#Scam #Crypto #CERT #DRP
The Wrong Vitalik.
Crypto scammers make off with $1.6 million in yet another fake YouTube giveaway
🔍Between February 16 and 18, Group-IB DRP and CERT teams detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and other) from legitimate events to create fraudulent streams.
One such stream featuring footage of Vitalik Buterin attracted more than 165,000 viewers who were promised that their crypto savings would be doubled in real time. In the stream description, the scammers spread the links to the websites with instructions on how double crypto investments.
🕸Group-IB experts identified 29 interconnected fake websites. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 connected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.
💰In total, 30 crypto wallets controlled by the scammers received received 281 transactions in total amounting to more than $1,680,000 within three days of monitoring.
More details in our fresh research: https://bit.ly/371YNVu
The Wrong Vitalik.
Crypto scammers make off with $1.6 million in yet another fake YouTube giveaway
🔍Between February 16 and 18, Group-IB DRP and CERT teams detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and other) from legitimate events to create fraudulent streams.
One such stream featuring footage of Vitalik Buterin attracted more than 165,000 viewers who were promised that their crypto savings would be doubled in real time. In the stream description, the scammers spread the links to the websites with instructions on how double crypto investments.
🕸Group-IB experts identified 29 interconnected fake websites. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 connected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.
💰In total, 30 crypto wallets controlled by the scammers received received 281 transactions in total amounting to more than $1,680,000 within three days of monitoring.
More details in our fresh research: https://bit.ly/371YNVu
Group-IB
Scammers make off with $1.6 million in crypto
Fake giveaways hit bitcoiners again. Now on YouTube
#Darknet #RaidForums #ThreatIntelligence
Future of market for stolen data doesn’t seem too bleak after RaidForums takedown
🕵️♀️Yesterday, the US Department of Justice announced the takedown of RaidForums, one of the most popular underground forums for hackers selling and buying personal records. As a result of the joint international operation dubbed TOURNIQUET, involving Europol and law enforcement agencies from 6 countries, the forum’s alleged administrator and two accomplices have been arrested.
Founded in 2015, RaidForums quickly became a one stop shop for compromised personal information, such as SSN, account credentials, names, email and other PII. RaidForums had more than 500,000 users at its peak. Thousands of stolen databases were posted on Raid every month both for free and for purchase.
The official announcement did not come until last night, even though the alleged administrator, a 21 year old citizen of Portugal, Diogo Santos Coelho (aka Omnipotent, Downloading, Shiza, and KevinMaradona), had been arrested in the UK on January 31. Nevertheless, experiencing outages occasionally, the forum continued its work until April when a seizure banner appeared on its home page.
Last days of RaidForums
According to Group-IB Threat Intelligence, at the end of January, a dedicated Telegram chat informed the users of RaidForums that Omnipotent, the forum’s administrator, would go on holiday from January 31. A few days later, on February 7, the forum went down for the first time since January 31. The outage could have allegedly been caused by the law enforcement actions.
🦁Unlike the forum, which resumed operation on February 12, Omnipotent never appeared online again. While the forum was down, the users started to come up with their own different version of what happened. Some assumed that Omnipotent could have been arrested by the authorities, the admins had their own version that Omnipotent had been attacked by a mountain lion and ended up in hospital.
The forum stopped working properly again on February 25. Instead of forum threads the users would only see the login form that would always show an error. Initially, some users assumed that the outage was due to the fact that the forum team had voiced their support to Ukraine and promised to block all the account holders with Russian IPs. Two days later, however, it was confirmed that the forum had been seized by the law enforcement authorities. The RaidForums’ admins posted the message about the takedown in their Telegram channel. All the messages in the chat were deleted shortly after.
What's next?
📈Group-IB’s head of cybercrime research, Oleg Dyorov, believes that it will not take long until the RaidForums’ successors make their presence felt. “When it became clear that RaidForums would not come back, one of the forum old-timers, Pompompurin, announced a new project, almost a complete copy of Raid, and invited the users to join. The market is recovering and many buyers and sellers known to us have already switched over to a new forum to continue illicit operations.”
Future of market for stolen data doesn’t seem too bleak after RaidForums takedown
🕵️♀️Yesterday, the US Department of Justice announced the takedown of RaidForums, one of the most popular underground forums for hackers selling and buying personal records. As a result of the joint international operation dubbed TOURNIQUET, involving Europol and law enforcement agencies from 6 countries, the forum’s alleged administrator and two accomplices have been arrested.
Founded in 2015, RaidForums quickly became a one stop shop for compromised personal information, such as SSN, account credentials, names, email and other PII. RaidForums had more than 500,000 users at its peak. Thousands of stolen databases were posted on Raid every month both for free and for purchase.
The official announcement did not come until last night, even though the alleged administrator, a 21 year old citizen of Portugal, Diogo Santos Coelho (aka Omnipotent, Downloading, Shiza, and KevinMaradona), had been arrested in the UK on January 31. Nevertheless, experiencing outages occasionally, the forum continued its work until April when a seizure banner appeared on its home page.
Last days of RaidForums
According to Group-IB Threat Intelligence, at the end of January, a dedicated Telegram chat informed the users of RaidForums that Omnipotent, the forum’s administrator, would go on holiday from January 31. A few days later, on February 7, the forum went down for the first time since January 31. The outage could have allegedly been caused by the law enforcement actions.
🦁Unlike the forum, which resumed operation on February 12, Omnipotent never appeared online again. While the forum was down, the users started to come up with their own different version of what happened. Some assumed that Omnipotent could have been arrested by the authorities, the admins had their own version that Omnipotent had been attacked by a mountain lion and ended up in hospital.
The forum stopped working properly again on February 25. Instead of forum threads the users would only see the login form that would always show an error. Initially, some users assumed that the outage was due to the fact that the forum team had voiced their support to Ukraine and promised to block all the account holders with Russian IPs. Two days later, however, it was confirmed that the forum had been seized by the law enforcement authorities. The RaidForums’ admins posted the message about the takedown in their Telegram channel. All the messages in the chat were deleted shortly after.
What's next?
📈Group-IB’s head of cybercrime research, Oleg Dyorov, believes that it will not take long until the RaidForums’ successors make their presence felt. “When it became clear that RaidForums would not come back, one of the forum old-timers, Pompompurin, announced a new project, almost a complete copy of Raid, and invited the users to join. The market is recovering and many buyers and sellers known to us have already switched over to a new forum to continue illicit operations.”
Europol
One of the world’s biggest hacker forums taken down | Europol
Launched in 2015, RaidForums was considered one of the world’s biggest hacking forums with a community of over half a million users. This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations…
👍2
#OldGremlin #Ransomware #ThreatIntelligence
Old Gremlins, New Methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia.
OldGremlin remains one of the very few Russian-speaking gangs targeting companies in Russia. As such, the gremlins conducted two mass email campaigns in March, detected by Group-IB Threat Intelligence team.
We analyzed their latest attacks and tools.
A quick recap of our latest blog post:
📍Well-crafted phishing emails exploiting trending news
📍High-quality decoy documents
📍New custom tool TinyFluff - successor to TinyNode
📍Techniques mapped to MITRE ATT&CK and IOCs
To learn more ➡️ https://bit.ly/3jBjk63
Old Gremlins, New Methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia.
OldGremlin remains one of the very few Russian-speaking gangs targeting companies in Russia. As such, the gremlins conducted two mass email campaigns in March, detected by Group-IB Threat Intelligence team.
We analyzed their latest attacks and tools.
A quick recap of our latest blog post:
📍Well-crafted phishing emails exploiting trending news
📍High-quality decoy documents
📍New custom tool TinyFluff - successor to TinyNode
📍Techniques mapped to MITRE ATT&CK and IOCs
To learn more ➡️ https://bit.ly/3jBjk63
#digitalrisk #cybersecurityawareness
Save the date: Digital Risk Summit 2022 is coming on May 26
✅One of the most important online events hosted by Group-IB, Digital Risk Summit is an unmissable rendezvous of top-notch cybersecurity experts, industry key players, independent researchers, law enforcement agencies, and other tech leaders. We bring all of them together to promote our common mission: to fight against cybercrime by discussing new threats, sharing practical experience and insights.
🔹 The growing scam threat, how it is changing and what trends can we expect in the future
🔹 What experts evaluate as a top priority threat in their regions and industries
🔹 How international cooperation in case of scam intelligence can help to mitigate risks
🔹 How companies protect their business
👉The event is intended for a variety of participants: CISOs, CIOs, marketing officers, legal and compliance teams, digital content creators, incident responders and investigators, and more.
✅Join us on May 26, and forge a path towards a more secure and joined-up future! Register now 👈
Save the date: Digital Risk Summit 2022 is coming on May 26
✅One of the most important online events hosted by Group-IB, Digital Risk Summit is an unmissable rendezvous of top-notch cybersecurity experts, industry key players, independent researchers, law enforcement agencies, and other tech leaders. We bring all of them together to promote our common mission: to fight against cybercrime by discussing new threats, sharing practical experience and insights.
🔹 The growing scam threat, how it is changing and what trends can we expect in the future
🔹 What experts evaluate as a top priority threat in their regions and industries
🔹 How international cooperation in case of scam intelligence can help to mitigate risks
🔹 How companies protect their business
👉The event is intended for a variety of participants: CISOs, CIOs, marketing officers, legal and compliance teams, digital content creators, incident responders and investigators, and more.
✅Join us on May 26, and forge a path towards a more secure and joined-up future! Register now 👈
Oleg Skulkin, Head of Digital Forensics and Malware Analysis Lab at Group-IB, will take part in #MagnetSummit2022. Join his session "See me run: hunt bots before they ransom you".
Register now: https://bit.ly/3vhezVC
#ransomware #DFIR
Register now: https://bit.ly/3vhezVC
#ransomware #DFIR
🔥4
According to a recent study by Group-IB, #scams became the number one online crime in 2020-2021. Our experts created a project called Scamopedia in which they analyze all popular online scams and provide recommendations for companies. Check it out 👈
#DRP #CERT_GIB
#DRP #CERT_GIB
#AttackSurfaceManagement
🕵️♂️Group-IB carried out a deep dive into exposed digital assets discovered in 2021. Our Attack Surface Management team identified 308,000 incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.
💻The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
👨💻But there's some good news: a lot of the security incidents can be prevented with very little effort and a good toolset. Group-IB’s intelligence-driven Attack Surface Management solution leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by discovering all external-facing IT assets, identifying potential vulnerabilities and prioritizing issues for remediation.
For more details 👉 https://bit.ly/3ketsBZ
🕵️♂️Group-IB carried out a deep dive into exposed digital assets discovered in 2021. Our Attack Surface Management team identified 308,000 incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.
💻The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
👨💻But there's some good news: a lot of the security incidents can be prevented with very little effort and a good toolset. Group-IB’s intelligence-driven Attack Surface Management solution leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by discovering all external-facing IT assets, identifying potential vulnerabilities and prioritizing issues for remediation.
For more details 👉 https://bit.ly/3ketsBZ
Our Fraud Hunting Day is approaching!
On May 19 our experts will review the fraud trends of Q1 and also share the insights on the top emerging threats & mitigation strategies that industries can explore in the Asia-Pacific region.
Register now ➡️ https://bit.ly/3Mw9wXj
On May 19 our experts will review the fraud trends of Q1 and also share the insights on the top emerging threats & mitigation strategies that industries can explore in the Asia-Pacific region.
Register now ➡️ https://bit.ly/3Mw9wXj
Oleg Skulkin's new book 'Incident Response Techniques for Ransomware Attacks' reached number 7 in Top 100 Amazon Best Sellers in Viruses & Malware!
In his book the Head of Digital Forensics and Malware Analysis Lab at Group-IB goes into the history of ransomware and provides the skills you need to build an incident response strategy for all ransomware attacks.
In his book the Head of Digital Forensics and Malware Analysis Lab at Group-IB goes into the history of ransomware and provides the skills you need to build an incident response strategy for all ransomware attacks.
🔥16
Group-IB’s Digital Risk Protection team has detected an active Ramadan-themed scam campaign targeting users in the UAE and other Arabic-speaking countries.
"In order to lure users to scam websites, the fraudsters sent bulk WhatsApp messages and used pop-up windows and Google Ads. The scammers’ goal is to steal personal data or attract traffic to other fraudulent websites that altogether, according to Group-IB’s estimates, attract around 5,000 visitors a day", Ashraf Koheil, director of Business Development in the Middle East Africa and Turkey at Group-IB, said.
Want to learn more about the latest in-depth research findings, industry trends and get meaningful insights from cybersecurity professionals? Register for the upcoming Group-IB Digital Risk Summit 2022 ➡️ https://bit.ly/3rz9buN
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity #informationsecurity
"In order to lure users to scam websites, the fraudsters sent bulk WhatsApp messages and used pop-up windows and Google Ads. The scammers’ goal is to steal personal data or attract traffic to other fraudulent websites that altogether, according to Group-IB’s estimates, attract around 5,000 visitors a day", Ashraf Koheil, director of Business Development in the Middle East Africa and Turkey at Group-IB, said.
Want to learn more about the latest in-depth research findings, industry trends and get meaningful insights from cybersecurity professionals? Register for the upcoming Group-IB Digital Risk Summit 2022 ➡️ https://bit.ly/3rz9buN
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity #informationsecurity
👍3
Crypto scammers cashing in on Johnny Depp-Amber Heard trial.
Remember Group-IB’s report about crypto scammers who made $1.6 mil on fake YouTube streams? The scammers ran 36 fabricated cryptocurrency giveaway YouTube streams that attracted more than 165,000 viewers.
Well, they are back now. Having updated some tactics they are now trying to capitalise on the Johnny Depp-Amber Heard’s live court case.
Using a fake YouTube channel called "Johnny Depp" broadcasting the trial (viewed by 17K), crypto scammers are driving traffic to their rogue website. They demonstrate a QR code above the stream prompting the users to double their cryptocurrency. The QR code leads to a scam website musktesla2022[.]com with instructions on how to "get rich". The scammers use the name of Elon Musk and the logo of Tesla as baits.
Stay vigilant!
You can read more about how the scheme works here👈
#scam #crypto
Remember Group-IB’s report about crypto scammers who made $1.6 mil on fake YouTube streams? The scammers ran 36 fabricated cryptocurrency giveaway YouTube streams that attracted more than 165,000 viewers.
Well, they are back now. Having updated some tactics they are now trying to capitalise on the Johnny Depp-Amber Heard’s live court case.
Using a fake YouTube channel called "Johnny Depp" broadcasting the trial (viewed by 17K), crypto scammers are driving traffic to their rogue website. They demonstrate a QR code above the stream prompting the users to double their cryptocurrency. The QR code leads to a scam website musktesla2022[.]com with instructions on how to "get rich". The scammers use the name of Elon Musk and the logo of Tesla as baits.
Stay vigilant!
You can read more about how the scheme works here👈
#scam #crypto
👍3
Meet Group-IB Digital Risk Summit 2022 speakers!
Past trends are our current reality, emerging trends shape our future reality. Dealing with already well-known sophisticated methods of traffic attraction, advanced social engineering, scam attack automation, and expecting the upcoming rise of deepfake and voifake scams, scam in the metaverses, scam with cryptocurrencies or NFT…
On May 26, Anton Dolgalev, Deputy Head of Digital Risk Protection at Group-IB, will walk you through the threat landscape trends we witnessed back in 2021. And also, expect a look at the most probable scenarios for 2022.
Don’t miss out on this!
Register now ⬅️
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity #informationsecurity
Past trends are our current reality, emerging trends shape our future reality. Dealing with already well-known sophisticated methods of traffic attraction, advanced social engineering, scam attack automation, and expecting the upcoming rise of deepfake and voifake scams, scam in the metaverses, scam with cryptocurrencies or NFT…
On May 26, Anton Dolgalev, Deputy Head of Digital Risk Protection at Group-IB, will walk you through the threat landscape trends we witnessed back in 2021. And also, expect a look at the most probable scenarios for 2022.
Don’t miss out on this!
Register now ⬅️
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity #informationsecurity
We are happy to announce our next speaker at Group-IB Digital Risk Summit 2022! Jorij Abraham, General Manager at Global Anti Scam Alliance & Scamadviser, will share some actionable pointers about the current threat landscape: it concerns scammers putting all efforts to broaden and better their skills and techniques, as well as the overall evolution of scam technologies.
Don’t miss his session on May 26 to understand why we should all join our forces to fight cybercrime, and forge a path towards a more secure and joined-up future!
Click here to register⬅️
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity #informationsecurity
Don’t miss his session on May 26 to understand why we should all join our forces to fight cybercrime, and forge a path towards a more secure and joined-up future!
Click here to register⬅️
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity #informationsecurity
👍6
Nature abhors a vacuum, if you don’t mark (and secure) your digital presence, someone else surely will.
On May 26, Bojan Simetic, Head of Cyber Threat Intelligence at United Nations International Computing Centre, will join us for the Digital Risk Summit and explain why the official presence of non-commercial or intergovernmental organizations in social media is so important.
Register ⬅️
#DigitalRiskSummit2022 #digitalriskprotection
On May 26, Bojan Simetic, Head of Cyber Threat Intelligence at United Nations International Computing Centre, will join us for the Digital Risk Summit and explain why the official presence of non-commercial or intergovernmental organizations in social media is so important.
Register ⬅️
#DigitalRiskSummit2022 #digitalriskprotection