#conference #BHMEA22
It's a wrap for Black Hat MEA 2022! The event brought together global infosec experts for 3 amazing days of workshops, networking, and sharing first-hand knowledge on how to how to stay ahead of cybercriminals. Group-IB team was beyond happy to meet friends, partners, vendors and cybersecurity experts at the venue.
Group-IB's Head of Dynamic Malware Analysis Team Ivan Pisarev speaking session on "The (Former) Conti Enterprise: The Underground's Booming IT Business" took a deep dive into the notorious ransomware gang. If you want to learn more about Conti, download Group-IB's report "Conti Armada: The ARMattack Campaign"👈
Thanks Black Hat MEA for such an outstanding cybersecurity event!
It's a wrap for Black Hat MEA 2022! The event brought together global infosec experts for 3 amazing days of workshops, networking, and sharing first-hand knowledge on how to how to stay ahead of cybercriminals. Group-IB team was beyond happy to meet friends, partners, vendors and cybersecurity experts at the venue.
Group-IB's Head of Dynamic Malware Analysis Team Ivan Pisarev speaking session on "The (Former) Conti Enterprise: The Underground's Booming IT Business" took a deep dive into the notorious ransomware gang. If you want to learn more about Conti, download Group-IB's report "Conti Armada: The ARMattack Campaign"
Thanks Black Hat MEA for such an outstanding cybersecurity event!
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤12👍4🔥2
#stealers
👾 Group-IB has identified 34 Russian-speaking groups that are distributing info-stealing malware under the stealer-as-a-service model.
The cybercriminals use mainly Racoon and Redline stealers to obtain passwords for gaming accounts on Steam and Roblox, credentials for Amazon and PayPal, as well as users’ payment records and crypto wallet information. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 mln passwords. All the identified groups orchestrate their attacks through Russian-language Telegram groups, although they mainly target users in the United States, Brazil, India, Germany, and Indonesia.
By tracking the evolution of the popular scam scheme Classiscam, Group-IB Digital Risk Protection analysts revealed how some "workers" (low-rank online scammers) started shifting to a more dangerous criminal scheme that involves distributing info stealers. Moreover, the illicit business of stealers, which is coordinated via Telegram groups, uses exactly the same operational model as Classiscam.
According to Group-IB, stealers are one of the top threats to watch in the coming year. The threat actor responsible for the most recent attack on Uber purchased the credentials compromised with the Racoon stealer.
Want to learn more? Click here👈
The cybercriminals use mainly Racoon and Redline stealers to obtain passwords for gaming accounts on Steam and Roblox, credentials for Amazon and PayPal, as well as users’ payment records and crypto wallet information. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 mln passwords. All the identified groups orchestrate their attacks through Russian-language Telegram groups, although they mainly target users in the United States, Brazil, India, Germany, and Indonesia.
By tracking the evolution of the popular scam scheme Classiscam, Group-IB Digital Risk Protection analysts revealed how some "workers" (low-rank online scammers) started shifting to a more dangerous criminal scheme that involves distributing info stealers. Moreover, the illicit business of stealers, which is coordinated via Telegram groups, uses exactly the same operational model as Classiscam.
According to Group-IB, stealers are one of the top threats to watch in the coming year. The threat actor responsible for the most recent attack on Uber purchased the credentials compromised with the Racoon stealer.
Want to learn more? Click here👈
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4😱3
#INTERPOL #FightAgainstCybercrime
🤝 Group-IB has contributed to the INTERPOL-led Africa Cyber Surge Operation to combat cybercrime on continent.
The Africa Cyber Surge Operation, a multinational cybercrime suppression operation focused on identifying cybercriminals and compromised infrastructure, was launched in July 2022. The operation’s strategic goal was to enhance cooperation between African law enforcement agencies to prevent, mitigate, investigate, and pursue threat actors.
Several key results of the operation included:
▪️the arrest of 10 individuals linked to scam and fraud activities worth $800,000;
▪️the takedown by the authorities in Eritrea of a darknet market that was selling hacking tools;
▪️action taken against more than 200,000 pieces of malicious infrastructure that was facilitating cybercrime across Africa.
For this operation Group-IB collected information about malicious and phishing network infrastructure hosted within member countries in Africa. Group-IB investigators leveraged the company’s sector-leading Threat Intelligence to produce a detailed report along with recommendations for the member countries.
“The Africa Cyber Surge Operation is another example of how cybersecurity is most effective when international law enforcement, individual nations, and private sector partners cooperate to share best practices and take a proactive approach to stamping out cybercrime. Group-IB is fully committed to its zero-tolerance policy to cybercrime, and our recent participation in the Africa Cyber Surge Operation underscores our desire to collaborate with our law enforcement partners and share best practices and information on the latest cyber threats,” Dmitry Volkov, CEO at Group-IB, said.
Click here for more details👈
The Africa Cyber Surge Operation, a multinational cybercrime suppression operation focused on identifying cybercriminals and compromised infrastructure, was launched in July 2022. The operation’s strategic goal was to enhance cooperation between African law enforcement agencies to prevent, mitigate, investigate, and pursue threat actors.
Several key results of the operation included:
▪️the arrest of 10 individuals linked to scam and fraud activities worth $800,000;
▪️the takedown by the authorities in Eritrea of a darknet market that was selling hacking tools;
▪️action taken against more than 200,000 pieces of malicious infrastructure that was facilitating cybercrime across Africa.
For this operation Group-IB collected information about malicious and phishing network infrastructure hosted within member countries in Africa. Group-IB investigators leveraged the company’s sector-leading Threat Intelligence to produce a detailed report along with recommendations for the member countries.
“The Africa Cyber Surge Operation is another example of how cybersecurity is most effective when international law enforcement, individual nations, and private sector partners cooperate to share best practices and take a proactive approach to stamping out cybercrime. Group-IB is fully committed to its zero-tolerance policy to cybercrime, and our recent participation in the Africa Cyber Surge Operation underscores our desire to collaborate with our law enforcement partners and share best practices and information on the latest cyber threats,” Dmitry Volkov, CEO at Group-IB, said.
Click here for more details
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10❤1
#scam #phishing #FIFA
⚽️ Football lovers, beware. Group-IB has identified multiple scam and phishing attacks targeting users looking for tickets, official merchandise, and jobs at the FIFA World Cup 2022 in Qatar.
Ahead of the tournament, which kicked off on November 20, 2022, researchers from the Group-IB Digital Risk Protection team detected more than 16,000 scam domains, and dozens of fake social media accounts, advertisements, and mobile applications created by scammers aiming to capitalize on the huge global interest in the largest global football event. Group-IB’s sector-leading Threat Intelligence also helped to uncover more than 90 potentially compromised accounts on official FIFA World Cup 2022 fan portals.
⚽️ In one scam scheme scammers created a fake merchandise website and placed more than 130 advertisements on social media marketplaces in an attempt to drive traffic to the site. This website offers consumers branded t-shirts of the national teams participating in Qatar 2022, and users are asked to enter their bank card details or transfer money through payment systems displayed on the fake site in order to purchase a shirt. In the end, the scammers will either receive the money from the transaction or, in some cases, get the banking credentials of the user.
⚽️ Scammers also targeted those looking to purchase tickets for the games. To make this discovery, Group-IB tracked 5 websites and more than 50 social media accounts registered no earlier than September 2022 containing mentions of “FIFA”, “World Cup” and “tickets.” On the phishing websites, users who have been tricked into thinking that they are purchasing official tickets are asked to enter their bank card details or transfer money through the payment gateway provided on the website. Scammers will either receive the funds from the transaction, or in some cases, they steal the bank card details of the user, who will not receive any tickets.
These are not the only schemes that Group-IB has discovered. Check out our website to learn more👈
Ahead of the tournament, which kicked off on November 20, 2022, researchers from the Group-IB Digital Risk Protection team detected more than 16,000 scam domains, and dozens of fake social media accounts, advertisements, and mobile applications created by scammers aiming to capitalize on the huge global interest in the largest global football event. Group-IB’s sector-leading Threat Intelligence also helped to uncover more than 90 potentially compromised accounts on official FIFA World Cup 2022 fan portals.
⚽️ In one scam scheme scammers created a fake merchandise website and placed more than 130 advertisements on social media marketplaces in an attempt to drive traffic to the site. This website offers consumers branded t-shirts of the national teams participating in Qatar 2022, and users are asked to enter their bank card details or transfer money through payment systems displayed on the fake site in order to purchase a shirt. In the end, the scammers will either receive the money from the transaction or, in some cases, get the banking credentials of the user.
⚽️ Scammers also targeted those looking to purchase tickets for the games. To make this discovery, Group-IB tracked 5 websites and more than 50 social media accounts registered no earlier than September 2022 containing mentions of “FIFA”, “World Cup” and “tickets.” On the phishing websites, users who have been tricked into thinking that they are purchasing official tickets are asked to enter their bank card details or transfer money through the payment gateway provided on the website. Scammers will either receive the funds from the transaction, or in some cases, they steal the bank card details of the user, who will not receive any tickets.
These are not the only schemes that Group-IB has discovered. Check out our website to learn more
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍2
#WhitePaper #ThreatIntelligence
Is your security strategy for 2023 ready? The number of cyber-attacks on organizations is increasing rapidly; the attacks are becoming more complex and causing a growing amount of damage. Information about threats and potential attack vectors enables organizations to introduce pre-emptive strategies to thwart attackers’ plans.
Frost & Sullivan, an international research consulting firm, recently released a white paper entitled “Threat Intelligence: Insights for Pre-emptive Strategies against Cyber Adversaries”. The document explains how to use threat intelligence to build a data-driven defense plan for your board and gain the upper hand against adversaries. Check out the white paper👈
Is your security strategy for 2023 ready? The number of cyber-attacks on organizations is increasing rapidly; the attacks are becoming more complex and causing a growing amount of damage. Information about threats and potential attack vectors enables organizations to introduce pre-emptive strategies to thwart attackers’ plans.
Frost & Sullivan, an international research consulting firm, recently released a white paper entitled “Threat Intelligence: Insights for Pre-emptive Strategies against Cyber Adversaries”. The document explains how to use threat intelligence to build a data-driven defense plan for your board and gain the upper hand against adversaries. Check out the white paper
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5
#investment #scam #CryptosLabs
Group-IB uncovered an investment scam ring fooling users in France, Belgium, and Luxembourg into voluntarily transferring money to fraudsters. The gang, codenamed CryptosLabs by Group-IB’s Digital Risk Protection team, has been active since at least 2018.
Group-IB was able to trace down a complex network infrastructure of over 300 scam domains hosted on 70 servers, and the gang’s major weapon CryptosLabs scam kit. To lure the victims onto fake investment portals the scammers have been impersonating 40 popular European brands from the banking, fin-tech, crypto, and asset management industries.
CryptosLabs is a well-organized illicit business that has a hierarchy of kingpins, sales agents, developers, and call-center operators that collectively could have earned as much as €480 million since its launch. Curious to learn the details? Click here to read the full story👈
Group-IB uncovered an investment scam ring fooling users in France, Belgium, and Luxembourg into voluntarily transferring money to fraudsters. The gang, codenamed CryptosLabs by Group-IB’s Digital Risk Protection team, has been active since at least 2018.
Group-IB was able to trace down a complex network infrastructure of over 300 scam domains hosted on 70 servers, and the gang’s major weapon CryptosLabs scam kit. To lure the victims onto fake investment portals the scammers have been impersonating 40 popular European brands from the banking, fin-tech, crypto, and asset management industries.
CryptosLabs is a well-organized illicit business that has a hierarchy of kingpins, sales agents, developers, and call-center operators that collectively could have earned as much as €480 million since its launch. Curious to learn the details? Click here to read the full story
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7👏1
#FraudProtection
Account takeover attacks, banking malware, web injections — these are just some of the threats the finance industry faces. What can companies do to protect their networks, infrastructure, and customer data effectively? Of course, arm themselves with the latest anti-fraud tools and leverage the most recent intelligence about common techniques and attacks. Besides, it is crucial to understand how attacks are carried out and who is responsible.
Read our newest booklet created to provide the finance industry with detailed information and help businesses stay one step ahead of threat actors. Link🔗
Account takeover attacks, banking malware, web injections — these are just some of the threats the finance industry faces. What can companies do to protect their networks, infrastructure, and customer data effectively? Of course, arm themselves with the latest anti-fraud tools and leverage the most recent intelligence about common techniques and attacks. Besides, it is crucial to understand how attacks are carried out and who is responsible.
Read our newest booklet created to provide the finance industry with detailed information and help businesses stay one step ahead of threat actors. Link🔗
👍6⚡2
#scam #cybersecurity
🎄 Winter holidays are just around the corner! It’s the season of giving and spending, and that's exactly when cyber criminals get their creativity boost.
We have put together the 8 top trending scams that your customers can fall bait to. Want to know how to protect your company and your customers in the holly jolly season? Our Digital Risk Protection experts give some really good tips on how to do it. Read our new blog post👈
We have put together the 8 top trending scams that your customers can fall bait to. Want to know how to protect your company and your customers in the holly jolly season? Our Digital Risk Protection experts give some really good tips on how to do it. Read our new blog post
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3🔥1
#Godfather #Trojan
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. To date, 215 international banks, 94 cryptocurrency wallets and 110 crypto exchange platforms have fallen victim to this Trojan.
Group-IB’s Threat Intelligence team discovered that Godfather is a successor of Anubis, a widely-used banking Trojan whose functionalities were limited by Android updates and the prior efforts of malware detection and prevention providers. According to Group-IB’s findings, banking applications in the United States, Turkey, Spain, Canada, France, Germany, and the United Kingdom, have been the most targeted by Godfather.
In a new blog post, Group-IB’s Threat Intelligence team describes in detail who Godfather attacks, how it does it, and what this banking Trojan inherited from its predecessor. Read now👈
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. To date, 215 international banks, 94 cryptocurrency wallets and 110 crypto exchange platforms have fallen victim to this Trojan.
Group-IB’s Threat Intelligence team discovered that Godfather is a successor of Anubis, a widely-used banking Trojan whose functionalities were limited by Android updates and the prior efforts of malware detection and prevention providers. According to Group-IB’s findings, banking applications in the United States, Turkey, Spain, Canada, France, Germany, and the United Kingdom, have been the most targeted by Godfather.
In a new blog post, Group-IB’s Threat Intelligence team describes in detail who Godfather attacks, how it does it, and what this banking Trojan inherited from its predecessor. Read now
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍1
The agreement paves the way for Group-IB to provide its full stack of threat hunting and intelligence solutions to sirar by stc to bolster the cybersecurity options available to companies and organizations in Saudi Arabia. These solutions include Group-IB’s Attack Surface Management and Digital Risk Protection. sirar by stc will be able to offer Group-IB’s solutions as a managed service to their customers, to ensure that they have better visibility on their attack surface.
More details
#partnership
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥8👍2
Group-IB has analyzed an ongoing advanced persistent threat campaign that we believe, with moderate confidence, was launched by a new threat actor. This new APT group, codenamed Dark Pink by Group-IB researchers, is notable due to their specific focus on attacking branches of the military, and government ministries and agencies.
Group-IB discovered that, as of December 2022, Dark Pink APT breached the security defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).
Group-IB, in line with its zero-tolerance policy to cybercrime, has issued proactive notifications to all potential and confirmed targets of Dark Pink. Read our fresh blog post to get the details about the new threat actor👈
#APT #DarkPink
Group-IB discovered that, as of December 2022, Dark Pink APT breached the security defenses of six organizations in five APAC countries (Cambodia, Indonesia, Malaysia, Philippines, and Vietnam), and one organization in Europe (Bosnia and Herzegovina).
Group-IB, in line with its zero-tolerance policy to cybercrime, has issued proactive notifications to all potential and confirmed targets of Dark Pink. Read our fresh blog post to get the details about the new threat actor
#APT #DarkPink
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12👍1