According to Malwarebytes' recent State of Malware report, the rise of Ransomware-as-a-Service (RaaS) gangs such as LockBit and ALPHV was accompanied by a 68 percent increase in known ransomware attacks in 2023, reaching a new high. The total number of known cyberattacks was 4,475 in 2023. The US made up nearly half of the ransomware attacks. The UK was second with 7 percent of costly incidents, followed by Canada, Italy, and Germany with 4 percent each. According to the report, the LockBit gang demanded the highest ransom of the year, $80 million, following an attack on Royal Mail.

A new banking trojan called Coyote has targeted 61 banking institutions in Brazil. Researchers discovered that Coyote differs from other banking trojans of its kind because of its use of the open-source Squirrel framework for installing and updating Windows apps. Another differentiating factor is the shift from Delphi, which is popular among banking malware families targeting Latin America, to a relatively new multi-platform programming language called Nim. This article continues to discuss findings regarding the Coyote banking trojan.

According to researchers at Abnormal Security, email attacks involving QR codes, also known as quishing attacks, increased significantly in the fourth quarter of 2023. Quishing attacks can evade email security solutions or spam filters. Abnormal Security discovered that quishing attacks increased by a factor of 42. These attacks primarily targeted C-level executives. About 90 percent of detected quishing attacks aimed to steal login credentials. This article continues to discuss the rise in quishing attacks.

According to CybSafe, 97 percent of office employees in the UK and US trust that their cybersecurity team can prevent or mitigate the damage caused by cyberattacks. CybSafe examined attitudes toward cybersecurity teams within organizations and discovered that employees have high levels of trust and appreciation for such teams despite there being issues with communication and processes. Cybersecurity teams and professionals are increasingly regarded as a critical strategic function supporting individual and business success.

The NFL's digitization of almost every aspect of this year's Super Bowl has created new vulnerabilities and targets for cybercriminals. Threats to arena security include ransomware attacks on critical systems, phishing attacks, credential theft, and breaches of personal data belonging to fans, NFL employees, players, and coaches. This article continues to discuss the attack surface presented to cybercriminals by the Super Bowl.

The U.S. government revealed that Chinese sponsored hacking group has embedded into many infrastructure networks including communications, energy, water and wastewater systems, and transportation. Agencies believe that this is a pre-positions effort that might allow future disruptions to these systems at a later time. The Volt Typhoon actors use these embedded hooks to learn about the target organizations and to be able to develop specialized attacks. This article is also related to the Living-off-the-Land guidance issued by CISA.

It was recently announced that a data breach at Connecticut College early last year resulted in the unauthorized release of personal information, including social security numbers, for an unspecified number of people affiliated with the private liberal arts college in New London.  The college said that the breach was detected in March 2023 and prompted college officials to contact law enforcement and take steps to "remediate" the issue and launch a third-party investigation.

A new study by William & Mary (W&M), Google, and IBM researchers examined 2,060 House, Senate, and presidential campaigns from the 2020 US election cycle, marking the first large-scale analysis of political campaign websites' privacy practices. According to the study, those campaigns often retained private data for an unspecified time, provided incomplete or no privacy disclosures, and were likely to share or sell data.