#Ransomware
Top 5 recommendations for preventing ransomware
With ransomware attacks on the rise, companies need to take a proactive approach to security. Group-IB has put together a list of actionable tips to help you protect your organization from the ransomware threats in 2022.
Check this out: https://bit.ly/34LeUWu
Top 5 recommendations for preventing ransomware
With ransomware attacks on the rise, companies need to take a proactive approach to security. Group-IB has put together a list of actionable tips to help you protect your organization from the ransomware threats in 2022.
Check this out: https://bit.ly/34LeUWu
#CyberPeaceBuilders #Cybersecurity #Volunteers
Group-IB joins the CyberPeace Institute CyberPeaceBuilders' community!
The CyberPeace Builders program members are all volunteers recruited from international companies. The program provides industry-grade expertise to NGOs to understand cyberthreats, to strengthen internal capabilities and up-skill staff to increase their resilience to cyberthreats.
Nick Palmer, head of global business at Group-IB: “The CyberPeace Builders program is something that aligns closely with Group-IB’s mission of investigating and researching cybercrime while helping those they pray on. This initiative will allow Group-IB experts to devote their time as the see fit to help in this mission.”
What does volunteering to be a CyberPeace Builder involve?
🔹Builders are asked to volunteer approx 40 hrs p/year
🔹Builders activities are broken down into small tasks of a few hours maximum.
🔹Builders select the units of work they can do depending on their availability and skills.
🔹Builders use available resources such as online tools and pre-existing materials that can be applied to different cybersecurity needs and to deliver services.
More about the CyberPeaceBuilders community: https://cyberpeaceinstitute.org/cyberpeacebuilders/
Group-IB joins the CyberPeace Institute CyberPeaceBuilders' community!
The CyberPeace Builders program members are all volunteers recruited from international companies. The program provides industry-grade expertise to NGOs to understand cyberthreats, to strengthen internal capabilities and up-skill staff to increase their resilience to cyberthreats.
Nick Palmer, head of global business at Group-IB: “The CyberPeace Builders program is something that aligns closely with Group-IB’s mission of investigating and researching cybercrime while helping those they pray on. This initiative will allow Group-IB experts to devote their time as the see fit to help in this mission.”
What does volunteering to be a CyberPeace Builder involve?
🔹Builders are asked to volunteer approx 40 hrs p/year
🔹Builders activities are broken down into small tasks of a few hours maximum.
🔹Builders select the units of work they can do depending on their availability and skills.
🔹Builders use available resources such as online tools and pre-existing materials that can be applied to different cybersecurity needs and to deliver services.
More about the CyberPeaceBuilders community: https://cyberpeaceinstitute.org/cyberpeacebuilders/
#Award #Cybersecurity
Group-IB wins 8 Gold Cybersecurity Excellence Awards 2022
🥇Group-IB has been named a Gold winner by the Cybersecurity Excellence Award 2022 in the category "Best Cybersecurity Company" in Asia! Additionally, Group-IB’s products and services received Gold across 7 categories.
More details here: https://bit.ly/3gZFAoL
Group-IB wins 8 Gold Cybersecurity Excellence Awards 2022
🥇Group-IB has been named a Gold winner by the Cybersecurity Excellence Award 2022 in the category "Best Cybersecurity Company" in Asia! Additionally, Group-IB’s products and services received Gold across 7 categories.
More details here: https://bit.ly/3gZFAoL
#Vietnam #Webinar #Ransomware #DFIR
Hi-Tech Crime Trends in Vietnam in 2022
Want to learn more about the current financial and ransomware threat landscape in Vietnam? Join Group-IB's webinar on March 24 where our local DFIR expert, Nam Le Phuong, will give an insight into the latest cybersecurity risks in Vietnam and ways to mitigate them.
Register here: https://bit.ly/3IHSW5t
Hi-Tech Crime Trends in Vietnam in 2022
Want to learn more about the current financial and ransomware threat landscape in Vietnam? Join Group-IB's webinar on March 24 where our local DFIR expert, Nam Le Phuong, will give an insight into the latest cybersecurity risks in Vietnam and ways to mitigate them.
Register here: https://bit.ly/3IHSW5t
#ransomware #threatintelligence #webinar #APAC
Group-IB Threat Hunting Day in APAC
Join us as we explore the latest ransomware threat landscape. Our threat hunting expert, Oleg Skulkin, will share a live demonstration of using actionable threat intelligence to respond to a human-operated ransomware attack in the first stages of its lifecycle.
Register now: https://bit.ly/3I2ESCs
Group-IB Threat Hunting Day in APAC
Join us as we explore the latest ransomware threat landscape. Our threat hunting expert, Oleg Skulkin, will share a live demonstration of using actionable threat intelligence to respond to a human-operated ransomware attack in the first stages of its lifecycle.
Register now: https://bit.ly/3I2ESCs
#AssetZero #EASM
Meet Group-IB AssetZero!
We are proud to present our new product AssetZero, an intelligence-driven attack surface management (EASM) solution. Never before has AssetZero been in greater need.
🔻As digital footprints and the complexity of IT infrastructures continue to grow, maintaining a complete and up-to-date asset inventory is becoming relevant as never before. In 2021, over 50% of Group-IB’s DFIR cases stemmed from a preventable, perimeter-based security error.
🔻Unmanaged assets that create security risks include forgotten cloud instances running vulnerable software, open ports, misconfigured databases exposed to the open web, or web servers that were deployed without being added to official asset inventories. Such assets open doors for cybercriminals.
To help companies manage these critical but avoidable flaws, we created AssetZero. It is a fully cloud-based SaaS solution designed to discover, assess, and help manage your internet-facing assets in real time via all-in-one interface.
AssetZero leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by:
✅continuously discovering all external-facing IT assets
✅identifying potential vulnerabilities
✅assessing risk using Group-IB Threat Intelligence & Attribution insights
✅prioritizing issues for remediation
✅enabling measurable improvements to security posture.
Watch the video for more insights!
Meet Group-IB AssetZero!
We are proud to present our new product AssetZero, an intelligence-driven attack surface management (EASM) solution. Never before has AssetZero been in greater need.
🔻As digital footprints and the complexity of IT infrastructures continue to grow, maintaining a complete and up-to-date asset inventory is becoming relevant as never before. In 2021, over 50% of Group-IB’s DFIR cases stemmed from a preventable, perimeter-based security error.
🔻Unmanaged assets that create security risks include forgotten cloud instances running vulnerable software, open ports, misconfigured databases exposed to the open web, or web servers that were deployed without being added to official asset inventories. Such assets open doors for cybercriminals.
To help companies manage these critical but avoidable flaws, we created AssetZero. It is a fully cloud-based SaaS solution designed to discover, assess, and help manage your internet-facing assets in real time via all-in-one interface.
AssetZero leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by:
✅continuously discovering all external-facing IT assets
✅identifying potential vulnerabilities
✅assessing risk using Group-IB Threat Intelligence & Attribution insights
✅prioritizing issues for remediation
✅enabling measurable improvements to security posture.
Watch the video for more insights!
Group-IB
External Attack Surface Management Solution | Group-IB Cybersecurity Products & Services
Attack Surface Management from Group-IB discovers all your external assets to uncover hidden risks like shadow IT and misconfigurations. Check it out!
👍1
Lost & Found: Discover Your External Attack Surface with AssetZero
🌏From the IPv4 space and beyond to the deep and dark web, AssetZero maps out the Internet in its entirety. In yet another key differentiator, AssetZero's findings are augmented with Group-IB cyber threat intelligence data, including malware analysis, deep & dark web activity, credential dumps, and botnet logs.
📈All of the identified assets are displayed in a graphing analysis that shows how these services and resources are interconnected, making it easy to see which assets are linked and how.
🔔After all external IT assets are discovered and inventoried, AssetZero identifies those that may be potential attack vectors, assigns a risk score to each issue, and prioritizes remediation tasks with threat intelligence insights.
All the data is available via an easy-to-use portal and dashboards that help to manage issues and prioritize risks.
🔗Check out our latest blog post to learn more about the superior capabilities of Group-IB AssetZero!
🌏From the IPv4 space and beyond to the deep and dark web, AssetZero maps out the Internet in its entirety. In yet another key differentiator, AssetZero's findings are augmented with Group-IB cyber threat intelligence data, including malware analysis, deep & dark web activity, credential dumps, and botnet logs.
📈All of the identified assets are displayed in a graphing analysis that shows how these services and resources are interconnected, making it easy to see which assets are linked and how.
🔔After all external IT assets are discovered and inventoried, AssetZero identifies those that may be potential attack vectors, assigns a risk score to each issue, and prioritizes remediation tasks with threat intelligence insights.
All the data is available via an easy-to-use portal and dashboards that help to manage issues and prioritize risks.
🔗Check out our latest blog post to learn more about the superior capabilities of Group-IB AssetZero!
🔥3👍2
#CERTfin #Italy #ABIlab #threatintelligence #cybersecurity
Group-IB to support CERTFin in guarding Italian financial sector
Group-IB has become a technological partner and cybersecurity advisor to ABI Lab, the Italian research and innovation centre for the banking sector comprising of 120 Banks and 70 ICT companies, promoting the innovation and digitalisation of the whole Italian financial and insurance backbone.
Due to its battle-tested competence and experience in disrupting cybercrime in more than 60 countries, Group-IB was also selected as a provider of cyber threat intelligence for CERTFin. Led by the Bank of Italy, ABI (Italian Banking Association) and run by ABI Lab, CERTFin acts as a central hub for the exchange of operational and strategic information about cyber threats for Italy’s entire financial sector.
Leveraging its trademark Threat Intelligence & Attribution system, used by Europe’s leading banks, Group-IB will be entrusted with providing CERTFin with insights into:
📍phishing and scam campaigns carried out by cybercriminals
📍attempts to sell data stolen from local financial institutions,
📍sudden interest in purchasing accesses to potentially compromised networks
📍insight on current threats and dark web trends which could jeopardise the operations of the entities supported by CERTFin
For more details ➡️ https://bit.ly/3D4i8RH
Group-IB to support CERTFin in guarding Italian financial sector
Group-IB has become a technological partner and cybersecurity advisor to ABI Lab, the Italian research and innovation centre for the banking sector comprising of 120 Banks and 70 ICT companies, promoting the innovation and digitalisation of the whole Italian financial and insurance backbone.
Due to its battle-tested competence and experience in disrupting cybercrime in more than 60 countries, Group-IB was also selected as a provider of cyber threat intelligence for CERTFin. Led by the Bank of Italy, ABI (Italian Banking Association) and run by ABI Lab, CERTFin acts as a central hub for the exchange of operational and strategic information about cyber threats for Italy’s entire financial sector.
Leveraging its trademark Threat Intelligence & Attribution system, used by Europe’s leading banks, Group-IB will be entrusted with providing CERTFin with insights into:
📍phishing and scam campaigns carried out by cybercriminals
📍attempts to sell data stolen from local financial institutions,
📍sudden interest in purchasing accesses to potentially compromised networks
📍insight on current threats and dark web trends which could jeopardise the operations of the entities supported by CERTFin
For more details ➡️ https://bit.ly/3D4i8RH
Group-IB
Group-IB to support CERTFin to guard Italian financial sector
Group-IB, one of the global cybersecurity leaders headquartered in Singapore, has recently become a technological partner and cybersecurity advisor to ABI Lab, the Italian research and innovation centre for the banking sector comprising of 120 Banks and 70 ICT…
🔥7👍2❤1
#Scam #Singapore #DRP
Group-IB unveils three groups of fraudsters behind delivery scams in Singapore
Delivery scams in Singapore are on the rise. Since August 2021, more than 93 victims had fallen prey to such scams, with losses amounting to at least $140,000, according to the Singapore Police Force.
In 2021, Group-IB Digital Risk Protection team identified close to 150 domains mimicking postal brands from Singapore. Further research revealed three groups of scam actors utilising distinct scripts, distribution channels, and infrastructure for their fraudulent operations:
📍Group 1 demonstrated a scam alert that said "Phishing websites impersonating SingPost are using fake said notices and text messages to extract personal data"
📍Group 2 delivered a Trojan through their scam websites
📍Group 3 figured out a way to bypass OTP verification
Check out our fresh blog post to learn more ➡️ https://bit.ly/3JOFf53
Group-IB unveils three groups of fraudsters behind delivery scams in Singapore
Delivery scams in Singapore are on the rise. Since August 2021, more than 93 victims had fallen prey to such scams, with losses amounting to at least $140,000, according to the Singapore Police Force.
In 2021, Group-IB Digital Risk Protection team identified close to 150 domains mimicking postal brands from Singapore. Further research revealed three groups of scam actors utilising distinct scripts, distribution channels, and infrastructure for their fraudulent operations:
📍Group 1 demonstrated a scam alert that said "Phishing websites impersonating SingPost are using fake said notices and text messages to extract personal data"
📍Group 2 delivered a Trojan through their scam websites
📍Group 3 figured out a way to bypass OTP verification
Check out our fresh blog post to learn more ➡️ https://bit.ly/3JOFf53
👍1
#Spring4Shell #SpringShell #CVE
🍃Spring into action: what we know about Spring4Shell so far?
Group-IB experts explain what a newly discovered vulnerability in the popular Spring Framework is, and what it is not.
Read our latest blog to learn:
🔻How critical SpringShell is
🔻How it is different from previously disclosed Spring CVEs
🔻Who is at risk
🔻How to detect and mitigate it with Group-IB
🔻What are the DarkWeb discussions around Spring4Shell
➡️ https://bit.ly/3tUn3RZ
Stay tuned for updates!
🍃Spring into action: what we know about Spring4Shell so far?
Group-IB experts explain what a newly discovered vulnerability in the popular Spring Framework is, and what it is not.
Read our latest blog to learn:
🔻How critical SpringShell is
🔻How it is different from previously disclosed Spring CVEs
🔻Who is at risk
🔻How to detect and mitigate it with Group-IB
🔻What are the DarkWeb discussions around Spring4Shell
➡️ https://bit.ly/3tUn3RZ
Stay tuned for updates!
👍3
#Scam #Crypto #CERT #DRP
The Wrong Vitalik.
Crypto scammers make off with $1.6 million in yet another fake YouTube giveaway
🔍Between February 16 and 18, Group-IB DRP and CERT teams detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and other) from legitimate events to create fraudulent streams.
One such stream featuring footage of Vitalik Buterin attracted more than 165,000 viewers who were promised that their crypto savings would be doubled in real time. In the stream description, the scammers spread the links to the websites with instructions on how double crypto investments.
🕸Group-IB experts identified 29 interconnected fake websites. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 connected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.
💰In total, 30 crypto wallets controlled by the scammers received received 281 transactions in total amounting to more than $1,680,000 within three days of monitoring.
More details in our fresh research: https://bit.ly/371YNVu
The Wrong Vitalik.
Crypto scammers make off with $1.6 million in yet another fake YouTube giveaway
🔍Between February 16 and 18, Group-IB DRP and CERT teams detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and other) from legitimate events to create fraudulent streams.
One such stream featuring footage of Vitalik Buterin attracted more than 165,000 viewers who were promised that their crypto savings would be doubled in real time. In the stream description, the scammers spread the links to the websites with instructions on how double crypto investments.
🕸Group-IB experts identified 29 interconnected fake websites. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 connected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.
💰In total, 30 crypto wallets controlled by the scammers received received 281 transactions in total amounting to more than $1,680,000 within three days of monitoring.
More details in our fresh research: https://bit.ly/371YNVu
Group-IB
Scammers make off with $1.6 million in crypto
Fake giveaways hit bitcoiners again. Now on YouTube
#Darknet #RaidForums #ThreatIntelligence
Future of market for stolen data doesn’t seem too bleak after RaidForums takedown
🕵️♀️Yesterday, the US Department of Justice announced the takedown of RaidForums, one of the most popular underground forums for hackers selling and buying personal records. As a result of the joint international operation dubbed TOURNIQUET, involving Europol and law enforcement agencies from 6 countries, the forum’s alleged administrator and two accomplices have been arrested.
Founded in 2015, RaidForums quickly became a one stop shop for compromised personal information, such as SSN, account credentials, names, email and other PII. RaidForums had more than 500,000 users at its peak. Thousands of stolen databases were posted on Raid every month both for free and for purchase.
The official announcement did not come until last night, even though the alleged administrator, a 21 year old citizen of Portugal, Diogo Santos Coelho (aka Omnipotent, Downloading, Shiza, and KevinMaradona), had been arrested in the UK on January 31. Nevertheless, experiencing outages occasionally, the forum continued its work until April when a seizure banner appeared on its home page.
Last days of RaidForums
According to Group-IB Threat Intelligence, at the end of January, a dedicated Telegram chat informed the users of RaidForums that Omnipotent, the forum’s administrator, would go on holiday from January 31. A few days later, on February 7, the forum went down for the first time since January 31. The outage could have allegedly been caused by the law enforcement actions.
🦁Unlike the forum, which resumed operation on February 12, Omnipotent never appeared online again. While the forum was down, the users started to come up with their own different version of what happened. Some assumed that Omnipotent could have been arrested by the authorities, the admins had their own version that Omnipotent had been attacked by a mountain lion and ended up in hospital.
The forum stopped working properly again on February 25. Instead of forum threads the users would only see the login form that would always show an error. Initially, some users assumed that the outage was due to the fact that the forum team had voiced their support to Ukraine and promised to block all the account holders with Russian IPs. Two days later, however, it was confirmed that the forum had been seized by the law enforcement authorities. The RaidForums’ admins posted the message about the takedown in their Telegram channel. All the messages in the chat were deleted shortly after.
What's next?
📈Group-IB’s head of cybercrime research, Oleg Dyorov, believes that it will not take long until the RaidForums’ successors make their presence felt. “When it became clear that RaidForums would not come back, one of the forum old-timers, Pompompurin, announced a new project, almost a complete copy of Raid, and invited the users to join. The market is recovering and many buyers and sellers known to us have already switched over to a new forum to continue illicit operations.”
Future of market for stolen data doesn’t seem too bleak after RaidForums takedown
🕵️♀️Yesterday, the US Department of Justice announced the takedown of RaidForums, one of the most popular underground forums for hackers selling and buying personal records. As a result of the joint international operation dubbed TOURNIQUET, involving Europol and law enforcement agencies from 6 countries, the forum’s alleged administrator and two accomplices have been arrested.
Founded in 2015, RaidForums quickly became a one stop shop for compromised personal information, such as SSN, account credentials, names, email and other PII. RaidForums had more than 500,000 users at its peak. Thousands of stolen databases were posted on Raid every month both for free and for purchase.
The official announcement did not come until last night, even though the alleged administrator, a 21 year old citizen of Portugal, Diogo Santos Coelho (aka Omnipotent, Downloading, Shiza, and KevinMaradona), had been arrested in the UK on January 31. Nevertheless, experiencing outages occasionally, the forum continued its work until April when a seizure banner appeared on its home page.
Last days of RaidForums
According to Group-IB Threat Intelligence, at the end of January, a dedicated Telegram chat informed the users of RaidForums that Omnipotent, the forum’s administrator, would go on holiday from January 31. A few days later, on February 7, the forum went down for the first time since January 31. The outage could have allegedly been caused by the law enforcement actions.
🦁Unlike the forum, which resumed operation on February 12, Omnipotent never appeared online again. While the forum was down, the users started to come up with their own different version of what happened. Some assumed that Omnipotent could have been arrested by the authorities, the admins had their own version that Omnipotent had been attacked by a mountain lion and ended up in hospital.
The forum stopped working properly again on February 25. Instead of forum threads the users would only see the login form that would always show an error. Initially, some users assumed that the outage was due to the fact that the forum team had voiced their support to Ukraine and promised to block all the account holders with Russian IPs. Two days later, however, it was confirmed that the forum had been seized by the law enforcement authorities. The RaidForums’ admins posted the message about the takedown in their Telegram channel. All the messages in the chat were deleted shortly after.
What's next?
📈Group-IB’s head of cybercrime research, Oleg Dyorov, believes that it will not take long until the RaidForums’ successors make their presence felt. “When it became clear that RaidForums would not come back, one of the forum old-timers, Pompompurin, announced a new project, almost a complete copy of Raid, and invited the users to join. The market is recovering and many buyers and sellers known to us have already switched over to a new forum to continue illicit operations.”
Europol
One of the world’s biggest hacker forums taken down | Europol
Launched in 2015, RaidForums was considered one of the world’s biggest hacking forums with a community of over half a million users. This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations…
👍2
#OldGremlin #Ransomware #ThreatIntelligence
Old Gremlins, New Methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia.
OldGremlin remains one of the very few Russian-speaking gangs targeting companies in Russia. As such, the gremlins conducted two mass email campaigns in March, detected by Group-IB Threat Intelligence team.
We analyzed their latest attacks and tools.
A quick recap of our latest blog post:
📍Well-crafted phishing emails exploiting trending news
📍High-quality decoy documents
📍New custom tool TinyFluff - successor to TinyNode
📍Techniques mapped to MITRE ATT&CK and IOCs
To learn more ➡️ https://bit.ly/3jBjk63
Old Gremlins, New Methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia.
OldGremlin remains one of the very few Russian-speaking gangs targeting companies in Russia. As such, the gremlins conducted two mass email campaigns in March, detected by Group-IB Threat Intelligence team.
We analyzed their latest attacks and tools.
A quick recap of our latest blog post:
📍Well-crafted phishing emails exploiting trending news
📍High-quality decoy documents
📍New custom tool TinyFluff - successor to TinyNode
📍Techniques mapped to MITRE ATT&CK and IOCs
To learn more ➡️ https://bit.ly/3jBjk63