π’ Breaking News π’
Group-IB proudly becomes the first Security Operations Center-Capability & Maturity Model (SOC-CMM) Silver Support Partner in the Asia-Pacific region! π
As a Silver Support Partner, Group-IB will leverage its extensive expertise and Digital Crime Resistance Centers (DCRCs) located in the Middle East, Europe, Central Asia, and the Asia-Pacific to deliver SOC-CMM advisory services globally. This partnership aims to enhance global cybersecurity by providing comprehensive assessments, consulting services, and targeted training to Security Operations Centers (SOCs) worldwide.
Read more about our strategic collaboration and its impact on the cybersecurity landscape
#Cybersecurity #GroupIB #SOCCMM #CyberDefense #DigitalCrime #CyberSecurityExcellence
Group-IB proudly becomes the first Security Operations Center-Capability & Maturity Model (SOC-CMM) Silver Support Partner in the Asia-Pacific region! π
As a Silver Support Partner, Group-IB will leverage its extensive expertise and Digital Crime Resistance Centers (DCRCs) located in the Middle East, Europe, Central Asia, and the Asia-Pacific to deliver SOC-CMM advisory services globally. This partnership aims to enhance global cybersecurity by providing comprehensive assessments, consulting services, and targeted training to Security Operations Centers (SOCs) worldwide.
Read more about our strategic collaboration and its impact on the cybersecurity landscape
#Cybersecurity #GroupIB #SOCCMM #CyberDefense #DigitalCrime #CyberSecurityExcellence
π₯21π2
Our latest Hi-Tech Crime Trends 23/24 Report sparked immense interest across the cybersecurity industry, prompting thousands of downloads and numerous web mentions.
To ensure no one misses these critical cybersecurity insights, we're here with a slightly digestible versionβthe Hi-Tech Crime Trends 23/24 infographic!
45 hard-hitting facts and figures that will challenge businesses' preparedness against the rising tide of cyber threats and help them build unbeatable defenses.
Ready to do your part? Share it far and wide to help your network confront cyber risks head-on.
To ensure no one misses these critical cybersecurity insights, we're here with a slightly digestible versionβthe Hi-Tech Crime Trends 23/24 infographic!
45 hard-hitting facts and figures that will challenge businesses' preparedness against the rising tide of cyber threats and help them build unbeatable defenses.
Ready to do your part? Share it far and wide to help your network confront cyber risks head-on.
π9π₯7
We are proud to have played a pivotal role in "Operation DISTANTHILL" alongside the Singapore Police Force, Hong Kong Police Force, and Royal Malaysia Police. Together, we successfully nabbed cyber fraud syndicates behind a notorious Android Remote Access Trojan (RAT) campaign that wreaked havoc in Singapore and Hong Kong in 2023.
After months of intensive data collection and analysis, Group-IB uncovered the vast network used by these cybercriminals, leading to their arrest. More than 4,000 victims were defrauded across Southeast Asia. Among them, the Singapore police recorded 1,899 related cases in 2023 with a total loss of more than US$25 million.
Learn more about how our collaboration with international law enforcement brought down this cybercrime syndicate
#CyberSecurity #CyberCrime #RATCampaign #DataSecurity #CyberFraud #FightAgainstCrime #Android
After months of intensive data collection and analysis, Group-IB uncovered the vast network used by these cybercriminals, leading to their arrest. More than 4,000 victims were defrauded across Southeast Asia. Among them, the Singapore police recorded 1,899 related cases in 2023 with a total loss of more than US$25 million.
Learn more about how our collaboration with international law enforcement brought down this cybercrime syndicate
#CyberSecurity #CyberCrime #RATCampaign #DataSecurity #CyberFraud #FightAgainstCrime #Android
π16π₯8π2
π¨ New Blog Alertπ¨
In our latest blog post, we dive deep into the nefarious activities of the threat actor known as Boolka. From opportunistic SQL injection attacks to the creation of sophisticated malware like the BMANAGER modular trojan, discover how Boolka has been infecting websites and stealing data with malicious scripts. Read on to learn about Boolka's tactics, techniques, and the tools used to combat this cyber threat.
Read More
#CyberSecurity #Malware #ThreatIntelligence #Boolka #CyberAttack #DataSecurity #InfoSec
In our latest blog post, we dive deep into the nefarious activities of the threat actor known as Boolka. From opportunistic SQL injection attacks to the creation of sophisticated malware like the BMANAGER modular trojan, discover how Boolka has been infecting websites and stealing data with malicious scripts. Read on to learn about Boolka's tactics, techniques, and the tools used to combat this cyber threat.
Read More
#CyberSecurity #Malware #ThreatIntelligence #Boolka #CyberAttack #DataSecurity #InfoSec
π₯10π1
App interfaces are built for convenient experiences π±β¨.
But as much as your customers prefer them, adversaries do too, using fake apps to perpetrate fraud, access sensitive information, and take control of devices.
Group-IBβs High-Tech Crime Investigations team analyzed a similar scam scheme involving illegitimate brand apps that were actually Remote Access Trojans (RATs) built using Craxs Ratπ΅οΈββοΈ.
Developed by EVLF, Craxs Rat continues to be sold as malware-as-a-service and is evolving.
Dive into the complete details and latest developments on Craxs Rat, uncovered by Group-IB to defend yourself from becoming the next victim
#FakeAppScam #Malware #RAT #DarkWeb #CyberInvestigations #FightAgainstCybercrime
But as much as your customers prefer them, adversaries do too, using fake apps to perpetrate fraud, access sensitive information, and take control of devices.
Group-IBβs High-Tech Crime Investigations team analyzed a similar scam scheme involving illegitimate brand apps that were actually Remote Access Trojans (RATs) built using Craxs Ratπ΅οΈββοΈ.
Developed by EVLF, Craxs Rat continues to be sold as malware-as-a-service and is evolving.
Dive into the complete details and latest developments on Craxs Rat, uncovered by Group-IB to defend yourself from becoming the next victim
#FakeAppScam #Malware #RAT #DarkWeb #CyberInvestigations #FightAgainstCybercrime
π9β€3
As a trusted partner for businesses in managing cybersecurity, MSSPs and MDR providers must continually enhance their service portfolios to address the evolving threat landscape.
Specifically, with Cyber Threat Intelligence (CTI), where:
πExpectations - Continuous stream of critical, real-time, and actionable threat insights to counter emerging threats.
βοΈReality - Focus on basic indicators and lack the resources or structured programs to interpret and act on advanced and tailored threat intelligence.
How can you bridge the gap as an MSSP provider? Enable these three CTI capabilities for your business clients to enhance threat detection and response.
Read all about it and more
#MSSP #MDR #CyberSecurity #ThreatIntelligence #InfoSec #BusinessSecurity #DataProtection
Specifically, with Cyber Threat Intelligence (CTI), where:
πExpectations - Continuous stream of critical, real-time, and actionable threat insights to counter emerging threats.
βοΈReality - Focus on basic indicators and lack the resources or structured programs to interpret and act on advanced and tailored threat intelligence.
How can you bridge the gap as an MSSP provider? Enable these three CTI capabilities for your business clients to enhance threat detection and response.
Read all about it and more
#MSSP #MDR #CyberSecurity #ThreatIntelligence #InfoSec #BusinessSecurity #DataProtection
π₯7π2
Discover how Eldorado Ransomware, with its advanced encryption techniques and global impact, marks the evolving landscape of cybercrimeπ΅οΈββοΈ.
Our latest blog post delves into the rise of Ransomware-as-a-Service (RaaS) on dark web forums, focusing on ElDoradoβa new player recruiting affiliates and providing powerful tools for devastating attacks.
Explore the dramatic increase in ransomware incidents, the secretive forums like RAMP where cybercriminals convene, and the technical workings of ElDorado. Learn crucial strategies to safeguard your organization. Unravel the hidden empire of ElDorado Ransomware in our full analysis.
Read now
#Cybercrime #Ransomware #GroupIB #Cybersecurity #RansomwareAsAService #DarkWeb #InfoSec
Our latest blog post delves into the rise of Ransomware-as-a-Service (RaaS) on dark web forums, focusing on ElDoradoβa new player recruiting affiliates and providing powerful tools for devastating attacks.
Explore the dramatic increase in ransomware incidents, the secretive forums like RAMP where cybercriminals convene, and the technical workings of ElDorado. Learn crucial strategies to safeguard your organization. Unravel the hidden empire of ElDorado Ransomware in our full analysis.
Read now
#Cybercrime #Ransomware #GroupIB #Cybersecurity #RansomwareAsAService #DarkWeb #InfoSec
π₯6π2
With fraud and cyber threats at an all time high, operating in silos is no longer a proper combative strategy for security leaders and teams.
A cybersecurity and fraud prevention fusion is essential to identify, dissect, and counter cyber threats before they escalate into fraud.
Learn more about the future-leaning cyber-fraud fusion and the necessary adjustments needed in your strategy in our blog
Discover how Group-IB is leading the change and remains one of only two vendors offering this capability through its proprietary Fraud Matrix.
#CyberSecurity #CyberThreats #SecurityLeaders #FraudPrevention #FraudMatrix #CyberFraud
A cybersecurity and fraud prevention fusion is essential to identify, dissect, and counter cyber threats before they escalate into fraud.
Learn more about the future-leaning cyber-fraud fusion and the necessary adjustments needed in your strategy in our blog
Discover how Group-IB is leading the change and remains one of only two vendors offering this capability through its proprietary Fraud Matrix.
#CyberSecurity #CyberThreats #SecurityLeaders #FraudPrevention #FraudMatrix #CyberFraud
π7π₯4
In March 2023, the vulnerability CVE-2023-27532 was disclosed, yet one company failed to patch their systems in time. This oversight led to a devastating ransomware attack by EstateRansomware in April 2024.
The attackers exploited a dormant account through FortiGate VPN, infiltrating the failover server. They deployed a persistent backdoor, harvested credentials, and disabled defenses, ultimately deploying ransomware that caused significant damage.
Group-IBβs Digital Forensics and Incident Response (DFIR) team investigated, tracing the attack from the initial breach to the ransomware deployment. Our analysis provides crucial insights and practical recommendations to help cybersecurity professionals prevent similar incidents.
Read the full story to learn how timely updates and regular security reviews can protect your organization from such threats
#CyberSecurity #Ransomware #Vulnerability #GroupIB #DFIR
The attackers exploited a dormant account through FortiGate VPN, infiltrating the failover server. They deployed a persistent backdoor, harvested credentials, and disabled defenses, ultimately deploying ransomware that caused significant damage.
Group-IBβs Digital Forensics and Incident Response (DFIR) team investigated, tracing the attack from the initial breach to the ransomware deployment. Our analysis provides crucial insights and practical recommendations to help cybersecurity professionals prevent similar incidents.
Read the full story to learn how timely updates and regular security reviews can protect your organization from such threats
#CyberSecurity #Ransomware #Vulnerability #GroupIB #DFIR
π12π1π1
π₯ Expanding your digital footprint with interfaces, channels, and customer interactions amplifies cyber risks.
And when a risk escalates into a major disruption, do you have the expertise and technology to immediately stop it? π€
π Discover how Group-IBβs Digital Risk Protection monitors, detects, and takes down brand risks and violations in real time, all with minimal intervention from your end.
Curious to know how it works? Dive into our full blog to uncover
#GroupIB #DigitalRiskProtection #Cybersecurity #BrandProtection #FightAgainstCybercrime
And when a risk escalates into a major disruption, do you have the expertise and technology to immediately stop it? π€
π Discover how Group-IBβs Digital Risk Protection monitors, detects, and takes down brand risks and violations in real time, all with minimal intervention from your end.
Curious to know how it works? Dive into our full blog to uncover
#GroupIB #DigitalRiskProtection #Cybersecurity #BrandProtection #FightAgainstCybercrime
π9β€2
The Qilin ransomware group recently grabbed headlines with a massive $50 million ransom demand, hitting Synnovis and impacting NHS hospitals in London. Since its emergence from Agenda ransomware, Qilin has evolved into a powerful Rust-based threat, targeting over 150 organizations in 25 countries.
π‘οΈOur latest blog explores their evolving tactics, including exploitation of Fortinet and Veeam Backup vulnerabilities, precise ransomware deployment arguments, and unique hashing methods. Additionally, the analysis details their privilege escalation techniques, defense evasion methods, and lateral movement via PsExec and VMware vCenter. The ransomware itself utilizes AES-256 CTR or ChaCha20 encryption, further impeding recovery by deleting backups and rebooting systems. Itβs essential reading for anyone in cybersecurity to understand and counteract this evolving threat.
π Check out the full blog post
#CyberSecurity #Ransomware #ThreatIntelligence #QilinRansomware #Healthcare #FightAgainstCrime
π‘οΈOur latest blog explores their evolving tactics, including exploitation of Fortinet and Veeam Backup vulnerabilities, precise ransomware deployment arguments, and unique hashing methods. Additionally, the analysis details their privilege escalation techniques, defense evasion methods, and lateral movement via PsExec and VMware vCenter. The ransomware itself utilizes AES-256 CTR or ChaCha20 encryption, further impeding recovery by deleting backups and rebooting systems. Itβs essential reading for anyone in cybersecurity to understand and counteract this evolving threat.
π Check out the full blog post
#CyberSecurity #Ransomware #ThreatIntelligence #QilinRansomware #Healthcare #FightAgainstCrime
π6π₯4π€¬1
This media is not supported in your browser
VIEW IN TELEGRAM
AI enables cybercriminals to launch attacks faster, more frequently, and with greater impact. However, viewing AI as a threat only applies to businesses that donβt leverage it to gain a cybersecurity advantage.
Hear what Group-IBβs CEO, Dmitry Volkov, says and discover how to make AI work for you in our new Cybersecurity x AI eGuide
#AI #cybersecurity #cyberattacks #technology #cybercrime #business #infosec
Hear what Group-IBβs CEO, Dmitry Volkov, says and discover how to make AI work for you in our new Cybersecurity x AI eGuide
#AI #cybersecurity #cyberattacks #technology #cybercrime #business #infosec
π₯14β€5
Exposing the GXC Team: AI-Powered Phishing and OTP Interception π
Group-IB has identified the GXC Team, a Spanish-speaking cybercriminal group specializing in AI-powered phishing-as-a-service and Android malware designed to intercept OTP codes. Emerging in early 2023, GXC Team targets Spanish bank users and institutions worldwide with a sophisticated suite of phishing tools and malware.
Our latest blog post provides an in-depth analysis of their operational methods, including the development and distribution of phishing kits, Android malware, and custom coding services. Learn about their malware-as-a-service model, their innovative phishing tactics, and strategies for effective defense against these threats.
Read the full analysis to understand how these cybercriminals operate and learn essential strategies to defend against such threats
#CyberSecurity #Phishing #Malware #BankingSecurity #CyberCriminal #AI #FightAgainstCrime
Group-IB has identified the GXC Team, a Spanish-speaking cybercriminal group specializing in AI-powered phishing-as-a-service and Android malware designed to intercept OTP codes. Emerging in early 2023, GXC Team targets Spanish bank users and institutions worldwide with a sophisticated suite of phishing tools and malware.
Our latest blog post provides an in-depth analysis of their operational methods, including the development and distribution of phishing kits, Android malware, and custom coding services. Learn about their malware-as-a-service model, their innovative phishing tactics, and strategies for effective defense against these threats.
Read the full analysis to understand how these cybercriminals operate and learn essential strategies to defend against such threats
#CyberSecurity #Phishing #Malware #BankingSecurity #CyberCriminal #AI #FightAgainstCrime
π10π3
π¨ Beware the RAT: Android Remote Access Malware Strikes in Malaysia π¨
CraxsRAT, an advanced Android Remote Administration Tool (RAT), is wreaking havoc in Malaysia. This notorious malware allows fraudsters to remotely control devices, steal credentials, and drain bank accounts. Our investigation reveals CraxsRAT's sophisticated phishing tactics, where victims are lured to download malicious apps from fake websites mimicking local brands. Within minutes, credentials are stolen, leading to unauthorized withdrawals.
Group-IB's Fraud Protection team has detected over 210 samples and developed cutting-edge detection rules to combat this evolving threat. Stay informed and protect your organization with our in-depth analysis.
π Read the full technical report
#CyberSecurity #Malware #FraudProtection #CraxsRAT #BankingSecurity #ThreatIntelligence
CraxsRAT, an advanced Android Remote Administration Tool (RAT), is wreaking havoc in Malaysia. This notorious malware allows fraudsters to remotely control devices, steal credentials, and drain bank accounts. Our investigation reveals CraxsRAT's sophisticated phishing tactics, where victims are lured to download malicious apps from fake websites mimicking local brands. Within minutes, credentials are stolen, leading to unauthorized withdrawals.
Group-IB's Fraud Protection team has detected over 210 samples and developed cutting-edge detection rules to combat this evolving threat. Stay informed and protect your organization with our in-depth analysis.
π Read the full technical report
#CyberSecurity #Malware #FraudProtection #CraxsRAT #BankingSecurity #ThreatIntelligence
π₯8β€4π3
π¨ Working as an essential/critical entity in Europe? This is for you!
The Network and Information Security Directive 2 (NIS 2) and its definitive cybersecurity requirements are set for regional businesses. With the compliance deadline nearingβOctober 17, 2024βthere's no time to waste!
Get complete information on NIS 2 in our latest blog
βοΈAssess if your industry is covered, the compliance criteria, what technology upgrades are required to achieve compliance status, and more.
Unsure of your compliance stance or havenβt achieved full compliance yet? Collaborate with Group-IB experts to get NIS 2 ready. Download the leaflet now
Ensure you meet compliance to avoid financial and legal implications or suspension of business activities. With almost two months left, start building your NIS 2 strategy today!
#NIS2 #CyberSecurity #Compliance #GroupIB #RiskManagement #CyberAwareness #FightAgainstCybercrime
The Network and Information Security Directive 2 (NIS 2) and its definitive cybersecurity requirements are set for regional businesses. With the compliance deadline nearingβOctober 17, 2024βthere's no time to waste!
Get complete information on NIS 2 in our latest blog
βοΈAssess if your industry is covered, the compliance criteria, what technology upgrades are required to achieve compliance status, and more.
Unsure of your compliance stance or havenβt achieved full compliance yet? Collaborate with Group-IB experts to get NIS 2 ready. Download the leaflet now
Ensure you meet compliance to avoid financial and legal implications or suspension of business activities. With almost two months left, start building your NIS 2 strategy today!
#NIS2 #CyberSecurity #Compliance #GroupIB #RiskManagement #CyberAwareness #FightAgainstCybercrime
π12
At #CyberDSA2024, CyberSecurity Malaysia and Group-IB signed a Memorandum of Understanding (MOU) to boost Malaysia's cyber resilience and safeguard its critical IT infrastructure. The MOU includes provisions for information sharing on cyber threats, technical support, cybersecurity training, and emergency response coordination. It also aims to increase cybersecurity awareness, support SMEs, and use Group-IBβs Digital Crime Resistance Centers for threat analysis and joint cybercrime operations. The agreement was signed on 6 August 2024 in Kuala Lumpur, with key figures from both organizations and the Ministry of Digital present.
π Read more
#CyberSecurity #Malaysia #CyberResilience #CyberThreats #CybersecurityAwareness #FightAgainstCybercrime
π Read more
#CyberSecurity #Malaysia #CyberResilience #CyberThreats #CybersecurityAwareness #FightAgainstCybercrime
π₯12π1
π¨ Under Siege: The Critical Risk of Compromised Mobile Device Management Credentials π¨
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1οΈβ£ 27.5% of MDM interfaces accessible from the external Internet
2οΈβ£ Targeted malware attacks leading to credential theft
3οΈβ£ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
π Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
In our latest blog, Nikita Rostovcev, Cyber Intelligence Researcher at Group-IB, delves into the alarming risks posed by compromised Mobile Device Management (MDM) credentials. With over 1,500 login pairs discovered on the dark web, exposing companies to severe cyber threats.
Key Insights:
1οΈβ£ 27.5% of MDM interfaces accessible from the external Internet
2οΈβ£ Targeted malware attacks leading to credential theft
3οΈβ£ Risks to business continuity, data security, and legal compliance
Discover how threat actors exploit these vulnerabilities and what you can do to protect your organization. Learn about essential measures such as re-enrolling devices, continuous dark web monitoring, and implementing MFA.
π Read the full analysis
#Cybersecurity #GroupIB #MDM #DataSecurity #ThreatIntelligence #CyberThreats #MobileSecurity #BusinessContinuity #FightAgainstCybercrime
π₯8
On June 20, 2024, the Indonesian data center experienced a severe ransomware attack by the group Brain Cipher, impacting approximately 210 critical government services, including customs and immigration. This led to significant delays for travelers at airports.
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
Initially demanding an $8-million ransom, Brain Cipher later released the decryptor for free. Group-IB's High-Tech Crime Investigation team has provided insights into the group's previous activities and tactics, revealing their use of ransom notes and data leak threats as extortion methods. The Brain Cipher group has been active since at least April 2024 and shows connections to other ransomware entities such as EstateRansomware and SenSayQ.
Dive into the inner workings of Brain Cipher on our blog now
#CyberSecurity #Ransomware #DataBreach #InfoSec #CyberCrime #DataSecurity #CyberInvestigation #FightAgainstCybercrime
π₯9π3
Explore how Linux's procfs can be exploited to conceal processes from administrators. Although /proc provides critical system and process information, techniques such as remounting can be used to obscure active processes.
Read more about this exploit and more, and how administrators can protect their systems on our blog!
#cybersecurity #linux #exploit
Read more about this exploit and more, and how administrators can protect their systems on our blog!
#cybersecurity #linux #exploit
π₯10β€3