Phishing and scam affiliate programs are trending
🔹Another remarkable threat targeting the financial sector in H2 2020 - H1 2021 were phishing and scam affiliate programs. Group-IB experts estimate that there currently are more than 70 such programs, with their joint profit amounting to at least $10 million. On average, the amount stolen by any single threat
actor is estimated at $83.
🔹Over 70 brands from 36 countries worldwide are being exploited by the members of phishing and scam affiliate programs. The majority of brands affected were marketplaces, delivery services, carpooling services, and banking services.
More details are available in our report -> https://bit.ly/3dLL2tJ
🔹Another remarkable threat targeting the financial sector in H2 2020 - H1 2021 were phishing and scam affiliate programs. Group-IB experts estimate that there currently are more than 70 such programs, with their joint profit amounting to at least $10 million. On average, the amount stolen by any single threat
actor is estimated at $83.
🔹Over 70 brands from 36 countries worldwide are being exploited by the members of phishing and scam affiliate programs. The majority of brands affected were marketplaces, delivery services, carpooling services, and banking services.
More details are available in our report -> https://bit.ly/3dLL2tJ
#report #cybercrime #HTCT #APT
Group-IB presents the fourth volume of its Hi-Tech Crime Trends 2021/2022 report “Cyberwarfare: state-sponsored operations in cyberspace” ⚡️⚡️⚡️
⚠️Concerns over nation-state attackers grow every year. Group-IB’s previous Hi-Tech Crime Trends reports have detailed how long-term espionage campaigns run by intelligence agencies occurred alongside episodes of open interstate military confrontation, which in some cases resulted in infrastructure being physically destroyed.
🎯The H2 2020 - H1 2021 period has shown that state-sponsored hacker groups can launch large-scale attacks to which even the most high-level targets are vulnerable. We all remember how by hacking into the US software developer SolarWinds, cybercriminals compromised cybersecurity market leaders, as well as several US government agencies.
🔸Recently, state-backed attackers became less isolated from the rest of the cybercriminal world. More and more often, they use publicly available tools and resort to underground services. They do not shy away from buying initial access from other attackers or exchange malicious tools with them. Group-IB’s hypothesis that the boundaries between nation-state and financially-motivated attackers are beginning to fade is confirmed by the fact that more state-sponsored hackers are trying their luck in new fields to increase their profits.
In our fresh report, available exclusively to Group-IB Threat Intelligence & Attribution customers, we:
🔸examine new players who have appeared on the map of interstate confrontation in cyberspace;
🔸describe their most significant operations;
🔸analyze their tools;
🔸provide a list of threats to companies in the telecommunications, energy, and IT sectors;
🔸tell about how state-sponsored hackers make extra money;
🔸and of course provide forecasts on the evolving threat landscape for various
sectors.
Fortunately, you can get access to the report by requesting the demo of Group-IB's Threat Intelligence & Attribution system that provides high-fidelity threat intelligence data tailored to your specific organization -> https://bit.ly/3sbd6PU
Group-IB presents the fourth volume of its Hi-Tech Crime Trends 2021/2022 report “Cyberwarfare: state-sponsored operations in cyberspace” ⚡️⚡️⚡️
⚠️Concerns over nation-state attackers grow every year. Group-IB’s previous Hi-Tech Crime Trends reports have detailed how long-term espionage campaigns run by intelligence agencies occurred alongside episodes of open interstate military confrontation, which in some cases resulted in infrastructure being physically destroyed.
🎯The H2 2020 - H1 2021 period has shown that state-sponsored hacker groups can launch large-scale attacks to which even the most high-level targets are vulnerable. We all remember how by hacking into the US software developer SolarWinds, cybercriminals compromised cybersecurity market leaders, as well as several US government agencies.
🔸Recently, state-backed attackers became less isolated from the rest of the cybercriminal world. More and more often, they use publicly available tools and resort to underground services. They do not shy away from buying initial access from other attackers or exchange malicious tools with them. Group-IB’s hypothesis that the boundaries between nation-state and financially-motivated attackers are beginning to fade is confirmed by the fact that more state-sponsored hackers are trying their luck in new fields to increase their profits.
In our fresh report, available exclusively to Group-IB Threat Intelligence & Attribution customers, we:
🔸examine new players who have appeared on the map of interstate confrontation in cyberspace;
🔸describe their most significant operations;
🔸analyze their tools;
🔸provide a list of threats to companies in the telecommunications, energy, and IT sectors;
🔸tell about how state-sponsored hackers make extra money;
🔸and of course provide forecasts on the evolving threat landscape for various
sectors.
Fortunately, you can get access to the report by requesting the demo of Group-IB's Threat Intelligence & Attribution system that provides high-fidelity threat intelligence data tailored to your specific organization -> https://bit.ly/3sbd6PU
#report #cybercrime #HTCT #APT
🔎We would like to shed some light on the content of our new report and reveal some of its highlights:
🔸During the reporting period, 11 new APT groups specializing in cyber espionage were discovered. Two of them — Dark Halo and HAFNIUM — conducted the most large-scale operations, competing with each other for the highest number of infected companies.
🔸The largest number of active APT groups was detected in the Asia-Pacific region, just like in the previous review period.
🔸One of the trends observed in the reporting period was APT groups using rootkits and vulnerabilities to compromise BIOS/UEFI and subsequently gain control over a system.
🔸The development of 5G technologies triggered the intensification of espionage campaigns, presumably aimed at competing for new markets in Southeast Asia, Europe, and the United States.
🔸The number of attacks on IT companies is growing year after year. In most cases, IT companies are a springboard for supply-chain attacks aimed to compromise customers further.
More findings are in our report, which can be accessed by requesting Group-IB Threat Intelligence & Attribution demo -> https://bit.ly/3sbd6PU
🔎We would like to shed some light on the content of our new report and reveal some of its highlights:
🔸During the reporting period, 11 new APT groups specializing in cyber espionage were discovered. Two of them — Dark Halo and HAFNIUM — conducted the most large-scale operations, competing with each other for the highest number of infected companies.
🔸The largest number of active APT groups was detected in the Asia-Pacific region, just like in the previous review period.
🔸One of the trends observed in the reporting period was APT groups using rootkits and vulnerabilities to compromise BIOS/UEFI and subsequently gain control over a system.
🔸The development of 5G technologies triggered the intensification of espionage campaigns, presumably aimed at competing for new markets in Southeast Asia, Europe, and the United States.
🔸The number of attacks on IT companies is growing year after year. In most cases, IT companies are a springboard for supply-chain attacks aimed to compromise customers further.
More findings are in our report, which can be accessed by requesting Group-IB Threat Intelligence & Attribution demo -> https://bit.ly/3sbd6PU
#report #cybercrime #HTCT #scam #phishing
Group-IB presents the fifth volume of its Hi-Tech Crime Trends 2021/2022 report “Scams and Phishing: The epidemic of online fraud” ⚡️⚡️⚡️
👉We finally release the concluding part of our 5-volume Hi-Tech Crime Trends 2021/2022 report — “Scams and Phishing: The epidemic of online fraud.” In this paper, Group-IB’s CERT-GIB and Digital Risk Protection analysts analyze major scam campaigns, instruments used and threat actors’ infrastructure.
⚔️The COVID-19 pandemic was the main reason for the explosive growth of online scams. According to Group-IB’s data, fraud accounted for 74.5% of all online crimes in the first half of 2021. More than half (57%) of all cybercrimes were scams (a type of fraud in which victims voluntarily make payments or disclose their data), while phishing (theft of bank card data) accounted for just 17.5%.
📑Here are some other highlights and trends from our fresh report:
🔹 Group-IB specialists helped block more than 14,000 phishing resources hosted
on some 12,000 unique domains. About 20% of phishing websites were hosted on compromised legitimate resources.
🔹 Classiscam became one of the largest, longest, and most technically advanced hybrid scam campaigns in the world. As at the end of 2021, 70 active affiliate programs use this scheme, targeting more than 80 international brands from 36 countries.
🔹An increase in phishing targeting online services (16%) and social media (8%) has been recorded.
🔹The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams.
✅ More trends and forecasts for the development of online fraud are in our fresh report —> https://bit.ly/3GXLtOb
Group-IB presents the fifth volume of its Hi-Tech Crime Trends 2021/2022 report “Scams and Phishing: The epidemic of online fraud” ⚡️⚡️⚡️
👉We finally release the concluding part of our 5-volume Hi-Tech Crime Trends 2021/2022 report — “Scams and Phishing: The epidemic of online fraud.” In this paper, Group-IB’s CERT-GIB and Digital Risk Protection analysts analyze major scam campaigns, instruments used and threat actors’ infrastructure.
⚔️The COVID-19 pandemic was the main reason for the explosive growth of online scams. According to Group-IB’s data, fraud accounted for 74.5% of all online crimes in the first half of 2021. More than half (57%) of all cybercrimes were scams (a type of fraud in which victims voluntarily make payments or disclose their data), while phishing (theft of bank card data) accounted for just 17.5%.
📑Here are some other highlights and trends from our fresh report:
🔹 Group-IB specialists helped block more than 14,000 phishing resources hosted
on some 12,000 unique domains. About 20% of phishing websites were hosted on compromised legitimate resources.
🔹 Classiscam became one of the largest, longest, and most technically advanced hybrid scam campaigns in the world. As at the end of 2021, 70 active affiliate programs use this scheme, targeting more than 80 international brands from 36 countries.
🔹An increase in phishing targeting online services (16%) and social media (8%) has been recorded.
🔹The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams.
✅ More trends and forecasts for the development of online fraud are in our fresh report —> https://bit.ly/3GXLtOb
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#scam #fraud #DRP #phishing
Group-IB uncovers an ongoing worldwide scam campaign targeting users in over 90 countries worldwide⚠️
Group-B Digital Risk Protection (DRP) team has revealed an ongoing scam campaign targeting users in over 90 countries all around the world, including the United States, Canada, South Korea, and Italy. The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120.
The potential victim pool of a single scam network is estimated at about 10 million people, while the potential damage totaled about $80 million per month, according to Group-IB’s Digital Risk Protection unit.
More details -> https://bit.ly/3e9MCpw
Group-IB uncovers an ongoing worldwide scam campaign targeting users in over 90 countries worldwide⚠️
Group-B Digital Risk Protection (DRP) team has revealed an ongoing scam campaign targeting users in over 90 countries all around the world, including the United States, Canada, South Korea, and Italy. The fraudsters employ the tried and tested technique with fake surveys and giveaways purporting to be from popular brands to steal users’ personal and payment data, with the total number of big-name companies impersonated in the scheme exceeding 120.
The potential victim pool of a single scam network is estimated at about 10 million people, while the potential damage totaled about $80 million per month, according to Group-IB’s Digital Risk Protection unit.
More details -> https://bit.ly/3e9MCpw
#scam #fraud #DRP #phishing
According to Group-IB's DRP analysts, this type of fraud has been spotted in 91 countries, with cybercriminals exploiting at least 121 brands as bait. The analysis of the server’s infrastructure that hosted scam websites indicates that the scam’s target regions are Europe (36.3%), Africa (24.2%), and Asia (23.1%).
The new wave of the scam is particularly persistent thanks to an innovation in the scammers’ toolset — targeted links, which makes investigating and tackling such attacks increasingly challenging. More about the targeted link structure and the scam mechanics in a fresh blog post by Group-IB's #DRP analysts -> https://bit.ly/3mmKD5G
According to Group-IB's DRP analysts, this type of fraud has been spotted in 91 countries, with cybercriminals exploiting at least 121 brands as bait. The analysis of the server’s infrastructure that hosted scam websites indicates that the scam’s target regions are Europe (36.3%), Africa (24.2%), and Asia (23.1%).
The new wave of the scam is particularly persistent thanks to an innovation in the scammers’ toolset — targeted links, which makes investigating and tackling such attacks increasingly challenging. More about the targeted link structure and the scam mechanics in a fresh blog post by Group-IB's #DRP analysts -> https://bit.ly/3mmKD5G
#ransomware #RaaS #cybercrime
Did you know that the history of ransomware attacks covers slightly over 30 years? 🗓
📍The first prototype of what we today know as ransomware appeared as early as in 1989. Many concepts that we currently perceive as indispensable attributes of ransomware — exorbitant ransoms, Ransomware-as-a-Service (RaaS) programs, and data leak sites (DLS) — were yet to come.
👉In a fresh byline for HelpNetSecurity, Group-IB Head of Cybercrime Research Dmitry Shestakov gives an overview of how Ransomware-as-a-Service developed, highlights the tipping points in the contemporary history of ransomware, and identifies the main factors of this market's explosive growth.
Check it out -> https://www.helpnetsecurity.com/2021/12/22/ransomware-empire/
Did you know that the history of ransomware attacks covers slightly over 30 years? 🗓
📍The first prototype of what we today know as ransomware appeared as early as in 1989. Many concepts that we currently perceive as indispensable attributes of ransomware — exorbitant ransoms, Ransomware-as-a-Service (RaaS) programs, and data leak sites (DLS) — were yet to come.
👉In a fresh byline for HelpNetSecurity, Group-IB Head of Cybercrime Research Dmitry Shestakov gives an overview of how Ransomware-as-a-Service developed, highlights the tipping points in the contemporary history of ransomware, and identifies the main factors of this market's explosive growth.
Check it out -> https://www.helpnetsecurity.com/2021/12/22/ransomware-empire/
This media is not supported in your browser
VIEW IN TELEGRAM
#conference #CyberCrimeCon21 #cybersecurity #APT #vulnerability
It's the time we've all been waiting for🔥🔥🔥
The video recordings of CyberCrimeCon21 conference are now available on the event's website. This your chance to catch up on the sessions you might have missed:
🔸 Keynote address by Group-IB CEO Dmitry Volkov;
🔸 Session, during which you will learn who might be selling access to your company;
🔸Tale of the rise and fall of The Fraud Family;
🔸 Report about the Number 1 cyber threat — ransomware;
🔸 Story about APT41’s 2021 world tour;
🔸 Review of APTs' espionage campaigns in APAC
... And even more presentations by speakers from INTERPOL, Europol, SentinelOne, CyberSOC Africa, IstroSec, Positive Technologies, VNPT Cyber Immunity, and Computest
Check it out and enjoy the show -> https://cybercrimecon.com
It's the time we've all been waiting for🔥🔥🔥
The video recordings of CyberCrimeCon21 conference are now available on the event's website. This your chance to catch up on the sessions you might have missed:
🔸 Keynote address by Group-IB CEO Dmitry Volkov;
🔸 Session, during which you will learn who might be selling access to your company;
🔸Tale of the rise and fall of The Fraud Family;
🔸 Report about the Number 1 cyber threat — ransomware;
🔸 Story about APT41’s 2021 world tour;
🔸 Review of APTs' espionage campaigns in APAC
... And even more presentations by speakers from INTERPOL, Europol, SentinelOne, CyberSOC Africa, IstroSec, Positive Technologies, VNPT Cyber Immunity, and Computest
Check it out and enjoy the show -> https://cybercrimecon.com
#ThreatIntelligence #MITRE
How to make the most of threat intelligence with MITRE ATT&CK®?
The MITRE ATT&CK® framework became the industry standard to describe attack tactics and techniques. It's used by SOC analysts, DFIR experts, Red teams, threat hunters, threat intelligence analysts, because it provides quick answers about how different threats operate and how security teams can detect and stop them. The matrix gives teams a concise overview, as well as the ability to deep dive should they still need thorough threat intelligence.
We use this framework within Group-IB's Threat Intelligence & Attribution system in three different scenarios:
📍 To describe activity of the threat actor
📍 To describe techniques relevant to the particular malware family
📍 As a separate tool for security experts
Read our latest blog post to learn how Group-IB’s customers benefit from mapping capabilities within Threat Intelligence & Attribution system.
➡️ https://bit.ly/3qeRj7i
How to make the most of threat intelligence with MITRE ATT&CK®?
The MITRE ATT&CK® framework became the industry standard to describe attack tactics and techniques. It's used by SOC analysts, DFIR experts, Red teams, threat hunters, threat intelligence analysts, because it provides quick answers about how different threats operate and how security teams can detect and stop them. The matrix gives teams a concise overview, as well as the ability to deep dive should they still need thorough threat intelligence.
We use this framework within Group-IB's Threat Intelligence & Attribution system in three different scenarios:
📍 To describe activity of the threat actor
📍 To describe techniques relevant to the particular malware family
📍 As a separate tool for security experts
Read our latest blog post to learn how Group-IB’s customers benefit from mapping capabilities within Threat Intelligence & Attribution system.
➡️ https://bit.ly/3qeRj7i
#CTF #ThreatIntelligence #TISC
Group-IB Adversary Intelligence Research Lead becomes one of the creators of TISC 2021 CTF challenges👏
Group-IB Adversary Intelligence Research Lead Feixiang He became the author of one of the challenges for The InfoSecurity Challenge (TISC) 2021 organized by the Centre for Strategic Infocomm Technologies, a lead digital technology agency in Singapore’s Ministry of Defence.
📢"Compared with conventional methods, CTFs are great platforms to identify new cyber security talents. I had observed such talent among the participants in TISC 2020, so as soon as I learnt that the TISC 2021 were open to the public, I immediately started planning for my challenge," Feixiang says.
Read an exclusive interview with Feixiang to learn more about the CTF "backstage" -> https://www.csit.gov.sg/tisc/interview-with-challenge-creators#
Group-IB Adversary Intelligence Research Lead becomes one of the creators of TISC 2021 CTF challenges👏
Group-IB Adversary Intelligence Research Lead Feixiang He became the author of one of the challenges for The InfoSecurity Challenge (TISC) 2021 organized by the Centre for Strategic Infocomm Technologies, a lead digital technology agency in Singapore’s Ministry of Defence.
📢"Compared with conventional methods, CTFs are great platforms to identify new cyber security talents. I had observed such talent among the participants in TISC 2020, so as soon as I learnt that the TISC 2021 were open to the public, I immediately started planning for my challenge," Feixiang says.
Read an exclusive interview with Feixiang to learn more about the CTF "backstage" -> https://www.csit.gov.sg/tisc/interview-with-challenge-creators#
#cybersecurity #distributor #Italy
DotForce becomes Group-IB’s first distributor in Italy
As Group-IB’s first official distributor in the country, DotForce will facilitate access for system integrators and managed security service providers (MSSPs) to Group-IB’s product and service ecosystem, aimed at the prevention and investigation of cyberattacks, protection against online fraud and intellectual property misuse.
The choice of DotForce as Group-IB’s first official distributor in the region stems from the former’s strong partnership network, including cyber security specialized resellers, security boutique resellers, system integrators, consulting cyber security partners, as well as long-standing experience in procuring its clients with cutting-edge cybersecurity solutions.
➡️ https://bit.ly/31OR4r8
DotForce becomes Group-IB’s first distributor in Italy
As Group-IB’s first official distributor in the country, DotForce will facilitate access for system integrators and managed security service providers (MSSPs) to Group-IB’s product and service ecosystem, aimed at the prevention and investigation of cyberattacks, protection against online fraud and intellectual property misuse.
The choice of DotForce as Group-IB’s first official distributor in the region stems from the former’s strong partnership network, including cyber security specialized resellers, security boutique resellers, system integrators, consulting cyber security partners, as well as long-standing experience in procuring its clients with cutting-edge cybersecurity solutions.
➡️ https://bit.ly/31OR4r8