---
title: "Cybersecurity News Update, Week 5 of 2023 | DuoCircle"
description: "This week’s updates focus on Microsoft’s analysis of ransomware actors, how Porsche NFTs got hijacked, a novel POS malware, Google ad phishing campaigns."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/"
---

Quick Answer

Week 5, 2023 cyber news: Microsoft tracks 100+ ransomware actors and 50+ families (LockBit Black, BlackCat, Play, Black Basta, Royal); Porsche NFT phishing site drains crypto wallets; Prilex POS malware blocks NFC contactless to force card insertion; SwiftSlicer wiper hits Windows domains via phishing; Google Ads campaign targets Bitwarden vaults; League of Legends source code auctioned after Riot breach.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2023-2%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20News%20Update%2C%20Week%205%20of%202023&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2023-2%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2023-2%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2023-2%2F&title=Cybersecurity%20News%20Update%2C%20Week%205%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20News%20Update%2C%20Week%205%20of%202023&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-5-of-2023-2%2F "Share via Email") 

![cybersecurity update](https://media.mailhop.org/duocircle/images/2023/04/what-is-dkim-selector-4.jpg) 

This week’s updates focus on **Microsoft’s analysis** of ransomware actors, how Porsche NFTs got hijacked, a novel POS malware, Google ad [phishing](/content/phishing-prevention/what-is-phishing) campaigns, and the massive leak of League of Legends source code. Let us begin!

## Over 100 Ransomware Threat Actors Being Tracked By Microsoft

Tech giant Microsoft has highlighted a **significant surge** in the [ransomware attacks](/email-security/ransomware-attacks-are-costly-and-difficult-to-recover-from/) carried out by over 100 different threat actors.

Since last year, Microsoft has tracked over 50 unique ransomware families utilized by over 100 ransomware gangs. Ransomware attacks have been on the rise as **readily available** [RaaS (Ransomware as a Service)](https://encyclopedia.kaspersky.com/glossary/ransomware-as-a-service-raas/) models have been available on the market, which allows low-level cybercriminals to potentially make **significant gains**, as Microsoft highlighted.

> Microsoft also [said](https://twitter.com/MsftSecIntel/status/1620474467083231234), “Some of the most **prominent ransomware** **payloads** in recent campaigns include Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, & Royal.”

The tech giant states that implementing robust [cybersecurity](/) measures should be the top priority of organizations looking to stay protected against ransomware. **Regular backups** of essential data, software, and security updates and a multi-layered security approach are crucial to organizational protection.

_According to Chainalysis, the collected revenue of global ransomware gangs dropped by 40% in 2022 after a record high of $765 million in 2020._

It is also recommended that organizations or enterprises caught in a ransomware attack **avoid paying** the ransom demands as it encourages the threat actors and never guarantees the return of the **data at risk**.

## Phishing Sites Misusing Porsche NFT Launch

Porsche planned a new [NFT collection](https://www.makeuseof.com/what-is-an-nft-collection/) that was prematurely ended due to a lack of interest and mixed reactions from crypto and car enthusiasts. However, threat actors saw an opportunity and took advantage by setting up a **fake phishing website** to target crypto wallets.

Porsche went ahead with its NFT on 23 January 2023, but due to **complications** in the [minting](https://www.sofi.com/learn/content/what-is-nft-minting/#:~:text=Minting%20an%20NFT%2C%20or%20non,bought%2C%20sold%2C%20and%20traded.) process, Porsche could only deliver 20% of the promised NFTs out of the total of 7500, even after a day and three mintings. On the other hand, an **NFT resale** cheaper than the original one, which took place on OpenSea, devalued the NFTs, resulting in Porsche cutting the minting short.

[Threat actors](/email-security/threat-actors-abuse-linkedins-smart-links-in-evasive-email-phishing-attacks/) saw an opportunity and launched a phishing website in the image of the Porsche mint, making away with the crypto assets of multiple innocent individuals. The threat actors opened a **fake Twitter account** to make the website seem legitimate, amassing 11,000 followers with the promises of free NFTs and the renewal of stocks.

The fake accounts have been shut down, but you should keep an eye out for **similar attacks in the future** and always verify the legitimacy of the websites you share your information with.

## Credit Card Information Can be Targeted Using Novel POS Malware

[![Malware](https://media.mailhop.org/duocircle/images/2023/04/dmarc-report-5599.jpg)](https://media.mailhop.org/duocircle/images/2023/04/dmarc-report-5599.jpg)

[POS (Point of Sale) malware](https://www.malwarebytes.com/blog/threats/point-of-sale-pos) is the latest threat to credit card transactions, one that can **block contactless payments**, and a significant threat to popular quick and easy purchases.

_New versions of the Prilex POS malware have been identified with advanced capabilities that can block secure **NFC-enabled** **credit cards** by preventing payment terminals from recognizing payments while intercepting and stealing credit card information._

Whenever an individual initiates a contactless payment, the POS malware blocks the terminal from accepting it, forcing the individual to **insert the card** into the terminal where threat actors steal the card information.

Additionally, the threat actors are also utilizing cryptogram manipulations and [GHOST transactions](https://timesofindia.indiatimes.com/city/bhopal/ghost-transactions-baffles-sbi-credit-card-holders/articleshow/59260274.cms) to manipulate details during processing and create conflicting transactions, so the same funds are spent **multiple times**.

The POS malware is a concerning cyber threat and is highly challenging to detect. The malware can result in significant losses, so merchants and business owners should **regularly check** their payment terminals for suspicious signs and update software.

## SwiftSlicer Wiper Destroying Windows Domains

Threat actors have a new favorite tool, a new malware known as “SwiftSlicer,” with the ability to destroy **Windows domains** to cause disruption within organizations. SwiftSlicer **erases all data** on infected devices, leading to a mass disruption and rendering the machine inoperable.

SwiftSlicer is delivered via [phishing emails](/content/phishing-prevention/phishing-email) with **malicious attachments** that infect the device with malware when opened. The malware also propagates to other devices on the network, taking down machines and erasing the data of every device it infects.

SwiftSlicer is **extremely dangerous** and is designed with process hollowing to evade detection by creating a new malicious process from a simple Windows process, confusing security software and making it seem like a normal process in the running. It is a Go-based data wiper that experts have attributed to the **notorious Sandworm**.

The best protection against SwiftSlicer and other [malware](/resources/malware-and-its-defense-mechanism) includes the implementation of robust security measures such as **anti-malware solutions**, safe email practices, and regular software updates.

## Google Ads Phishing Targeting Bitwarden Password Vaults

Bitwarden fell victim to a [phishing attack](/resources/how-does-a-phishing-attack-work) via Google ads. The **password management service** identified the attack and took steps to shut it down to prevent further harm.

The phishing campaign tricks individuals into feeling their login credentials on a **fake Bitwarden login page**, and the credentials are then used to access the password vaults. Bitwarden has not seen any evidence of unauthorized access yet, but the attack was limited to a handful of individuals.

For safety, Bitwarden has advised all its users to **update** their master passwords and utilize [2FA (Two Factor Authentication)](https://www.ibm.com/topics/2fa). Bitwarden is currently investigating the attack and working with Google to determine how the threat actors were able to post **phishing ads** on Google.

The [Google Ads](https://www.scmagazine.com/brief/network-security/google-ads-exploited-for-network-breaches) phishing campaign via Google is a reminder of the cruciality of being cautious when handling sensitive information online. Phishing attacks are becoming sophisticated, and threat actors are using popular **social media sites** and commonly used platforms for their malicious purposes.

_As highlighted before, you should always check for a **website’s authenticity** before sharing confidential information online._

[![Source Code Auctioned by Hackers](https://media.mailhop.org/duocircle/images/2023/04/DMARC-report-service-4793.jpg)](https://media.mailhop.org/duocircle/images/2023/04/DMARC-report-service-4793.jpg)

## League of Legends Source Code Auctioned by Hackers

Threat actors are **auctioning** off the [source code](https://www.techopedia.com/definition/547/source-code) of one of the most popular online games, League of Legends.

Riot Games recently confirmed that some of their **internal systems** were breached. The organization did not confirm the authenticity of the leaked code but has highlighted that an investigation is ongoing and that they have taken steps to protect [player data](https://www.infosecurity-magazine.com/news/ubisoft-player-data-breach/).

On the other hand, the threat actors posted [screenshots](https://www.bleepstatic.com/images/news/security/e/extortion/riot-games/league-of-legends/forum-post-breached.jpg) of the source code. Experts are advising individuals not to participate in the **auction** as the source code might be fake or tampered with, highlighting that purchasing stolen data is illegal, inviting multiple legal consequences.

Source code is a **valuable asset** in the online gaming community, and it can allow players to access the inner workings and create hacks or cheats to get ahead in the game. Such alterations or **malicious tools** can undermine any **game’s integrity** and kill the joy of players who compete with honesty. Developers often tightly guard the source code for games, which is why the leakage of the source code is a serious problem.

The studio did not comment on the breach’s impact on the players. However, it is probable that the studio behind the game, Riot Games will release a more insightful statement to address the delicate situation. It would be best for players to **stay vigilant** while playing League of Legends or other games by the studio and watch out for suspicious activities in their [gaming accounts](https://www.infosectrain.com/news/thousands-of-online-gaming-accounts-have-been-compromised-as-a-result-of-a-huge-cyberattack/).

## Topics

email securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 7m  Cybersecurity News Update, Week 10 of 2023  Mar 6, 2023 ](/blog/announcements/cyber-security-news-update-week-10-of-2023/)[  News 4m  Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News \[March 09, 2026\]  Mar 16, 2026 ](/blog/announcements/cyber-security-news-update-week-11-of-2026/)[  News 6m  Lazarus Infects NPM, MassJacker Steals Crypto, CISA Alerts Ivanti, Cybersecurity News \[March 10, 2025\]  Mar 17, 2025 ](/blog/announcements/cyber-security-news-update-week-12-of-2025/)[  News 6m  RedCurl Ransomware Targets, CS2 Steam Phishing, Fake Converter Cyberattacks , Cybersecurity News \[March 24, 2025\]  Apr 1, 2025 ](/blog/announcements/cyber-security-news-update-week-14-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News Update, Week 5 of 2023","description":"This week’s updates focus on Microsoft’s analysis of ransomware actors, how Porsche NFTs got hijacked, a novel POS malware, Google ad phishing campaigns.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/","datePublished":"2023-04-10T12:19:43.000Z","dateModified":"2025-05-13T17:50:29.000Z","dateCreated":"2023-04-10T12:19:43.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/"},"articleSection":"announcements","keywords":"email security, News, Security, Updates","wordCount":1218,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/04/what-is-dkim-selector-4.jpg","caption":"cybersecurity update","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cybersecurity News Update, Week 5 of 2023","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cybersecurity News Update, Week 5 of 2023","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News Update, Week 5 of 2023","description":"This week’s updates focus on Microsoft’s analysis of ransomware actors, how Porsche NFTs got hijacked, a novel POS malware, Google ad phishing campaigns.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/","datePublished":"2023-04-10T12:19:43.000Z","dateModified":"2025-05-13T17:50:29.000Z","dateCreated":"2023-04-10T12:19:43.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-5-of-2023-2/"},"articleSection":"announcements","keywords":"email security, News, Security, Updates","wordCount":1218,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/04/what-is-dkim-selector-4.jpg","caption":"cybersecurity update","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```