The global fight against cybercrime needs a collaborative effort. This is why we created the Cybercrime Fighters Club, a forward-thinking project that creates a pathway for Group-IB to partner with industry peers to enhance knowledge sharing and jointly research emerging cyber threats.
We invite cybersecurity experts from any background or specialization to investigate adversaries together with the Group-IB team. Head over to our website to learn the details.
Join the #CybercrimeFightersClub!
#FightAgainstCybercrime #cybersecurity
We invite cybersecurity experts from any background or specialization to investigate adversaries together with the Group-IB team. Head over to our website to learn the details.
Join the #CybercrimeFightersClub!
#FightAgainstCybercrime #cybersecurity
๐8๐ฅ6โค1
๐ Bringing down 16shop: Group-IB assists INTERPOL-led international operation
Group-IB has assisted in an INTERPOL-led operation aimed at disrupting the activities of 16shop, a notorious phishing-as-a-service platform on which phishing kits were sold. The successful operation led to the shutdown of 16shop and the arrest of the siteโs operator and two facilitators.
Group-IBโs Cyber Investigations team in the APAC region supported the operation by analyzing the infrastructure used by the suspect and collecting their digital traces to ultimately establish their identity. Group-IBโs experts also helped to identify some victims in Indonesia.
Data collected by Group-IB indicates that more than 150,000 phishing domains were created using the phishing kits in question. The phishing kits sold on 16shop were utilized to target users in Germany, Japan, France, the USA, the UK, Thailand and other countries.
Want to find out more? Head over to the Group-IB website.
#Cybersecurity #INTERPOL #FightAgainstCybercrime
Group-IB has assisted in an INTERPOL-led operation aimed at disrupting the activities of 16shop, a notorious phishing-as-a-service platform on which phishing kits were sold. The successful operation led to the shutdown of 16shop and the arrest of the siteโs operator and two facilitators.
Group-IBโs Cyber Investigations team in the APAC region supported the operation by analyzing the infrastructure used by the suspect and collecting their digital traces to ultimately establish their identity. Group-IBโs experts also helped to identify some victims in Indonesia.
Data collected by Group-IB indicates that more than 150,000 phishing domains were created using the phishing kits in question. The phishing kits sold on 16shop were utilized to target users in Germany, Japan, France, the USA, the UK, Thailand and other countries.
Want to find out more? Head over to the Group-IB website.
#Cybersecurity #INTERPOL #FightAgainstCybercrime
๐5๐ฅ4
Do you like success stories? So here you go! Cyber attackers are increasingly targeting the #cryptocurrency and #blockchain industry, causing a surge in security incidents. Even the most reputable blockchain services are vulnerable to hacking attacks, leading to the loss of users' funds.
To safeguard its customers' assets, fintech company Oris Lab conducted a penetration test on its flagship software products to uncover any hidden vulnerabilities. Discover the results of the cybersecurity audit and how it improved the company's security posture
#FightAgainstCybercrime #cybersecurity #crypto
To safeguard its customers' assets, fintech company Oris Lab conducted a penetration test on its flagship software products to uncover any hidden vulnerabilities. Discover the results of the cybersecurity audit and how it improved the company's security posture
#FightAgainstCybercrime #cybersecurity #crypto
๐8
What started as a casual investigation of a malware sample at the request of our financial client in the Asia-Pacific region later unfolded into a complete uncovering of the Gigabud trojan.
Between 2022 and 2023, our team of cybersecurity researchers identified and analyzed 400+ Gigabud.RAT samples and 20+ Gigabud.Loan samples. ๐๐ป
But that's not all โ a deeper analysis into Gigabudโs fraudulent techniques, using the Group-IB Fraud Matrix revealed the trojanโs operations, its previously unknown variants, and the potential risks to organizations.
Curious to know more? Read about the full investigation in our new blogpost!
#RAT #fraud_protection
Between 2022 and 2023, our team of cybersecurity researchers identified and analyzed 400+ Gigabud.RAT samples and 20+ Gigabud.Loan samples. ๐๐ป
But that's not all โ a deeper analysis into Gigabudโs fraudulent techniques, using the Group-IB Fraud Matrix revealed the trojanโs operations, its previously unknown variants, and the potential risks to organizations.
Curious to know more? Read about the full investigation in our new blogpost!
#RAT #fraud_protection
๐ฅ6๐5
Infosecurity professionals need to master threat hunting. Why?
Proactive threat hunting enables the detection of attacks that go unnoticed by traditional security solutions.
To help you learn the ropes of this process, we've launched a new blog series, Hunting Rituals, which explores hunting techniques using one of the most effective solutions on the market โ Group-IB MXDR. In the first article, we detailed the basic techniques for detecting DLL sideloading, a ัunning method used to evade traditional security measures.
To begin the hunting process, weโve framed a plausible hypothesis. By applying it to the EDR telemetry, we found several suspicious events. After carefully investigating them using the EDR module of Group-IB MXDR, we discovered the GUID of a process and, thereafter, other data that could help with further remediation or even with identification of a payload injected into legitimate processes.
To learn the details of the threat hunting for DLL sideloading, follow our step-by-step guide
#ThreatHunting #MITREattackframework #T1574002 #DLLhijacking #DLLsideloading
Proactive threat hunting enables the detection of attacks that go unnoticed by traditional security solutions.
To help you learn the ropes of this process, we've launched a new blog series, Hunting Rituals, which explores hunting techniques using one of the most effective solutions on the market โ Group-IB MXDR. In the first article, we detailed the basic techniques for detecting DLL sideloading, a ัunning method used to evade traditional security measures.
To begin the hunting process, weโve framed a plausible hypothesis. By applying it to the EDR telemetry, we found several suspicious events. After carefully investigating them using the EDR module of Group-IB MXDR, we discovered the GUID of a process and, thereafter, other data that could help with further remediation or even with identification of a payload injected into legitimate processes.
To learn the details of the threat hunting for DLL sideloading, follow our step-by-step guide
#ThreatHunting #MITREattackframework #T1574002 #DLLhijacking #DLLsideloading
๐ฅ7๐6โค2
๐Africa Cyber Surge II operation: Group-IB assists in crime-fighting initiative that leads to arrest of 14 suspected cybercriminals
Group-IB has played a key role in the INTERPOL-led Africa Cyber Surge II operation, a multinational collaborative initiative tasked with preventing, mitigating, and disrupting threat actors on the African continent.
Hereโs the rundown of this successful crime-fighting program:
๐ Africa Cyber Surge II began in April 2023, bringing together INTERPOL, AFRIPOL, Group-IB, and other private sector companies to pool actionable intelligence on cyber extortion, phishing, business email compromise, and online scams.
๐ The Africa Cyber Surge II operation spanned 25 African countries, leading to the arrests of 14 suspected cybercriminals and the identification of more than 20,000 suspicious cyber networks linked to financial losses in excess of $40m
๐ Group-IB, a long-standing private sector partner of INTERPOL, collected and shared more than 1,000 indicators related to malicious infrastructure across Africa.
๐ INTERPOL member states in Africa leveraged Group-IBโs intelligence in several takedown operations.
Want to learn more? Head over to the Group-IB website.
#INTERPOL #FightAgainstCybercrime
Group-IB has played a key role in the INTERPOL-led Africa Cyber Surge II operation, a multinational collaborative initiative tasked with preventing, mitigating, and disrupting threat actors on the African continent.
Hereโs the rundown of this successful crime-fighting program:
๐ Africa Cyber Surge II began in April 2023, bringing together INTERPOL, AFRIPOL, Group-IB, and other private sector companies to pool actionable intelligence on cyber extortion, phishing, business email compromise, and online scams.
๐ The Africa Cyber Surge II operation spanned 25 African countries, leading to the arrests of 14 suspected cybercriminals and the identification of more than 20,000 suspicious cyber networks linked to financial losses in excess of $40m
๐ Group-IB, a long-standing private sector partner of INTERPOL, collected and shared more than 1,000 indicators related to malicious infrastructure across Africa.
๐ INTERPOL member states in Africa leveraged Group-IBโs intelligence in several takedown operations.
Want to learn more? Head over to the Group-IB website.
#INTERPOL #FightAgainstCybercrime
๐ฅ9๐5๐2๐ค2
๐ด Group-IB discovers CVE in WinRAR that allows cybercriminals target traders
In July, while researching the spread of DarkMe malware the Group-IB Threat Intelligence unit came across an unknown vulnerability in the processing of the ZIP file format by WinRAR.
By exploiting CVE-2023-38831, threat actors were able to craft ZIP archives that serve as carriers for various malware families. The vulnerability allows them to spoof file extensions and hide the launch of malicious script within an archive masquerading as a '.jpg', '.txt', or any other file format. Weaponized ZIP archives were distributed on at least 8 of the most popular trading forums. After infection, the cybercriminals attempt to withdraw money from broker accounts.
This CVE has been exploited since April 2023. At the time of writing, the devices of 130 traders are still infected.
Make sure you are using the latest version of WinRAR and check out our latest blog post to understand how CVE-2023-38831 works.
#CVE #WinRAR #FightAgainstCybercrime
In July, while researching the spread of DarkMe malware the Group-IB Threat Intelligence unit came across an unknown vulnerability in the processing of the ZIP file format by WinRAR.
By exploiting CVE-2023-38831, threat actors were able to craft ZIP archives that serve as carriers for various malware families. The vulnerability allows them to spoof file extensions and hide the launch of malicious script within an archive masquerading as a '.jpg', '.txt', or any other file format. Weaponized ZIP archives were distributed on at least 8 of the most popular trading forums. After infection, the cybercriminals attempt to withdraw money from broker accounts.
This CVE has been exploited since April 2023. At the time of writing, the devices of 130 traders are still infected.
Make sure you are using the latest version of WinRAR and check out our latest blog post to understand how CVE-2023-38831 works.
#CVE #WinRAR #FightAgainstCybercrime
๐ฅ21
As organizations continually build digital assets, the risk of overlooked security gaps in web applications grows. The result? Increased threat to the clients, enterprise, and its confidential information.
While OWASP Top 10 (2021) is a great resource for identifying and mitigating new web vulnerabilities. But here's the catch โ vulnerabilities can still slip through.
What do Group-IBโs audit and consulting experts recommend? A combination of periodic manual testing and a proactive vulnerability detection solution such as Group-IB Attack Surface Management (ASM).
Learn more in our latest e-booklet which is packed with insights to help organizations detect and defend against the most critical web app vulnerabilities in 2023 and beyond.
While OWASP Top 10 (2021) is a great resource for identifying and mitigating new web vulnerabilities. But here's the catch โ vulnerabilities can still slip through.
What do Group-IBโs audit and consulting experts recommend? A combination of periodic manual testing and a proactive vulnerability detection solution such as Group-IB Attack Surface Management (ASM).
Learn more in our latest e-booklet which is packed with insights to help organizations detect and defend against the most critical web app vulnerabilities in 2023 and beyond.
๐5๐ฅ5โค1
๐Group-IBโs Managed XDR wins prestigious Red Dot design award
That winning feeling! Group-IB is delighted to announce that its Managed XDR solution has won a prestigious Red Dot Design Award in the category of Interface & User Experience Design. This honor recognizes user-friendly and innovative design of this highly advanced product that empowers companies to see and respond to all the threats targeting their infrastructure.
Managed XDR is one of Group-IBโs flagship products, created to give companies full control over their cybersecurity by identifying threats in real time and facilitating immediate response by centralizing, correlating, and analyzing all endpoints.
To find out more about the award-winning design of Managed XDR, check out the Group-IB website!
#MXDR #Cybersecurity #RedDot #FightAgainstCybercrime
That winning feeling! Group-IB is delighted to announce that its Managed XDR solution has won a prestigious Red Dot Design Award in the category of Interface & User Experience Design. This honor recognizes user-friendly and innovative design of this highly advanced product that empowers companies to see and respond to all the threats targeting their infrastructure.
Managed XDR is one of Group-IBโs flagship products, created to give companies full control over their cybersecurity by identifying threats in real time and facilitating immediate response by centralizing, correlating, and analyzing all endpoints.
To find out more about the award-winning design of Managed XDR, check out the Group-IB website!
#MXDR #Cybersecurity #RedDot #FightAgainstCybercrime
โค10๐ฅ5๐2๐2
โก๏ธNew hierarchy, heightened threat: Classiscamโs sustained global campaign
Uncovered by Group-IB, Classiscam is ascam-as-a-service operation active since 2019. This highly effective scheme designed to steal money, payment data, and bank login credentials from unsuspecting users has truly gone global. Now, Classiscam has spread to 79 countries, and financial losses are estimated to exceed USD $64.5 million.
๐ Group-IB analyzed information pertaining to 393 Classiscam groups that combined had more than 38,000 members.
๐ 251 unique brands have been impersonated on Classiscam phishing pages
๐ Core targets for impersonation include logistics companies, classified sites and bank transfer services
๐ The average amount lost by Classiscam victims worldwide was $353
๐ Classiscam will likely remain one of the major global scams throughout 2023 due to its full automation and low technical barrier of entry
Want to learn more about Classiscam? Check out our new blog!
#Classiscam #FightAgainstCybercrime #Scam
Uncovered by Group-IB, Classiscam is ascam-as-a-service operation active since 2019. This highly effective scheme designed to steal money, payment data, and bank login credentials from unsuspecting users has truly gone global. Now, Classiscam has spread to 79 countries, and financial losses are estimated to exceed USD $64.5 million.
๐ Group-IB analyzed information pertaining to 393 Classiscam groups that combined had more than 38,000 members.
๐ 251 unique brands have been impersonated on Classiscam phishing pages
๐ Core targets for impersonation include logistics companies, classified sites and bank transfer services
๐ The average amount lost by Classiscam victims worldwide was $353
๐ Classiscam will likely remain one of the major global scams throughout 2023 due to its full automation and low technical barrier of entry
Want to learn more about Classiscam? Check out our new blog!
#Classiscam #FightAgainstCybercrime #Scam
โค13
As jet-setters look to unlock airline rewards, it increases their susceptibility to loyalty fraud!
๐กIn 2022, 75 airlines were affected, involving over 2,000 malicious actors๐งโ๐ป. The airline industry is already taking the hit - financial loss, reputation damage, and receding customersโ trust.
In our new blog, learn how scammers execute fraud schemes, from fake support to giveaways, fake booking payments, in-flight scams, employee account phishing, loyalty program attacks, and more.
๐ก To address the growing challenge, Group-IB experts strongly advise airline brands to educate their customers.
โ๏ธ Furthermore, to strengthen defenses, explore how Group-IB Fraud Protection and Digital Risk Protection offer advanced fraud detection and prevention capabilities
๐กIn 2022, 75 airlines were affected, involving over 2,000 malicious actors๐งโ๐ป. The airline industry is already taking the hit - financial loss, reputation damage, and receding customersโ trust.
In our new blog, learn how scammers execute fraud schemes, from fake support to giveaways, fake booking payments, in-flight scams, employee account phishing, loyalty program attacks, and more.
๐ก To address the growing challenge, Group-IB experts strongly advise airline brands to educate their customers.
โ๏ธ Furthermore, to strengthen defenses, explore how Group-IB Fraud Protection and Digital Risk Protection offer advanced fraud detection and prevention capabilities
๐ฅ10
W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365
Group-IBโs newest threat report is now live! Meet W3LL โ a threat actor behind a phishing empire that has remained largely unknown until now.
Whatโs inside the report?
๐W3LLโs history since 2017
๐Examination of W3LL Store, a hidden underground market that serves a closed community of threat actors
๐Analysis of W3LLโs major weapon, W3LL Panel, one of the most advanced phishing kits in its class, along with a rundown of the threat actorโs 16 other fully customized tools for BEC attacks
๐W3LL Storeโs estimated turnover for the last 10 months amounted to at least $500,000
Download the report โW3LL done: Hidden Phishing Ecosystem Driving BEC Attacksโ for more insights into W3LLโs business, a list of Indicators of Compromise as well as YARA rules that can be used to hunt and detect W3LL Panel phishing pages.
#FightAgainstCybercrime #Phishing #W3LL
Group-IBโs newest threat report is now live! Meet W3LL โ a threat actor behind a phishing empire that has remained largely unknown until now.
Whatโs inside the report?
๐W3LLโs history since 2017
๐Examination of W3LL Store, a hidden underground market that serves a closed community of threat actors
๐Analysis of W3LLโs major weapon, W3LL Panel, one of the most advanced phishing kits in its class, along with a rundown of the threat actorโs 16 other fully customized tools for BEC attacks
๐W3LL Storeโs estimated turnover for the last 10 months amounted to at least $500,000
Download the report โW3LL done: Hidden Phishing Ecosystem Driving BEC Attacksโ for more insights into W3LLโs business, a list of Indicators of Compromise as well as YARA rules that can be used to hunt and detect W3LL Panel phishing pages.
#FightAgainstCybercrime #Phishing #W3LL
๐ฅ11๐1
๐ Sometimes the promise of fast, easy money can be too tempting
Group-IB has uncovered a new fake investment scam with a devastating global reach. The scheme, which burst into life in June 2022, sees cybercriminals leverage a host of social engineering techniques to convince users, who are bombarded with messages claiming of significant dividends, to deposit funds into an investment portal.
In the end, the victims will get no return on their โinvestmentโ.
๐ธThe cybercriminals leveraged more than 850 scam pages throughout the campaign to date
๐ธThey created new Facebook advertisements on a daily basis that appropriated the brand and likeness of 35 global, well-recognized companies to link to their scam pages
๐ธGroup-IB estimates that financial losses from this scam between March and June 2023 could reach $280,000
To find out more about this scam campaign and get recommendations on how to defend yourself from the grasp of scammers, read the latest Group-IB blog post.
#FightAgainstCybercrime #Scam
Group-IB has uncovered a new fake investment scam with a devastating global reach. The scheme, which burst into life in June 2022, sees cybercriminals leverage a host of social engineering techniques to convince users, who are bombarded with messages claiming of significant dividends, to deposit funds into an investment portal.
In the end, the victims will get no return on their โinvestmentโ.
๐ธThe cybercriminals leveraged more than 850 scam pages throughout the campaign to date
๐ธThey created new Facebook advertisements on a daily basis that appropriated the brand and likeness of 35 global, well-recognized companies to link to their scam pages
๐ธGroup-IB estimates that financial losses from this scam between March and June 2023 could reach $280,000
To find out more about this scam campaign and get recommendations on how to defend yourself from the grasp of scammers, read the latest Group-IB blog post.
#FightAgainstCybercrime #Scam
๐10๐ฅ4๐ฅฐ1๐1
Group-IB Trio Excels๐
We are thrilled to announce that Anastasia Tikhonova, Head of Advanced Persistent Threats (APT) Research in Thailand, Jennifer Soh, Senior Cyber Investigation Specialist and Vesta Matveeva, APAC Head of Cyber Crime Investigation in Singapore have been named among the 30 finalists of the Top Women in Security ASEAN Region 2023 Awards! ๐
In addition to their inclusion in the prestigious Top 30 list, Anastasia, a first-time finalist, was also honored with a Security Researcher Award. Vesta accomplished a remarkable achievement by winning in four categories: Security Professional Ambassador, CyberSecurity Award, Top Woman in Security in the ASEAN Region, and the esteemed country award for Singapore.
The initiative aims to recognize the achievements of women who have made significant strides in enhancing the security industry across the ASEAN Region.
#FightAgainstCybercime #Cybersecurity #topwomeninsecurityASEAN
We are thrilled to announce that Anastasia Tikhonova, Head of Advanced Persistent Threats (APT) Research in Thailand, Jennifer Soh, Senior Cyber Investigation Specialist and Vesta Matveeva, APAC Head of Cyber Crime Investigation in Singapore have been named among the 30 finalists of the Top Women in Security ASEAN Region 2023 Awards! ๐
In addition to their inclusion in the prestigious Top 30 list, Anastasia, a first-time finalist, was also honored with a Security Researcher Award. Vesta accomplished a remarkable achievement by winning in four categories: Security Professional Ambassador, CyberSecurity Award, Top Woman in Security in the ASEAN Region, and the esteemed country award for Singapore.
The initiative aims to recognize the achievements of women who have made significant strides in enhancing the security industry across the ASEAN Region.
#FightAgainstCybercime #Cybersecurity #topwomeninsecurityASEAN
๐ฅ25๐4๐3
What's even more terrifying than experiencing a cyber attack? Being unprepared with no action plan to fight it.
We canโt stress enough how important having an incident response strategy is, but our CEO, Dmitry Volkov can and did! Dmitry recently shared his valuable insights on how organizations can take their incident response to the next level to unlock opportunities for growth and resilience.
We discuss cyber threats, readiness-building, and examples of how Group-IBโs team of incident response experts assist businesses in navigating the challenges of cyber incidents.
Read all that Dmitry Volkov had to say here.
We canโt stress enough how important having an incident response strategy is, but our CEO, Dmitry Volkov can and did! Dmitry recently shared his valuable insights on how organizations can take their incident response to the next level to unlock opportunities for growth and resilience.
We discuss cyber threats, readiness-building, and examples of how Group-IBโs team of incident response experts assist businesses in navigating the challenges of cyber incidents.
Read all that Dmitry Volkov had to say here.
๐ฅ10๐4
Looking for quick reads about cybersecurity? Then look no further: our revamped Medium account packs our research, discoveries, and more into easy-to-read pieces for you to enjoy!
Check out our latest post about a threat actor called W3LL to see what can be behind a phishing email and glimpse into a clandestine marketplace for a closed community of hackers. Weโve recently published a very detailed report about that, but if you just have 4 minutes, our Medium is the perfect source to put you in the loop!
Check out our latest post about a threat actor called W3LL to see what can be behind a phishing email and glimpse into a clandestine marketplace for a closed community of hackers. Weโve recently published a very detailed report about that, but if you just have 4 minutes, our Medium is the perfect source to put you in the loop!
๐7โค4