On December 19, 2023, the FBI successfully dismantled one of the ALPHV/BlackCat ransomware sites. The customary FBI banner now adorns its main page, while the other sites associated with the cybercrime gang remain operational. This development may be linked to the recent 5-day disruption of the entire gang’s Darknet infrastructure.

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. In late October 2023, Atlassian issued a warning about a critical security flaw, CVE-2023-22518 (CVSS score 9.1), impacting all versions of Confluence Data Center and Server. This improper authorization issue poses a significant risk of data loss if exploited by an unauthenticated attacker.

This week, the threat actor group Anonymous Global (AnonGlobal) has introduced a new website designed for user engagement in attacks directed at Israel. Despite the site’s current inaccessibility, the group already claims already facilitated attacks resulting in the takedown of three Israeli websites. This innovative approach marks a departure from traditional threat actor tactics, aiming to involve ordinary individuals in their attacks.

A new alliance has emerged, posing a significant risk to governments, businesses, and individuals worldwide. On February 6th, 2024, a Telegram channel was created, uniting 18 hacking groups from across the globe under the banner of hacktivism. This report by Cyberint delves into the depths of this alliance, analyzing its origins, motives, activities, and potential impact. It then offers recommendations for organizations and individuals to strengthen their cybersecurity posture.

“The evolving threat landscape” sounds like an overused clichè; however, marked shifts in threat actor tactics in the past year are evidence of widespread and brazen growth in confidence among threat actors. Evident in recent incidents, such as ALPHV, AKA Black Cat’s exploitation of legal avenues, and the emergence of “The Five Families” alliance, cybercriminals are stretching their levels of coordination and reach.

In 2022, more than 25,000 new CVEs were discovered and added to the NIST National Vulnerability Database. In just the first ten months of 2023, another 23,500 CVEs were identified and added to the NIST NVD. That’s more than 48,000 new vulnerabilities documented in less than 2 years! With so many new CVEs being identified all the time, vulnerability management can seem like an insurmountable challenge. Despite the staggering numbers, there’s good news.

The information stealers ecosystem continues to expand as we witness the ongoing maintenance and new capabilities in the latest stealers versions. 2023 was a good year for InfoStealers as they keep evolving along with exploiting the popular vulnerabilities from the last years to infiltrate targeted devices. InfoStealer malware has become increasingly widespread, new business models are being introduced and new detection evasion capabilities are being implemented.

For phishing scammers, the holidays are the most wonderful time of the year – or so holiday phishing trends would suggest. Cyberint research shows that phishing alerts surged by 46 percent last December compared to the monthly average observed throughout the year. Similarly, an Akamai study found a 150 percent increase in phishing victims between mid-October and late November 2021.

The data about the rise of phishing attacks against businesses in the United Kingdom is in, and it’s bleak: UK phishing reports indicate that 79 percent of organizations in the UK were targeted by phishing attacks in the past year. Meanwhile, phishing is the initial attack vector in 36 percent of all data breaches globally, according to Verizon’s 2023 Data Breach Investigations Report. And 80,000 new phishing sites appear every month, according to Cyberint research.

DCRat, also known as Dark Crystal Rat has been around since 2018. It operates as a modular remote access trojan (RAT) offered as a Malware-as-a-Service (MaaS) and has garnered attention due to its cost-effectiveness and adaptability. The malware is purpose-built to provide threat actors unauthorized access to systems by circumventing security measures.