✉️ The Group-IB Computer Emergency Response Team has analyzed malicious email campaigns detected by Group-IB Managed XDR in Q4 2022. Here are the highlights:
▪️Archives remained the primary pathway for malware delivery, although the proportion of campaigns that used this vector fell compared to Q3.
▪️In Q4 2022, the top 3 widely used malware in phishing emails were SnakeKeylogger, AgentTesla, and FormBookFormgrabber. They accounted for 67% of all malicious email campaigns in Q3 2022. In 2023, stealers will remain one of the top cyber threats.
▪️Threat actors most often used hosting providers located in the United States, Netherlands, and Germany to host their C2 servers. 45% of phishing websites were hosted on .com domains.
#CERT #MXDR
▪️Archives remained the primary pathway for malware delivery, although the proportion of campaigns that used this vector fell compared to Q3.
▪️In Q4 2022, the top 3 widely used malware in phishing emails were SnakeKeylogger, AgentTesla, and FormBookFormgrabber. They accounted for 67% of all malicious email campaigns in Q3 2022. In 2023, stealers will remain one of the top cyber threats.
▪️Threat actors most often used hosting providers located in the United States, Netherlands, and Germany to host their C2 servers. 45% of phishing websites were hosted on .com domains.
#CERT #MXDR
🔥10👍3
🐍 Old snake, new skin.
Group-IB Threat Intelligence team uncovered a previously undocumented spear phishing campaign carried out by the nation-state cyber threat actor SideWinder between June and November 2021. For the first time, Group-IB researchers confirmed the links between the SideWinder, Baby Elephant, and Donot APT groups and described the entire arsenal of the cyberespionage group, including newly discovered tools. What else?
▪️SideWinder has been systematically attacking government organizations in South and East Asia for espionage purposes for about 10 years.
▪️The attackers attempted to target 61 government, military, law enforcement, and other organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka.
▪️Group-IB specialists analyzed SideWinder’s network infrastructure and found numerous phishing resources, including a spear-phishing project targeting the crypto industry.
▪️Among the newly discovered tools were SideWinder.RAT.b (a remote access Trojan) and SideWinder.StealerPy, which is a custom information stealer written in Python designed to exfiltrate information collected from the victim’s computer.
Curious to know more? Download Group-IB’s new report "Old snake, new skin: Analysis of SideWinder APT activity between June and November 2021". The report contains YARA rules for hunting the group and a table with the group’s TTPs (Tactics, Techniques, and Procedures) mapped to the MITRE ATT&CK® matrix, providing all the information companies and organizations needed to update their security controls to detect SideWinder. Download👈
#APT #SideWinder
Group-IB Threat Intelligence team uncovered a previously undocumented spear phishing campaign carried out by the nation-state cyber threat actor SideWinder between June and November 2021. For the first time, Group-IB researchers confirmed the links between the SideWinder, Baby Elephant, and Donot APT groups and described the entire arsenal of the cyberespionage group, including newly discovered tools. What else?
▪️SideWinder has been systematically attacking government organizations in South and East Asia for espionage purposes for about 10 years.
▪️The attackers attempted to target 61 government, military, law enforcement, and other organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka.
▪️Group-IB specialists analyzed SideWinder’s network infrastructure and found numerous phishing resources, including a spear-phishing project targeting the crypto industry.
▪️Among the newly discovered tools were SideWinder.RAT.b (a remote access Trojan) and SideWinder.StealerPy, which is a custom information stealer written in Python designed to exfiltrate information collected from the victim’s computer.
Curious to know more? Download Group-IB’s new report "Old snake, new skin: Analysis of SideWinder APT activity between June and November 2021". The report contains YARA rules for hunting the group and a table with the group’s TTPs (Tactics, Techniques, and Procedures) mapped to the MITRE ATT&CK® matrix, providing all the information companies and organizations needed to update their security controls to detect SideWinder. Download
#APT #SideWinder
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍2
📦 What happens when you combine ransomware with information stealers, remote access Trojans, and other malware in one easy-to-download package?
Dubai-based researchers from Group-IB’s Digital Forensics and Incident Response (DFIR) team found that malicious actors, instead of simply infecting a computer with ransomware, have taken to packaging a whole host of malicious files into what we call malware bundles.
Malware bundles have been around for a while, but their recent usage by cybercriminals reveals some interesting trends. First, it highlights how threat actors, with their ever-growing appetite for cash, create new approaches for monetization. Secondly, their usage can reveal insights into the interactions between low-skilled threat actors and their more sophisticated counterparts. An entry-level cybercriminal can leverage a malware bundle to gain access to a single computer, but they are also able to sell this access to a more-skilled threat actor who is able to move laterally from a single device to an entire corporate network.
Check out our latest blog post to get the insights from our investigations into affected companies in Egypt, South Africa, Saudi Arabia, Turkey, Morocco, UAE, Kenya, Israel, Pakistan, India, and Germany. We discuss channels of delivery, malware attribution, tactics, techniques and procedures (TTPs), and bundled parts and roles, all in reference to the MITRE ATT&CK® (Adversarial Tactics, Techniques & Common Knowledge) framework, in order to detail how the cybercriminals gained initial access and secured persistence. Read now👈
#ransomware
Dubai-based researchers from Group-IB’s Digital Forensics and Incident Response (DFIR) team found that malicious actors, instead of simply infecting a computer with ransomware, have taken to packaging a whole host of malicious files into what we call malware bundles.
Malware bundles have been around for a while, but their recent usage by cybercriminals reveals some interesting trends. First, it highlights how threat actors, with their ever-growing appetite for cash, create new approaches for monetization. Secondly, their usage can reveal insights into the interactions between low-skilled threat actors and their more sophisticated counterparts. An entry-level cybercriminal can leverage a malware bundle to gain access to a single computer, but they are also able to sell this access to a more-skilled threat actor who is able to move laterally from a single device to an entire corporate network.
Check out our latest blog post to get the insights from our investigations into affected companies in Egypt, South Africa, Saudi Arabia, Turkey, Morocco, UAE, Kenya, Israel, Pakistan, India, and Germany. We discuss channels of delivery, malware attribution, tactics, techniques and procedures (TTPs), and bundled parts and roles, all in reference to the MITRE ATT&CK® (Adversarial Tactics, Techniques & Common Knowledge) framework, in order to detail how the cybercriminals gained initial access and secured persistence. Read now
#ransomware
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍3
🤝 Group-IB is pleased to announce that it has signed a partnership agreement with Pacific Tech, a value-added distributor of cybersecurity solutions. This marks the first distributorship for Group-IB in Singapore, with Pacific Tech to be responsible for providing Group-IB's entire suite of products and services for preventing and investigating cybercrime within the Southeast Asian region, specifically in Singapore, Malaysia, Indonesia, Brunei, Cambodia, Thailand, and Myanmar.
To help local companies better manage the growing risk of cyber-attacks more efficiently, Group-IB partners up with Pacific Tech, built on the back of an experienced and proven product management and distribution workforce. Pacific Tech team will distribute Group-IB’s Unified Risk Platform – an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface.
More details👈
#partnership
To help local companies better manage the growing risk of cyber-attacks more efficiently, Group-IB partners up with Pacific Tech, built on the back of an experienced and proven product management and distribution workforce. Pacific Tech team will distribute Group-IB’s Unified Risk Platform – an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface.
More details👈
#partnership
🔥8👍6❤1🏆1
Want to learn how to monitor for IS incidents, detect threats, eliminate false positives, and perform initial incident response? Register for the "Blue Team Analyst" training course by Group-IB!
In three days, you’ll know how to:
▪️Monitor all solutions to ensure that the organization is secure;
▪️Quickly assess security incidents and determine the main features of a cyberattack;
▪️Support threat intelligence and threat hunting processes.
It's time to enhance your skills! Register now👈
#education
In three days, you’ll know how to:
▪️Monitor all solutions to ensure that the organization is secure;
▪️Quickly assess security incidents and determine the main features of a cyberattack;
▪️Support threat intelligence and threat hunting processes.
It's time to enhance your skills! Register now
#education
Please open Telegram to view this post
VIEW IN TELEGRAM
❤7👍2🔥2
Today we have big news! Group-IB has announced its plans to open a Digital Crime Resistance Center in Thailand. Moreover, at a press conference held in Bangkok, the company signed a strategic partnership agreement with nForce (SECURE), Thailand's top cybersecurity-focused value-added distributor🤝
“We are excited to partner with nForce, which has a great reputation in the Thai market and will help us expand our footprint in the region. Group-IB’s Digital Crime Resistance Center and this partnership are significant steps forward in extending our global mission of fighting cybercrime to Thai shores. We believe that together with nForce we will build an incident response team of passionate professionals committed to creating safer cyberspace”, Dmitry Volkov, CEO of Group-IB, said.
Check out our website for more details👈
#partnership
“We are excited to partner with nForce, which has a great reputation in the Thai market and will help us expand our footprint in the region. Group-IB’s Digital Crime Resistance Center and this partnership are significant steps forward in extending our global mission of fighting cybercrime to Thai shores. We believe that together with nForce we will build an incident response team of passionate professionals committed to creating safer cyberspace”, Dmitry Volkov, CEO of Group-IB, said.
Check out our website for more details
#partnership
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12❤3👍3🏆3
GISEC Global 2023 was 🔥
Group-IB was excited to be part of the Middle East’s largest and most impactful cybersecurity event, which brought together the leading cybersecurity brands and experts!
With cyber threats evolving, it's vital to share knowledge, develop best practices, boost cyber resilience and contribute to the global fight against cybercrime. The Group-IB team was happy to share our fresh insights and show how our products can help you stay ahead of cybercriminals.
#GISECGlobal #FightAgainstCybercrime
Group-IB was excited to be part of the Middle East’s largest and most impactful cybersecurity event, which brought together the leading cybersecurity brands and experts!
With cyber threats evolving, it's vital to share knowledge, develop best practices, boost cyber resilience and contribute to the global fight against cybercrime. The Group-IB team was happy to share our fresh insights and show how our products can help you stay ahead of cybercriminals.
#GISECGlobal #FightAgainstCybercrime
🔥24👍2🏆1
We are happy to announce that Group-IB has been awarded a Cybersecurity Service Provider License. The license issued by the Cybersecurity Services Regulation Office of Singapore (CSRO) enables Group-IB to provide Penetration Testing and Managed Security Operations Centre (SOC) Monitoring Services.
To obtain a license, Group-IB went through a rigorous 6-month evaluation process that involved demonstrating its high level of experience and technological capabilities in providing pentesting and managed Security Operations Centre monitoring services. The licensing process also evaluated the company services’ compliance with Singapore’s Cybersecurity Act which limits the provision of such services to licensed entities.
Check out our website for more details👈
#FightAgainstCybercrime
To obtain a license, Group-IB went through a rigorous 6-month evaluation process that involved demonstrating its high level of experience and technological capabilities in providing pentesting and managed Security Operations Centre monitoring services. The licensing process also evaluated the company services’ compliance with Singapore’s Cybersecurity Act which limits the provision of such services to licensed entities.
Check out our website for more details
#FightAgainstCybercrime
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3❤1🏆1
👨💻The job hunt can be an extremely trying experience at the best of times, and a fake job scam campaign doesn't make it easier.
Fake job vacancies are one type of scam that is growing in visibility in the Middle East and Africa region. Group-IB’s Digital Risk Protection uncovered more than 2,400 scam pages on Facebook advertising fake jobs for Arabic speakers. On these pages, scammers spoofed more than 40 of the MEA region’s largest enterprises and published vacancies offering salaries that are too good to be true; a social engineering ploy that aims to get the victims to interact with the post. The eventual goal of the threat actors is the theft of the user’s social network account credentials.
Check out our fresh blog post to get more details on this scam scheme as well as recommendations for users and companies. Read👈
#scam
Fake job vacancies are one type of scam that is growing in visibility in the Middle East and Africa region. Group-IB’s Digital Risk Protection uncovered more than 2,400 scam pages on Facebook advertising fake jobs for Arabic speakers. On these pages, scammers spoofed more than 40 of the MEA region’s largest enterprises and published vacancies offering salaries that are too good to be true; a social engineering ploy that aims to get the victims to interact with the post. The eventual goal of the threat actors is the theft of the user’s social network account credentials.
Check out our fresh blog post to get more details on this scam scheme as well as recommendations for users and companies. Read👈
#scam
👍7❤3🔥2