#GISEC2021 #MEA
GISEC 2021 was a blast!

👨‍💻 Thank you so much to everyone who visited our stand, talked to our team, watched us on stage or simply followed our live updates on social media.

🌍 Group-IB made a noticeable contribution to this year’s edition of the largest cybersecurity showcase in the region, and with the new Dubai HQ now up and running, we feel strong to bring our presence and services in the Middle East on to the next level!

We hope you like our video recap and see you again soon!

#books #cybersecurity
One of the most popular questions we’re getting has to be about books

💡 Many of our followers are keen to get into digital forensics, incident response, or malware analysis, but not sure on the best guide to get started. Others, while already being professionals, are eager to take their skills on to the next level.

📚 So do we have the right recommendation for everyone passionate about cybersecurity?

Most definitely! In fact, a while ago we posted a blog going through 11 books useful for both beginners and high level professionals.

We have also added a detailed description for each one of our recommendations, so make sure to have a look ☝️

Of course this is by no means a complete list, however it’s a great start for everyone striving to expand his knowledge and skills ✨

Don’t have enough time to go through the blog? No worries - we’ve listed all 11 books below:

1. File System Forensic Analysis by Brian Carrier
2. Incident Response & Computer Forensics, Third Edition by Jason T. Luttgens, Matthew Pepe, Kevin Mandia
3. Investigating Windows Systems by Harlan Carvey
4. Digital Forensics and Incident Response, Second Edition by Gerard Johansen
5. Windows Forensics Cookbook by Oleg Skulkin and Scar de Courcier
6. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory by Michael Hale Ligh
7. Network Forensics by Ric Messier
8. Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices, Fourth Edition by Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty
9. Learning Android Forensics: Analyze Android devices with the latest forensic tools and techniques, Second Edition by Oleg Skulkin, Donnie Tindall, Rohit Tamma
10. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware by Monnappa K. A.
11. Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
by Alex Matrosov, Eugene Rodionov, Sergey Bratus

Enjoy reading 🙂

#digitalriskprotection #scams
Scam cases are on the rise

🕵️‍♀️ According to the Singapore Police Force's Annual Crime Brief 2020, there were 14,236 cases last year, including Internet love scams, impersonation scams and loan scams, with losses totalling of $201.2 million. In 2019, there were 8,397 cases, with total losses at $121.8 million.

👨‍💻Mr Ilia Rozhnov, head of cyber-security company Group-IB's Digital Risk Protection department in the Asia-Pacific, explained that the Covid-19 pandemic has been a catalyst for the spike in the number of scams.

💬"There is the phenomenon of Scamdemic - an influx of online scams as more around the world dived online last year, when people were forced to go digital and make payments online, and use e-services," he said.

"According to Group-IB's data, last year, scams dominated the online cyber-criminal scene, totalling over 70 per cent of all online crimes."

➡️ Click here to read the full story.

#blog #ransomware
REvil Twins: Deep Dive into Prolific RaaS Affiliates' TTPs

🔹Ransomware continues to dominate the cybercriminal scene in 2021. The number of attacks as well as the ransom demands seem to be growing quickly. According to the Ransomware Uncovered 2020-2021 report, Ransomware-as-a-Service model, which involves the developers selling/leasing malware to the program affiliates for further network compromise and ransomware deployment, became one of the major driving forces behind phenomenal growth of the ransomware market.

🔹Group-IB DFIR team observed that 64% of all ransomware attacks it analyzed in 2020 came from operators using the RaaS model.

🔹In our new blog post by Oleg Skulkin, Senior Digital Forensics analyst at Group-IB, we focus on one of the most active ransomware collectives, REvil, and their RaaS program, which attracts more and more affiliates due to the shutdown of other RaaS.

🔹Our experts took a deep dive into the modus operandi of REvil affiliates and shared some information on various affiliates' tactics, techniques and procedures observed, so defenders can tune their detection capabilities accordingly.

🔹Make sure to save the detection tips and REvil affiliates’ TTPs mapped in accordance with MITRE ATT&CK by Group-IB DFIR team.

➡️ Click here to read the blog now.

#ransomware #groupib #reverseengineering #Ryuk #GrimAgent
Group-IB Threat Intelligence team reverse engineered the Grim Agent backdoor used in Ryuk ransomware operations for the very first time

Our latest blog comes with all the details, including Yara and Suricata rules.

Ransomware activity increased drastically over the past couple of years and became the face of cybercrime by 2021.

📄 According to the Ransomware Uncovered 2020-2021 report, the number of ransomware attacks increased by more than 150% in 2020. The attacks grew in not only number but also scale and sophistication — the average ransom demand increased by more than twofold and amounted to $170,000 in 2020.

👥 Gangs are constantly evolving. The past year saw ransomware operators change their tactics, defense evasion techniques, and procedures to ensure that their illicit business thrives. Given that ransomware attacks are conducted by humans, understanding the modus operandi and toolset used by attackers is essential for companies that want to avoid costly downtimes. Ultimately, knowing how ransomware gangs operate and being able to thwart their attacks is more cost-effective than paying ransoms.

🔹 One of the underlying trends of 2021 to keep in mind is the use of commodity malware. The infamous ransomware gang Ryuk, which is responsible for many high-profile cyber heists followed suit. The most recent addition to their arsenal, which is yet to be explored, is the malware called GrimAgent.

💡Our new blog features the first comprehensive analysis of the GrimAgent backdoor. It is intended mainly for reverse engineers, researchers and blue teams so that they can create and implement rules that help monitor this cyber threat closely.

💪The blog also provides a great illustration of our team in action.

➡️ Click here to check it out.

#mssp #gib_thf
Group-IB has signed a partnership agreement with CyberSec Services, a Managed Security Services Provider with offices in Milan and Ticino 🇮🇹🇨🇭

🤝 CyberSec Services becomes the first partner in Europe who joined Group-IB’s MSSP & MDR program.

⏫ Thanks to the partnership Italian and Swiss companies can now take advantage of Group-IB’s Threat Hunting Framework - first ever single multi-tenant solution to identify and attribute cyber criminals, detect, hunt, and respond to most sophisticated threats in both IT and OT networks.

💬 Alessandro Aresi, CEO of CyberSec Services, comments: “We have identified Group-IB as the ideal partner for a service offering which covers the most different needs of our customers. The peculiarity of Group-IB is the completeness of their solutions and the ability to make their portfolio compatible and complementary to an MSSP such as CyberSec Services.

One of the most interesting aspects for us, besides the consolidated experience in the field of Cyber Threat Intelligence and Investigation, is the ability to let converge the more traditional world of IT with the world of OT. This aspect allowed us for example to serve at best one of our most relevant customers, who wanted to source out full protection of their power plants and of the entire IT infrastructure from one single hand, with considerable savings in time and costs”.

#interpol #phishing #fraud #carding
Group-IB has supported INTERPOL in its Lyrebird operation that resulted in the identification and apprehension of a threat actor presumably responsible for multiple attacks worldwide.

👥 According to Group-IB’s Threat Intelligence team, the suspect, dubbed Dr HeX by Group-IB based on one of the nicknames that he used, has been active since at least 2009 and is responsible for a number of cybercrimes, including phishing, defacing, malware development, fraud, and carding that resulted in thousands of unsuspecting victims.

⚔️ The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB.

🧑‍💻 The starting point of Group-IB’s research to identify and deanonymize the cybercriminal was the extraction of a phishing kit (a tool used to create phishing web pages) exploiting the brand of a large French bank by Group-IB’s Threat Intelligence & Attribution system.

🔁 The set-up of the detected phishing kit followed a common technique, with the creation of a spoofed website of a targeted company, the mass distribution of emails impersonating it and asking users to enter login information on the spoofed site. The credentials left by unsuspecting victims on the fake page were then redirected to the perpetrator’s email. Almost each of the scripts contained in the phishing kit had its creator’s nickname, Dr HeX, and contact email address.

➡️ Curious to learn the details? Click here to read the full story!

#gib_thf #marketplace
Group-IB joins Palo Alto Networks Cortex XSOAR Marketplace

⭐️ Our Threat Hunting Framework Polygon, a Malware Detonation & Research platform, is now available on the Palo Alto Networks Cortex XSOAR Marketplace, the industry’s largest and most comprehensive security orchestration marketplace. The content pack from Group-IB on Cortex XSOAR’s Marketplace provides customers with a tool that guarantees malware detonation and behavioral analysis, and was developed by engineers with long-standing experience in investigating cybercrimes worldwide, and participating in global operations with international law enforcement, incident response, and cyberattack monitoring and attribution.

🔁 Group-IB’s THF Polygon is an integral part of the company’s ecosystem of high-powered and innovative solutions for protection against previously unknown threats and targeted attacks along with investigating and responding to cybercrimes to minimize potential consequences. Be sure to have a look at the comprehensive overview to learn more.

💬 “A robust, open ecosystem is at the heart of Cortex XSOAR,” said Rishi Bhargava, VP of Product Strategy for Cortex XSOAR at Palo Alto Networks. “We are proud to welcome Group-IB to the Cortex XSOAR Marketplace ecosystem, which has 700+ integrations that enable our customers to connect disparate security tools and data sources to enable maximum efficiency in the SOC.”

#phishing #benelux
Group-IB has assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal group codenamed “Fraud Family”

⚔️ Our Amsterdam-based team has identified the individuals behind the Dutch-speaking syndicate that develops, sells and rents sophisticated phishing frameworks, and shared their findings with the authorities. According to the police, the operation resulted in the arrest of two suspects who are thought to be the developer and seller of the phishing frameworks distributed by the Fraud Family.

🧑‍💻 Group-IB Threat Intelligence unit has been detecting massive phishing attacks against Dutch and Belgian residents since the beginning of 2020. The fake pages detected by Group-IB Threat Intelligence & Attribution system were almost identical and disguised to look like legitimate websites of the biggest local financial organizations to trick unsuspecting victims into providing their personal and banking data.

👥 A typical attack, analyzed by Group-IB researchers, started with an email, SMS, or WhatsApp message impersonating a real financial organization. Using well-known brands, fraudsters gained users’ immediate trust. These fake notifications contained malicious links to adversary-controlled phishing websites that steal payment info.

🔁 Having analyzed the technical infrastructure and phishing templates used in these fraudulent campaigns, our researchers uncovered a massive Fraud-as-a-Service operation.

💬 Dutch Public Prosecutor, Attorney Witeke Koorn said: “Digital fraud such as phishing is a social problem that requires an integrated approach. This approach involves a joint effort between the Police, Public Prosecutors, banks, government agencies and others together for investigation, prosecution and prevention."

➡️ Click here to read the full story and make sure to check out our latest blog post for detailed technical analysis of Fraud Family’s operations.

The image illustrates Fraud Family's phishing scheme

#mou #cooperation
Group-IB and CyberPeace Institute collaborate for a safer cyberspace

Earlier this week, Group-IB and the CyberPeace Institute signed a Memorandum of Understanding (MoU) to collectively mobilize action for cyber security and to strengthen ongoing cooperation across multiple areas including:

👉Sharing of knowledge and expertise on threat hunting, digital forensics and investigations
👉Technical support for threat hunting, threat intelligence, digital forensics, Incident Response and Investigations
👉Cross-border collaboration on research and development for the protection of critical information infrastructures

🔹Nick Palmer, Head of Global Business at Group-IB welcomed the MoU agreement and had this to say: “CyberPeace Institute is one of those organizations that makes the world a better place by ridding cyber criminals of it. With an incredible team of experienced experts, NGO constituents of CyberPeace Institute receive support in analysis and post-incident investigations. As Group-IB, and our team of experts, hold near and dear investigation and attribution of cyber criminals, it is our great pleasure to support the CyberPeace Institute with our technical analysts from Threat Intelligence, Hi Tech Crime Investigations, CERT-GIB and much more. With these types of public - private partnerships we can ensure that we work together for the good of the world in the fight against cybercrime.”

🔹 The CyberPeace Institute is an independent non-governmental organization whose mission is to ensure the rights of people to security, dignity and equity in cyberspace. The Institute works in close collaboration with relevant partners to reduce the harms from cyberattacks on people’s lives worldwide. By analyzing cyberattacks, the Institute exposes their societal impact, how international laws and norms are being violated, and advances responsible behaviour to enforce cyberpeace.

🔹“At the heart of the CyberPeace Institute’s efforts is the recognition that cyberspace is about people. We need to act collectively and collaboratively to ensure respect for people’s rights and safety. Combining our knowledge and expertise with Group-IB, this MoU is a clear signal of intent for deeper and more coordinated collaboration striving for a cyberspace at peace, for everyone, everywhere” stated Bruno Halopeau, Chief Technology Officer, CyberPeace Institute.

🔹 CyberPeace Institute’s ongoing mission includes increasing public awareness of the real-life impact of cyberattacks as well as reminding state and non-state actors of the international law and norms governing responsible behaviour in cyberspace to reduce harm and ensure the respect of the rights of people in cyberspace. This approach goes in line with one of Group-IB’s core values: zero tolerance to cybercrime, which makes us even more excited to bring our cooperation to the next level.

#pdd #education #singapore
Exciting news! We became the first cybersecurity company to join JTC’s Punggol Digital District

🤖 The district is a home to top international players in cybersecurity, blockchain, robotics and smart living solutions in Singapore.

🕴At the inaugural PDD: Connecting Smartness event held earlier today, Singapore’s Minister for Trade and Industry Mr Gan Kim Yong announced Group-IB’s move into the smart district, along with three other international heavyweights in the digital sectors.

💬 “It’s a great honor for me and my company to be part of JTC’s Punggol Digital District,” commented Group-IB CEO and founder Ilya Sachkov. “I’m sure that today marks a milestone for Singapore and the Asia-Pacific region in general as we’re inaugurating a strategic project that will be leading Singapore in the implementation of its Smart Nation Initiative and will stand at the forefront of the region’s digital transformation. I feel a special responsibility for this initiative since my company, Group-IB, is the first cybersecurity company to join this smart district and we expect a great journey ahead.”

As the first cybersecurity firm to join the initiative, we will👇

🔹Bring the expertise that we accumulated over nearly two decades
🔹Become an all-inclusive cybersecurity provider to the community, bringing, among others, our system intended for creating organization-tailored threat landscape, analyzing and attributing cyberattacks and proactive threat hunting, Threat Intelligence & Attribution, and solution for adversary-centric detection of targeted attacks and unknown threats for IT and OT environments, Threat Hunting Framework, to it.
🔹Collaborate with the Singapore Institute of Technology to develop and operate a cybersecurity testing facility in the smart district – PDD Cyberpolygon Sandzone, a tool for emulating network infrastructures of any configuration, topology or scale for both theoretical research and practical trials.
🔹Work with other players in Punggol Digital District, like the Cyber Security Agency of Singapore , the Government Technology Agency, and cybersecurity associations to turn the district into the space of advanced cybersecurity awareness and form risk-aware culture.

We are confident that our active presence will give students opportunities to apply knowledge in the real-world context through access to Group-IB’s solutions and monitoring systems 💪