According to Microsoft researchers, human-operated ransomware attacks have increased by more than 200 percent since September 2022, signaling a shift in the cybercrime underground. Unlike automated attacks launched through malicious phishing documents, human-operated attacks typically involve actively exploiting Remote Monitoring and Management (RMM) tools that enable hackers to leave behind less evidence. Microsoft warned that the increase in these types of incidents could indicate a rise in ransomware hackers working for multiple gangs to maximize their profits.

Cl0p, the Russia-linked ransomware group, added another US-based company to its MOVEit Transfer attack victims list. Flagstar Bank notified affected individuals that attackers accessed their data via Fiserv, a company the bank uses for payment processing and mobile banking. The unauthorized activity in the MOVEit Transfer environment occurred between May 27 and May 31, 2023, before the public disclosure of this vulnerability. During this time, unauthorized actors accessed vendor files transferred via MOVEit, which included Flagstar Bank and related institution customer information.

Hackers engaged in cyber espionage have used Taiwan Semiconductor Manufacturing Company (TSMC)-themed lures to infect Chinese-speaking semiconductor companies with Cobalt Strike beacons. With an annual revenue of $73.5 billion and more than 73,000 employees globally, TSMC is the world's largest semiconductor contract manufacturing and design company.

$7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group attributed to the theft of about $900 million between July 2022 and July 2023. According to the blockchain analytics company Elliptic, cryptocurrency crime is shifting to chain- or asset-hopping typologies as mixers continue to face seizures and sanctions scrutiny.

The US cybersecurity agency CISA and the NSA have recently issued new guidance on addressing the most common cybersecurity misconfigurations in large organizations.  CISA and NSA noted that misconfigurations impact many organizations, including those that have achieved a mature security posture.  CISA and NSA argued that these misconfigurations illustrate a trend of systemic weaknesses and underline the importance of adopting secure-by-design principles during the software development process.

In August, Group-IB found GoldDigger, an Android Trojan, targeting over 50 financial organizations in Vietnam. Since June, when Group-IB's intelligence unit discovered more than ten fake websites spoofing Google Play Store pages, the Trojan has been active. GoldDigger aims to steal banking credentials. It uses the Accessibility Service to steal personal information and intercept SMS messages when installed and activated. The malware avoids detection by masquerading as a fake Android app, spoofing a Vietnamese government portal and an energy company in at least two variants.

2023 saw double the total of software supply chain attacks that occurred in 2019-2022. In 2023, Sonatype logged 245,032 malicious packages. One out of every eight open-source downloads now contains known and avoidable risks. Almost all (96 percent) vulnerabilities can still be prevented. In 2023, 2.1 billion open-source software (OSS) downloads with known vulnerabilities could have been avoided due to the availability of a better, patched version. Suboptimal open-source consumption habits are the primary cause of open-source risk.

MGM Resorts International recently announced that a cyberattack that disrupted its operations last month would cause a $100 million hit to its third-quarter results as it works to restore its systems.  MGM also noted that it expects to incur less than $10 million as a related one-time cost in the quarter ended on Sept. 30.  A hacking group named AlphV claimed it was involved in the breach.  MGM has declined to comment whether it was asked for or paid any ransom.

Researchers at Carnegie Mellon University's (CMU) CyLab Security and Privacy Institute have been working on privacy nutrition labels for over a decade to easily show technology users how their data is being collected and used. In recent years, Apple has required app developers to disclose this information through privacy labels displayed in the iOS App Store. However, recent research has revealed that app developers struggle to create accurate privacy labels.

Cybersecurity researcher Jeremiah Fowler discovered and reported an unsecured database containing over three million records to vpnMentor. The documents were related to internal invoices, communications, and customers' stored Customer Relationship Management (CRM) files. Additional investigation revealed that the database belonged to the global B2B CRM provider known as Really Simple Systems. Cloud-based CRM systems enable organizations to manage customer interactions, store documents, and more, from anywhere.