#ransomware #research #Conti
Here are some highlights from Group-IB's new report "CONTI ARMADA: THE ARMATTACK CAMPAIGN":
▪️The total number of the group’s victims between 2020 (when Conti started its activity) and March 2021 is 813.
▪️The geography of attacks carried out by Conti is vast and does not include Russia. Most attacks fall on the United States, Canada, the United Kingdom, Germany, France, and Italy.
▪️According to the Group-IB Threat Intelligence team, the group’s fastest attack was carried out in exactly three days, from the moment when Conti penetrated the system to encryption.
▪️Group-IB for the first time analyzed Conti’s “working hours”. On average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.
▪️Just like a legitimate IT business, Conti has its own HR, R&D, OSINT, and even customer support departments.
Click here to download the report 👈
Here are some highlights from Group-IB's new report "CONTI ARMADA: THE ARMATTACK CAMPAIGN":
▪️The total number of the group’s victims between 2020 (when Conti started its activity) and March 2021 is 813.
▪️The geography of attacks carried out by Conti is vast and does not include Russia. Most attacks fall on the United States, Canada, the United Kingdom, Germany, France, and Italy.
▪️According to the Group-IB Threat Intelligence team, the group’s fastest attack was carried out in exactly three days, from the moment when Conti penetrated the system to encryption.
▪️Group-IB for the first time analyzed Conti’s “working hours”. On average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.
▪️Just like a legitimate IT business, Conti has its own HR, R&D, OSINT, and even customer support departments.
Click here to download the report 👈
👍5
#ransomware #BlackCat #ALPHV
Despite numerous arrests of people involved in ransomware activity as well as the shutdown of some affiliate programs, ransomware remains threat No. 1.
There is no doubt in the security community that the former members of DarkSide, BlackMatter, and REvil have formed the core of ALPHV, a more mature (due to their experience) and sophisticated affiliate program. Security researchers unofficially call it BlackCat for its use of two logos: a black cat and a knife dripping with blood. ALPHV members later attempted to move away from romanticizing crime by changing the design of their logo, but the name BlackCat has stuck.
Despite its short history, the group has conducted about 140 attacks worldwide over the course of six months and has set a new direction for the development of extortion-related crime. Many affiliate programs, such as Hive, started mimicking and adopting the methods and approaches of BlackCat.
More details 👈
Despite numerous arrests of people involved in ransomware activity as well as the shutdown of some affiliate programs, ransomware remains threat No. 1.
There is no doubt in the security community that the former members of DarkSide, BlackMatter, and REvil have formed the core of ALPHV, a more mature (due to their experience) and sophisticated affiliate program. Security researchers unofficially call it BlackCat for its use of two logos: a black cat and a knife dripping with blood. ALPHV members later attempted to move away from romanticizing crime by changing the design of their logo, but the name BlackCat has stuck.
Despite its short history, the group has conducted about 140 attacks worldwide over the course of six months and has set a new direction for the development of extortion-related crime. Many affiliate programs, such as Hive, started mimicking and adopting the methods and approaches of BlackCat.
More details 👈
🔥3
#UnifiedRiskPlatform
It’s no secret that the cyber threat landscape has intensified. The pace of cybercrime is accelerating, making it harder and harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of identifying the specific threats they face, how to defend against them, and how to respond immediately in case of an incident.
To address these new challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization’s threat profile and optimizes defenses against them in real time.
At the heart of the Unified Risk Platform is Group-IB’s Single Data Lake, which contains the industry’s largest and richest body of adversary intelligence. Every product and service in Group-IB’s consolidated security suite is enriched with intelligence from the data lake, enabling them to overcome the attacks targeting an organization and reduce organizational risk.
More details👈
It’s no secret that the cyber threat landscape has intensified. The pace of cybercrime is accelerating, making it harder and harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of identifying the specific threats they face, how to defend against them, and how to respond immediately in case of an incident.
To address these new challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization’s threat profile and optimizes defenses against them in real time.
At the heart of the Unified Risk Platform is Group-IB’s Single Data Lake, which contains the industry’s largest and richest body of adversary intelligence. Every product and service in Group-IB’s consolidated security suite is enriched with intelligence from the data lake, enabling them to overcome the attacks targeting an organization and reduce organizational risk.
More details👈
🔥3
Group-IB
#UnifiedRiskPlatform It’s no secret that the cyber threat landscape has intensified. The pace of cybercrime is accelerating, making it harder and harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of…
#UnifiedRiskPlatform
The Unified Risk Platform, which powers Group-IB’s solution portfolio, has been developed to support organizations’ key security use cases. These solutions can be quickly deployed to provide an additional security layer with consistently and quantifiably superior results:
📍Group-IB Threat Intelligence provides deep insight into adversary behaviors. Threat Intelligence was independently evaluated as creating a 10% increase in team efficiency over alternative vendors and in a case study generated a 339% return on investment.
📍Group-IB Managed XDR enables organizations to respond 20% faster to threats, according to an analyst study.
📍Group-IB Digital Risk Protection allows organizations to reduce the risk of brand abuse, piracy, data leaks, and more with best-in-breed protection. Group-IB has been benchmarked as detecting pirated content in 30 min on average and taking down 80% of the content within 7 days.
📍Fraud Protection was calculated by consultants to reduce the rate of false-positive fraud cases by 20% and enable 10% to 20% more fraud attempts to be detected and prevented. Furthermore, Group-IB identified 30% more one-time password fraud.
📍Attack Surface Management continuously discovers external assets to identify shadow IT, forgotten infrastructure, misconfigurations, and other hidden risks. As part of the Unified Risk Platform, the solution provides a threat actor’s view of the attack surface so that weak spots can be quickly and proactively strengthened.
📍Business Email Protection defends corporate email from sophisticated attacks. The solution monitors for indicators of compromise, identifies malicious behavioral markers, and extracts artifacts to identify risky emails before they reach their destination.
Check out our latest blog post to learn more 👈
The Unified Risk Platform, which powers Group-IB’s solution portfolio, has been developed to support organizations’ key security use cases. These solutions can be quickly deployed to provide an additional security layer with consistently and quantifiably superior results:
📍Group-IB Threat Intelligence provides deep insight into adversary behaviors. Threat Intelligence was independently evaluated as creating a 10% increase in team efficiency over alternative vendors and in a case study generated a 339% return on investment.
📍Group-IB Managed XDR enables organizations to respond 20% faster to threats, according to an analyst study.
📍Group-IB Digital Risk Protection allows organizations to reduce the risk of brand abuse, piracy, data leaks, and more with best-in-breed protection. Group-IB has been benchmarked as detecting pirated content in 30 min on average and taking down 80% of the content within 7 days.
📍Fraud Protection was calculated by consultants to reduce the rate of false-positive fraud cases by 20% and enable 10% to 20% more fraud attempts to be detected and prevented. Furthermore, Group-IB identified 30% more one-time password fraud.
📍Attack Surface Management continuously discovers external assets to identify shadow IT, forgotten infrastructure, misconfigurations, and other hidden risks. As part of the Unified Risk Platform, the solution provides a threat actor’s view of the attack surface so that weak spots can be quickly and proactively strengthened.
📍Business Email Protection defends corporate email from sophisticated attacks. The solution monitors for indicators of compromise, identifies malicious behavioral markers, and extracts artifacts to identify risky emails before they reach their destination.
Check out our latest blog post to learn more 👈
Group-IB
Unified Cyber-Risk Management Platform | Cybersecurity Products & Services - Group-IB
Overcome cyber risks with security powered solutions by an intelligent platform! Our SaaS platform prevents breaches, fraud, and brand abuse. Check it out!
#digitalriskprotection
Group-IB at Money FM 89.3🎙
Brand impersonation is an increasingly common problem on social media that thousands of brands are forced to deal with each day.
📍How exactly does a brand impersonation work?
📍How bad is the situation in the Asia-Pacific region?
📍What kind of solutions does Group-IB provide when it comes to detecting or preventing cyber attacks or fraud?
📍What's scammers' favorite platform nowadays?
These are the topics Ilia Rozhnov, Head of Digital Risk Protection, APAC, discussed with Elliott Danker & Ryan Huang, the hosts of "The Breakfast Huddle". Listen now ➡️ https://bit.ly/3Ar2a4C
Group-IB at Money FM 89.3🎙
Brand impersonation is an increasingly common problem on social media that thousands of brands are forced to deal with each day.
📍How exactly does a brand impersonation work?
📍How bad is the situation in the Asia-Pacific region?
📍What kind of solutions does Group-IB provide when it comes to detecting or preventing cyber attacks or fraud?
📍What's scammers' favorite platform nowadays?
These are the topics Ilia Rozhnov, Head of Digital Risk Protection, APAC, discussed with Elliott Danker & Ryan Huang, the hosts of "The Breakfast Huddle". Listen now ➡️ https://bit.ly/3Ar2a4C
👏2👍1
Group-IB
#UnifiedRiskPlatform It’s no secret that the cyber threat landscape has intensified. The pace of cybercrime is accelerating, making it harder and harder for businesses to manage their cyber risks. Security teams are faced with the increasing challenge of…
Media is too big
VIEW IN TELEGRAM
#UnifiedRiskPlatform
What do you need to know about Group-IB's Unified Risk Platform?
▪️The Unified Risk Platform is a comprehensive set of solutions that understands each organization’s threat profile and optimizes defenses against them in real time. The platform provides the best possible defense against targeted attacks on the infrastructure and endpoints, breaches, fraud, brand and IP abuse.
▪️ The platform allows to prevent breaches, eliminate fraud, and protect brands covering all stages of an attack: before, during and a posteriori (so-called Cyber Response Chain).
▪️The platform provides the complete Group-IB's suite of products and services. You can quickly deploy and integrate any of the Unified Risk Platform’s modular solutions into your security ecosystem. The flexible architecture allows for additional capabilities to be easily activated.
Visit our website to learn more about Group-IB's solutions 👈
What do you need to know about Group-IB's Unified Risk Platform?
▪️The Unified Risk Platform is a comprehensive set of solutions that understands each organization’s threat profile and optimizes defenses against them in real time. The platform provides the best possible defense against targeted attacks on the infrastructure and endpoints, breaches, fraud, brand and IP abuse.
▪️ The platform allows to prevent breaches, eliminate fraud, and protect brands covering all stages of an attack: before, during and a posteriori (so-called Cyber Response Chain).
▪️The platform provides the complete Group-IB's suite of products and services. You can quickly deploy and integrate any of the Unified Risk Platform’s modular solutions into your security ecosystem. The flexible architecture allows for additional capabilities to be easily activated.
Visit our website to learn more about Group-IB's solutions 👈
👍3
#statement
Group-IB has completed the first step in a series of actions aimed at separating its Russia and CIS business. The company has just transferred its activities in Russia to a new entity under local management.
📌The company’s global headquarters registered under the legal name Group-IB Global Private Ltd. (Singapore) will continue to manage its Threat Intelligence and Research centers in Southeast Asia (Global HQ in Singapore), Europe (regional HQ in Amsterdam) and the Middle East (regional HQ in Dubai) while pursuing Group-IB’s mission and protecting its clients in these areas. Russia and CIS business from now on will evolve independently.
📌The two businesses' financial flows are totally separated from each other including their costs and revenues. As per already applied internal regulation since the establishment of the Singapore headquarters, no revenues generated in any of Group-IB Global Private Ltd.’s subsidiaries are used to fund any activities in the Russia and CIS region.
📌Group-IB’s regional HQs are self-sufficient in terms of core business capabilities with best-in-class experts covering all technical functions (Digital Forensics & Incident Response, Cyber Investigations, 24/7 Computer Emergency Response Team, Threat Intelligence, Managed Cybersecurity services, R&D, etc).
📌The split-off of assets is one more step in Group-IB's long-term strategy to build the first decentralized and independent cybersecurity company relying on self-sustaining full-fledged Threat Intelligence and Research centers capable of supporting customers and developing strong partner networks in every region.
More details👈
Group-IB has completed the first step in a series of actions aimed at separating its Russia and CIS business. The company has just transferred its activities in Russia to a new entity under local management.
📌The company’s global headquarters registered under the legal name Group-IB Global Private Ltd. (Singapore) will continue to manage its Threat Intelligence and Research centers in Southeast Asia (Global HQ in Singapore), Europe (regional HQ in Amsterdam) and the Middle East (regional HQ in Dubai) while pursuing Group-IB’s mission and protecting its clients in these areas. Russia and CIS business from now on will evolve independently.
📌The two businesses' financial flows are totally separated from each other including their costs and revenues. As per already applied internal regulation since the establishment of the Singapore headquarters, no revenues generated in any of Group-IB Global Private Ltd.’s subsidiaries are used to fund any activities in the Russia and CIS region.
📌Group-IB’s regional HQs are self-sufficient in terms of core business capabilities with best-in-class experts covering all technical functions (Digital Forensics & Incident Response, Cyber Investigations, 24/7 Computer Emergency Response Team, Threat Intelligence, Managed Cybersecurity services, R&D, etc).
📌The split-off of assets is one more step in Group-IB's long-term strategy to build the first decentralized and independent cybersecurity company relying on self-sustaining full-fledged Threat Intelligence and Research centers capable of supporting customers and developing strong partner networks in every region.
More details👈
Group-IB
Group-IB announces regional diversification of business
Group-IB, one of the global leaders in cybersecurity, has completed the first step in a series of actions aimed at separating its Russia and CIS business.
#attacksurfacemanagement #cybersecurity
Attack Surface Expansion was recently named by Gartner as the №1 cybersecurity trend for 2022. Let’s take a look at why this is the year’s top trend.
▪️What exactly is attack surface expansion?
Businesses are experiencing massive growth in their digital footprints, with a near-constant deployment of new domains, websites, IP addresses, and more. Each of these new Internet-facing IT assets is a part of the attack surface.
▪️Why is attack surface expansion the №1 trend this year?
Attack surface expansion is making it hard to maintain a complete & up-to-date inventory of all external assets. If some assets are not inventoried and managed, they present serious risks. Addressing this challenge is a top priority.
▪️How does Group-IB Attack Surface Management help?
Group-IB ASM continuously discovers all of your external assets to uncover shadow IT and other hidden risks, identifies potential vulnerabilities, assesses risk using Group-IB Threat Intelligence data, and prioritizes issues for remediation so you can proactively improve security posture.
Learn more about the solution here👈
Attack Surface Expansion was recently named by Gartner as the №1 cybersecurity trend for 2022. Let’s take a look at why this is the year’s top trend.
▪️What exactly is attack surface expansion?
Businesses are experiencing massive growth in their digital footprints, with a near-constant deployment of new domains, websites, IP addresses, and more. Each of these new Internet-facing IT assets is a part of the attack surface.
▪️Why is attack surface expansion the №1 trend this year?
Attack surface expansion is making it hard to maintain a complete & up-to-date inventory of all external assets. If some assets are not inventoried and managed, they present serious risks. Addressing this challenge is a top priority.
▪️How does Group-IB Attack Surface Management help?
Group-IB ASM continuously discovers all of your external assets to uncover shadow IT and other hidden risks, identifies potential vulnerabilities, assesses risk using Group-IB Threat Intelligence data, and prioritizes issues for remediation so you can proactively improve security posture.
Learn more about the solution here👈
Group-IB
External Attack Surface Management Solution | Group-IB Cybersecurity Products & Services
Attack Surface Management from Group-IB discovers all your external assets to uncover hidden risks like shadow IT and misconfigurations. Check it out!
👍2
#cybersecurity #advice
What scammers want is to steal your personal data or money. Let's not make it easy for them. We have prepared a set of recommendations to help you recognize scams and know what to do. Check them out!
What scammers want is to steal your personal data or money. Let's not make it easy for them. We have prepared a set of recommendations to help you recognize scams and know what to do. Check them out!
👍5
#ransomware #Hive
Here's a good example of cybersecurity researchers working together. Researcher named reecDeep has released the Hive ransomware V5 keystream decryption tool, with help from Andrey Zhdanov, Chief Malware Analyst and Threat Hunter at Group-IB.
Andrey has analyzed previous versions of Hive and published code and PoCs regarding their encryption mechanisms. He also helped identify the components involved in the encryption operations of Hive V5. You can check out the Hive V5 keystream decryptor here 👈
Hive affiliates have been busy as bees: the actual number of their victims is in the hundreds. Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million. Can you imagine the amount of money the new decryptor for Hive v5 can save? This money could be spent on new solutions to protect against ransomware attacks or on cybersecurity education.
Here's a good example of cybersecurity researchers working together. Researcher named reecDeep has released the Hive ransomware V5 keystream decryption tool, with help from Andrey Zhdanov, Chief Malware Analyst and Threat Hunter at Group-IB.
Andrey has analyzed previous versions of Hive and published code and PoCs regarding their encryption mechanisms. He also helped identify the components involved in the encryption operations of Hive V5. You can check out the Hive V5 keystream decryptor here 👈
Hive affiliates have been busy as bees: the actual number of their victims is in the hundreds. Electronics retail giant MediaMarkt has suffered a Hive ransomware with an initial ransom demand of $240 million. Can you imagine the amount of money the new decryptor for Hive v5 can save? This money could be spent on new solutions to protect against ransomware attacks or on cybersecurity education.
GitHub
GitHub - reecdeep/HiveV5_keystream_decryptor: bad stuffs by bad guys
bad stuffs by bad guys. Contribute to reecdeep/HiveV5_keystream_decryptor development by creating an account on GitHub.
🔥5🥰1
#Classiscam #phishing
The Classiscam scheme has been around for a long time and has significantly evolved since it first appeared. What do we know about it?
📍The scheme is currently popular in 64 countries in Europe, the CIS region, and the Middle East.
📍In total, more than 384 scam groups were found to be taking part in the scheme and using 169 brands including classifieds, delivery services, marketplaces, banks, and local businesses as part of their operations.
📍From April 2020 to February 2022, scammers who practiced this scheme made at least $29,500,000.
📍In total, investigators found about 2,000 topics on more than 60 specialized forums where threat actors were looking for workers to participate in phishing affiliate programs.
Want to learn more about this scheme? Check out our report "Demystifying Classiscam"👈
Don't forget that more than 70% of all cyberattacks start with the user. That's why it's vital to educate yourself in cybersecurity. Learn more⬅️
The Classiscam scheme has been around for a long time and has significantly evolved since it first appeared. What do we know about it?
📍The scheme is currently popular in 64 countries in Europe, the CIS region, and the Middle East.
📍In total, more than 384 scam groups were found to be taking part in the scheme and using 169 brands including classifieds, delivery services, marketplaces, banks, and local businesses as part of their operations.
📍From April 2020 to February 2022, scammers who practiced this scheme made at least $29,500,000.
📍In total, investigators found about 2,000 topics on more than 60 specialized forums where threat actors were looking for workers to participate in phishing affiliate programs.
Want to learn more about this scheme? Check out our report "Demystifying Classiscam"👈
Don't forget that more than 70% of all cyberattacks start with the user. That's why it's vital to educate yourself in cybersecurity. Learn more⬅️
❤1