Netscout has announced that malicious actors are increasingly abusing free cloud services, which has led to a significant spike in botnet scanning activity.  Netscout typically sees 10,000-20,000 IP addresses conducting internet scans every day.  However, the company observed an increase to more than 35,000 devices on December 8 and another spike that reached 43,000 devices on December 20.  According to the company, the number of source IPs associated with scanning activity saw a sharp increase on several days since, peaking on January 5, with nearly 1.3 million IPs.

Europol has recently announced that a 29-year-old man in Ukraine was arrested for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency.  The suspect is believed to be the mastermind behind a large-scale cryptojacking scheme that involves hijacking cloud computing resources for cryptomining.  Europol noted that by using the computing resources of others' servers to mine cryptocurrency, cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.

In a recent study, a team of LG Electronics researchers developed a new protocol for Quantum Secure Direct Communication (QSDC), which aims to improve the security and transmission rate of quantum communication systems. QSDC is a method of directly transmitting messages through a quantum channel without using a secret key. The new method could overcome challenges in transmission rates stemming from limitations imposed by the dead time of Single Photon Detectors (SPDs). This article continues to discuss the QSDC method.

A team of researchers at the University of Copenhagen is developing a language for discussing weaknesses in Machine Learning (ML) algorithms, which could lead to the creation of guidelines describing how algorithms should be tested. In the long run, this may lead to the development of better, more stable algorithms. One of the potential applications of this work could be testing algorithms for digital privacy protection. Some companies may claim to have made a secure solution for privacy protection.

SentinelLabs warns of FBot, a sophisticated Python-based malware that targets cloud and payment services. The FBot malware poses a significant threat, targeting web servers, cloud services, and Software-as-a-Service (SaaS) platforms, including Amazon Web Services (AWS), PayPal, and more. According to researchers, FBot has a smaller footprint than similar tools, suggesting private development and a more focused distribution strategy. The malware features an IP address generator, port scanner, email validator, and many other tools.

A new malware attack campaign exploits misconfigurations in Apache Hadoop and Flink, two technologies used for processing large data sets and data streams. The attackers exploit the misconfigurations without authentication to launch rootkits on the underlying systems and install a Monero cryptocurrency mining program. According to Aqua Security researchers, the threat actors use packers and rootkits to hide their malware. This article continues to discuss the use of misconfigured Apache Hadoop and Flink servers by attackers. 

The use and power of generative Artificial Intelligence (AI) technology to commit payment fraud has grown. Biometric-dependent voice-based payment method usage has increased, making generative AI a greater threat. Voice generation tools now require only a few seconds of a recorded voice sample from a target to produce a voice deepfake that will say whatever the fraudster wants. Since it is easy to impersonate a person of authority, as in the case of a bank conned out of $35 million, voice deepfakes pose major risks to manual reviews of high-value payments.

Popular athleisure clothing brand Halara recently announced that it is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.  The Hong Kong company was founded in 2020 and quickly became very popular through the many videos promoting its clothing on TikTok.  A person named "Sanggiero" claimed to have breached Halara earlier this month and shared a text file containing stolen customer data on a hacking forum and a Telegram channel.

According to investigators from Resecurity's HUNTER (HUMINT), Indonesia is increasingly being targeted by cyber threat actors with attacks that pose significant long-term risks to the country's election integrity. These findings overlap with the approaching Indonesian presidential election in February 2024. This article continues to discuss the rise in the targeting of Indonesia by cyber threat actors.

Medusa ransomware threat actors have increased their activities following the February 2023 launch of a data leak site on the dark web to publish sensitive data of victims who refuse to give in to their demands. According to Palo Alto Networks' Unit 42, as part of their multi-extortion strategy, this group gives victims multiple options when their data is posted on their leak site, such as time extension, data deletion, and more. Medusa is a ransomware family that emerged in late 2022 before becoming well-known in 2023.