In 2023, a threat actor known as Water Curupira was observed actively distributing the PikaBot loader malware through spam campaigns. According to Trend Micro researchers, PikaBot's operators conducted phishing campaigns against victims using two components, a loader and a core module, which enabled unauthorized remote access and the execution of arbitrary commands via an established connection with their command-and-control (C2) server. The activity began in the first quarter of 2023 and continued until the end of June before resuming in September.

According to security researchers at Cisco Threat Detection and Response, the number of organizations named a CVE Numbering Authority (CNA) and the number of Common Vulnerabilities and Exposures (CVE) identifiers assigned in 2023 has increased compared to the previous year.  The researchers noted that 28,902 CVEs were published in 2023, up from 25,081 in 2022.  This is an average of nearly 80 new CVEs per day.  The number of published CVEs has been steadily increasing since 2017.

According to security researchers at Nozomi Networks, vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization.  The researchers found security holes in Bosch Rexroth’s NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench (also known as a nutrunner) designed for safety-critical tightening operations.

A Nigerian national is going to go to jail for 10 years and one month and is ordered to pay almost $1.5m in restitution after being convicted of serious money laundering offenses.  Olugbenga Lawal, 33, of Indianapolis, Indiana, was convicted in August last year of conspiring to commit money laundering after three co-conspirators had already pleaded guilty to the same crime.  According to the Department of Justice (DoJ), he laundered millions of dollars generated by various internet fraud schemes, including romance scams and business email compromise (BEC).

According to a team led by researchers at Pennsylvania State University, people process information more efficiently on mobile phones but are less vigilant about misinformation than on Personal Computers (PCs), especially when users have developed a mobile phone routine or habit. The researchers also discovered that PC users are more likely to click on malicious links in phishing e-mails. Their findings have implications for cybersecurity and highlight the need for more alerts on mobile devices to combat misinformation and warnings on PCs to reduce susceptibility to phishing attempts.

In the attacks on Albanian organizations earlier in December 2023, Iran-linked hackers used wiper malware dubbed No-Justice. The attacks, linked to the Iranian threat actor known as Homeland Justice, targeted the Albanian parliament, two telecommunications companies, and the country's flag air carrier. Although the hackers claimed to have stolen data from the targeted systems, this claim has yet to be confirmed. ClearSky researchers identified two main tools used in this campaign: No-Justice and a PowerShell script.

According to the Cybernews research team, Saudi Arabia's Ministry of Industry and Mineral Resources (MIM) had an environment file exposed for 15 months, leaving sensitive information open to anyone. An environment file is a critical component for any system because it serves as a set of instructions for computer programs. Leaving environment files open to the public exposes critical data and gives threat actors opportunities for attacks.

According to recent research conducted by Noname Security, many organizations say they understand the importance of properly protecting Application Programming Interfaces (APIs), but in practice, these organizations do not appear to do so. This seems to be due to a fundamental lack of knowledge. APIs are used to connect various components in almost all modern environments. Around 80 percent of all Internet traffic goes through an API at some point. APIs are used as getaway vehicles in attacks because they are effective in data exfiltration, according to Noname Security CMO Mike O'Malley.

To increase its response to worldwide cyber crime, the FBI is upping the number of cyber assistant legal attachés and adding new positions in New Delhi, Rome, and Brasilia bringing the total to 22. Cyber bad actors are showing up in a wide variety of locations and often local police have trouble coordinating efforts across countries. The program of cyber-focused agents goes back to 2011 and beefing up the staff shows a proactive approach to dealing with international cyber crime by disrupting the work of criminal groups across country boundaries.

Fortinet researchers discovered a new variant of the Bandook Remote Access Trojan (RAT) being used in phishing attacks against Windows users. Bandook has been used by different threat actors in several campaigns since 2007. The new variant, discovered in October 2023, spreads through phishing messages involving a PDF file containing a shortened URL that leads to the download of a password-protected .7z file. When the malware is extracted from the archive, it injects its payload into msinfo32.exe. This article continues to discuss the new variant of the Bandook RAT.