Microsoft has disrupted Storm-1152, an alleged threat actor group that built Cybercrime-as-a-Service (CaaS) businesses. CaaS is a business model in which adversaries with superior skills create attack tools, such as automated bots, to sell to other fraudsters who may not be technically savvy, thus increasing cybercrime and fraud opportunities. The CaaS model encourages and enables more people to commit fraud at a rate and volume that can overwhelm even the most experienced internal Security Operation Center (SOC) teams.

Volt Typhoon, also known as Bronze Silhouette, a Chinese state-sponsored Advanced Persistent Threat (APT) hacking group, has been linked to a botnet called KV-botnet, which it has been using since at least 2022 to attack Small Office Home Office (SOHO) routers in high-value targets. The APT mainly targets routers, firewalls, and Virtual Private Network (VPN) devices to proxy malicious traffic so that it blends in with legitimate traffic and thus goes undetected.

According to security researchers at Chainalysis, approval phishing scams have been used to steal at least $1bn in cryptocurrency since May 2021.  The researchers estimate that this technique, which is frequently used by romance scammers, has led to crypto users losing at least $374m so far in 2023.  The researchers noted that approval phishing is a type of crypto scam in which attackers attempt to trick targets into signing a malicious blockchain transaction that gives their address approval to spend specific tokens inside the victim’s wallet.

A database owned and operated by DonorView exposed nearly a million records containing Personally Identifiable Information (PII) of donors who sent money to non-profits. DonorView provides a cloud-based fundraising platform used by schools, charities, religious institutions, and other charitable or philanthropic organizations. Jeremiah Fowler, an information security researcher, discovered 948,029 records exposed online, including donor names, addresses, phone numbers, emails, payment methods, and more.

According to a recent study by researchers from ZeroFox, the share of ransomware attacks by the infamous LockBit 3.0 hackers is slowly declining. In Europe, there is also a slow decline, but it is almost negligible. The number of ransomware attacks claimed by the notorious hacker gang LockBit 3.0 has decreased over the past year. This hacker gang accounted for about 15 percent of all ransomware attacks in the third quarter of 2023. This percentage was still around 29 percent of the total in the first quarter of this year.

The LockBit ransomware operation is now starting to recruit affiliates and developers from the BlackCat/ALPHV and NoEscape ransomware gangs after recent disruptions and exit scams.  Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly became inaccessible without warning.  According to affiliates associated with NoEscape, the ransomware operators pulled an exit scam, stealing millions of dollars in ransom payments and shutting off the operation's web panels and data leak sites.

Beyond the technical core of cybersecurity, there are complex policy and regulatory aspects. Therefore, the National Cybersecurity Consortium (NCC) has provided funding to the University of Calgary's Faculty of Law to develop programming aimed at training future lawyers, legal academics, and policy experts, as well as to advise on law and policy issues concerning and shaped by cybersecurity.

According to the Cybernews research team, customers at nine Russian cryptocurrency exchanges have been exposed, with private user data being revealed for over two months. The team independently verified the authenticity of the cryptocurrency exchange user data leaks. Although the exchanges are small, the estimated number of customers involved is over 500,000. Full names, credit card numbers, emails, IP addresses, amounts for payment or withdrawal requests, and more, are all part of the data collection. The leaked data included over 615,000 payment requests and 28,000 withdrawal requests.

French authorities recently arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments.  The suspect was apprehended after the French Anti-Cybercrime Office (OFAC) linked him to digital wallets that received millions of U.S. dollars from suspicious sources based on his activity on social networks.  French authorities also seized €570,000 worth of cryptocurrency assets when they detained the 40-year-old suspect and Cyprus resident on December 5.