-
Your daily source of cybersecurity news brought to you by one of the global industry leaders.
🎓 Have you ever dreamed of delving into the realm of threat actor activities, gaining real-life incident management experience, and assisting companies while you're still a student? We are excited to offer this opportunity by launching a joint Threat Intelligence and Defence Centre (TIDC) with Ngee Ann Polytechnic (NP)!
Housed at @ngeeannpoly, the first-ever TIDC in Singapore powered by Group-IB’s industry-leading cybersecurity solutions will prepare the students of the School of InfoComm Technology (ICT) to fight and proactively manage cyber threats.
NP is the only institute of higher learning in Singapore to receive Group-IB’s royalty-free academic license valued at $360,000.
Over the next 3 years, more than 200 students in NP’s Cybersecurity & Digital Forensics (CSF) course will be trained in intelligence collection and analysis, incident response, threat hunting, vulnerability assessment, and security monitoring.
Under the partnership, the TIDC will also help start-up partners at AGILE and Pollinate – NP’s on-campus and off-campus incubators – enhance their cyber resilience. The TIDC will be managed by final-year CSF students, who will take on the role of the start-ups’ security analysts.
Click here to learn more!
#Cybersecurity #ngeeannpoly #FutureDefenders #ThreatIntelligence
We’re all set to invite threat hunters to the battlefield!
Get ready for the "Hunting season: Group-IB 20th-anniversary CTF," where cybersecurity professionals will be challenged on 16 complex tasks that evaluate their ability to tackle modern cyber threats.
Developed by security experts, these CTF challenges will cover the entire response chain, from threat hunting to incident investigation.
Some serious skills will be put to the test and we’re excited to see candidates navigate these tasks and emerge victorious.🏆
You can access the registration link here; feel free to share it widely.
Let the hunt begin!💯
🙌 It's #CybersecurityAwarenessMonth, a perfect opportunity to brush up on ways to stay safe online. Take a look at our recommendations on how to minimize your cyber risks. Share it with your friends and colleagues, and #StayCybersafe!
#recommendations #CyberHygiene
It looks like a job for the Responsemen!
When cybersecurity incidents occur, companies often assume they know the exact cause. However, the obvious answer is not always the correct one.
While 66% of businesses believe they may come under an insider attack, insider threats impact over 34% of companies in fact. In a recent incident response case handled by Group-IB, the affected company thought they were a victim of an insider attack. Our Responsemen had to investigate further to uncover the real cause of the incident. What is it?
Read the full story in our blog to follow a more detailed incident response process and mitigation recommendations.
#cybersecurity #FightAgainstCyberCrime #IncidentResponse
Group-IB is proud to announce the signing of a memorandum of understanding with the UAE Cyber Security Council.
The agreement, signed by H.E. Mohammed Hamad Al Kuwaiti, the Head of the UAE Cyber Security Council, and Ashraf Koheil, Group-IB Regional Sales Director MEA, at #GITEXGlobal2023, sets out a pathway for both parties to cooperate closely on the development of technologies and knowledge sharing.
Learn more here.
#events #memorandum #UAE
🕵️♂️ Curious about the world of Incident Response?
Our new blog dives into untold stories of thwarting cyber threats, quick thinking, and high-tech solutions. Discover the secrets of threat intelligence! Check it out here.
#cyberseciruty #ThreatIntelligence #blog #CyberThreats
📱QR codes are everywhere nowadays, offering convenience at your fingertips, from restaurant menus to parking payments. But sometimes we underestimate the hidden dangers. Take a look at five key risks that scanning random QR codes can pose.
Share this with your friends and, as always, #StayCybersafe! For a deeper dive and recommendations on how to protect yourself, check out our Medium group-ib/why-is-everyone-talking-about-dangerous-qr-codes-lets-dot-the-i-s-and-cross-the-t-s-0c8c1a8394fe">post.
#cybersecurity #phishing #QRcodes #malware #fraud
New trojan alert!
Group-IB has discovered GoldDigger, a new Android Trojan targeting 50+ Vietnamese banking apps, e-wallets, and crypto wallets. Its goal? Swiping your funds.
What to know:
📌 Active since at least June 2023.
📌 Codenamed by Group-IB after “GoldActivity,” a specific Android activity found within the APK file.
📌 Pretends to be a Vietnamese tax portal and an energy company, with over 10 fake websites.
📌 The number of infected devices and the amount stolen remains unknown.
❗GoldDigger's advanced protection hinders malware analysis and detection, making it tough to trigger malicious activity in sandboxes or emulators. The most effective way to combat this is with client-side fraud protection solutions.
Get the full story here. For technical details, check out our blog.
#Cybersecurity #GoldDigger #Trojan #Android
🔒 Unlocking the secrets of Apple's Lockdown Mode
In the summer of 2022, Apple introduced a game-changing feature — Lockdown Mode📱. Designed to fend off the most sophisticated digital threats, it's like a fortress for your device. But it comes with some nuances…
🔗 Find out more in our latest Medium blog post!
Subscribe to our Medium blog for more insightful stories on cybersecurity. 🛡
#LockdownMode #AppleSecurity #ProsAndCons
Mining money must be funny. But not for cryptojacking victims.
Group-IB analysts discovered a hidden cryptojacking campaign on a popular website that receives over five million monthly visits. The threat actors had set up a script that installed malware on each visitor's computer, enabling them to download a cryptocurrency miner. While this software may seem relatively harmless, it can also be used to download and activate more destructive and dangerous programs.
Our latest blog post provides a detailed account of how we discovered and researched this cybercriminal campaign using Group-IB Managed XDR — an innovative solution designed for 24/7 threat monitoring, threat hunting, and countering attacks in real time.
Follow the link to get the details.
#Cybersecurity #FightAgainstCybercrime #cryptojacking #Infosecurity #crypto
What a day to hunt for...cyber threats!
Group-IB presents a second edition of Hunting Rituals, a blog series that explores hunting techniques using one of the most effective solutions on the market — Group-IB MXDR. In this latest installment, we're taking a closer look at methods to spot the abuse of Windows Services.
Our new post focuses on hunting for process command line artifacts of service creation and hunting for registry artifacts of service creation, as they both go hand in hand. This time, we tested two hypotheses. One is obvious and allows us to avoid filtering massive data sets. The other creates more noise but enables us to unmistakably identify service creation events regardless of the tool or method used to create the service.
Follow our guide to see which approach brings more value and recreate the hunting process.
#ThreatHunting #MITREattackframework #WindowsService #huntorbehunted
Looking for quick reads about cybersecurity? Then look no further: our revamped Medium account packs our research, discoveries, and more into easy-to-read pieces for you to enjoy!
Check out our latest post about a threat actor called W3LL to see what can be behind a phishing email and glimpse into a clandestine marketplace for a closed community of hackers. We’ve recently published a very detailed report about that, but if you just have 4 minutes, our Medium is the perfect source to put you in the loop!
Group-IB Trio Excels🏆
We are thrilled to announce that Anastasia Tikhonova, Head of Advanced Persistent Threats (APT) Research in Thailand, Jennifer Soh, Senior Cyber Investigation Specialist and Vesta Matveeva, APAC Head of Cyber Crime Investigation in Singapore have been named among the 30 finalists of the Top Women in Security ASEAN Region 2023 Awards! 🎉
In addition to their inclusion in the prestigious Top 30 list, Anastasia, a first-time finalist, was also honored with a Security Researcher Award. Vesta accomplished a remarkable achievement by winning in four categories: Security Professional Ambassador, CyberSecurity Award, Top Woman in Security in the ASEAN Region, and the esteemed country award for Singapore.
The initiative aims to recognize the achievements of women who have made significant strides in enhancing the security industry across the ASEAN Region.
#FightAgainstCybercime #Cybersecurity #topwomeninsecurityASEAN
W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365
Group-IB’s newest threat report is now live! Meet W3LL — a threat actor behind a phishing empire that has remained largely unknown until now.
What’s inside the report?
📌W3LL’s history since 2017
📌Examination of W3LL Store, a hidden underground market that serves a closed community of threat actors
📌Analysis of W3LL’s major weapon, W3LL Panel, one of the most advanced phishing kits in its class, along with a rundown of the threat actor’s 16 other fully customized tools for BEC attacks
📌W3LL Store’s estimated turnover for the last 10 months amounted to at least $500,000
Download the report “W3LL done: Hidden Phishing Ecosystem Driving BEC Attacks” for more insights into W3LL’s business, a list of Indicators of Compromise as well as YARA rules that can be used to hunt and detect W3LL Panel phishing pages.
#FightAgainstCybercrime #Phishing #W3LL
⚡️New hierarchy, heightened threat: Classiscam’s sustained global campaign
Uncovered by Group-IB, Classiscam is ascam-as-a-service operation active since 2019. This highly effective scheme designed to steal money, payment data, and bank login credentials from unsuspecting users has truly gone global. Now, Classiscam has spread to 79 countries, and financial losses are estimated to exceed USD $64.5 million.
📌 Group-IB analyzed information pertaining to 393 Classiscam groups that combined had more than 38,000 members.
📌 251 unique brands have been impersonated on Classiscam phishing pages
📌 Core targets for impersonation include logistics companies, classified sites and bank transfer services
📌 The average amount lost by Classiscam victims worldwide was $353
📌 Classiscam will likely remain one of the major global scams throughout 2023 due to its full automation and low technical barrier of entry
Want to learn more about Classiscam? Check out our new blog!
#Classiscam #FightAgainstCybercrime #Scam
🎉 Celebrating 20 years of fighting cybercrime! 🎉
In 2003, we started off as a Digital Forensics and Incident Response (DFIR) and cyber investigations company aspiring to become a formidable force against digital crime.
We’ve transformed this aspiration into reality. Unique insights into attackers enabled us to create a product and service ecosystem reliant on battle-tested human expertise and two decades of investigative and incident response experience. Throughout these years, one thing has remained unchanged: our core mission of fighting against cybercrime.
We’ve established a global network of Digital Crime Resistance Centers (DCRC) that spreads across the Middle East & Africa, APAC, and Europe. Built upon the foundation of 1,400+ successful investigations in 60 countries and 70,000+ hours dedicated to countering threats, DCRCs help us strengthen our contribution to global cybercrime prevention, defend businesses, communities, and support operations against cybercrime.
We take pride in the tangible real-life impact of our work, driving us forward to innovate and continue our mission with excellence. As we mark our 20th anniversary, we celebrate the defining values. We stand resolute in our commitment to battling against digital crime.
None of this would have been possible without our amazing team and the trust of our clients and partners. A heartfelt thanks to you all for being part of our journey. Here's to many more years of innovation and success ahead! 🚀
#GroupIB20Years #Cybersecurity #Anniversary
🙌 Honored to receive recognition from the Singapore Police Force (SPF) for the second year in a row!
Scams are on the rise in Singapore. In 2021, they accounted for over 50% of reported crimes, and the numbers continued to rise in 2022, resulting in losses totalling to SGD 660.7 million, according to SPF.
Our partnership has been instrumental in addressing this growing threat. We've actively shared knowledge, provided training, and engaged in investigative cooperation.
We're committed to building a trusted and secure cyber environment in Singapore, and our collaboration with SPF is a testament to our dedication to this cause. Together, we can make the digital world a safer place! 💪
Check our press release for more details.
#Cybersecurity #SingaporePoliceForce #Partnership #CybercrimeFight
Group-IB's Threat Intelligence team continues to monitor the cyberthreat landscape amidst the Middle East conflict. Check out what Week 2 (October 16-22) reveals:
🔹 Group-IB researchers identified 649 DDoS and website defacement attacks, confirming with moderate confidence.
🔹 A 3.3% decrease in the number of DDoS and defacement attacks compared to Oct. 9 – Oct. 15.
🔹 DDoS attacks decreased by 8.3%, while defacement attacks saw a slight 0.25% increase.
🔹 On Tuesday, October 17, hacktivist attacks peaked with 155 registered.
Find more details in our blog.
#CTI_ISRPAL #Cybersecurity #MiddleEastConflict #ThreatIntelligence
Group-IB is delighted to announce the signing of a memorandum of understanding with CPX, a leading provider of digital-first cybersecurity solutions and services, at GITEX Global 2023. This partnership will bolster cybersecurity benchmarks by strengthening the services offering available for organizations in the UAE. Together, we will make the cyber world a safer place! 🙌
#partnership #events #memorandum #GITEXGlobal2023 #UAE
🔍 Exploring cyber activity in the Middle East conflict
In times of turmoil, hacktivism surges. The ongoing Middle East conflict is no exception.
Group-IB's Threat Intelligence team has been vigilantly tracking the activities of cyber threat actors in this tense climate. Here's what Week 1 unveiled:
▪️ Hacktivists take center stage and coordinate their attacks through Telegram.
▪️ Over 740 DDoS & Website Defacement attacks identified between Oct 7-15, adding to the digital turmoil.
▪️ Key Targets: government sites, IT companies, financial institutions, telecoms, media, and retail are in the crosshairs.
Dig deeper into the story on our blog.
#CyberSecurity #CTI_ISRPAL #overview #ThreatIntelligence
🙌 We're excited to be part of GITEX Global 2023, the Middle East's premier tech expo from Oct 16-20. Partnered with Tech First Gulf, a leading value-added distributor in the MEA region, you can find us at Hall 2, H2-B10.
Discover our cutting-edge cybersecurity solutions, including #ManagedXDR, #ThreatIntelligence, and more.
For details, check out our press release.
Don't miss it! See you at #GITEXGlobal2023.
#Cybersecurity #Events #Dubai #TechFirstGulf
🏆 We're thrilled to announce that Group-IB has won the prestigious 2023 Benelux Outstanding Security Performance Award (OSPA) for Outstanding Police/Law Enforcement Initiative!
Our dedicated High-Tech Crime Investigations team in Europe has been recognized for their relentless efforts in combating cybercrime, particularly in cracking down on compromised credit card data on the dark web.
The award was presented to Dmitry Tunkin, Group-IB’s Chief Regional Officer, Europe, during a ceremony held in the Dutch city of Breda last week.
We also celebrate Martijn van den Berk, our Cyber Threat Intelligence Analyst, who has been nominated as a finalist for the Outstanding Young Security Professional honor.
Congratulations to Dmitry and Martijn for their outstanding contributions to this achievement! 👏
Learn more here.
#Cybersecurity #OSPA #LawEnforcement #CybercrimeFighters
Security Lab is a European #NetworkSecurity provider and a go-to cyber defense advisor that applies a comprehensive approach to cybersecurity. The company boasts its own #SOC, which offers customers top-notch security services and incident response assistance.
To complement the expertise of its analysts, the Security Lab adopted the Group-IB Managed XDR solution for managed detection and response services. Learn more about the partnership and its business outcomes in our booklet.
#ManagedXDR #Cybersecurity #Infosecurity #FightAgainstCybercrime
❕New global ransomware threat uncovered
ShadowSyndicate, has been uncovered as a powerful Ransomware-as-a-Service (RaaS) affiliate through a joint investigation by Group-IB, Bridewell and independent researcher Michael Koczwara. This research was conducted as part of Group-IB's new Cybercrime Fighters Club program, an innovative initiative that fosters collaborative knowledge exchange and joint cybersecurity research.
Key findings:
🔸 Active since July 2022, ShadowSyndicate has left its mark across 13 countries with SSH fingerprints on 85 servers.
🔸 ShadowSyndicate is strongly believed to have leveraged three ransomware families — Quantum, Nokoyawa, ALPHV, and researchers have identified potential links to four more.
🔸 Strong suspicions of employing IcedID and Matanbuchus malware for system infiltrations.
🔸 ShadowSyndicate frequently utilized off-the-shelf tools like Cobalt Strike and Sliver in their attacks.
👉 Learn more here
#ShadowSyndicate #Ransomware #CybercrimeFightersClub #NewReport
📖 Knowledge is power!
Group-IB is delighted to announce the opening of an innovative education hub at our Dubai-based Digital Crime Resistance Center. At the Group-IB Training Center, our world-renowned experts will deliver a high-quality, analyst-led cybersecurity training and simulation experience that will upskill cybersecurity and IT professionals in the Middle East and Africa (MEA) region.
To find out more about our training programs in the UAE, check out our new post!
#Education #Knowledge #FightAgainstCybercrime #Cybersecurity
Strong network security hinges on staying informed about high-risk threats, potential adversaries, their attack tactics, and more.
This proved to be a critical gap for a leading global tier-1 bank that Group-IB helped address.
Want to know how? Read the compelling case study where our Threat Intelligence (TI) helped the bank transform its defenses.
Impressed by the effectiveness of TI, they wanted to take their cybersecurity to the next level with us. So, we introduced Digital Risk Protection (DRP) and Attack Surface Management (ASM).
Group-IB CERT, too, brought their exceptional monitoring and takedown capabilities into the mix.
Check out the case study and read all about it! 🌐🛡️🚀
What's even more terrifying than experiencing a cyber attack? Being unprepared with no action plan to fight it.
We can’t stress enough how important having an incident response strategy is, but our CEO, Dmitry Volkov can and did! Dmitry recently shared his valuable insights on how organizations can take their incident response to the next level to unlock opportunities for growth and resilience.
We discuss cyber threats, readiness-building, and examples of how Group-IB’s team of incident response experts assist businesses in navigating the challenges of cyber incidents.
Read all that Dmitry Volkov had to say here.
📉 Sometimes the promise of fast, easy money can be too tempting
Group-IB has uncovered a new fake investment scam with a devastating global reach. The scheme, which burst into life in June 2022, sees cybercriminals leverage a host of social engineering techniques to convince users, who are bombarded with messages claiming of significant dividends, to deposit funds into an investment portal.
In the end, the victims will get no return on their “investment”.
🔸The cybercriminals leveraged more than 850 scam pages throughout the campaign to date
🔸They created new Facebook advertisements on a daily basis that appropriated the brand and likeness of 35 global, well-recognized companies to link to their scam pages
🔸Group-IB estimates that financial losses from this scam between March and June 2023 could reach $280,000
To find out more about this scam campaign and get recommendations on how to defend yourself from the grasp of scammers, read the latest Group-IB blog post.
#FightAgainstCybercrime #Scam
As jet-setters look to unlock airline rewards, it increases their susceptibility to loyalty fraud!
In 2022, 75+ airlines got swindled, involving over 2,000 malicious actors🧑💻. The airline industry is already taking the hit – financial loss, reputation damage, and receding customers’ trust.
In our new blog, learn how scammers execute fraud schemes, from fake support to giveaways, fake booking payments, in-flight scams, employee account phishing, loyalty program attacks, and more.
💡 To address the growing challenge, Group-IB experts strongly advise airline brands to educate their customers.
✈️ Furthermore, to strengthen defenses, explore how Group-IB Fraud Protection and Digital Risk Protection offer advanced fraud detection and prevention capabilities
🏆Group-IB’s Managed XDR wins prestigious Red Dot design award
That winning feeling! Group-IB is delighted to announce that its Managed XDR solution has won a prestigious Red Dot Design Award in the category of Interface & User Experience Design. This honor recognizes user-friendly and innovative design of this highly advanced product that empowers companies to see and respond to all the threats targeting their infrastructure.
Managed XDR is one of Group-IB’s flagship products, created to give companies full control over their cybersecurity by identifying threats in real time and facilitating immediate response by centralizing, correlating, and analyzing all endpoints.
To find out more about the award-winning design of Managed XDR, check out the Group-IB website!
#MXDR #Cybersecurity #RedDot #FightAgainstCybercrime