Nature abhors a vacuum, if you don’t mark (and secure) your digital presence, someone else surely will.
On May 26, Bojan Simetic, Head of Cyber Threat Intelligence at United Nations International Computing Centre, will join us for the Digital Risk Summit and explain why the official presence of non-commercial or intergovernmental organizations in social media is so important.
Register ⬅️
#DigitalRiskSummit2022 #digitalriskprotection
On May 26, Bojan Simetic, Head of Cyber Threat Intelligence at United Nations International Computing Centre, will join us for the Digital Risk Summit and explain why the official presence of non-commercial or intergovernmental organizations in social media is so important.
Register ⬅️
#DigitalRiskSummit2022 #digitalriskprotection
Group-IB will take part in The Future of Data Centers Summit. We have something interesting coming up!
On May 23, Igor Stolyarov, DRP Business Development Director, will share some insights on trends and cases in proactive scam detection and mitigation.
Work hard, play harder! Svetlana Ostrovskaya, Principal DFIR Analyst, will hold an Incident Response game with a real case scenario.
And don't forget to visit our stand!
More details 👈
#DRP #FDC22 #cybersecurity
On May 23, Igor Stolyarov, DRP Business Development Director, will share some insights on trends and cases in proactive scam detection and mitigation.
Work hard, play harder! Svetlana Ostrovskaya, Principal DFIR Analyst, will hold an Incident Response game with a real case scenario.
And don't forget to visit our stand!
More details 👈
#DRP #FDC22 #cybersecurity
🔥4
Lockbit, Conti, and Pysa turned out to be the most aggressive ransomware gangs, according to Group-IB's second annual guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”.
Our experts analysed more than 700 attacks investigated as part of Group-IB’s own incident response engagements and cyber threat intelligence activity in 2021 and also examined ransomware DLS.
Here are some highlights from the report:
▪️The average ransom demand grew by 45% to reach $247,000 in 2021;
▪️The victim’s downtime increased from 18 days in 2020 to 22 days in 2021;
▪️A record-breaking ransom of $240 million ($30 mln in 2020) was demanded by Hive from MediaMarkt;
▪️Between the Q1’2021 and Q1’2022, ransomware gangs posted data belonging to more than 3,500 victims on DLS;
▪️Most companies whose data was posted on DLS by ransomware operators in 2021 were based in the US, Canada, and the UK.
Click here to download the new report 👈
#ransomware #research
Our experts analysed more than 700 attacks investigated as part of Group-IB’s own incident response engagements and cyber threat intelligence activity in 2021 and also examined ransomware DLS.
Here are some highlights from the report:
▪️The average ransom demand grew by 45% to reach $247,000 in 2021;
▪️The victim’s downtime increased from 18 days in 2020 to 22 days in 2021;
▪️A record-breaking ransom of $240 million ($30 mln in 2020) was demanded by Hive from MediaMarkt;
▪️Between the Q1’2021 and Q1’2022, ransomware gangs posted data belonging to more than 3,500 victims on DLS;
▪️Most companies whose data was posted on DLS by ransomware operators in 2021 were based in the US, Canada, and the UK.
Click here to download the new report 👈
#ransomware #research
🔥3
Group-IB
Lockbit, Conti, and Pysa turned out to be the most aggressive ransomware gangs, according to Group-IB's second annual guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”. Our experts analysed more than 700 attacks investigated as…
Аccording to Group-IB's report "Ransomware Uncovered 2021/2022", exploitation of public-facing RDP servers once again became the most common way to gain an initial foothold in the target network in 2021.
47% of all the attacks investigated by Group-IB DFIR experts started with compromising an external remote service. Spear phishing emails carrying commodity malware on board remained second (26%).
In general, many ransomware affiliates relied on living-off-the-land techniques and legitimate tools during the attack lifecycle. Commodity malware was often used to start post-exploitation activities via loading frameworks such as Cobalt Strike (observed in 57% of the attacks).
However, some ransomware gangs were seen trying very unconventional approaches. Want to learn more? Check out our new report👈
47% of all the attacks investigated by Group-IB DFIR experts started with compromising an external remote service. Spear phishing emails carrying commodity malware on board remained second (26%).
In general, many ransomware affiliates relied on living-off-the-land techniques and legitimate tools during the attack lifecycle. Commodity malware was often used to start post-exploitation activities via loading frameworks such as Cobalt Strike (observed in 57% of the attacks).
However, some ransomware gangs were seen trying very unconventional approaches. Want to learn more? Check out our new report👈
#INTERPOL #Delilah #BEC
🤝Operation Delilah: Group-IB helps INTERPOL nab suspected leader of transnational phishing ring.
As part of operation Delilah, Group-IB provided threat intelligence that led to the identification of the alleged head of a cybercrime syndicate that launched mass phishing campaigns and business email compromise (BEC) schemes targeting thousands of companies and individual victims. The arrest of a 37-year-old Nigerian man by the Nigeria Police Force marked the culmination of the year-long international operation coordinated and facilitated by the INTERPOL’s cybercrime directorate and supported by Group-IB, Palo Alto Networks, and Trend Micro.
Operation Delilah was preceded by INTERPOL-led Falcon I and Falcon II, carried out in 2020 and 2021 with the support of Group-IB’s Cyber Investigations Team. The two previous operations resulted in the arrest of 14 alleged members of TMT (aka SilverTerrier), a prolific BEC and phishing syndicate.
"The Delilah operation clearly demonstrates how effective cybersecurity can be when all parties are involved and motivated to protect people and companies," said Dmitry Volkov, Group-IB CEO. "We are proud to have leveraged our expertise to support another great effort aimed at disrupting cybercrime. Prompt threat intelligence sharing, private-public partnership, and effective multi-party coordination by INTERPOL’s Cybercrime Directorate were crucial to the success of the operation. We’ll continue our work to minimize the impact of cybercrime in line with Group-IB’s mission of fighting cybercrime and protecting our customers all around the world."
Click here for more details.
🤝Operation Delilah: Group-IB helps INTERPOL nab suspected leader of transnational phishing ring.
As part of operation Delilah, Group-IB provided threat intelligence that led to the identification of the alleged head of a cybercrime syndicate that launched mass phishing campaigns and business email compromise (BEC) schemes targeting thousands of companies and individual victims. The arrest of a 37-year-old Nigerian man by the Nigeria Police Force marked the culmination of the year-long international operation coordinated and facilitated by the INTERPOL’s cybercrime directorate and supported by Group-IB, Palo Alto Networks, and Trend Micro.
Operation Delilah was preceded by INTERPOL-led Falcon I and Falcon II, carried out in 2020 and 2021 with the support of Group-IB’s Cyber Investigations Team. The two previous operations resulted in the arrest of 14 alleged members of TMT (aka SilverTerrier), a prolific BEC and phishing syndicate.
"The Delilah operation clearly demonstrates how effective cybersecurity can be when all parties are involved and motivated to protect people and companies," said Dmitry Volkov, Group-IB CEO. "We are proud to have leveraged our expertise to support another great effort aimed at disrupting cybercrime. Prompt threat intelligence sharing, private-public partnership, and effective multi-party coordination by INTERPOL’s Cybercrime Directorate were crucial to the success of the operation. We’ll continue our work to minimize the impact of cybercrime in line with Group-IB’s mission of fighting cybercrime and protecting our customers all around the world."
Click here for more details.
www.interpol.int
Suspected head of cybercrime gang arrested in Nigeria
The suspect’s arrest follows a year of international police collaboration, acting on information initially shared by private partners.
Media is too big
VIEW IN TELEGRAM
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
Group-IB Digital Risk Summit 2022 is just one day away! Make sure to join us tomorrow. And for now take a look at this sneak peek video we've prepared🎥
If you missed the registration — don’t worry. We’ll be sharing the highlights of the summit in our Instagram stories.
See you soon!
Group-IB Digital Risk Summit 2022 is just one day away! Make sure to join us tomorrow. And for now take a look at this sneak peek video we've prepared🎥
If you missed the registration — don’t worry. We’ll be sharing the highlights of the summit in our Instagram stories.
See you soon!
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
Today is the day! Want to be up-to-date with the latest digital risk trends, learn more about research findings, and get meaningful insights from cybersecurity professionals? Be sure to join Group-IB Digital Risk Summit 2022 today!
If you didn’t register for the summit - don’t worry, we’ll be sharing the highlights on our social media. Stay tuned!
Today is the day! Want to be up-to-date with the latest digital risk trends, learn more about research findings, and get meaningful insights from cybersecurity professionals? Be sure to join Group-IB Digital Risk Summit 2022 today!
If you didn’t register for the summit - don’t worry, we’ll be sharing the highlights on our social media. Stay tuned!
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
During the Digital Risk Summit 2022 Antony Dolgalev, Deputy Head of Digital Risk Protection, presented the findings of Group-IB's research into various scam schemes.
Here are some highlights:
▪️Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups;
▪️Social media are more often becoming the first point of contact between scammers and their potential victims;
▪️The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively.
More details 👈
During the Digital Risk Summit 2022 Antony Dolgalev, Deputy Head of Digital Risk Protection, presented the findings of Group-IB's research into various scam schemes.
Here are some highlights:
▪️Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups;
▪️Social media are more often becoming the first point of contact between scammers and their potential victims;
▪️The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively.
More details 👈
#Webinar #Ransomware #DFIR
Ransomware-as-a-Service never ceases to impress and this year it is expanding not only quantitatively. To stand a chance against threat actors in 2022, it is vital to understand not only their latest tactics, techniques, and procedures but also what actions to take to protect against them. Join Group-IB's webinar on June 9, where Oleg Skulkin, Head of Digital Forensics and Incident Response, will give the insights into today’s ransomware threat landscape, and share detection strategies and threat hunting tips.
Register now👈
Ransomware-as-a-Service never ceases to impress and this year it is expanding not only quantitatively. To stand a chance against threat actors in 2022, it is vital to understand not only their latest tactics, techniques, and procedures but also what actions to take to protect against them. Join Group-IB's webinar on June 9, where Oleg Skulkin, Head of Digital Forensics and Incident Response, will give the insights into today’s ransomware threat landscape, and share detection strategies and threat hunting tips.
Register now👈
👍2
#APT #ThreatIntelligence #SideWinder
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17). This threat actor is believed to be originating from India and primarily targeting Pakistan. The newly discovered custom tool, codenamed SideWinder.AntiBot.Script, is being used in the gang’s phishing attack against Pakistani targets.
▪️Over the last year, Group-IB Threat Intelligence system identified 92 IP addresses that have been used by SideWinder APT for phishing emails;
▪️Pakistan remains the primary target for SideWinder. The attackers are especially interested in the Pakistani government organizations based on the discovered phishing document and public studies;
▪️Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang;
▪️SideWinder started using an anti-bot script to filter their victims - they are only interested in Pakistani users;
▪️The group continues to distribute malicious files in ZIP archives with an LNK file inside, which downloads an HTA file from a remote server;
▪️Upon discovery, Group-IB Threat Intelligence team notified relevant local authorities and shared its findings to make sure that the threat can be identified and contained at early stages.
Want to know more? Check out our new blog post👈
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17). This threat actor is believed to be originating from India and primarily targeting Pakistan. The newly discovered custom tool, codenamed SideWinder.AntiBot.Script, is being used in the gang’s phishing attack against Pakistani targets.
▪️Over the last year, Group-IB Threat Intelligence system identified 92 IP addresses that have been used by SideWinder APT for phishing emails;
▪️Pakistan remains the primary target for SideWinder. The attackers are especially interested in the Pakistani government organizations based on the discovered phishing document and public studies;
▪️Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang;
▪️SideWinder started using an anti-bot script to filter their victims - they are only interested in Pakistani users;
▪️The group continues to distribute malicious files in ZIP archives with an LNK file inside, which downloads an HTA file from a remote server;
▪️Upon discovery, Group-IB Threat Intelligence team notified relevant local authorities and shared its findings to make sure that the threat can be identified and contained at early stages.
Want to know more? Check out our new blog post👈
🔥1
#phishing #CERT
Group-IB has discovered an unprecedented phishing attack in Vietnam. The campaign impersonates 27 popular Vietnam’s financial institutions and is still active at the time of writing.
The cybercriminals seek to reap highly detailed personal information from the clients of those institutions to the extent of robbing their bank accounts. The fraudsters use techniques that allow them to bypass OTP verification.
Thanks to Group-IB’s Graph Network Analysis tool, CERT-GIB was able to identify 240 interconnected domains that are a part of the phishing campaign’s infrastructure. Upon detection of this activity, CERT-GIB immediately notified Vietnam’s national computer emergency response team VNCERT. All 240 domains have been blocked following CERT-GIB and local authorities’ efforts. Yet, new domains regularly appear.
Check out our new blog post to learn more👈
Group-IB has discovered an unprecedented phishing attack in Vietnam. The campaign impersonates 27 popular Vietnam’s financial institutions and is still active at the time of writing.
The cybercriminals seek to reap highly detailed personal information from the clients of those institutions to the extent of robbing their bank accounts. The fraudsters use techniques that allow them to bypass OTP verification.
Thanks to Group-IB’s Graph Network Analysis tool, CERT-GIB was able to identify 240 interconnected domains that are a part of the phishing campaign’s infrastructure. Upon detection of this activity, CERT-GIB immediately notified Vietnam’s national computer emergency response team VNCERT. All 240 domains have been blocked following CERT-GIB and local authorities’ efforts. Yet, new domains regularly appear.
Check out our new blog post to learn more👈
🔥8
#cybersecurity #ACDF
🤝The Africa Cyber Defense Forum (ACDF), a continental platform for public-private cooperation, announced Group-IB, one of the global cybersecurity leaders with headquarters in Singapore, & afriVAD among the sponsors of the forum edition 2022.
"We are proud to be involved in the 2022 edition of the Africa Cyber Defense Forum," says Ashraf Koheil, Group-IB’s Director of Business Development in the Middle East Africa, and Turkey. "Such events foster innovation and unlock opportunities for public-private cooperation in the cyber domain. Africa has been an important focus for Group-IB from the research and business perspectives. The expanding coverage of our global threat hunting ecosystem now allows us to pursue our mission of disrupting cybercrime in the region."
More details👈
🤝The Africa Cyber Defense Forum (ACDF), a continental platform for public-private cooperation, announced Group-IB, one of the global cybersecurity leaders with headquarters in Singapore, & afriVAD among the sponsors of the forum edition 2022.
"We are proud to be involved in the 2022 edition of the Africa Cyber Defense Forum," says Ashraf Koheil, Group-IB’s Director of Business Development in the Middle East Africa, and Turkey. "Such events foster innovation and unlock opportunities for public-private cooperation in the cyber domain. Africa has been an important focus for Group-IB from the research and business perspectives. The expanding coverage of our global threat hunting ecosystem now allows us to pursue our mission of disrupting cybercrime in the region."
More details👈
🔥5