It was unclear how methodological limitations and incomplete data affected revenue estimates of cybercriminal groups using the Bitcoin blockchain. A new study by IMDEA Software Institute researchers calls into question existing estimates of cybercriminals' Bitcoin earnings. The study, titled "Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage," delves into the full scale of the financial impact of cybercriminal activity.

Web injections, a popular technique used by various banking trojans, remain a threat. Malicious injections allow cybercriminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive data. IBM Security Trusteer researchers discovered a new malware campaign involving JavaScript web injections in March 2023. The campaign is widespread and evasive, with historical Indicators of Compromise (IOCs) suggesting a possible link to DanaBot.

Cybercriminals are using generative Artificial Intelligence (AI) to evade email security solutions and deceive employees. According to Mike Britton, CISO of Abnormal Security, generative AI makes detecting email attacks more difficult. Prior to the AI's breakthrough, cybercriminals relied on formats or templates to create malicious campaigns. Many attacks shared common Indicators of Compromise (IOCs), making them detectable by traditional security software.

According to a new report from the mobile security platform provider Zimperium, mobile banking heists increased in 2023, with researchers discovering 29 malware families that targeted 1,800 banking apps across 61 countries. The "2023 Mobile Banking Heists Report" explains how banking trojans have continued to grow and succeed due to their ability to persist, circumvent security, and evade detection on mobile devices. US banking institutions remain a favorite target of financially motivated threat actors, with 109 US banks targeted by banking malware in 2023.

According to researchers, MuddyWater, a cyber espionage group linked to Iran's intelligence service has been targeting telecommunications companies in Egypt, Sudan, and Tanzania. Marc Elias, a threat intelligence analyst at Symantec, says this is likely the first time the MuddyWater group has targeted organizations in Africa. In previously reported attacks, the hackers were mainly interested in entities in the Middle East.

Security researchers at Resecurity have recently observed a new fraudulent campaign orchestrated by the Smishing Triad gang and, impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.  The researchers noted that the group is operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreign Affairs.  The campaign specifically targets UAE residents and foreigners in the country.

The National Security Agency (NSA) has released its 2023 Cybersecurity Year in Review, covering its recent cybersecurity successes as well as how it is collaborating with partners to deliver on cybersecurity advances aimed at improving national security. This year's report delves into NSA's collaboration with US government partners, foreign partners, and the Defense Industrial Base (DIB).

Security researchers at Ruhr-Universität Bochum discovered a flaw in the SSH cryptographic network protocol that could enable an attacker to reduce the security of the SSH connection by truncating the extension negotiation message. According to the researchers, Terrapin is a prefix truncation attack that targets the SSH protocol. An attacker can remove an arbitrary number of messages sent by the client or server at the start of the secure channel by carefully adjusting the sequence numbers during the handshake, without the client or server noticing.

Researchers have discovered a GitHub account abusing two different features of the website to host stage-two malware. Hackers are increasingly repurposing public services for their activities, housing malware in public code repositories or file-sharing services, and conducting command-and-control (C2) from messaging apps. They sometimes use Software-as-a-Service (SaaS) platforms in unexpected ways. A user by the name of "yeremyvalidslov2342" is continuing this tactic. The individual has been linked to multiple malicious packages identified by ReversingLabs on December 19.

According to a new joint cybersecurity advisory from the US and Australia, the threat actors behind the Play ransomware are estimated to have hit about 300 entities as of October 2023. Authorities said that Play ransomware actors use a double-extortion model, encrypting systems after stealing data. The group has impacted various businesses and critical infrastructure organizations in North America, South America, Europe, and Australia.