#CyberCrimeCon21 #report #cybercrime #HTCT
The overall size of initial access market hits $7.2 mln๐ต
In H2 2020-H12021, the market of corporate initial access continued to flourish and grew by almost 16% from $6,189,388 to $7,165,387. Here are some other figures proving this explosive growth:
๐นThe number of offers to sell access to companies almost tripled over the review period: from 362 to 1,099.
๐นThe number of initial access brokers skyrocketed from 86 active brokers to 262, with 229 new players joining the roster.
๐นThe number of industries exploited by initial access brokers surged from 20 to 35, which indicates that cybercriminals are becoming aware of the variety of potential victims. Most companies affected belonged to the manufacturing, education, and financial services.
๐นThe number of countries where cybercriminals broke into corporate networks increased from 42 to 68. US-based companies were the most popular among sellers of access to compromised networks, followed by France and the UK.
๐นFive brokers make 35% of all the profit from access sale in the underground.
Download link -> https://bit.ly/3pjvxPc
The overall size of initial access market hits $7.2 mln๐ต
In H2 2020-H12021, the market of corporate initial access continued to flourish and grew by almost 16% from $6,189,388 to $7,165,387. Here are some other figures proving this explosive growth:
๐นThe number of offers to sell access to companies almost tripled over the review period: from 362 to 1,099.
๐นThe number of initial access brokers skyrocketed from 86 active brokers to 262, with 229 new players joining the roster.
๐นThe number of industries exploited by initial access brokers surged from 20 to 35, which indicates that cybercriminals are becoming aware of the variety of potential victims. Most companies affected belonged to the manufacturing, education, and financial services.
๐นThe number of countries where cybercriminals broke into corporate networks increased from 42 to 68. US-based companies were the most popular among sellers of access to compromised networks, followed by France and the UK.
๐นFive brokers make 35% of all the profit from access sale in the underground.
Download link -> https://bit.ly/3pjvxPc
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#CyberCrimeCon21 #report #cybercrime #HTCT
Access brokers: regional profiles ๐
Let's take a closer look at the situation with the sales of access to corporate networks in various regions.
๐นIn APAC alone, the total cost of all the accesses to the regionโs companies available in the underground totaled $3.3 million. Most of the accesses on the sale belonged to organizations from Australia, India and China.
๐นEuropean companies were among frequent targets of access brokers as well. The total cost of all the accesses to the regionโs companies offered for sale in the #underground totaled $590,095 in the review period. French companies were the most popular lot for sellers of access to compromised networks, followed by the UK and Italy.
๐นIn the Middle East, the total cost of all the accesses to the regionโs companies available in the underground accounted for $247,836. Most of the accesses on the sale belonged to organizations from the UAE, followed by Israel and Turkey.
Download the report for more details -> https://bit.ly/3pjvxPc
Access brokers: regional profiles ๐
Let's take a closer look at the situation with the sales of access to corporate networks in various regions.
๐นIn APAC alone, the total cost of all the accesses to the regionโs companies available in the underground totaled $3.3 million. Most of the accesses on the sale belonged to organizations from Australia, India and China.
๐นEuropean companies were among frequent targets of access brokers as well. The total cost of all the accesses to the regionโs companies offered for sale in the #underground totaled $590,095 in the review period. French companies were the most popular lot for sellers of access to compromised networks, followed by the UK and Italy.
๐นIn the Middle East, the total cost of all the accesses to the regionโs companies available in the underground accounted for $247,836. Most of the accesses on the sale belonged to organizations from the UAE, followed by Israel and Turkey.
Download the report for more details -> https://bit.ly/3pjvxPc
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
This media is not supported in your browser
VIEW IN TELEGRAM
Today, at #CyberCrimeCon, Group-IB Head of Digital Forensics and Malware Analysis Lab Oleg Skulkin revealed his findings about the recent developments in the #ransomware market.
The full session's recording will soon be available at โถ๏ธ https://cybercrimecon.com
The full session's recording will soon be available at โถ๏ธ https://cybercrimecon.com
#report #cybercrime #HTCT #ransomware
Group-IB presents the second volume of its Hi-Tech Crime Trends 2021/2022 report โCorporansom: threat number oneโ โก๏ธโก๏ธโก๏ธ
In the first 11 months of 2021, more than 60% of all the incidents investigated by Group-IB concerned ransomware. This number is expected to grow, with the number of public affiliate programs growing by 23% in H2 2020 โ H1 2021 compared to the corresponding period a year earlier.
Over the review period, RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935% in H2 2020 โ H1 2021.
The report represents the first attempt to provide a retrospective analysis of how the ransomware cyber empire evolved and shed light on how businesses worldwide lose millions of dollars to cybercriminals. In this report, we look into how and why the ransomware industry has developed, provide in-depth analyses of certain affiliate programs from within, and share statistics on the countries and industries that are attacked most often.
Download link -> https://bit.ly/31NMsRX
Group-IB presents the second volume of its Hi-Tech Crime Trends 2021/2022 report โCorporansom: threat number oneโ โก๏ธโก๏ธโก๏ธ
In the first 11 months of 2021, more than 60% of all the incidents investigated by Group-IB concerned ransomware. This number is expected to grow, with the number of public affiliate programs growing by 23% in H2 2020 โ H1 2021 compared to the corresponding period a year earlier.
Over the review period, RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935% in H2 2020 โ H1 2021.
The report represents the first attempt to provide a retrospective analysis of how the ransomware cyber empire evolved and shed light on how businesses worldwide lose millions of dollars to cybercriminals. In this report, we look into how and why the ransomware industry has developed, provide in-depth analyses of certain affiliate programs from within, and share statistics on the countries and industries that are attacked most often.
Download link -> https://bit.ly/31NMsRX
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#report #cybercrime #HTCT #ransomware
Let's take a look at the โCorporansom: threat number oneโ highlightsโฌ๏ธ
๐นAccording to data leak sites, in 2021, the most active #ransomware groups were #Conti, #Lockbit and #Avaddon.
๐นAlmost half of the companies whose data was released on DLS in 2021 originate from the US๐บ๐ธ, followed by Canada๐จ๐ฆ and France๐ซ๐ท.
๐นAccording to the DLS data, the main industries targeted in 2021 were #manufacturing, real estate, and #transportation. In 2020, the situation was almost the same, which suggests that attackers mainly target the same types of companies that they believe to be the most profitable.
๐นIn H2 2020 โ H1 2021, #RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (#DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935%.
๐นSoftPerfect Network Scanner, Cobalt Strike Beacon, and ADFind were the top 3 most popular tools encountered by Group-IB experts in their response to #ransomware attacks.
Download the report now for more insights -> https://bit.ly/31NMsRX
Let's take a look at the โCorporansom: threat number oneโ highlightsโฌ๏ธ
๐นAccording to data leak sites, in 2021, the most active #ransomware groups were #Conti, #Lockbit and #Avaddon.
๐นAlmost half of the companies whose data was released on DLS in 2021 originate from the US๐บ๐ธ, followed by Canada๐จ๐ฆ and France๐ซ๐ท.
๐นAccording to the DLS data, the main industries targeted in 2021 were #manufacturing, real estate, and #transportation. In 2020, the situation was almost the same, which suggests that attackers mainly target the same types of companies that they believe to be the most profitable.
๐นIn H2 2020 โ H1 2021, #RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (#DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935%.
๐นSoftPerfect Network Scanner, Cobalt Strike Beacon, and ADFind were the top 3 most popular tools encountered by Group-IB experts in their response to #ransomware attacks.
Download the report now for more insights -> https://bit.ly/31NMsRX
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#blog #ransomware #Hive
Inside the Hive: deep dive into the Hive RaaS, analysis of latest samples
๐นIn July 2021,the REvil ransomware operators demanded a record-breaking ransom of $70 million from meat giant JBS in exchange for providing the decryption key. The record didn't stand long. It took the ransomware empire less than half a year to grow this ransom demand 3-fold to $240 million. Such a ransom demand received Europe's largest consumer electronics retailer Media Markt that fell prey to a ransomware attack in November. It turned out that the perpetrator behind the incident was Hive, which used to take a back seat. Just as REvil, the Hive gang worked under the Ransomware-as-a-Service (RaaS) model and frequently pressured their victims by releasing data on them on their DLS (data leak sites, where the data belonging to companies that refuse to pay a ransom is published).
๐นHive affiliates have been busy as bees: the actual number of their victims is in the hundreds despite the fact that the affiliate program has been active less than half a year. Group-IB Threat Intelligence analysts have managed to determine that as of October 16, 2021 alone, at least 355 companies fell victim to the threat actor.
โ ๏ธTaking into account that Hive targets organizations from various economic sectors from all around the world and their attacks are manually controlled by the affiliates, it's crucial to closely monitor the changes in TTPs of these ransomware operators. Group-IB Digital Forensics and Threat Intelligence teams have analyzed the latest available samples of Hive and for the first time analyzed the affiliate program from the inside, having tracked down it to its creation.
Check it out -> https://bit.ly/3y7OCId
Inside the Hive: deep dive into the Hive RaaS, analysis of latest samples
๐นIn July 2021,the REvil ransomware operators demanded a record-breaking ransom of $70 million from meat giant JBS in exchange for providing the decryption key. The record didn't stand long. It took the ransomware empire less than half a year to grow this ransom demand 3-fold to $240 million. Such a ransom demand received Europe's largest consumer electronics retailer Media Markt that fell prey to a ransomware attack in November. It turned out that the perpetrator behind the incident was Hive, which used to take a back seat. Just as REvil, the Hive gang worked under the Ransomware-as-a-Service (RaaS) model and frequently pressured their victims by releasing data on them on their DLS (data leak sites, where the data belonging to companies that refuse to pay a ransom is published).
๐นHive affiliates have been busy as bees: the actual number of their victims is in the hundreds despite the fact that the affiliate program has been active less than half a year. Group-IB Threat Intelligence analysts have managed to determine that as of October 16, 2021 alone, at least 355 companies fell victim to the threat actor.
โ ๏ธTaking into account that Hive targets organizations from various economic sectors from all around the world and their attacks are manually controlled by the affiliates, it's crucial to closely monitor the changes in TTPs of these ransomware operators. Group-IB Digital Forensics and Threat Intelligence teams have analyzed the latest available samples of Hive and for the first time analyzed the affiliate program from the inside, having tracked down it to its creation.
Check it out -> https://bit.ly/3y7OCId
Group-IB
Inside the Hive
Deep dive into Hive RaaS, analysis of latest samples