Group-IB
Lockbit, Conti, and Pysa turned out to be the most aggressive ransomware gangs, according to Group-IB's second annual guide to the evolution of threat number one “Ransomware Uncovered 2021/2022”. Our experts analysed more than 700 attacks investigated as…
Аccording to Group-IB's report "Ransomware Uncovered 2021/2022", exploitation of public-facing RDP servers once again became the most common way to gain an initial foothold in the target network in 2021.
47% of all the attacks investigated by Group-IB DFIR experts started with compromising an external remote service. Spear phishing emails carrying commodity malware on board remained second (26%).
In general, many ransomware affiliates relied on living-off-the-land techniques and legitimate tools during the attack lifecycle. Commodity malware was often used to start post-exploitation activities via loading frameworks such as Cobalt Strike (observed in 57% of the attacks).
However, some ransomware gangs were seen trying very unconventional approaches. Want to learn more? Check out our new report👈
47% of all the attacks investigated by Group-IB DFIR experts started with compromising an external remote service. Spear phishing emails carrying commodity malware on board remained second (26%).
In general, many ransomware affiliates relied on living-off-the-land techniques and legitimate tools during the attack lifecycle. Commodity malware was often used to start post-exploitation activities via loading frameworks such as Cobalt Strike (observed in 57% of the attacks).
However, some ransomware gangs were seen trying very unconventional approaches. Want to learn more? Check out our new report👈
#INTERPOL #Delilah #BEC
🤝Operation Delilah: Group-IB helps INTERPOL nab suspected leader of transnational phishing ring.
As part of operation Delilah, Group-IB provided threat intelligence that led to the identification of the alleged head of a cybercrime syndicate that launched mass phishing campaigns and business email compromise (BEC) schemes targeting thousands of companies and individual victims. The arrest of a 37-year-old Nigerian man by the Nigeria Police Force marked the culmination of the year-long international operation coordinated and facilitated by the INTERPOL’s cybercrime directorate and supported by Group-IB, Palo Alto Networks, and Trend Micro.
Operation Delilah was preceded by INTERPOL-led Falcon I and Falcon II, carried out in 2020 and 2021 with the support of Group-IB’s Cyber Investigations Team. The two previous operations resulted in the arrest of 14 alleged members of TMT (aka SilverTerrier), a prolific BEC and phishing syndicate.
"The Delilah operation clearly demonstrates how effective cybersecurity can be when all parties are involved and motivated to protect people and companies," said Dmitry Volkov, Group-IB CEO. "We are proud to have leveraged our expertise to support another great effort aimed at disrupting cybercrime. Prompt threat intelligence sharing, private-public partnership, and effective multi-party coordination by INTERPOL’s Cybercrime Directorate were crucial to the success of the operation. We’ll continue our work to minimize the impact of cybercrime in line with Group-IB’s mission of fighting cybercrime and protecting our customers all around the world."
Click here for more details.
🤝Operation Delilah: Group-IB helps INTERPOL nab suspected leader of transnational phishing ring.
As part of operation Delilah, Group-IB provided threat intelligence that led to the identification of the alleged head of a cybercrime syndicate that launched mass phishing campaigns and business email compromise (BEC) schemes targeting thousands of companies and individual victims. The arrest of a 37-year-old Nigerian man by the Nigeria Police Force marked the culmination of the year-long international operation coordinated and facilitated by the INTERPOL’s cybercrime directorate and supported by Group-IB, Palo Alto Networks, and Trend Micro.
Operation Delilah was preceded by INTERPOL-led Falcon I and Falcon II, carried out in 2020 and 2021 with the support of Group-IB’s Cyber Investigations Team. The two previous operations resulted in the arrest of 14 alleged members of TMT (aka SilverTerrier), a prolific BEC and phishing syndicate.
"The Delilah operation clearly demonstrates how effective cybersecurity can be when all parties are involved and motivated to protect people and companies," said Dmitry Volkov, Group-IB CEO. "We are proud to have leveraged our expertise to support another great effort aimed at disrupting cybercrime. Prompt threat intelligence sharing, private-public partnership, and effective multi-party coordination by INTERPOL’s Cybercrime Directorate were crucial to the success of the operation. We’ll continue our work to minimize the impact of cybercrime in line with Group-IB’s mission of fighting cybercrime and protecting our customers all around the world."
Click here for more details.
www.interpol.int
Suspected head of cybercrime gang arrested in Nigeria
The suspect’s arrest follows a year of international police collaboration, acting on information initially shared by private partners.
Media is too big
VIEW IN TELEGRAM
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
Group-IB Digital Risk Summit 2022 is just one day away! Make sure to join us tomorrow. And for now take a look at this sneak peek video we've prepared🎥
If you missed the registration — don’t worry. We’ll be sharing the highlights of the summit in our Instagram stories.
See you soon!
Group-IB Digital Risk Summit 2022 is just one day away! Make sure to join us tomorrow. And for now take a look at this sneak peek video we've prepared🎥
If you missed the registration — don’t worry. We’ll be sharing the highlights of the summit in our Instagram stories.
See you soon!
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
Today is the day! Want to be up-to-date with the latest digital risk trends, learn more about research findings, and get meaningful insights from cybersecurity professionals? Be sure to join Group-IB Digital Risk Summit 2022 today!
If you didn’t register for the summit - don’t worry, we’ll be sharing the highlights on our social media. Stay tuned!
Today is the day! Want to be up-to-date with the latest digital risk trends, learn more about research findings, and get meaningful insights from cybersecurity professionals? Be sure to join Group-IB Digital Risk Summit 2022 today!
If you didn’t register for the summit - don’t worry, we’ll be sharing the highlights on our social media. Stay tuned!
#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
During the Digital Risk Summit 2022 Antony Dolgalev, Deputy Head of Digital Risk Protection, presented the findings of Group-IB's research into various scam schemes.
Here are some highlights:
▪️Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups;
▪️Social media are more often becoming the first point of contact between scammers and their potential victims;
▪️The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively.
More details 👈
During the Digital Risk Summit 2022 Antony Dolgalev, Deputy Head of Digital Risk Protection, presented the findings of Group-IB's research into various scam schemes.
Here are some highlights:
▪️Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups;
▪️Social media are more often becoming the first point of contact between scammers and their potential victims;
▪️The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively.
More details 👈
#Webinar #Ransomware #DFIR
Ransomware-as-a-Service never ceases to impress and this year it is expanding not only quantitatively. To stand a chance against threat actors in 2022, it is vital to understand not only their latest tactics, techniques, and procedures but also what actions to take to protect against them. Join Group-IB's webinar on June 9, where Oleg Skulkin, Head of Digital Forensics and Incident Response, will give the insights into today’s ransomware threat landscape, and share detection strategies and threat hunting tips.
Register now👈
Ransomware-as-a-Service never ceases to impress and this year it is expanding not only quantitatively. To stand a chance against threat actors in 2022, it is vital to understand not only their latest tactics, techniques, and procedures but also what actions to take to protect against them. Join Group-IB's webinar on June 9, where Oleg Skulkin, Head of Digital Forensics and Incident Response, will give the insights into today’s ransomware threat landscape, and share detection strategies and threat hunting tips.
Register now👈
👍2
#APT #ThreatIntelligence #SideWinder
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17). This threat actor is believed to be originating from India and primarily targeting Pakistan. The newly discovered custom tool, codenamed SideWinder.AntiBot.Script, is being used in the gang’s phishing attack against Pakistani targets.
▪️Over the last year, Group-IB Threat Intelligence system identified 92 IP addresses that have been used by SideWinder APT for phishing emails;
▪️Pakistan remains the primary target for SideWinder. The attackers are especially interested in the Pakistani government organizations based on the discovered phishing document and public studies;
▪️Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang;
▪️SideWinder started using an anti-bot script to filter their victims - they are only interested in Pakistani users;
▪️The group continues to distribute malicious files in ZIP archives with an LNK file inside, which downloads an HTA file from a remote server;
▪️Upon discovery, Group-IB Threat Intelligence team notified relevant local authorities and shared its findings to make sure that the threat can be identified and contained at early stages.
Want to know more? Check out our new blog post👈
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17). This threat actor is believed to be originating from India and primarily targeting Pakistan. The newly discovered custom tool, codenamed SideWinder.AntiBot.Script, is being used in the gang’s phishing attack against Pakistani targets.
▪️Over the last year, Group-IB Threat Intelligence system identified 92 IP addresses that have been used by SideWinder APT for phishing emails;
▪️Pakistan remains the primary target for SideWinder. The attackers are especially interested in the Pakistani government organizations based on the discovered phishing document and public studies;
▪️Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang;
▪️SideWinder started using an anti-bot script to filter their victims - they are only interested in Pakistani users;
▪️The group continues to distribute malicious files in ZIP archives with an LNK file inside, which downloads an HTA file from a remote server;
▪️Upon discovery, Group-IB Threat Intelligence team notified relevant local authorities and shared its findings to make sure that the threat can be identified and contained at early stages.
Want to know more? Check out our new blog post👈
🔥1
#phishing #CERT
Group-IB has discovered an unprecedented phishing attack in Vietnam. The campaign impersonates 27 popular Vietnam’s financial institutions and is still active at the time of writing.
The cybercriminals seek to reap highly detailed personal information from the clients of those institutions to the extent of robbing their bank accounts. The fraudsters use techniques that allow them to bypass OTP verification.
Thanks to Group-IB’s Graph Network Analysis tool, CERT-GIB was able to identify 240 interconnected domains that are a part of the phishing campaign’s infrastructure. Upon detection of this activity, CERT-GIB immediately notified Vietnam’s national computer emergency response team VNCERT. All 240 domains have been blocked following CERT-GIB and local authorities’ efforts. Yet, new domains regularly appear.
Check out our new blog post to learn more👈
Group-IB has discovered an unprecedented phishing attack in Vietnam. The campaign impersonates 27 popular Vietnam’s financial institutions and is still active at the time of writing.
The cybercriminals seek to reap highly detailed personal information from the clients of those institutions to the extent of robbing their bank accounts. The fraudsters use techniques that allow them to bypass OTP verification.
Thanks to Group-IB’s Graph Network Analysis tool, CERT-GIB was able to identify 240 interconnected domains that are a part of the phishing campaign’s infrastructure. Upon detection of this activity, CERT-GIB immediately notified Vietnam’s national computer emergency response team VNCERT. All 240 domains have been blocked following CERT-GIB and local authorities’ efforts. Yet, new domains regularly appear.
Check out our new blog post to learn more👈
🔥8
#cybersecurity #ACDF
🤝The Africa Cyber Defense Forum (ACDF), a continental platform for public-private cooperation, announced Group-IB, one of the global cybersecurity leaders with headquarters in Singapore, & afriVAD among the sponsors of the forum edition 2022.
"We are proud to be involved in the 2022 edition of the Africa Cyber Defense Forum," says Ashraf Koheil, Group-IB’s Director of Business Development in the Middle East Africa, and Turkey. "Such events foster innovation and unlock opportunities for public-private cooperation in the cyber domain. Africa has been an important focus for Group-IB from the research and business perspectives. The expanding coverage of our global threat hunting ecosystem now allows us to pursue our mission of disrupting cybercrime in the region."
More details👈
🤝The Africa Cyber Defense Forum (ACDF), a continental platform for public-private cooperation, announced Group-IB, one of the global cybersecurity leaders with headquarters in Singapore, & afriVAD among the sponsors of the forum edition 2022.
"We are proud to be involved in the 2022 edition of the Africa Cyber Defense Forum," says Ashraf Koheil, Group-IB’s Director of Business Development in the Middle East Africa, and Turkey. "Such events foster innovation and unlock opportunities for public-private cooperation in the cyber domain. Africa has been an important focus for Group-IB from the research and business perspectives. The expanding coverage of our global threat hunting ecosystem now allows us to pursue our mission of disrupting cybercrime in the region."
More details👈
🔥5
#interview
On the sidelines of the The Future of Data Centers Summit, Ashraf Koheil, Regional Director, Middle East, North Africa and Turkey at Group-IB, gave an interview to Ahram Online, a news portal. He shared his opinion on digital transformation in Egypt and discussed the main threats to the Egyptian banking sector in terms of cybersecurity. Read the interview👈
On the sidelines of the The Future of Data Centers Summit, Ashraf Koheil, Regional Director, Middle East, North Africa and Turkey at Group-IB, gave an interview to Ahram Online, a news portal. He shared his opinion on digital transformation in Egypt and discussed the main threats to the Egyptian banking sector in terms of cybersecurity. Read the interview👈
Ahram Online
INTERVIEW: ‘Egypt made significant strides towards digital transformation’ - Group-IB - Economy - Business
Egypt held the Future of Data Centres Summit in May under the auspices of the Ministry of Communication and Information Technology – the biggest specialised technology summit in the Middle East and Africa (MEA) region.
👍4
#cybersecurity #VSS2022 #Vietnam
Save the date: Group-IB will take part in Vietnam Security Summit on Thursday, June 23 at JW Marriott Hotel Hanoi.
Catch Anh Le Duc’s speaking session on the topic of managing Attack Surfaces of Internet-facing assets & systems.
Do visit our booth as well and speak to our friendly representatives.
Hope to see you there!
More details: https://bit.ly/3y5xHYl
Save the date: Group-IB will take part in Vietnam Security Summit on Thursday, June 23 at JW Marriott Hotel Hanoi.
Catch Anh Le Duc’s speaking session on the topic of managing Attack Surfaces of Internet-facing assets & systems.
Do visit our booth as well and speak to our friendly representatives.
Hope to see you there!
More details: https://bit.ly/3y5xHYl
#cybersecurity #Seoul
Join Group-IB this Thursday, June 23 at the Next-Generation Security Vision 2022 Seminar & Exhibition!
Don’t forget to catch Hyun Suk Seo, our Business Development Manager in South Korea, as he speaks about Cyber Threat Intelligence and its integration with Attack Surface Management at 1:40 pm. Make sure to drop by our booth and get a chance to win exclusive merch when you leave your name card with us.
See you soon!
Join Group-IB this Thursday, June 23 at the Next-Generation Security Vision 2022 Seminar & Exhibition!
Don’t forget to catch Hyun Suk Seo, our Business Development Manager in South Korea, as he speaks about Cyber Threat Intelligence and its integration with Attack Surface Management at 1:40 pm. Make sure to drop by our booth and get a chance to win exclusive merch when you leave your name card with us.
See you soon!
#ransomware #research #Conti
Group-IB presents its new report on one of the most dangerous ransomware gangs called Conti. You may have heard about them from the news: a state of emergency was declared in Costa Rica due to a ransomware attack. On April 18, cybercriminals attacked the servers of several ministries. The hackers exfiltrated more than a terabyte of databases, correspondence, and internal documents. When the government refused to pay a ransom of $10 million, the ransomware operators doubled it to $20 million. In their message, the hackers said that the attack on Costa Rica was just a test and hinted that far worse attacks were yet to come.
Conti is considered one of the most successful ransomware groups. Group-IB's latest report "CONTI ARMADA: THE ARMATTACK CAMPAIGN" shares data and detailed information about the techniques, tactics, and tools that Conti uses currently. Click here to download it👈
Group-IB presents its new report on one of the most dangerous ransomware gangs called Conti. You may have heard about them from the news: a state of emergency was declared in Costa Rica due to a ransomware attack. On April 18, cybercriminals attacked the servers of several ministries. The hackers exfiltrated more than a terabyte of databases, correspondence, and internal documents. When the government refused to pay a ransom of $10 million, the ransomware operators doubled it to $20 million. In their message, the hackers said that the attack on Costa Rica was just a test and hinted that far worse attacks were yet to come.
Conti is considered one of the most successful ransomware groups. Group-IB's latest report "CONTI ARMADA: THE ARMATTACK CAMPAIGN" shares data and detailed information about the techniques, tactics, and tools that Conti uses currently. Click here to download it👈
👍3🔥1