#Uber #breach
Group-IB researchers have found some interesting information about the recent Uber hack. Check out our post on Medium for more details👈
Group-IB researchers have found some interesting information about the recent Uber hack. Check out our post on Medium for more details👈
Medium
What Group-IB found about the Uber Hack
On September 16, a user, nicknamed vx-underground, posted screenshots to Twitter with evidence of access to Uber internal systems…
👍5👎1🔥1
#AttackSurfaceManagement #ASM
Imagine the following situation. In 2016, a marketing specialist makes an urgent request to the IT department to create a landing page with the domain name “promotionforthisproduct2016[.]com” in order to promote a product. The domain was created and soon thereafter the promotion ended. A year goes by and the IT specialist leaves the company. Two years later, the marketing specialist follows suit. In 2020, the company hires a new Chief Security Officer who is not told anything about the domain or the potentially vulnerable infrastructure that hosts it.
As people say, the Internet remembers everything — and not just the photos of Beyoncé or Barbra Streisand’s house, but any external IT assets that companies create. Assets can also be seen by threat actors, who can use vulnerabilities and weaknesses to carry out attacks.
Group-IB Attack Surface Management maps out the organization’s entire external attack surface, with an eye towards discovering shadow IT and other hidden risks. Check out our latest blog post to learn more about the solution👈
Imagine the following situation. In 2016, a marketing specialist makes an urgent request to the IT department to create a landing page with the domain name “promotionforthisproduct2016[.]com” in order to promote a product. The domain was created and soon thereafter the promotion ended. A year goes by and the IT specialist leaves the company. Two years later, the marketing specialist follows suit. In 2020, the company hires a new Chief Security Officer who is not told anything about the domain or the potentially vulnerable infrastructure that hosts it.
As people say, the Internet remembers everything — and not just the photos of Beyoncé or Barbra Streisand’s house, but any external IT assets that companies create. Assets can also be seen by threat actors, who can use vulnerabilities and weaknesses to carry out attacks.
Group-IB Attack Surface Management maps out the organization’s entire external attack surface, with an eye towards discovering shadow IT and other hidden risks. Check out our latest blog post to learn more about the solution👈
YouTube
Group-IB Attack Surface Management: Discover your external attack surface
Group-IB Attack Surface Management improves security by continuously discovering all external IT assets, assessing risk using threat intelligence data, and prioritizing issues to enable high-impact remediation efforts.
Discover unmanaged assets and other…
Discover unmanaged assets and other…
👍7👎1
#FightAgainstCybercrime #Formula1 #Interpol
As part of the Interpol Major Event Support Team (IMEST), Group-IB Digital Risk Protection team contributed to the safety of the Formula 1 Singapore Airlines Singapore Grand Prix 2022.
Our experts identified more than 100 unauthorized instances of ticket sales on social media and local classified websites. The tickets were distributed through individual accounts and non-official groups. Group-IB experts also detected several rogue and scam websites impersonating Grand Prix Singapore. One of the scam websites on the screenshot attempted to trick users into a fake crypto investment scam.
Group-IB findings were promptly actioned by the INTERPOL-led IMEST.
As part of the Interpol Major Event Support Team (IMEST), Group-IB Digital Risk Protection team contributed to the safety of the Formula 1 Singapore Airlines Singapore Grand Prix 2022.
Our experts identified more than 100 unauthorized instances of ticket sales on social media and local classified websites. The tickets were distributed through individual accounts and non-official groups. Group-IB experts also detected several rogue and scam websites impersonating Grand Prix Singapore. One of the scam websites on the screenshot attempted to trick users into a fake crypto investment scam.
Group-IB findings were promptly actioned by the INTERPOL-led IMEST.
🔥9
#report #banks #AttackSurfaceManagement
🏦Banks and other financial service providers are highly digitized, resulting in digital estates that are large and complex. At the same time, the global finance industry faces a hostile threat landscape. These factors lead to high levels of risk that can be difficult to manage.
To help security professionals gain a better view on industry-wide risk trends, Group-IB has created a series of reports that analyze the digital estates and attack surfaces of samples of financial services providers across 3 global regions: Latin America, Europe, and the Asia-Pacific region.
The reports provide insights on the size of the average digital footprint, risk assessments across 8 distinct issue categories, and data-driven recommendations for strengthening security posture.
Download now👈
🏦Banks and other financial service providers are highly digitized, resulting in digital estates that are large and complex. At the same time, the global finance industry faces a hostile threat landscape. These factors lead to high levels of risk that can be difficult to manage.
To help security professionals gain a better view on industry-wide risk trends, Group-IB has created a series of reports that analyze the digital estates and attack surfaces of samples of financial services providers across 3 global regions: Latin America, Europe, and the Asia-Pacific region.
The reports provide insights on the size of the average digital footprint, risk assessments across 8 distinct issue categories, and data-driven recommendations for strengthening security posture.
Download now👈
👍3
#GITEX #cybersecurity
Group-IB is at GITEX GLOBAL 2022, the Middle East’s largest technology exhibition! Make sure to meet our team at Spire Solutions stand, Hall 2 Stand H2-B1, to learn more about Group-IB’s full stack of threat hunting and intelligence solutions!
Group-IB also took part in the conference track of the event, as Principal Incident Response and Digital Forensics Analyst (MEA) Svetlana Ostrovskaya delivered a hugely insightful presentation detailing how Group-IB’s Compromise Assessment capabilities can help organizations discover the hidden threats in their network.
Group-IB is at GITEX GLOBAL 2022, the Middle East’s largest technology exhibition! Make sure to meet our team at Spire Solutions stand, Hall 2 Stand H2-B1, to learn more about Group-IB’s full stack of threat hunting and intelligence solutions!
Group-IB also took part in the conference track of the event, as Principal Incident Response and Digital Forensics Analyst (MEA) Svetlana Ostrovskaya delivered a hugely insightful presentation detailing how Group-IB’s Compromise Assessment capabilities can help organizations discover the hidden threats in their network.
👍7🔥6
#report #scam
As a founding partner of the Global Anti-Scam Alliance, Group-IB is committed to preventing scams and is continuously contributing to ScamAdviser.com reports in order to raise awareness and make the world a cyber safer place. In a new report titled The Global State of Scams - 2022, Group-IB's Head of Digital Risk Protection in Europe Dmitriy Tiunkin shares insights into scams and trends that are expected to emerge in the future.
Check out the full report👈
If you would like to learn more about Group-IB's approach to protecting against scams, check out our website👈
As a founding partner of the Global Anti-Scam Alliance, Group-IB is committed to preventing scams and is continuously contributing to ScamAdviser.com reports in order to raise awareness and make the world a cyber safer place. In a new report titled The Global State of Scams - 2022, Group-IB's Head of Digital Risk Protection in Europe Dmitriy Tiunkin shares insights into scams and trends that are expected to emerge in the future.
Check out the full report👈
If you would like to learn more about Group-IB's approach to protecting against scams, check out our website👈
🔥11👍1
#conference #fraud
Many organizations that are victims of fraud tend to consider it a cost of doing business. If the amount of fraud losses does not damage their bottomline or is covered by insurance, then they tend not to invest in fraud mitigation. What happens when they don’t investigate the instances of fraud and how does fraud contribute to other illegal activities?
Join Group-IB and FBI at MRC Singapore - Asia-Pacific Payments and Fraud Conference on November 1! In a joint presentation titled "Are you financing organized crime or terrorists while not fighting fraud?", Group-IB’s Fraud Protection Product Marketing Manager, Julien Laurent, Melissa McBee-Anderson, Management and Program Analyst, FBI, and Brett Chabot, Assistant Legal Attaché, FBI (U.S Embassy Singapore) will talk about fraud protection and the importance of investigating and sharing fraud attacks with the authorities.
More details about the event👈
Many organizations that are victims of fraud tend to consider it a cost of doing business. If the amount of fraud losses does not damage their bottomline or is covered by insurance, then they tend not to invest in fraud mitigation. What happens when they don’t investigate the instances of fraud and how does fraud contribute to other illegal activities?
Join Group-IB and FBI at MRC Singapore - Asia-Pacific Payments and Fraud Conference on November 1! In a joint presentation titled "Are you financing organized crime or terrorists while not fighting fraud?", Group-IB’s Fraud Protection Product Marketing Manager, Julien Laurent, Melissa McBee-Anderson, Management and Program Analyst, FBI, and Brett Chabot, Assistant Legal Attaché, FBI (U.S Embassy Singapore) will talk about fraud protection and the importance of investigating and sharing fraud attacks with the authorities.
More details about the event👈
🔥11👍2
#bugbounty
The winner of PDD Connecting Smartness Bug Bounty 2.0 Contest co-organized by Group-IB is announced. Our congratulations to Lim Keat Hui Justin, a third-year SIT student majoring in information security.
The contestants’ goal was to test a prototype of a living lab network that the JTC plans to build in a new SIT Campus in the Punggol Digital District that is under construction and due for completion in 2024. Industry partners will leverage SIT as a ‘living lab,’ using the institution’s open innovation ecosystem to pilot and test their prototypes in a real-life environment.
Although the contestants found no critical vulnerabilities and did not take control of the network, Lim Keat Hui Justin was able to bypass the authorization of a network router and expose some of its technical information. A panel of judges, which included CSA, JT Consultancy & Management, and Group-IB decided to award Justin a Certificate of Achievement and $500 worth of Vouchers.
The winner of PDD Connecting Smartness Bug Bounty 2.0 Contest co-organized by Group-IB is announced. Our congratulations to Lim Keat Hui Justin, a third-year SIT student majoring in information security.
The contestants’ goal was to test a prototype of a living lab network that the JTC plans to build in a new SIT Campus in the Punggol Digital District that is under construction and due for completion in 2024. Industry partners will leverage SIT as a ‘living lab,’ using the institution’s open innovation ecosystem to pilot and test their prototypes in a real-life environment.
Although the contestants found no critical vulnerabilities and did not take control of the network, Lim Keat Hui Justin was able to bypass the authorization of a network router and expose some of its technical information. A panel of judges, which included CSA, JT Consultancy & Management, and Group-IB decided to award Justin a Certificate of Achievement and $500 worth of Vouchers.
🔥9👍2
#hackathon
Hack them all!
Great news from our European HQ: Group-IB won the Police Hackathon 2022 organised by the Dutch police (Politie Eenheid Den Haag). As part of the team "Team Spirit", our guys from Incident Response, High-Tech Crime Investigation and Threat Intelligence departments solved the real cybercrime cases provided by the police. "Team Spirit" were runaway winners💪 Great job!
Group-IB's experts not only win hackathons, but share their knowledge with the community. Want to learn more about the most recent cybersecurity trends, technologies, and predictions? Check out Group-IB's reports 👈
Hack them all!
Great news from our European HQ: Group-IB won the Police Hackathon 2022 organised by the Dutch police (Politie Eenheid Den Haag). As part of the team "Team Spirit", our guys from Incident Response, High-Tech Crime Investigation and Threat Intelligence departments solved the real cybercrime cases provided by the police. "Team Spirit" were runaway winners💪 Great job!
Group-IB's experts not only win hackathons, but share their knowledge with the community. Want to learn more about the most recent cybersecurity trends, technologies, and predictions? Check out Group-IB's reports 👈
❤11👍5
#ransomware #DeadBolt
Everything you need to know about DeadBolt ransomware in one blog post.
The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample. Their investigation was the first full-fledged analysis of DeadBolt and included reverse-engineering the code in full to reveal the ransomware sample’s functionalities and capabilities.
Deadbolt ransomware is famous for a notorious attack on NAS manufacturer QNAP through the exploitation of a 0-day vulnerability in its software. The threat actors demanded 0.05 BTC from individual users of NAS for decrypting their data. For a ransom of 10 BTC, Deadbolt operators promised QNAP that they would share all the technical details relating to the zero-day vulnerability that they manipulated and for 50 BTC they offered to include the master key to decrypt the files belonging to QNAP’s clients who had fallen victim to the campaign.
Check out our latest blog post to learn more👈
Everything you need to know about DeadBolt ransomware in one blog post.
The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample. Their investigation was the first full-fledged analysis of DeadBolt and included reverse-engineering the code in full to reveal the ransomware sample’s functionalities and capabilities.
Deadbolt ransomware is famous for a notorious attack on NAS manufacturer QNAP through the exploitation of a 0-day vulnerability in its software. The threat actors demanded 0.05 BTC from individual users of NAS for decrypting their data. For a ransom of 10 BTC, Deadbolt operators promised QNAP that they would share all the technical details relating to the zero-day vulnerability that they manipulated and for 50 BTC they offered to include the master key to decrypt the files belonging to QNAP’s clients who had fallen victim to the campaign.
Check out our latest blog post to learn more👈
👍4🔥3
#report #ransomware #OldGremlin
👿Don't ever feed gremlins after midnight.
Group-IB released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: "OldGremlin Ransomware: Never ever feed them after the Locknight". In just two years and a half, the "Gremlins" carried out 16 malicious campaigns.
📍OldGremlin remains one of the very few ransomware gangs targeting Russian companies. However, their growing ambitions can push them to explore new geographies in the future.
📍For the second year in a row, OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million.
📍The group’s victim list includes banks, logistics and manufacturing companies, insurance firms, retailers, real estate developers, and software companies. In 2020, the group even targeted a Russian arms manufacturer.
Group-IB wants to help security professionals better track OldGremlin and eliminate the risks of incidents involving the gang. Download our report to get detailed information about the current tactics, techniques, and procedures (TTPs) used by the attackers, which are described using MITRE ATT&CK®.
👿Don't ever feed gremlins after midnight.
Group-IB released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: "OldGremlin Ransomware: Never ever feed them after the Locknight". In just two years and a half, the "Gremlins" carried out 16 malicious campaigns.
📍OldGremlin remains one of the very few ransomware gangs targeting Russian companies. However, their growing ambitions can push them to explore new geographies in the future.
📍For the second year in a row, OldGremlin demanded the highest ransom from Russian organizations: in 2021 their largest ransom demand amounted to $4.2 million, while in 2022 it soared to $16.9 million.
📍The group’s victim list includes banks, logistics and manufacturing companies, insurance firms, retailers, real estate developers, and software companies. In 2020, the group even targeted a Russian arms manufacturer.
Group-IB wants to help security professionals better track OldGremlin and eliminate the risks of incidents involving the gang. Download our report to get detailed information about the current tactics, techniques, and procedures (TTPs) used by the attackers, which are described using MITRE ATT&CK®.
🔥9👍2
#MajikPOS #blog
Point-of-sale (POS) malware is a type of malicious software designed to infect POS terminals for the purpose of stealing payment data stored on magnetic stripes on the back of bank cards. On April 19, 2022, the Group-IB Threat Intelligence identified a Command and Control (C2) server of the POS malware called MajikPOS.
Our experts analyzed the server and established that it also hosts a C2 administrative panel of another POS malware called Treasure Hunter, which is also used to collect compromised credit card data. After analyzing the malicious infrastructure, Group-IB researchers retrieved information about the infected devices and the credit cards compromised as a result of this campaign. Since at least February 2021, the operators have stolen more than 167,000 payment records (as of September 8, 2022), mainly from the US. According to Group-IB’s estimates, the operators could make as much as $3,340,000 if they simply decide to sell the compromised card dumps on underground forums.
Read our latest blog post to learn more about the analysis of the MajikPOS and Treasure Hunter samples 👈
Point-of-sale (POS) malware is a type of malicious software designed to infect POS terminals for the purpose of stealing payment data stored on magnetic stripes on the back of bank cards. On April 19, 2022, the Group-IB Threat Intelligence identified a Command and Control (C2) server of the POS malware called MajikPOS.
Our experts analyzed the server and established that it also hosts a C2 administrative panel of another POS malware called Treasure Hunter, which is also used to collect compromised credit card data. After analyzing the malicious infrastructure, Group-IB researchers retrieved information about the infected devices and the credit cards compromised as a result of this campaign. Since at least February 2021, the operators have stolen more than 167,000 payment records (as of September 8, 2022), mainly from the US. According to Group-IB’s estimates, the operators could make as much as $3,340,000 if they simply decide to sell the compromised card dumps on underground forums.
Read our latest blog post to learn more about the analysis of the MajikPOS and Treasure Hunter samples 👈
👍1