๐Group-IB has recorded a 25% increase in the use of phishing kits in 2022.
The key trends, based on the analysis of more than 6,000 phishing kits extracted in 2021 and 2022, are the increasing use of access control and advanced detection evasion techniques. What else Group-IBโs Computer Emergency Response Team found out:
๐ In total, just under half of the phishing kits from 2022 seen by CERT-GIB relied on email to handle stolen information.
๐ The number of phishing kits that use Telegram to collect stolen data almost doubled in 2022 compared to the preceding year.
๐ In 2022, 1,824 phishing kits used simple access control mechanisms. Hypertext access (.htaccess) became the most popular access control strategy.
๐ 2,060 phishing kits used advanced detection evasion techniques - 26% more than a year earlier.
More details๐
Want to learn how Group-IB protects companies from phishing and scams? Visit our website๐
#phishing #CERT
The key trends, based on the analysis of more than 6,000 phishing kits extracted in 2021 and 2022, are the increasing use of access control and advanced detection evasion techniques. What else Group-IBโs Computer Emergency Response Team found out:
๐ In total, just under half of the phishing kits from 2022 seen by CERT-GIB relied on email to handle stolen information.
๐ The number of phishing kits that use Telegram to collect stolen data almost doubled in 2022 compared to the preceding year.
๐ In 2022, 1,824 phishing kits used simple access control mechanisms. Hypertext access (.htaccess) became the most popular access control strategy.
๐ 2,060 phishing kits used advanced detection evasion techniques - 26% more than a year earlier.
More details๐
Want to learn how Group-IB protects companies from phishing and scams? Visit our website๐
#phishing #CERT
๐6๐ฅ5โค2
Application programming interface usage has exploded in recent years. Despite their increasing popularity, APIs are particularly vulnerable if they are not properly implemented or secured.
Check out our fresh blog post, in which we provide a concise overview of API security, including key domains and nuances from the perspectives of API developers and end users. It outlines the importance of secure coding practices, authentication, authorization and other key domains, and provides recommendations for securing your environment. Read๐
#API #cybersecurity
Check out our fresh blog post, in which we provide a concise overview of API security, including key domains and nuances from the perspectives of API developers and end users. It outlines the importance of secure coding practices, authentication, authorization and other key domains, and provides recommendations for securing your environment. Read๐
#API #cybersecurity
๐ฅ9
APT Dark Pink is back with 5 new victims. The group has continued to attack government, military, and non-profit organizations in the Asia-Pacific expanding its operations to Thailand and Brunei. Another victim, an educational sector organization, has also been identified in Belgium. In line with Group-IBโs zero tolerance policy to cybercrime, we sent proactive warnings to all confirmed and potential victims.
It is important to emphasize that Dark Pink has carried out at least two attacks since the beginning of 2023. The most recent attack known to Group-IB started in April, with the latest files being detected in May. Dark Pink keeps updating their tools. For example, the groupโs custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is now divided into two distinct parts โ one that controls the device and the other that steals sensitive data.
In a fresh blog post the Group-IB team analyzes the latest updates in Dark Pinkโs toolset, evolution of the groupโs exfiltration methods, and modifications of their kill chain. The blog dives deep into the latest TTPs of Dark Pink, observed during the groupโs latest attacks. Read now๐
#APT #DarkPink
It is important to emphasize that Dark Pink has carried out at least two attacks since the beginning of 2023. The most recent attack known to Group-IB started in April, with the latest files being detected in May. Dark Pink keeps updating their tools. For example, the groupโs custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is now divided into two distinct parts โ one that controls the device and the other that steals sensitive data.
In a fresh blog post the Group-IB team analyzes the latest updates in Dark Pinkโs toolset, evolution of the groupโs exfiltration methods, and modifications of their kill chain. The blog dives deep into the latest TTPs of Dark Pink, observed during the groupโs latest attacks. Read now๐
#APT #DarkPink
โค7๐4๐ฅ4
โ๏ธ PostalFurious has extended its operations to the Middle East.
Group-IB has attributed a recent wave of scams impersonating public bodies in the Middle East region to a Chinese-speaking phishing gang, codenamed PostalFurious. The threat actor, documented for the first time by Group-IB in April 2023, has been targeting users in the Asia-Pacific by impersonating postal brands and toll operators. Now, Group-IB can confirm that the group has extended its operations to the Middle East.
The scammersโ goal is to compromise usersโ payment data, and do this by impersonating a Middle Eastern postal service and toll operator. For example, in the fake toll payment scheme, victims receive fake messages asking them to urgently pay a vehicle trip fee to avoid additional fines. The text messages contain a shortened URL to obscure the true phishing address. Once a user clicks on the link, they are redirected to a fake branded payment page.
Want to learn more about the PostalFurious schemes and get recommendations on how to avoid falling victim? Head over to our website๐
#phishing #PostalFurious
Group-IB has attributed a recent wave of scams impersonating public bodies in the Middle East region to a Chinese-speaking phishing gang, codenamed PostalFurious. The threat actor, documented for the first time by Group-IB in April 2023, has been targeting users in the Asia-Pacific by impersonating postal brands and toll operators. Now, Group-IB can confirm that the group has extended its operations to the Middle East.
The scammersโ goal is to compromise usersโ payment data, and do this by impersonating a Middle Eastern postal service and toll operator. For example, in the fake toll payment scheme, victims receive fake messages asking them to urgently pay a vehicle trip fee to avoid additional fines. The text messages contain a shortened URL to obscure the true phishing address. Once a user clicks on the link, they are redirected to a fake branded payment page.
Want to learn more about the PostalFurious schemes and get recommendations on how to avoid falling victim? Head over to our website๐
#phishing #PostalFurious
๐ฅ7๐1๐ฑ1
๐ค Group-IB is pleased to announce that it has concluded a partnership agreement with the Italian division of Ingram Micro, the worldโs leading wholesale distributor of technology products and services.
This agreement further strengthens the long-standing relationship between Group-IB and Ingram Microโs cybersecurity business unit. Prior to this new partnership covering Italy, Ingram Micro already served as an official Group-IB distributor in Poland, France, India, Indonesia, and several other major markets.
As partners, Ingram Micro will be able to offer its wide network of resellers in Italy access to the full Group-IB stack, including Threat Intelligence, Managed XDR, and Attack Surface Management, while also enhancing the local capabilities of these cybersecurity solutions for the Italian market. More details๐
#cybersecurity #partnership
This agreement further strengthens the long-standing relationship between Group-IB and Ingram Microโs cybersecurity business unit. Prior to this new partnership covering Italy, Ingram Micro already served as an official Group-IB distributor in Poland, France, India, Indonesia, and several other major markets.
As partners, Ingram Micro will be able to offer its wide network of resellers in Italy access to the full Group-IB stack, including Threat Intelligence, Managed XDR, and Attack Surface Management, while also enhancing the local capabilities of these cybersecurity solutions for the Italian market. More details๐
#cybersecurity #partnership
๐ฅ7โค3๐1๐1
๐ค Group-IB has joined forces with the Defence Technology Institute (DTI) to enhance cyber defence in Thailand. In a MOU Signing Ceremony held on 26 May 2023 at the Office of the Permanent Secretary for Defence in Bangkok, both parties affirmed their commitment to strengthen defense cooperation through research and educational initiatives in the field of cyber investigations and incident response.
Together with the DTI Cyber Academy Program, Group-IBโs cyber education unit will develop a variety of training programs, where DTI personnel will be able to uplift their skills using Group-IBโs battle-tested technologies for fighting against cybercrime in line with Group-IBโs mission.
More details๐
#partnership #cybersecurity
Together with the DTI Cyber Academy Program, Group-IBโs cyber education unit will develop a variety of training programs, where DTI personnel will be able to uplift their skills using Group-IBโs battle-tested technologies for fighting against cybercrime in line with Group-IBโs mission.
More details๐
#partnership #cybersecurity
๐ฅ11๐3
Since 2003, Group-IB has responded to more than 1,300 incidents of all complexities, racking up more than 70,000 hours of hands-on IR experience. Group-IBโs DFIR team of highly-qualified specialists conducts more than 200 engagements annually, and the companyโs experts have assisted organizations in multiple key verticals, including banking, manufacturing, energy, and government, to respond to ransomware attacks, APT breaches, and many other threats.
This is the third time in a row that Group-IB has been recognized by Gartner in their Market Guide for Digital Forensics and Incident Response Services. Way to go!
More details๐
#Gartner #FightAgainstCybercrime
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ12๐5โค4
Back in December 2022, Group-IB investigators documented the scope and scale of the well-organized illicit business of CryptosLabs. The scam syndicate targeted French-speaking individuals in France, Belgium, and Luxembourg by mimicking well-known banks, fin-techs, asset management firms, and crypto platforms for years.
In a new blog post, Group-IBโs investigators reveal previously unknown details about CryptosLabs scam ring such as the early stages of the syndicate, the scammerโs side of the scheme, a detailed analysis of their major weapon, and demonstrate how to mitigate the impact caused by the scheme. Read๐
#CryptosLabs #investment #scam
In a new blog post, Group-IBโs investigators reveal previously unknown details about CryptosLabs scam ring such as the early stages of the syndicate, the scammerโs side of the scheme, a detailed analysis of their major weapon, and demonstrate how to mitigate the impact caused by the scheme. Read๐
#CryptosLabs #investment #scam
๐6
More and more employees are using ChatGPT to optimize their work. By default, ChatGPT stores the history of user queries and AI responses. Consequently, unauthorized access to ChatGPT accounts may expose confidential or sensitive information, which can be exploited for targeted attacks against companies and their employees.
According to Group-IBโs latest findings, ChatGPT accounts have already gained significant popularity within underground communities. We have identified 101,134 stealer-infected devices with saved ChatGPT credentials between June 2022 and May 2023. The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.
Curious to learn more? Head over to our website๐
#ChatGPT #cyberthreats
According to Group-IBโs latest findings, ChatGPT accounts have already gained significant popularity within underground communities. We have identified 101,134 stealer-infected devices with saved ChatGPT credentials between June 2022 and May 2023. The Asia-Pacific region has experienced the highest concentration of ChatGPT credentials being offered for sale over the past year.
Curious to learn more? Head over to our website๐
#ChatGPT #cyberthreats
๐10๐ฅ5โค2
๐ค Group-IB is pleased to announce the signing of a distribution agreement with Tech First Gulf, a leading value-added distributor in the Middle East and Africa region. The partnership, signed in May 2023, will see Tech First Gulf promote Group-IBโs full stack of sector-leading cybersecurity solutions to its wide network of valued vendors and resellers in the Middle East and western, eastern, and central Africa, creating pathways for the localized delivery of Group-IB products and services.
More details๐
#partnership #cybersecurity
More details๐
#partnership #cybersecurity
๐ฅ9๐5
Learn how to stop cyberattacks, prioritize incidents, and mitigate the damage: join the "Incident Responder" training course by Group-IB. Our experts will provide incident responders with the knowledge and tools they need to rapidly and effectively respond to various security incidents. Donโt miss your chance to register๐
#education #IncidentResponder
#education #IncidentResponder
๐7๐ฅ2