £40,000 in school fees for Dmitrii’s children—both actions breaching sanctions laws.

Money Laundering

This week’s money laundering news starts in Europe with reports that authorities in Romania, France, and the UK, with support from Eurojust and Europol, have dismantled a criminal network which recruited hundreds of money mules to launder proceeds from an online fraud scheme. The fraudsters, operating since 2018, used fake business emails to defraud 113 victims, primarily in the UK, amassing at least €3m. The Romanian-based group sent recruits to the UK to open bank accounts, launder money, and transfer funds across borders using VPNs, forged UK documents, and SIM cards. On 9th April 2025, authorities conducted 31 searches, arrested seven suspects in the UK, and took preventative measures against 13 individuals in Romania. The investigation continues, with Europol providing forensic and analytical support to track remaining assets and suspects.

Nigeria may be about to exit the Financial Action Task Force (‘FATF’) grey list, following the inclusion of digital assets regulation in the newly enacted Investments and Securities Act. The country was placed on the grey list in February 2023 due to deficiencies in its anti-money laundering (AML) and counter-terrorism financing (CFT) regime. The Securities and Exchange Commission (SEC) emphasised that the new law will curb fraudulent activities in the digital space, foster trust in blockchain technologies, and strengthen investor protection. SEC Director-General Emomotimi Agama stated that the commission is working with the Central Bank of Nigeria, the Economic and Financial Crimes Commission, and other agencies, to ensure compliance and mitigate risks.

A judge in New York has ruled that Deutsche Bank is not liable for financing ISIS-related activities. The lawsuit, brought by the families of two journalists and an aid worker killed by ISIS, alleged that Deutsche Bank facilitated terrorism financing. However, the judge dismissed the case.

Indranee Rajah, Leader of the House in the Parliament of Singapore, has delivered a speech which outlines the key amendments in the Anti-Money Laundering and Other Matters (Estate Agents and Developers) Bill, aimed at strengthening Singapore's real estate sector against illicit financial activities. The bill focuses on three areas. First, stronger penalty frameworks: The amendments increase financial penalties for estate agents and salespersons on a per contravention basis, rather than per case, to enhance deterrence. For example, penalties for breaches related to money laundering and terrorism financing can now reach up to $200,000 per estate agent and $100,000 per salesperson per contravention. Housing developers also face increased penalties, with composition sums rising from $5,000 to 50% of the prescribed fine. Secondly, alignment with FATF Standards: Estate agents and salespersons will now be required to conduct due diligence on unrepresented counterparties in property transactions, addressing gaps in anti-money laundering measures. Additionally, regulations are updated to explicitly include proliferation financing risks. Thirdly, restrictions on convicted persons: The bill clarifies that individuals convicted of money laundering, terrorism financing, or proliferation financing—whether in Singapore or overseas—are not considered fit to hold estate agent licenses or take senior roles in development firms. The speech emphasises Singapore’s commitment to international financial security standards, reinforcing its stance against criminal financial activities and ensuring vigilance across the real estate sector.

Finally on money laundering news this week, direction to a blog on the Tax Justice Network which explores the ongoing challenges surrounding beneficial ownership transparency, particularly in light of recent legal setbacks in the US and Europe. It discusses how loopholes and legal disputes have weakened efforts to ensure companies disclose their true owners, making it easier for individuals to obscure financial activities. The post emphasises that beneficial ownership registration is crucial to combating financial secrecy and preventing illicit financial flows, but current transnational legal frameworks remain fragmented and insufficiently institutionalised.

The analysis traces global responses to secrecy back to the late 1990s, highlighting how various international organisations have sought solutions. The blog reviews different approaches to beneficial ownership registration, arguing that existing laws often fail to align with their intended purpose. It calls for improved definitions, broader registration requirements, and public access to ownership data as key measures to strengthen transparency efforts. Ultimately, the piece advocates for more robust institutionalisation of beneficial ownership laws effectively to address financial crime and tax evasion.

Fraud

On fraud news this week, the European Anti-Fraud Office (‘OLAF’) and the European Public Prosecutor’s Office (‘EPPO’) have announced they have uncovered a sophisticated fraud and money laundering scheme involving €9.5m in EU funds intended for an IT project in Romania. The investigation revealed that an organised criminal network spanning Romania, Cyprus, Czechia, and the UAE misused the European Regional Development Fund (‘ERDF’), diverting funds through fictitious contracts for personal enrichment. OLAF conducted cross-border inspections, analysed suspicious banking transactions across multiple jurisdictions, and examined IT servers linked to the scheme, leading EPPO to indict 12 defendants. OLAF has recommended financial recovery actions to the European Commission and reinforced the importance of international cooperation in protecting EU commercial interests and ensuring fair economic practices.

In the US, the Government Accountability Office (‘GAO’) reports that hundreds of billions of dollars were likely lost to fraud in COVID-19 relief programs, with over 3,000 defendants charged as of December 2024. Fraudsters targeted at least 19 programs, ranging from organised crime to individuals across various sectors. While criminal prosecutions have led to convictions and financial restitution, civil actions have also helped to recover assets. Federal agencies, using interagency task forces and fraud prevention frameworks, continue investigating cases, recovering funds, and implementing stronger controls for future emergencies. The GAO emphasises the need for fraud deterrence strategies, data analytics, and robust oversight to minimise risks in government aid programs.

Scammers are ramping up fraudulent HMRC messages as the new tax year begins, targeting individuals expecting legitimate tax-related communications. Criminals use aggressive tactics, including spoofed texts and fake websites, to trick people into revealing sensitive information. A key warning sign is a text message from a number starting with "07" or emails with spelling errors and suspicious formatting. HMRC will never demand payment or threaten arrest via text, email, or phone calls. If you receive an unexpected message, do not click any links or respond—report it using HMRC’s phishing scam form.

Self-employed workers and those expecting tax rebates are particularly vulnerable. Experts urge people to take a moment to verify any HMRC-related communication before acting, as falling for these scams could lead to significant financial losses. Fraudsters exploit urgency and fear to pressure victims into compliance. Staying vigilant and questioning unexpected messages can help prevent fraud. If something doesn’t feel right, trust your instincts and report suspicious activity.

Bribery and Corruption

On bribery and corruption news this week, The Guardian reports that Companies House, the UK agency responsible for registering companies, has collected only £1,250 in fines since gaining new powers to tackle economic crime. Despite issuing 234 penalties worth £58,500 since October 2024, enforcement efforts have been slow, prompting concerns from officials. Parliamentarians, including Liam Byrne, chair of the Business Select Committee, argue that Companies House must step up its enforcement, given widespread fraudulent company registrations. The agency faces challenges, including a 20% vacancy rate in digital roles, which could hinder its ability to implement reforms effectively.

In East Asia, Bangladesh and Thailand have signed a Memorandum of Understanding (‘MoU’) to strengthen cooperation in combating corruption. The agreement, signed by Bangladesh’s Anti-Corruption Commission and Thailand’s National Anti-Corruption Commission, aims to facilitate information exchange, best practices, and joint projects to enhance anti-corruption efforts. The signing took place on the sidelines of the BIMSTEC Summit in Bangkok, with Bangladesh’s Chief Adviser Professor Muhammad Yunus and Thailand’s Prime Minister Paetongtarn Shinawatra present as witnesses.

The MoU aligns with Article 48 of the United Nations Convention Against Corruption, which encourages international collaboration between law enforcement agencies. Officials hope the agreement will help track corruption suspects who have sought refuge in neighbouring countries and improve enforcement measures. By fostering direct cooperation, both nations aim to enhance transparency and accountability in governance.

In Switzerland, Swiss billionaire, Beny Steinmetz, has lost his appeal against a bribery conviction, exhausting all legal avenues to overturn his three-year sentence—half to be served in jail and half suspended. The case revolves around Steinmetz’s company, Beny Steinmetz Group Resources (‘BSGR’), which was found guilty of bribing Mamadie Touré, the wife of Guinea’s late president Lansana Conté, to secure lucrative mining rights in the Simandou mountains. The Geneva court determined that significant efforts were made to conceal the corrupt scheme, including attempts to destroy incriminating contracts. While the Swiss Supreme Court upheld the conviction, it ruled that Steinmetz’s appeal against a 50m Swiss franc fine ($59m) should be reassessed by a Geneva court. Steinmetz, who has consistently denied wrongdoing, has vowed to challenge the ruling at the European Court of Human Rights. His legal troubles extend beyond Switzerland—he was previously convicted in Romania for fraudulently acquiring real estate worth over $100m. Anti-corruption advocates have welcomed the Swiss ruling, calling it a landmark decision in the fight against corporate bribery.

In other bribery and corruption news this week, the OECD asks the question: How can cutting-edge technologies support the global fight against corruption? Specifically, the blog discusses how emerging technologies, such as artificial intelligence and big data analytics, are transforming global anti-corruption efforts. These tools help detect corruption risks, improve compliance, and streamline investigations by spotting patterns in financial transactions and corporate registries. However, challenges remain, including data reliability, privacy concerns, and the fragmented nature of anti-corruption data. The blog highlights three key priorities for maximising the impact of technology in fighting corruption: 1. Building trustworthy data ecosystems to ensure accuracy, accessibility, and interoperability; 2. Investing in skills and cross-sector collaboration to strengthen enforcement and compliance; 3. Advancing ethical and legal frameworks to balance transparency with data protection. Ultimately, while technology alone cannot eliminate corruption, its responsible and strategic application can enhance transparency and accountability worldwide.

In the Seychelles, the Anti-Corruption Commission has presented its 2024 annual report to President Wavel Ramkalawan. The submission fulfils obligations under Section 81 of the Anti-Corruption Act, 2016. Commissioner May De Silva and Deputy Commissioner Henry Bastienne outlined the Commission’s achievements and challenges, but noted concerns over resource constraints with particular difficulty in recruiting qualified personnel to investigate complex financial crimes. Seychelles has made remarkable progress in its anti-corruption efforts, earning recognition as the least corrupt country in Africa and ranking 18th globally in the 2024 Transparency International Corruption Perceptions Index. The Seychelles has a strong institutional framework and since the passing of the Anti-Corruption Act 2016, it has a robust anti-corruption commission which actively investigates and enforces regulations.

Now just a jaunt over the Arabian sea to Sri Lanka, which has launched its National Anti-Corruption Action Plan 2025–2029, reaffirming its commitment to transparency, accountability, and integrity. The plan integrates structured anti-corruption measures across institutions, tackling misconduct in public services and reinforcing trust between the state and citizens. Supported by international partners like the UNDP, Japan, the EU, and South Korea, it includes digitalisation initiatives such as e-procurement monitoring and case tracking. The strategy also emphasises ethical leadership, youth-led integrity programs, and cross-sector collaboration to strengthen governance. By addressing everyday corruption and ensuring financial accountability, Sri Lanka aims to create a fairer and more transparent society.

And finally on bribery and corruption news this week, Spotlight on Corruption has launched a new Anti-Corruption Enforcement Tracker, providing a comprehensive view of the UK's enforcement record against corruption and economic crimes. The tracker highlights key trends in prosecutions, convictions, asset recovery, and anti-money laundering (‘AML’) fines over the past decade. While the UK faces significant challenges in tackling money laundering and fraud—both of which have seen a sharp decline in prosecutions—the tracker suggests that enforcement efforts may be improving. However, bribery and misconduct in public office prosecutions remain inconsistent, with concerns that existing laws fail to hold senior officials accountable. The tracker also reveals that while asset recovery has increased, it still represents only a fraction of the estimated £100 billion laundered annually through the UK.

To strengthen anti-corruption enforcement, Spotlight on Corruption recommends three key actions: (1) introducing new laws to hold wrongdoers accountable, (2) ensuring enforcement agencies receive adequate resources, and (3) improving public access to key data. The organisation argues that reinvesting recovered assets and fines into an economic crime-fighting fund could significantly enhance enforcement efforts. Additionally, publishing more granular data—such as High-End Money Laundering cases—would allow for better assessment of the UK’s anti-corruption strategies. With the upcoming Financial Action Task Force review and a new Anti-Corruption Strategy on the horizon, policymakers have a crucial opportunity to address these challenges and reinforce the UK’s commitment to combating corruption.

Market Abuse

In the European Union, the ‘European Securities and Markets Authority (‘ESMA’), the EU’s financial markets regulator and supervisor, has fined Modefinance S.r.l. (‘Modefinance’) a total of €420,000, and issued a public notice, for a breach of the Credit Rating Agencies Regulation (‘CRA Regulation’). ESMA found that Modefinance fell short of the CRA Regulation’s requirement not to use ESMA’s name in such a way that would indicate or suggest endorsement or approval by ESMA of the credit ratings or any credit rating activities of the credit rating agency. Modefinance published several statements on its websites between September 2018 and October 2021, which referred to ESMA as having “certified”, or “validated” a model, used by Modefinance in its scoring and credit rating activities.’ The Decision is here, and the Public Notice is here.

And finally on market abuse news this week, the President of the US has been accused by some of market manipulation following his social media post urging followers to buy stocks just hours before announcing a 90-day pause in tariffs. Trump's post led to a surge in major stock indexes, including the S&P 500, Dow Jones Industrial Average, and Nasdaq Composite. Critics argue that his timing raises ethical concerns, as it may have influenced market movements for personal or political gain. The controversy stems from the broader debate on financial ethics and transparency in government actions. While some see what has happened as harmless market commentary, others see it as potentially manipulative, given his influence and the subsequent stock rally. This incident highlights ongoing concerns about political figures impacting financial markets, reinforcing calls for stricter regulations on public officials' financial disclosures and market-related statements.

Other Financial Crime News

In other financial crime news this week, the US Justice Department is reconsidering its approach to corporate monitorships, a practice which requires companies accused of wrongdoing to hire independent overseers to ensure compliance with settlement agreements. While proponents argue that monitorships help enforce accountability, critics—particularly within corporate America—view them as costly and burdensome. The DOJ has paused new monitorships and is reviewing existing agreements, with some officials reportedly considering eliminating or scaling back the practice altogether. This shift marks a potential departure from the Biden administration’s emphasis on corporate accountability, which had reinstated monitorships after the Trump administration largely moved away from them. Executives from firms currently under monitorships are reported to have lobbied for their removal. The DOJ’s review, led by Deputy Attorney General Todd Blanche, reflects broader discussions about enforcement priorities, including a potential pivot away from traditional white-collar crime toward other areas such as drug cartel investigations. While the future of corporate monitorships remains uncertain, any policy change could significantly impact how companies navigate legal settlements and compliance obligations.

Now to a report from Kroll which reveals that over 70% of Hong Kong executives expect an increase in financial crime in 2025, with cybercrime being the primary concern. Despite this, only 18% of respondents believe their organisation's compliance programs are highly effective. The survey, conducted between September and October 2024, included 600 professionals across financial services, accounting, insurance, and real estate sectors. The findings reflect pessimistic views on the volatility of the current geopolitical and technological landscape, particularly with AI and cryptocurrency emerging as key risk factors. Hong Kong's role as a global financial hub makes it a frequent transit point for fraud, adding pressure on institutions to enhance anti-money laundering mechanisms and know-your-customer procedures. In response, the Hong Kong Monetary Authority pledged, earlier this month, to strengthen fraud prevention using innovative technologies.

And finally in other financial crime news this week, the UK government has updated the website which provides guidance on director disqualification sanctions in the UK. It explains: (1) What director disqualification sanctions mean and their legal basis under the Sanctions and Anti-Money Laundering Act 2018; (2) The effects of disqualification, including restrictions on serving as a director in UK-based or connected companies; (3) How to apply for a licence if an individual seeks permission to engage in activities otherwise prohibited by disqualification; (4) Investigation and enforcement, detailing penalties for violations, including fines and imprisonment; and, (5) reporting mechanisms, allowing individuals to report breaches of disqualification sanctions.

Cybercrime

The cybercrime news this week starts in the US, where General Timothy Haugh, the head of the National Security Agency and US Cyber Command, has been dismissed by the Trump administration. Haugh, who had served in these roles since February 2024, was a key figure in overseeing both defensive and offensive cyber operations. His removal, along with that of his deputy Wendy Noble, has sparked criticism from lawmakers and cybersecurity experts. The decision to dismiss Haugh as NSA Director and Commander of US Cyber Command raises significant concerns, particularly given the timing and context. Haugh's leadership was critical during a period of heightened cyber threats, such as the Salt Typhoon cyberattack linked to China. Removing an experienced and nonpartisan leader like Haugh could destabilise the agency's operations and weaken its ability to respond to emerging threats effectively.

In more positive news from the US, House Republicans have reintroduced the "Strengthening Cyber Resilience Against State-Sponsored Threats Act" to address cybersecurity threats from Chinese state-sponsored actors targeting US critical infrastructure. The bill proposes creating an interagency task force led by the Cybersecurity and Infrastructure Security Agency and the FBI to assess and counter these threats. It mandates annual classified reports to Congress, detailing risks, tactics, and recommendations for improving cybersecurity defences. The legislation also emphasises public awareness campaigns and highlights the need for a unified government strategy to protect critical infrastructure from cyberattacks.

In the UK, the government has published the Cyber Security Breaches Survey 2025. The report, commissioned by the Department for Science, Innovation & Technology and the Home Office, provides a comprehensive overview of cyber security trends among UK businesses and charities. The report highlights a decline in cyber breaches among businesses compared to 2024, primarily due to fewer phishing attacks affecting micro and small businesses. However, medium and large businesses continue to experience elevated levels of cyber incidents. Phishing remains the most prevalent attack, with organisations increasingly aware of sophisticated methods like AI impersonation.

Encouragingly, small businesses have improved their cyber hygiene, with increased adoption of risk assessments, cyber insurance, and formal security policies. However, high-income charities have shown a decline in key security measures, likely due to budget constraints. The report also notes that board-level responsibility for cyber security has steadily declined since 2021, raising concerns about corporate governance. While cybercrime remains a significant issue, ransomware attacks have notably increased, affecting an estimated 19,000 businesses in the past year. The survey underscores the need for stronger risk management, supply chain security, and staff training to enhance cyber resilience across sectors.

Now, a couple of stories from Europol. First, following the Operation Endgame botnet takedown in May 2024, law enforcement agencies across North America and Europe have intensified efforts against cybercriminals using malware services. Authorities have detained and interrogated individuals linked to the Smokeloader pay-per-install botnet, operated by the actor known as ‘Superstar.’ Investigations revealed that customers purchased botnet access for illicit activities, including keylogging, ransomware deployment, and crypto mining. Some suspects resold these services at a markup, further complicating the criminal network. Europol and the Joint Cybercrime Action Taskforce continue to support the investigation, facilitating information exchange and forensic analysis. Law enforcement warns that Operation Endgame is ongoing, with new actions expected, and urges individuals with relevant information to contact authorities through the dedicated website. Secondly, Europol has published a report which highlights the growing risks of biometric recognition technology being exploited by criminals. While biometrics—such as fingerprint scans and facial recognition—offer secure authentication, they are permanent and cannot be changed like passwords, making them vulnerable to sophisticated attacks. Criminals have developed methods to bypass these systems using deepfakes, artificial fingerprints, and masks, raising concerns about identity fraud and unauthorised access. Europol emphasises the need for collaboration between law enforcement, cybersecurity experts, and forensic specialists to stay ahead of emerging threats. By identifying vulnerabilities and improving detection mechanisms, authorities aim to strengthen biometric security and prevent misuse in criminal activities.

Now, to a couple of articles. First, in Forbes, an article which highlights key cybersecurity challenges in 2025, emphasising the growing sophistication of cyber threats driven by artificial intelligence, quantum computing, and evolving attack techniques. Some key takeaways include:

-          AI-Driven Cyberattacks: 87% of security professionals reported encountering AI-powered cyber threats, with autonomous AI agents posing risks through hacking and system manipulation.

-          Healthcare Breaches: The healthcare industry remains a primary target, with a 64% increase in data breaches from the previous year, exposing millions of records.

-          Quantum Computing Risks: Quantum computing advancements could break existing encryption standards, posing a major threat to financial systems and national security.

-          Space Cybersecurity: As satellites and space assets become more critical for communication and intelligence, cyberattacks on space infrastructure are an emerging concern.

-          Ransomware & DDoS Attacks: AI-enhanced ransomware campaigns and DDoS-for-hire services are becoming more prevalent, posing risks to businesses and public services.

The article stresses the need for initiative-taking security measures, such as AI-powered threat detection, multi-layered cybersecurity frameworks, and enhanced quantum-resistant encryption.

Secondly, an article from Sentinel One which, while broadly a sales-pitch, does discuss the increasing threats posed by AI-powered cyber-attacks and strategies to mitigate them. It highlights how AI can be exploited to enhance cybercriminal tactics, making attacks more sophisticated and harder to detect. Key types of AI-driven cyber threats include social engineering scams, deepfakes, AI-enabled malware, and data poisoning. To counter these risks, organisations should employ multi-factor authentication, use strong passwords, secure mobile devices, keep software updated, and monitor system activity for anomalies. The article also emphasises the importance of AI-driven security solutions, incident response planning, and continuous staff training.

Now, on the subject of multi-factor authentication, and finally this week, back to the AustralianSuper cyber-attack which we looked at last week. It is being reported that AustralianSuper customers raised concerns about a security vulnerability weeks before a cyber-attack compromised their accounts, resulting in the theft of hundreds of thousands of dollars in retirement savings. Some customers attempted to enable multi-factor authentication (‘MFA’) on their accounts but were denied, leaving them exposed to credential-stuffing attacks, where hackers use previously stolen usernames and passwords to gain unauthorised access. A pensioner lost $406,000 due to the breach, highlighting the risks of inadequate security measures. Experts emphasise that MFA is an essential safeguard against such attacks, particularly in financial institutions, as it requires additional forms of verification beyond just a password.

The incident has sparked debate about AustralianSuper’s security protocols, with affected customers expressing frustration over the lack of preventative measures. While AustralianSuper stated that MFA is applied to high-risk transactions, such as withdrawals and member updates, critics argue that it should be extended to login authentication to minimise risks. Cybersecurity specialists stress the importance of organisations adapting their security frameworks to evolving threats, ensuring that customers' sensitive financial data remains protected. This breach serves as a reminder of the growing need for stronger security practices in an era where cybercriminals are becoming increasingly sophisticated.