#CyberCrimeCon #report #cybercrime #HTCT
Group-IB reveals Hi-Tech Crime Trends 2021/2022⚡️⚡️⚡️
Group-IB presents the 10th edition of its annual report Hi-Tech Crime Trends 21/22 on the most trending cybercrimes and forecasts for the next year. The new report comes in 5 volumes focusing on initial access brokers, ransomware, financial threats, cyberwarfare, and scam & phishing.
All five parts of the Hi-Tech Crime Trends 21/22 will be released by the end of December. If you do not want to miss out, subscribe for updates and we’ll send the notification when each report goes live -> https://bit.ly/3ofZfFs
Group-IB reveals Hi-Tech Crime Trends 2021/2022⚡️⚡️⚡️
Group-IB presents the 10th edition of its annual report Hi-Tech Crime Trends 21/22 on the most trending cybercrimes and forecasts for the next year. The new report comes in 5 volumes focusing on initial access brokers, ransomware, financial threats, cyberwarfare, and scam & phishing.
All five parts of the Hi-Tech Crime Trends 21/22 will be released by the end of December. If you do not want to miss out, subscribe for updates and we’ll send the notification when each report goes live -> https://bit.ly/3ofZfFs
#CyberCrimeCon21 #report #cybercrime #HTCT
Group-IB presents "Hi-Tech Crime Trends 2021/2022. Part I. Uninvited guests: the sale of access to corporate networks.”
❗️The sharp increase in the number of offers to sell access to compromised corporate networks has become one of the underlying trends on the cybercrime arena recently. Group-IB experts have identified several factors contributing to the rapid growth of the initial access market.
🔺One such factor was the emergence of Fxmsp, a hacker who first appeared on underground forums in 2017. Posts about selling access to corporate networks had appeared on dark-web resources back then, but they had been rare and not streamlined. Fxmsp was the first to focus on gaining initial access for the purpose of selling it.
🔺Demand creates supply. The principle also applies to the sale of initial access to compromised networks. Beginning in 2019, there was a sharp increase in the number of ransomware attacks, the first stage of which
is gaining access to a company’s network. This fueled demand for initial access and bolstered the rise of initial access markets.
🔺The third factor furthering the rise of initial access markets is the low threshold to enter the industry. The fact that tools for conducting full-fledged attacks against corporate networks are widely available means that underground actors can make money with little effort. The market for initial access has been flooded with low-skilled threat actors who, despite their poor knowledge of the technical aspects involved, pose a threat to companies.
Download link -> https://bit.ly/3pjvxPc
Group-IB presents "Hi-Tech Crime Trends 2021/2022. Part I. Uninvited guests: the sale of access to corporate networks.”
❗️The sharp increase in the number of offers to sell access to compromised corporate networks has become one of the underlying trends on the cybercrime arena recently. Group-IB experts have identified several factors contributing to the rapid growth of the initial access market.
🔺One such factor was the emergence of Fxmsp, a hacker who first appeared on underground forums in 2017. Posts about selling access to corporate networks had appeared on dark-web resources back then, but they had been rare and not streamlined. Fxmsp was the first to focus on gaining initial access for the purpose of selling it.
🔺Demand creates supply. The principle also applies to the sale of initial access to compromised networks. Beginning in 2019, there was a sharp increase in the number of ransomware attacks, the first stage of which
is gaining access to a company’s network. This fueled demand for initial access and bolstered the rise of initial access markets.
🔺The third factor furthering the rise of initial access markets is the low threshold to enter the industry. The fact that tools for conducting full-fledged attacks against corporate networks are widely available means that underground actors can make money with little effort. The market for initial access has been flooded with low-skilled threat actors who, despite their poor knowledge of the technical aspects involved, pose a threat to companies.
Download link -> https://bit.ly/3pjvxPc
Group-IB
Fxmsp: “The Invisible God of Networks” Threat Research | Group-IB Resources
The report shows how Fxmsp’s cybercriminal career evolved from a newbie hacker to one of the major players of the Russian-speaking underground.
#CyberCrimeCon21 #report #cybercrime #HTCT
The overall size of initial access market hits $7.2 mln💵
In H2 2020-H12021, the market of corporate initial access continued to flourish and grew by almost 16% from $6,189,388 to $7,165,387. Here are some other figures proving this explosive growth:
🔹The number of offers to sell access to companies almost tripled over the review period: from 362 to 1,099.
🔹The number of initial access brokers skyrocketed from 86 active brokers to 262, with 229 new players joining the roster.
🔹The number of industries exploited by initial access brokers surged from 20 to 35, which indicates that cybercriminals are becoming aware of the variety of potential victims. Most companies affected belonged to the manufacturing, education, and financial services.
🔹The number of countries where cybercriminals broke into corporate networks increased from 42 to 68. US-based companies were the most popular among sellers of access to compromised networks, followed by France and the UK.
🔹Five brokers make 35% of all the profit from access sale in the underground.
Download link -> https://bit.ly/3pjvxPc
The overall size of initial access market hits $7.2 mln💵
In H2 2020-H12021, the market of corporate initial access continued to flourish and grew by almost 16% from $6,189,388 to $7,165,387. Here are some other figures proving this explosive growth:
🔹The number of offers to sell access to companies almost tripled over the review period: from 362 to 1,099.
🔹The number of initial access brokers skyrocketed from 86 active brokers to 262, with 229 new players joining the roster.
🔹The number of industries exploited by initial access brokers surged from 20 to 35, which indicates that cybercriminals are becoming aware of the variety of potential victims. Most companies affected belonged to the manufacturing, education, and financial services.
🔹The number of countries where cybercriminals broke into corporate networks increased from 42 to 68. US-based companies were the most popular among sellers of access to compromised networks, followed by France and the UK.
🔹Five brokers make 35% of all the profit from access sale in the underground.
Download link -> https://bit.ly/3pjvxPc
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#CyberCrimeCon21 #report #cybercrime #HTCT
Access brokers: regional profiles 🌎
Let's take a closer look at the situation with the sales of access to corporate networks in various regions.
🔹In APAC alone, the total cost of all the accesses to the region’s companies available in the underground totaled $3.3 million. Most of the accesses on the sale belonged to organizations from Australia, India and China.
🔹European companies were among frequent targets of access brokers as well. The total cost of all the accesses to the region’s companies offered for sale in the #underground totaled $590,095 in the review period. French companies were the most popular lot for sellers of access to compromised networks, followed by the UK and Italy.
🔹In the Middle East, the total cost of all the accesses to the region’s companies available in the underground accounted for $247,836. Most of the accesses on the sale belonged to organizations from the UAE, followed by Israel and Turkey.
Download the report for more details -> https://bit.ly/3pjvxPc
Access brokers: regional profiles 🌎
Let's take a closer look at the situation with the sales of access to corporate networks in various regions.
🔹In APAC alone, the total cost of all the accesses to the region’s companies available in the underground totaled $3.3 million. Most of the accesses on the sale belonged to organizations from Australia, India and China.
🔹European companies were among frequent targets of access brokers as well. The total cost of all the accesses to the region’s companies offered for sale in the #underground totaled $590,095 in the review period. French companies were the most popular lot for sellers of access to compromised networks, followed by the UK and Italy.
🔹In the Middle East, the total cost of all the accesses to the region’s companies available in the underground accounted for $247,836. Most of the accesses on the sale belonged to organizations from the UAE, followed by Israel and Turkey.
Download the report for more details -> https://bit.ly/3pjvxPc
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#report #cybercrime #HTCT #ransomware
Group-IB presents the second volume of its Hi-Tech Crime Trends 2021/2022 report “Corporansom: threat number one” ⚡️⚡️⚡️
In the first 11 months of 2021, more than 60% of all the incidents investigated by Group-IB concerned ransomware. This number is expected to grow, with the number of public affiliate programs growing by 23% in H2 2020 – H1 2021 compared to the corresponding period a year earlier.
Over the review period, RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935% in H2 2020 – H1 2021.
The report represents the first attempt to provide a retrospective analysis of how the ransomware cyber empire evolved and shed light on how businesses worldwide lose millions of dollars to cybercriminals. In this report, we look into how and why the ransomware industry has developed, provide in-depth analyses of certain affiliate programs from within, and share statistics on the countries and industries that are attacked most often.
Download link -> https://bit.ly/31NMsRX
Group-IB presents the second volume of its Hi-Tech Crime Trends 2021/2022 report “Corporansom: threat number one” ⚡️⚡️⚡️
In the first 11 months of 2021, more than 60% of all the incidents investigated by Group-IB concerned ransomware. This number is expected to grow, with the number of public affiliate programs growing by 23% in H2 2020 – H1 2021 compared to the corresponding period a year earlier.
Over the review period, RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935% in H2 2020 – H1 2021.
The report represents the first attempt to provide a retrospective analysis of how the ransomware cyber empire evolved and shed light on how businesses worldwide lose millions of dollars to cybercriminals. In this report, we look into how and why the ransomware industry has developed, provide in-depth analyses of certain affiliate programs from within, and share statistics on the countries and industries that are attacked most often.
Download link -> https://bit.ly/31NMsRX
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#report #cybercrime #HTCT #ransomware
Let's take a look at the “Corporansom: threat number one” highlights⬇️
🔹According to data leak sites, in 2021, the most active #ransomware groups were #Conti, #Lockbit and #Avaddon.
🔹Almost half of the companies whose data was released on DLS in 2021 originate from the US🇺🇸, followed by Canada🇨🇦 and France🇫🇷.
🔹According to the DLS data, the main industries targeted in 2021 were #manufacturing, real estate, and #transportation. In 2020, the situation was almost the same, which suggests that attackers mainly target the same types of companies that they believe to be the most profitable.
🔹In H2 2020 – H1 2021, #RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (#DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935%.
🔹SoftPerfect Network Scanner, Cobalt Strike Beacon, and ADFind were the top 3 most popular tools encountered by Group-IB experts in their response to #ransomware attacks.
Download the report now for more insights -> https://bit.ly/31NMsRX
Let's take a look at the “Corporansom: threat number one” highlights⬇️
🔹According to data leak sites, in 2021, the most active #ransomware groups were #Conti, #Lockbit and #Avaddon.
🔹Almost half of the companies whose data was released on DLS in 2021 originate from the US🇺🇸, followed by Canada🇨🇦 and France🇫🇷.
🔹According to the DLS data, the main industries targeted in 2021 were #manufacturing, real estate, and #transportation. In 2020, the situation was almost the same, which suggests that attackers mainly target the same types of companies that they believe to be the most profitable.
🔹In H2 2020 – H1 2021, #RaaS gangs increased the conversion by posting compromised data online on their Data Leak Sites (#DLS). It has become very popular, with the number of victims whose data has been published on DLSs having grown by 935%.
🔹SoftPerfect Network Scanner, Cobalt Strike Beacon, and ADFind were the top 3 most popular tools encountered by Group-IB experts in their response to #ransomware attacks.
Download the report now for more insights -> https://bit.ly/31NMsRX
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#report #cybercrime #HTCT #ransomware
Group-IB presents the third volume of its Hi-Tech Crime Trends 2021/2022 report “Big money: threats to financial sector” ⚡️⚡️⚡️
❗️Organizations in the financial sector face a diverse threat landscape, as they are often the preferred targets of financially motivated cybercriminals. In H2 2020 - H1 2021, the cyber threat that stood out as the most damaging to financial sector organizations was ransomware.
🔺In the review period the number of financial organizations whose data was released on DLS increased to 127 compared to 50 a year earlier. Group-IB identified at least 24 groups attacking companies in the financial sector. The most prolific among them were #REvil, #Conti, and #Avaddon.
🔺The market for access to corporate networks has grown significantly. Compared to the previous period, the number of initial access brokers (IABs) has increased from 18 to 47 , while the number of known sale incidents went up from 31 to 95.
Download link -> https://bit.ly/3dLL2tJ
Group-IB presents the third volume of its Hi-Tech Crime Trends 2021/2022 report “Big money: threats to financial sector” ⚡️⚡️⚡️
❗️Organizations in the financial sector face a diverse threat landscape, as they are often the preferred targets of financially motivated cybercriminals. In H2 2020 - H1 2021, the cyber threat that stood out as the most damaging to financial sector organizations was ransomware.
🔺In the review period the number of financial organizations whose data was released on DLS increased to 127 compared to 50 a year earlier. Group-IB identified at least 24 groups attacking companies in the financial sector. The most prolific among them were #REvil, #Conti, and #Avaddon.
🔺The market for access to corporate networks has grown significantly. Compared to the previous period, the number of initial access brokers (IABs) has increased from 18 to 47 , while the number of known sale incidents went up from 31 to 95.
Download link -> https://bit.ly/3dLL2tJ
#report #cybercrime #HTCT #APT
Group-IB presents the fourth volume of its Hi-Tech Crime Trends 2021/2022 report “Cyberwarfare: state-sponsored operations in cyberspace” ⚡️⚡️⚡️
⚠️Concerns over nation-state attackers grow every year. Group-IB’s previous Hi-Tech Crime Trends reports have detailed how long-term espionage campaigns run by intelligence agencies occurred alongside episodes of open interstate military confrontation, which in some cases resulted in infrastructure being physically destroyed.
🎯The H2 2020 - H1 2021 period has shown that state-sponsored hacker groups can launch large-scale attacks to which even the most high-level targets are vulnerable. We all remember how by hacking into the US software developer SolarWinds, cybercriminals compromised cybersecurity market leaders, as well as several US government agencies.
🔸Recently, state-backed attackers became less isolated from the rest of the cybercriminal world. More and more often, they use publicly available tools and resort to underground services. They do not shy away from buying initial access from other attackers or exchange malicious tools with them. Group-IB’s hypothesis that the boundaries between nation-state and financially-motivated attackers are beginning to fade is confirmed by the fact that more state-sponsored hackers are trying their luck in new fields to increase their profits.
In our fresh report, available exclusively to Group-IB Threat Intelligence & Attribution customers, we:
🔸examine new players who have appeared on the map of interstate confrontation in cyberspace;
🔸describe their most significant operations;
🔸analyze their tools;
🔸provide a list of threats to companies in the telecommunications, energy, and IT sectors;
🔸tell about how state-sponsored hackers make extra money;
🔸and of course provide forecasts on the evolving threat landscape for various
sectors.
Fortunately, you can get access to the report by requesting the demo of Group-IB's Threat Intelligence & Attribution system that provides high-fidelity threat intelligence data tailored to your specific organization -> https://bit.ly/3sbd6PU
Group-IB presents the fourth volume of its Hi-Tech Crime Trends 2021/2022 report “Cyberwarfare: state-sponsored operations in cyberspace” ⚡️⚡️⚡️
⚠️Concerns over nation-state attackers grow every year. Group-IB’s previous Hi-Tech Crime Trends reports have detailed how long-term espionage campaigns run by intelligence agencies occurred alongside episodes of open interstate military confrontation, which in some cases resulted in infrastructure being physically destroyed.
🎯The H2 2020 - H1 2021 period has shown that state-sponsored hacker groups can launch large-scale attacks to which even the most high-level targets are vulnerable. We all remember how by hacking into the US software developer SolarWinds, cybercriminals compromised cybersecurity market leaders, as well as several US government agencies.
🔸Recently, state-backed attackers became less isolated from the rest of the cybercriminal world. More and more often, they use publicly available tools and resort to underground services. They do not shy away from buying initial access from other attackers or exchange malicious tools with them. Group-IB’s hypothesis that the boundaries between nation-state and financially-motivated attackers are beginning to fade is confirmed by the fact that more state-sponsored hackers are trying their luck in new fields to increase their profits.
In our fresh report, available exclusively to Group-IB Threat Intelligence & Attribution customers, we:
🔸examine new players who have appeared on the map of interstate confrontation in cyberspace;
🔸describe their most significant operations;
🔸analyze their tools;
🔸provide a list of threats to companies in the telecommunications, energy, and IT sectors;
🔸tell about how state-sponsored hackers make extra money;
🔸and of course provide forecasts on the evolving threat landscape for various
sectors.
Fortunately, you can get access to the report by requesting the demo of Group-IB's Threat Intelligence & Attribution system that provides high-fidelity threat intelligence data tailored to your specific organization -> https://bit.ly/3sbd6PU
#report #cybercrime #HTCT #APT
🔎We would like to shed some light on the content of our new report and reveal some of its highlights:
🔸During the reporting period, 11 new APT groups specializing in cyber espionage were discovered. Two of them — Dark Halo and HAFNIUM — conducted the most large-scale operations, competing with each other for the highest number of infected companies.
🔸The largest number of active APT groups was detected in the Asia-Pacific region, just like in the previous review period.
🔸One of the trends observed in the reporting period was APT groups using rootkits and vulnerabilities to compromise BIOS/UEFI and subsequently gain control over a system.
🔸The development of 5G technologies triggered the intensification of espionage campaigns, presumably aimed at competing for new markets in Southeast Asia, Europe, and the United States.
🔸The number of attacks on IT companies is growing year after year. In most cases, IT companies are a springboard for supply-chain attacks aimed to compromise customers further.
More findings are in our report, which can be accessed by requesting Group-IB Threat Intelligence & Attribution demo -> https://bit.ly/3sbd6PU
🔎We would like to shed some light on the content of our new report and reveal some of its highlights:
🔸During the reporting period, 11 new APT groups specializing in cyber espionage were discovered. Two of them — Dark Halo and HAFNIUM — conducted the most large-scale operations, competing with each other for the highest number of infected companies.
🔸The largest number of active APT groups was detected in the Asia-Pacific region, just like in the previous review period.
🔸One of the trends observed in the reporting period was APT groups using rootkits and vulnerabilities to compromise BIOS/UEFI and subsequently gain control over a system.
🔸The development of 5G technologies triggered the intensification of espionage campaigns, presumably aimed at competing for new markets in Southeast Asia, Europe, and the United States.
🔸The number of attacks on IT companies is growing year after year. In most cases, IT companies are a springboard for supply-chain attacks aimed to compromise customers further.
More findings are in our report, which can be accessed by requesting Group-IB Threat Intelligence & Attribution demo -> https://bit.ly/3sbd6PU
#report #cybercrime #HTCT #scam #phishing
Group-IB presents the fifth volume of its Hi-Tech Crime Trends 2021/2022 report “Scams and Phishing: The epidemic of online fraud” ⚡️⚡️⚡️
👉We finally release the concluding part of our 5-volume Hi-Tech Crime Trends 2021/2022 report — “Scams and Phishing: The epidemic of online fraud.” In this paper, Group-IB’s CERT-GIB and Digital Risk Protection analysts analyze major scam campaigns, instruments used and threat actors’ infrastructure.
⚔️The COVID-19 pandemic was the main reason for the explosive growth of online scams. According to Group-IB’s data, fraud accounted for 74.5% of all online crimes in the first half of 2021. More than half (57%) of all cybercrimes were scams (a type of fraud in which victims voluntarily make payments or disclose their data), while phishing (theft of bank card data) accounted for just 17.5%.
📑Here are some other highlights and trends from our fresh report:
🔹 Group-IB specialists helped block more than 14,000 phishing resources hosted
on some 12,000 unique domains. About 20% of phishing websites were hosted on compromised legitimate resources.
🔹 Classiscam became one of the largest, longest, and most technically advanced hybrid scam campaigns in the world. As at the end of 2021, 70 active affiliate programs use this scheme, targeting more than 80 international brands from 36 countries.
🔹An increase in phishing targeting online services (16%) and social media (8%) has been recorded.
🔹The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams.
✅ More trends and forecasts for the development of online fraud are in our fresh report —> https://bit.ly/3GXLtOb
Group-IB presents the fifth volume of its Hi-Tech Crime Trends 2021/2022 report “Scams and Phishing: The epidemic of online fraud” ⚡️⚡️⚡️
👉We finally release the concluding part of our 5-volume Hi-Tech Crime Trends 2021/2022 report — “Scams and Phishing: The epidemic of online fraud.” In this paper, Group-IB’s CERT-GIB and Digital Risk Protection analysts analyze major scam campaigns, instruments used and threat actors’ infrastructure.
⚔️The COVID-19 pandemic was the main reason for the explosive growth of online scams. According to Group-IB’s data, fraud accounted for 74.5% of all online crimes in the first half of 2021. More than half (57%) of all cybercrimes were scams (a type of fraud in which victims voluntarily make payments or disclose their data), while phishing (theft of bank card data) accounted for just 17.5%.
📑Here are some other highlights and trends from our fresh report:
🔹 Group-IB specialists helped block more than 14,000 phishing resources hosted
on some 12,000 unique domains. About 20% of phishing websites were hosted on compromised legitimate resources.
🔹 Classiscam became one of the largest, longest, and most technically advanced hybrid scam campaigns in the world. As at the end of 2021, 70 active affiliate programs use this scheme, targeting more than 80 international brands from 36 countries.
🔹An increase in phishing targeting online services (16%) and social media (8%) has been recorded.
🔹The popularity of the scam-as-a-service model has led to scams scaling up on a global level and to a lower entry threshold for newbie-scammers with no real skills for conducting scams.
✅ More trends and forecasts for the development of online fraud are in our fresh report —> https://bit.ly/3GXLtOb
Group-IB
Hi-Tech Crime Trends 2021/2022. Uninvited Guests: The Sale of Access to Corporate Networks | Group-IB
Analysis of dark web forums to understand the sale of access to compromised infrastructure.
#interview #cybercrime #HTCT
Sergey Nikitin, the Chief Operating Officer of Group-IB Global HQ, joined Ausbiz Startup Daily🎙
In an interview with Elliot Hastie, the host of Ausbiz’s Daily Startup Show, Group-IB Global HQ COO Sergey Nikitin shares the main findings of Group-IB’s fresh Hi-Tech Crime Trends 2021/2022 report and takes you through the trends that are likely to rule over cybercrime scene this year.
Check it out-> https://www.ausbiz.com.au/media/startup-daily-friday-14-january-nfts-payments-and-flood-maps?videoId=18562
Sergey Nikitin, the Chief Operating Officer of Group-IB Global HQ, joined Ausbiz Startup Daily🎙
In an interview with Elliot Hastie, the host of Ausbiz’s Daily Startup Show, Group-IB Global HQ COO Sergey Nikitin shares the main findings of Group-IB’s fresh Hi-Tech Crime Trends 2021/2022 report and takes you through the trends that are likely to rule over cybercrime scene this year.
Check it out-> https://www.ausbiz.com.au/media/startup-daily-friday-14-january-nfts-payments-and-flood-maps?videoId=18562