In the attacks on Albanian organizations earlier in December 2023, Iran-linked hackers used wiper malware dubbed No-Justice. The attacks, linked to the Iranian threat actor known as Homeland Justice, targeted the Albanian parliament, two telecommunications companies, and the country's flag air carrier. Although the hackers claimed to have stolen data from the targeted systems, this claim has yet to be confirmed. ClearSky researchers identified two main tools used in this campaign: No-Justice and a PowerShell script.

According to the Cybernews research team, Saudi Arabia's Ministry of Industry and Mineral Resources (MIM) had an environment file exposed for 15 months, leaving sensitive information open to anyone. An environment file is a critical component for any system because it serves as a set of instructions for computer programs. Leaving environment files open to the public exposes critical data and gives threat actors opportunities for attacks.

According to recent research conducted by Noname Security, many organizations say they understand the importance of properly protecting Application Programming Interfaces (APIs), but in practice, these organizations do not appear to do so. This seems to be due to a fundamental lack of knowledge. APIs are used to connect various components in almost all modern environments. Around 80 percent of all Internet traffic goes through an API at some point. APIs are used as getaway vehicles in attacks because they are effective in data exfiltration, according to Noname Security CMO Mike O'Malley.

To increase its response to worldwide cyber crime, the FBI is upping the number of cyber assistant legal attachés and adding new positions in New Delhi, Rome, and Brasilia bringing the total to 22. Cyber bad actors are showing up in a wide variety of locations and often local police have trouble coordinating efforts across countries. The program of cyber-focused agents goes back to 2011 and beefing up the staff shows a proactive approach to dealing with international cyber crime by disrupting the work of criminal groups across country boundaries.

Fortinet researchers discovered a new variant of the Bandook Remote Access Trojan (RAT) being used in phishing attacks against Windows users. Bandook has been used by different threat actors in several campaigns since 2007. The new variant, discovered in October 2023, spreads through phishing messages involving a PDF file containing a shortened URL that leads to the download of a password-protected .7z file. When the malware is extracted from the archive, it injects its payload into msinfo32.exe. This article continues to discuss the new variant of the Bandook RAT.

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is seeking solutions for generating synthetic data that models and replicates the shape and patterns of real data while protecting privacy and mitigating security risks. Synthetic data enables DHS to train Machine Learning (ML) models using synthetic data when real-world data is unavailable or would pose privacy and security risks. Real-world data may contain sensitive information, such as Personally Identifiable Information (PII).

​Leading U.S. mortgage lender loanDepot has revealed that a cyber incident over the weekend was a ransomware attack that led to data encryption.  loanDepot is a major nonbank mortgage lender in the United States, with over $140 billion in serviced loans and roughly 6,000 employees.  After detecting the security breach, loanDepot started an investigation with the help of external cybersecurity experts and began notifying relevant regulators and law enforcement agencies.

Threat actors are targeting medical institutions through their patients, using a tactic called "swatting" in order to push hospitals to pay ransom demands. Swatting is a form of prank-calling in which police are repeatedly called about a specific individual (e.g., a patient) regarding bomb threats or other serious allegations, making authorities show up at the homes of these unknowing victims heavily armed.

The motivations and methods behind cyberattacks are varied. Cybercriminals exploit flaws in cybersecurity defenses as they try to compromise sensitive data, disrupt critical systems, or hold organizations hostage for the purpose of financial gain, political agendas, or pure malice. Therefore, it is essential to stay ahead of cyber adversaries by understanding current threats and using a proactive approach to anticipating and mitigating future risks. Help Net Security has provided excerpts from cyberattack surveys covered in 2023.

The LockBit ransomware operation has recently claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.  Capital Health is a primary healthcare service provider in New Jersey and parts of Pennsylvania, operating two major hospitals and several satellite and specialty clinics.  Last November, the organization experienced an IT systems outage following a cyberattack on its network, warning that the incident would impact its operations for at least a week.