#CERTfin #Italy #ABIlab #threatintelligence #cybersecurity
Group-IB to support CERTFin in guarding Italian financial sector
Group-IB has become a technological partner and cybersecurity advisor to ABI Lab, the Italian research and innovation centre for the banking sector comprising of 120 Banks and 70 ICT companies, promoting the innovation and digitalisation of the whole Italian financial and insurance backbone.
Due to its battle-tested competence and experience in disrupting cybercrime in more than 60 countries, Group-IB was also selected as a provider of cyber threat intelligence for CERTFin. Led by the Bank of Italy, ABI (Italian Banking Association) and run by ABI Lab, CERTFin acts as a central hub for the exchange of operational and strategic information about cyber threats for Italy’s entire financial sector.
Leveraging its trademark Threat Intelligence & Attribution system, used by Europe’s leading banks, Group-IB will be entrusted with providing CERTFin with insights into:
📍phishing and scam campaigns carried out by cybercriminals
📍attempts to sell data stolen from local financial institutions,
📍sudden interest in purchasing accesses to potentially compromised networks
📍insight on current threats and dark web trends which could jeopardise the operations of the entities supported by CERTFin
For more details ➡️ https://bit.ly/3D4i8RH
Group-IB to support CERTFin in guarding Italian financial sector
Group-IB has become a technological partner and cybersecurity advisor to ABI Lab, the Italian research and innovation centre for the banking sector comprising of 120 Banks and 70 ICT companies, promoting the innovation and digitalisation of the whole Italian financial and insurance backbone.
Due to its battle-tested competence and experience in disrupting cybercrime in more than 60 countries, Group-IB was also selected as a provider of cyber threat intelligence for CERTFin. Led by the Bank of Italy, ABI (Italian Banking Association) and run by ABI Lab, CERTFin acts as a central hub for the exchange of operational and strategic information about cyber threats for Italy’s entire financial sector.
Leveraging its trademark Threat Intelligence & Attribution system, used by Europe’s leading banks, Group-IB will be entrusted with providing CERTFin with insights into:
📍phishing and scam campaigns carried out by cybercriminals
📍attempts to sell data stolen from local financial institutions,
📍sudden interest in purchasing accesses to potentially compromised networks
📍insight on current threats and dark web trends which could jeopardise the operations of the entities supported by CERTFin
For more details ➡️ https://bit.ly/3D4i8RH
Group-IB
Group-IB to support CERTFin to guard Italian financial sector
Group-IB, one of the global cybersecurity leaders headquartered in Singapore, has recently become a technological partner and cybersecurity advisor to ABI Lab, the Italian research and innovation centre for the banking sector comprising of 120 Banks and 70 ICT…
🔥7👍2❤1
#Scam #Singapore #DRP
Group-IB unveils three groups of fraudsters behind delivery scams in Singapore
Delivery scams in Singapore are on the rise. Since August 2021, more than 93 victims had fallen prey to such scams, with losses amounting to at least $140,000, according to the Singapore Police Force.
In 2021, Group-IB Digital Risk Protection team identified close to 150 domains mimicking postal brands from Singapore. Further research revealed three groups of scam actors utilising distinct noscripts, distribution channels, and infrastructure for their fraudulent operations:
📍Group 1 demonstrated a scam alert that said "Phishing websites impersonating SingPost are using fake said notices and text messages to extract personal data"
📍Group 2 delivered a Trojan through their scam websites
📍Group 3 figured out a way to bypass OTP verification
Check out our fresh blog post to learn more ➡️ https://bit.ly/3JOFf53
Group-IB unveils three groups of fraudsters behind delivery scams in Singapore
Delivery scams in Singapore are on the rise. Since August 2021, more than 93 victims had fallen prey to such scams, with losses amounting to at least $140,000, according to the Singapore Police Force.
In 2021, Group-IB Digital Risk Protection team identified close to 150 domains mimicking postal brands from Singapore. Further research revealed three groups of scam actors utilising distinct noscripts, distribution channels, and infrastructure for their fraudulent operations:
📍Group 1 demonstrated a scam alert that said "Phishing websites impersonating SingPost are using fake said notices and text messages to extract personal data"
📍Group 2 delivered a Trojan through their scam websites
📍Group 3 figured out a way to bypass OTP verification
Check out our fresh blog post to learn more ➡️ https://bit.ly/3JOFf53
👍1
#Spring4Shell #SpringShell #CVE
🍃Spring into action: what we know about Spring4Shell so far?
Group-IB experts explain what a newly discovered vulnerability in the popular Spring Framework is, and what it is not.
Read our latest blog to learn:
🔻How critical SpringShell is
🔻How it is different from previously disclosed Spring CVEs
🔻Who is at risk
🔻How to detect and mitigate it with Group-IB
🔻What are the DarkWeb discussions around Spring4Shell
➡️ https://bit.ly/3tUn3RZ
Stay tuned for updates!
🍃Spring into action: what we know about Spring4Shell so far?
Group-IB experts explain what a newly discovered vulnerability in the popular Spring Framework is, and what it is not.
Read our latest blog to learn:
🔻How critical SpringShell is
🔻How it is different from previously disclosed Spring CVEs
🔻Who is at risk
🔻How to detect and mitigate it with Group-IB
🔻What are the DarkWeb discussions around Spring4Shell
➡️ https://bit.ly/3tUn3RZ
Stay tuned for updates!
👍3
#Scam #Crypto #CERT #DRP
The Wrong Vitalik.
Crypto scammers make off with $1.6 million in yet another fake YouTube giveaway
🔍Between February 16 and 18, Group-IB DRP and CERT teams detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and other) from legitimate events to create fraudulent streams.
One such stream featuring footage of Vitalik Buterin attracted more than 165,000 viewers who were promised that their crypto savings would be doubled in real time. In the stream denoscription, the scammers spread the links to the websites with instructions on how double crypto investments.
🕸Group-IB experts identified 29 interconnected fake websites. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 connected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.
💰In total, 30 crypto wallets controlled by the scammers received received 281 transactions in total amounting to more than $1,680,000 within three days of monitoring.
More details in our fresh research: https://bit.ly/371YNVu
The Wrong Vitalik.
Crypto scammers make off with $1.6 million in yet another fake YouTube giveaway
🔍Between February 16 and 18, Group-IB DRP and CERT teams detected 36 fraudulent YouTube streams promising immediate high returns on cryptocurrency investments.
The scammers used the footage of famous entrepreneurs and crypto enthusiasts (Elon Musk, Brad Garlinghouse, Michael J. Saylor, Changpeng Zhao, and Cathie Wood and other) from legitimate events to create fraudulent streams.
One such stream featuring footage of Vitalik Buterin attracted more than 165,000 viewers who were promised that their crypto savings would be doubled in real time. In the stream denoscription, the scammers spread the links to the websites with instructions on how double crypto investments.
🕸Group-IB experts identified 29 interconnected fake websites. Further analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 connected resources all set up in the first quarter of 2022. Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year.
💰In total, 30 crypto wallets controlled by the scammers received received 281 transactions in total amounting to more than $1,680,000 within three days of monitoring.
More details in our fresh research: https://bit.ly/371YNVu
Group-IB
Scammers make off with $1.6 million in crypto
Fake giveaways hit bitcoiners again. Now on YouTube
#Darknet #RaidForums #ThreatIntelligence
Future of market for stolen data doesn’t seem too bleak after RaidForums takedown
🕵️♀️Yesterday, the US Department of Justice announced the takedown of RaidForums, one of the most popular underground forums for hackers selling and buying personal records. As a result of the joint international operation dubbed TOURNIQUET, involving Europol and law enforcement agencies from 6 countries, the forum’s alleged administrator and two accomplices have been arrested.
Founded in 2015, RaidForums quickly became a one stop shop for compromised personal information, such as SSN, account credentials, names, email and other PII. RaidForums had more than 500,000 users at its peak. Thousands of stolen databases were posted on Raid every month both for free and for purchase.
The official announcement did not come until last night, even though the alleged administrator, a 21 year old citizen of Portugal, Diogo Santos Coelho (aka Omnipotent, Downloading, Shiza, and KevinMaradona), had been arrested in the UK on January 31. Nevertheless, experiencing outages occasionally, the forum continued its work until April when a seizure banner appeared on its home page.
Last days of RaidForums
According to Group-IB Threat Intelligence, at the end of January, a dedicated Telegram chat informed the users of RaidForums that Omnipotent, the forum’s administrator, would go on holiday from January 31. A few days later, on February 7, the forum went down for the first time since January 31. The outage could have allegedly been caused by the law enforcement actions.
🦁Unlike the forum, which resumed operation on February 12, Omnipotent never appeared online again. While the forum was down, the users started to come up with their own different version of what happened. Some assumed that Omnipotent could have been arrested by the authorities, the admins had their own version that Omnipotent had been attacked by a mountain lion and ended up in hospital.
The forum stopped working properly again on February 25. Instead of forum threads the users would only see the login form that would always show an error. Initially, some users assumed that the outage was due to the fact that the forum team had voiced their support to Ukraine and promised to block all the account holders with Russian IPs. Two days later, however, it was confirmed that the forum had been seized by the law enforcement authorities. The RaidForums’ admins posted the message about the takedown in their Telegram channel. All the messages in the chat were deleted shortly after.
What's next?
📈Group-IB’s head of cybercrime research, Oleg Dyorov, believes that it will not take long until the RaidForums’ successors make their presence felt. “When it became clear that RaidForums would not come back, one of the forum old-timers, Pompompurin, announced a new project, almost a complete copy of Raid, and invited the users to join. The market is recovering and many buyers and sellers known to us have already switched over to a new forum to continue illicit operations.”
Future of market for stolen data doesn’t seem too bleak after RaidForums takedown
🕵️♀️Yesterday, the US Department of Justice announced the takedown of RaidForums, one of the most popular underground forums for hackers selling and buying personal records. As a result of the joint international operation dubbed TOURNIQUET, involving Europol and law enforcement agencies from 6 countries, the forum’s alleged administrator and two accomplices have been arrested.
Founded in 2015, RaidForums quickly became a one stop shop for compromised personal information, such as SSN, account credentials, names, email and other PII. RaidForums had more than 500,000 users at its peak. Thousands of stolen databases were posted on Raid every month both for free and for purchase.
The official announcement did not come until last night, even though the alleged administrator, a 21 year old citizen of Portugal, Diogo Santos Coelho (aka Omnipotent, Downloading, Shiza, and KevinMaradona), had been arrested in the UK on January 31. Nevertheless, experiencing outages occasionally, the forum continued its work until April when a seizure banner appeared on its home page.
Last days of RaidForums
According to Group-IB Threat Intelligence, at the end of January, a dedicated Telegram chat informed the users of RaidForums that Omnipotent, the forum’s administrator, would go on holiday from January 31. A few days later, on February 7, the forum went down for the first time since January 31. The outage could have allegedly been caused by the law enforcement actions.
🦁Unlike the forum, which resumed operation on February 12, Omnipotent never appeared online again. While the forum was down, the users started to come up with their own different version of what happened. Some assumed that Omnipotent could have been arrested by the authorities, the admins had their own version that Omnipotent had been attacked by a mountain lion and ended up in hospital.
The forum stopped working properly again on February 25. Instead of forum threads the users would only see the login form that would always show an error. Initially, some users assumed that the outage was due to the fact that the forum team had voiced their support to Ukraine and promised to block all the account holders with Russian IPs. Two days later, however, it was confirmed that the forum had been seized by the law enforcement authorities. The RaidForums’ admins posted the message about the takedown in their Telegram channel. All the messages in the chat were deleted shortly after.
What's next?
📈Group-IB’s head of cybercrime research, Oleg Dyorov, believes that it will not take long until the RaidForums’ successors make their presence felt. “When it became clear that RaidForums would not come back, one of the forum old-timers, Pompompurin, announced a new project, almost a complete copy of Raid, and invited the users to join. The market is recovering and many buyers and sellers known to us have already switched over to a new forum to continue illicit operations.”
Europol
One of the world’s biggest hacker forums taken down | Europol
Launched in 2015, RaidForums was considered one of the world’s biggest hacking forums with a community of over half a million users. This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations…
👍2
#OldGremlin #Ransomware #ThreatIntelligence
Old Gremlins, New Methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia.
OldGremlin remains one of the very few Russian-speaking gangs targeting companies in Russia. As such, the gremlins conducted two mass email campaigns in March, detected by Group-IB Threat Intelligence team.
We analyzed their latest attacks and tools.
A quick recap of our latest blog post:
📍Well-crafted phishing emails exploiting trending news
📍High-quality decoy documents
📍New custom tool TinyFluff - successor to TinyNode
📍Techniques mapped to MITRE ATT&CK and IOCs
To learn more ➡️ https://bit.ly/3jBjk63
Old Gremlins, New Methods
Russian-speaking ransomware gang OldGremlin resumes attacks in Russia.
OldGremlin remains one of the very few Russian-speaking gangs targeting companies in Russia. As such, the gremlins conducted two mass email campaigns in March, detected by Group-IB Threat Intelligence team.
We analyzed their latest attacks and tools.
A quick recap of our latest blog post:
📍Well-crafted phishing emails exploiting trending news
📍High-quality decoy documents
📍New custom tool TinyFluff - successor to TinyNode
📍Techniques mapped to MITRE ATT&CK and IOCs
To learn more ➡️ https://bit.ly/3jBjk63
#digitalrisk #cybersecurityawareness
Save the date: Digital Risk Summit 2022 is coming on May 26
✅One of the most important online events hosted by Group-IB, Digital Risk Summit is an unmissable rendezvous of top-notch cybersecurity experts, industry key players, independent researchers, law enforcement agencies, and other tech leaders. We bring all of them together to promote our common mission: to fight against cybercrime by discussing new threats, sharing practical experience and insights.
🔹 The growing scam threat, how it is changing and what trends can we expect in the future
🔹 What experts evaluate as a top priority threat in their regions and industries
🔹 How international cooperation in case of scam intelligence can help to mitigate risks
🔹 How companies protect their business
👉The event is intended for a variety of participants: CISOs, CIOs, marketing officers, legal and compliance teams, digital content creators, incident responders and investigators, and more.
✅Join us on May 26, and forge a path towards a more secure and joined-up future! Register now 👈
Save the date: Digital Risk Summit 2022 is coming on May 26
✅One of the most important online events hosted by Group-IB, Digital Risk Summit is an unmissable rendezvous of top-notch cybersecurity experts, industry key players, independent researchers, law enforcement agencies, and other tech leaders. We bring all of them together to promote our common mission: to fight against cybercrime by discussing new threats, sharing practical experience and insights.
🔹 The growing scam threat, how it is changing and what trends can we expect in the future
🔹 What experts evaluate as a top priority threat in their regions and industries
🔹 How international cooperation in case of scam intelligence can help to mitigate risks
🔹 How companies protect their business
👉The event is intended for a variety of participants: CISOs, CIOs, marketing officers, legal and compliance teams, digital content creators, incident responders and investigators, and more.
✅Join us on May 26, and forge a path towards a more secure and joined-up future! Register now 👈
Oleg Skulkin, Head of Digital Forensics and Malware Analysis Lab at Group-IB, will take part in #MagnetSummit2022. Join his session "See me run: hunt bots before they ransom you".
Register now: https://bit.ly/3vhezVC
#ransomware #DFIR
Register now: https://bit.ly/3vhezVC
#ransomware #DFIR
🔥4
According to a recent study by Group-IB, #scams became the number one online crime in 2020-2021. Our experts created a project called Scamopedia in which they analyze all popular online scams and provide recommendations for companies. Check it out 👈
#DRP #CERT_GIB
#DRP #CERT_GIB
#AttackSurfaceManagement
🕵️♂️Group-IB carried out a deep dive into exposed digital assets discovered in 2021. Our Attack Surface Management team identified 308,000 incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.
💻The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
👨💻But there's some good news: a lot of the security incidents can be prevented with very little effort and a good toolset. Group-IB’s intelligence-driven Attack Surface Management solution leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by discovering all external-facing IT assets, identifying potential vulnerabilities and prioritizing issues for remediation.
For more details 👉 https://bit.ly/3ketsBZ
🕵️♂️Group-IB carried out a deep dive into exposed digital assets discovered in 2021. Our Attack Surface Management team identified 308,000 incidents of databases exposed to the open web. The number of public-facing databases kept growing almost every quarter since the beginning of 2021 to reach a peak in Q1 2022.
💻The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
👨💻But there's some good news: a lot of the security incidents can be prevented with very little effort and a good toolset. Group-IB’s intelligence-driven Attack Surface Management solution leverages the full breadth and depth of Group-IB’s threat hunting and intelligence gathering ecosystem by discovering all external-facing IT assets, identifying potential vulnerabilities and prioritizing issues for remediation.
For more details 👉 https://bit.ly/3ketsBZ
Our Fraud Hunting Day is approaching!
On May 19 our experts will review the fraud trends of Q1 and also share the insights on the top emerging threats & mitigation strategies that industries can explore in the Asia-Pacific region.
Register now ➡️ https://bit.ly/3Mw9wXj
On May 19 our experts will review the fraud trends of Q1 and also share the insights on the top emerging threats & mitigation strategies that industries can explore in the Asia-Pacific region.
Register now ➡️ https://bit.ly/3Mw9wXj