According to the Imperva Threat Research team, the 8220 gang has been exploiting an old Oracle WebLogic Server vulnerability, tracked as CVE-2020-14883, to spread malware. The 8220 gang has been active since 2017, deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities. The group uses publicly available exploits that target well-known vulnerabilities. Although they are considered unsophisticated, the group is constantly changing tactics to avoid detection.

The Federal Criminal Police Office in Germany and the Internet crime-combating unit of Frankfurt have announced the shutdown of a dark web marketplace called Kingdom Market that distributed cybercrime tools, fake government IDs, and more. Authorities from the US, Switzerland, Moldova, and Ukraine were also involved in the law enforcement operation against the marketplace. Kingdom Market was an English-speaking dark web marketplace that had been operating since March 2021.

According to security researchers at S-RM, the average direct cost of a serious cybersecurity incident increased by 11% year-on-year to reach $1.7m in 2023. The researchers polled 600 C-suite and IT budget holders from US and UK organizations with revenues over $500m to produce their 2023 Cybersecurity Insights Report. The researchers found that the most common incident types were fraud, third-party compromise, and data exfiltration, although these varied by sector.

Interpol recently announced that as part of an international effort to tackle online financial fraud, authorities in 34 countries have arrested approximately 3,500 suspects and seized roughly $300 million worth of assets.  The six-month operation, named HAECHI IV, targeted business email compromise (BEC), e-commerce fraud, investment fraud, voice phishing, and money laundering associated with illegal online gambling, romance scams, and online sextortion schemes.

It was unclear how methodological limitations and incomplete data affected revenue estimates of cybercriminal groups using the Bitcoin blockchain. A new study by IMDEA Software Institute researchers calls into question existing estimates of cybercriminals' Bitcoin earnings. The study, titled "Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage," delves into the full scale of the financial impact of cybercriminal activity.

Web injections, a popular technique used by various banking trojans, remain a threat. Malicious injections allow cybercriminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive data. IBM Security Trusteer researchers discovered a new malware campaign involving JavaScript web injections in March 2023. The campaign is widespread and evasive, with historical Indicators of Compromise (IOCs) suggesting a possible link to DanaBot.

Cybercriminals are using generative Artificial Intelligence (AI) to evade email security solutions and deceive employees. According to Mike Britton, CISO of Abnormal Security, generative AI makes detecting email attacks more difficult. Prior to the AI's breakthrough, cybercriminals relied on formats or templates to create malicious campaigns. Many attacks shared common Indicators of Compromise (IOCs), making them detectable by traditional security software.

According to a new report from the mobile security platform provider Zimperium, mobile banking heists increased in 2023, with researchers discovering 29 malware families that targeted 1,800 banking apps across 61 countries. The "2023 Mobile Banking Heists Report" explains how banking trojans have continued to grow and succeed due to their ability to persist, circumvent security, and evade detection on mobile devices. US banking institutions remain a favorite target of financially motivated threat actors, with 109 US banks targeted by banking malware in 2023.

According to researchers, MuddyWater, a cyber espionage group linked to Iran's intelligence service has been targeting telecommunications companies in Egypt, Sudan, and Tanzania. Marc Elias, a threat intelligence analyst at Symantec, says this is likely the first time the MuddyWater group has targeted organizations in Africa. In previously reported attacks, the hackers were mainly interested in entities in the Middle East.

Security researchers at Resecurity have recently observed a new fraudulent campaign orchestrated by the Smishing Triad gang and, impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.  The researchers noted that the group is operating through malicious SMS messages that claim to be from the General Directorate of Residency and Foreign Affairs.  The campaign specifically targets UAE residents and foreigners in the country.