#GIB_TIA
Group-IB has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum.
🔹The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure. The seller is currently auctioning the entire set at a starting price of $350,000.
🔹DDoS-Guard is a Russian online infrastructure services provider that in January 2021 helped Parler, a social media app, to return online after it had been refused web hosting services on the AWS platform. DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling, and copyright infringements.
🔹Group-IB Threat Intelligence & Attribution system detected the listing posted on May 26 on exploit[.]in, a popular hacker forum.
“Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000,” says Oleg Dyorov, Threat Intelligence analyst at Group-IB. “The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet."
🔹According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service.
Group-IB has discovered a database allegedly belonging to a bulletproof hosting provider DDoS-Guard posted for sale on a cybercrime forum.
🔹The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure. The seller is currently auctioning the entire set at a starting price of $350,000.
🔹DDoS-Guard is a Russian online infrastructure services provider that in January 2021 helped Parler, a social media app, to return online after it had been refused web hosting services on the AWS platform. DDoS-Guard also provides computing capacities and obstructs the identification of website owners of hundreds of shady resources that are engaged in illicit goods sale, gambling, and copyright infringements.
🔹Group-IB Threat Intelligence & Attribution system detected the listing posted on May 26 on exploit[.]in, a popular hacker forum.
“Initially, the threat actor was auctioning off the lot with a starting price of $500,000. Shortly after the amount was reduced to $350,000,” says Oleg Dyorov, Threat Intelligence analyst at Group-IB. “The threat actor didn’t provide a sample of the database, which makes it impossible to verify the authenticity of the reported stolen database and the source code. The seller registered this account on exploit[.]in in January 2021 and has been looking to buy access to different corporate networks ever since. It is only the second time that they are trying to sell data on the forum. Despite the regular activity, the threat actor has no reputation on the forum and has made no deposits yet."
🔹According to Group-IB Threat Intelligence & Attribution system, this user previously had an account on exploit[.]in but was banned by the forum administrators as he refused to use the escrow service.
CyberScoop
Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler
A seller on a popular cybercrime forum appears to be offering up source code and a database they say belongs to DDoS-Guard, the Russia-based hosting site that helped right-leaning social media company Parler get back online after Amazon Web Services banished…
#Dubai #GISEC2021
The last couple of days in Dubai have been absolutely incredible!
After a spectacular launch of our new Middle East & Africa HQ we decided to stay a while longer and take part in GISEC2021, the largest showcase of cybersecurity solutions in the region.
👨💼 The Group-IB squad, led by our CTO Dmitry Volkov, presented the full range of our products, as well as their features and innovative capabilities, including:
👉Network infrastructure protection
👉Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments
👉Digital identity protection and fraud prevention in real time
👉 Mitigation of external digital risks to the company’s intellectual property and brand
⭐️ We were honored to receive so many visitors at our stand and even more excited to see so much people attend Dmitry’s speech at the X-Lab stage.
🌎 We are proud to have expanded our presence in the region. The opening of our brand-new office as well as our participation in GISEC2021 was an amazing experience becoming one of the bright highlights in Group-IB history!
🌇 Thank you so much to Dubai residents, visitors and everyone involved for making this possible and for an incredibly warm welcome!
The last couple of days in Dubai have been absolutely incredible!
After a spectacular launch of our new Middle East & Africa HQ we decided to stay a while longer and take part in GISEC2021, the largest showcase of cybersecurity solutions in the region.
👨💼 The Group-IB squad, led by our CTO Dmitry Volkov, presented the full range of our products, as well as their features and innovative capabilities, including:
👉Network infrastructure protection
👉Adversary-centric detection of targeted attacks and unknown threats for IT and OT environments
👉Digital identity protection and fraud prevention in real time
👉 Mitigation of external digital risks to the company’s intellectual property and brand
⭐️ We were honored to receive so many visitors at our stand and even more excited to see so much people attend Dmitry’s speech at the X-Lab stage.
🌎 We are proud to have expanded our presence in the region. The opening of our brand-new office as well as our participation in GISEC2021 was an amazing experience becoming one of the bright highlights in Group-IB history!
🌇 Thank you so much to Dubai residents, visitors and everyone involved for making this possible and for an incredibly warm welcome!
Telegram
Group-IB
#newoffice #groupib
Group-IB launches regional HQ in Dubai!
🌇 We have officially opened the Group-IB Middle East & Africa Threat Intelligence & Research Center in Dubai. This is a critical milestone toward achieving the strategic goal of building the first…
Group-IB launches regional HQ in Dubai!
🌇 We have officially opened the Group-IB Middle East & Africa Threat Intelligence & Research Center in Dubai. This is a critical milestone toward achieving the strategic goal of building the first…
#workshop #UAE
Announcing one-time only technical workshops in the UAE!
💪 GISEC2021 may be coming to an end, but our contribution to cybersecurity and education in the region is only getting bigger!
📖 With the new Group-IB HQ up and running we are excited to bring in two of our exclusive workshops put together by our field-experienced specialists.
1️⃣ Abusing Active Directory: 7 easy tests to improve your security
You’ll walk away knowing how to:
👉Keep your Active Directory secure
👉Use PowerShell, BloodHound, Responder, and Mimikatz to conduct tests
👉Conduct Active Directory security tests step by step
2️⃣ Respond Intelligently: How CTI can give you the edge in incident response
You'll learn how to:
👉 Collect information from open sources, public reports, and underground forums
👉 Extract IoCs from digital evidence
👉 Work with IoCs
👉 Identify attacker infrastructure
👉 Get the best out of MITRE ATT&CK
👨💼Each workshop adopts Group-IB’s unique approach to threat hunting, incident response, malware analysis, security assessments and education, which is to focus on real-life cases that the experts themselves handle every day.
➡️ Right now you can get early bird tickets for a special discounted price, so make sure to register today!
We’re looking forward to seeing you on June 30th!
Announcing one-time only technical workshops in the UAE!
💪 GISEC2021 may be coming to an end, but our contribution to cybersecurity and education in the region is only getting bigger!
📖 With the new Group-IB HQ up and running we are excited to bring in two of our exclusive workshops put together by our field-experienced specialists.
1️⃣ Abusing Active Directory: 7 easy tests to improve your security
You’ll walk away knowing how to:
👉Keep your Active Directory secure
👉Use PowerShell, BloodHound, Responder, and Mimikatz to conduct tests
👉Conduct Active Directory security tests step by step
2️⃣ Respond Intelligently: How CTI can give you the edge in incident response
You'll learn how to:
👉 Collect information from open sources, public reports, and underground forums
👉 Extract IoCs from digital evidence
👉 Work with IoCs
👉 Identify attacker infrastructure
👉 Get the best out of MITRE ATT&CK
👨💼Each workshop adopts Group-IB’s unique approach to threat hunting, incident response, malware analysis, security assessments and education, which is to focus on real-life cases that the experts themselves handle every day.
➡️ Right now you can get early bird tickets for a special discounted price, so make sure to register today!
We’re looking forward to seeing you on June 30th!
Group-IB
Cybersecurity Education Programs For Employees | Group-IB Cybersecurity
Security is the cornerstone of a successful business. By learning from professionals, you are investing in strengthening your security teams! Check us out.
#REvil #JBS
REvil strikes again! A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants.
🔹According to Bloomberg, the shutdown wiped out the output from facilities that supply almost a quarter of American supplies. All of the company’s fed-beef and regional beef plants were forced to shutter, and all other JBS meatpacking facilities in the country experienced some level of disruption to operations. Slaughter operations across Australia seemed to also be down.
🔹It’s unclear exactly how many plants globally have been affected by the ransomware attack as Sao Paulo-based JBS has yet to release those details. However, an anonymous CNBC source reported that a well-known hacker group REvil is behind the cyberattack.
💬 “REvil is distributed through ransomware-as-a-service model, which was semi-public until recent events” - says Oleg Skulkin, Lead Digital Forensics Specialist at Group-IB. “Just like many others, their affiliates are of various skill levels, so they can attack a wide range of targets, from small companies to giants like Acer, and now - JBS. The program accepts only Russian-speaking affiliates, at the same time, there isn't strong evidence they are located in Russia or even CIS countries. REvil started to be even more active as, according to their public persona, many Darkside affiliates and those, who worked with other programs, which closed recently, switched to them.”
🔹Earlier this year we published Ransomware Uncovered 2020 / 2021, a complete guide to the latest tactics, techniques, and procedures of ransomware operators, giving readers an intimate look at each step threat actors take, from initial access to exfiltration. This free report is now relevant as never before. We highly encourage going through our findings and conclusions if you haven’t done so already.
REvil strikes again! A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants.
🔹According to Bloomberg, the shutdown wiped out the output from facilities that supply almost a quarter of American supplies. All of the company’s fed-beef and regional beef plants were forced to shutter, and all other JBS meatpacking facilities in the country experienced some level of disruption to operations. Slaughter operations across Australia seemed to also be down.
🔹It’s unclear exactly how many plants globally have been affected by the ransomware attack as Sao Paulo-based JBS has yet to release those details. However, an anonymous CNBC source reported that a well-known hacker group REvil is behind the cyberattack.
💬 “REvil is distributed through ransomware-as-a-service model, which was semi-public until recent events” - says Oleg Skulkin, Lead Digital Forensics Specialist at Group-IB. “Just like many others, their affiliates are of various skill levels, so they can attack a wide range of targets, from small companies to giants like Acer, and now - JBS. The program accepts only Russian-speaking affiliates, at the same time, there isn't strong evidence they are located in Russia or even CIS countries. REvil started to be even more active as, according to their public persona, many Darkside affiliates and those, who worked with other programs, which closed recently, switched to them.”
🔹Earlier this year we published Ransomware Uncovered 2020 / 2021, a complete guide to the latest tactics, techniques, and procedures of ransomware operators, giving readers an intimate look at each step threat actors take, from initial access to exfiltration. This free report is now relevant as never before. We highly encourage going through our findings and conclusions if you haven’t done so already.
Bloomberg.com
All of JBS’s U.S. Beef Plants Were Forced Shut by Cyberattack
A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants, wiping out output from facilities that supply almost a quarter of American supplies.
#Attribution #FontPack
You’ve just noticed a suspicious pop-up asking for a browser or a flash player update? Be careful! There’s a chance your personal data is about to be stolen.
🔹Curious to see how attribution works? Our new blog post explores behind-the-scene practices of Group-IB Threat Intelligence & Attribution team.
🔹Attribution becomes harder every year. The number of unique malicious programs is decreasing while affiliate programs (collaborations between threat actors) are on the rise, with the number and quality of attacks both going up. Nikita Rostovtsev, an analyst at Group-IB Threat Intelligence, will demonstrate the attribution in practice by examining a malicious landing page that Group-IB specialists are tracking as FontPack. You will see what this page distributes and how it manages to do so, as well as learn other interesting points that Group-IB has uncovered.
Check out the new blog now!
You’ve just noticed a suspicious pop-up asking for a browser or a flash player update? Be careful! There’s a chance your personal data is about to be stolen.
🔹Curious to see how attribution works? Our new blog post explores behind-the-scene practices of Group-IB Threat Intelligence & Attribution team.
🔹Attribution becomes harder every year. The number of unique malicious programs is decreasing while affiliate programs (collaborations between threat actors) are on the rise, with the number and quality of attacks both going up. Nikita Rostovtsev, an analyst at Group-IB Threat Intelligence, will demonstrate the attribution in practice by examining a malicious landing page that Group-IB specialists are tracking as FontPack. You will see what this page distributes and how it manages to do so, as well as learn other interesting points that Group-IB has uncovered.
Check out the new blog now!
#cybersecurity #bestpractises #education
Next week we are hosting a Digital Risk summit with some really exciting speakers taking part!
This event is a perfect opportunity to enhance your skills and get exclusive cybersecurity insights from industry experts.
The agenda highlights include:
🔹Digital Risk Global Trends 2021
🔹Scam as the main growing trend
🔹Group-IB Digital Risk Protection.
🔹Next-gen solution sharing session
🔹Industry-specific case studies
🔹How to manage the human risk in cybersecurity
🔹Scam Intelligence
🔹Q&A session
Register for our summit now to join cybersecurity practitioners, dive deep into new technologies, get insights from practical use cases and learn all about our next-level Digital Risk Protection solution 🛡
Next week we are hosting a Digital Risk summit with some really exciting speakers taking part!
This event is a perfect opportunity to enhance your skills and get exclusive cybersecurity insights from industry experts.
The agenda highlights include:
🔹Digital Risk Global Trends 2021
🔹Scam as the main growing trend
🔹Group-IB Digital Risk Protection.
🔹Next-gen solution sharing session
🔹Industry-specific case studies
🔹How to manage the human risk in cybersecurity
🔹Scam Intelligence
🔹Q&A session
Register for our summit now to join cybersecurity practitioners, dive deep into new technologies, get insights from practical use cases and learn all about our next-level Digital Risk Protection solution 🛡
#instagramlive #digitalrisks
We’re doing an Instagram Live Stream tomorrow at 6PM Amsterdam time!
🔹 Scammers often impersonate famous brands online for their own gain. In 2021 companies, celebrities and non-profit organizations are all under high risk.
🔹 What are the key points to know about online scams in 2021? What should you do if you are a business owner and are you in danger if you are just a regular person with no brand behind your shoulders?
🔹 Tomorrow Camill Cebulla, our Sales Director in Europe, will be joined by Dmitry Tyunkin, Head of Group-IB Digital Risk Protection in the region to discuss the scam threat as well as answer all your questions!
Tune in tomorrow at 4PM GMT / 6 PM Amsterdam time via our Instagram account @GroupIBHQ
Get your questions ready and see you tomorrow!
We’re doing an Instagram Live Stream tomorrow at 6PM Amsterdam time!
🔹 Scammers often impersonate famous brands online for their own gain. In 2021 companies, celebrities and non-profit organizations are all under high risk.
🔹 What are the key points to know about online scams in 2021? What should you do if you are a business owner and are you in danger if you are just a regular person with no brand behind your shoulders?
🔹 Tomorrow Camill Cebulla, our Sales Director in Europe, will be joined by Dmitry Tyunkin, Head of Group-IB Digital Risk Protection in the region to discuss the scam threat as well as answer all your questions!
Tune in tomorrow at 4PM GMT / 6 PM Amsterdam time via our Instagram account @GroupIBHQ
Get your questions ready and see you tomorrow!
Media is too big
VIEW IN TELEGRAM
#digitalrisk #cybersecurityawareness
First ever Digital Risk Summit. Live from Amsterdam. 2 days to go.
🎙The Digital Risk summit is almost here. Join us to find out more about:
👉 The growing scam threat, how it came about and what trends can we expect in the future
👉 What other companies and worldwide organizations have done so far to secure their brand online
👉 Steps you should take to safeguard your brand if you have one
👉 How to stay vigilant if you are a regular person looking to avoid scams
🛡 Finally, we’ll discuss how Group-IB is able to help organizations, business owners and celebrities to safeguard their brands.
We’re looking forward to seeing you this Thursday.
➡️ Register now!
First ever Digital Risk Summit. Live from Amsterdam. 2 days to go.
🎙The Digital Risk summit is almost here. Join us to find out more about:
👉 The growing scam threat, how it came about and what trends can we expect in the future
👉 What other companies and worldwide organizations have done so far to secure their brand online
👉 Steps you should take to safeguard your brand if you have one
👉 How to stay vigilant if you are a regular person looking to avoid scams
🛡 Finally, we’ll discuss how Group-IB is able to help organizations, business owners and celebrities to safeguard their brands.
We’re looking forward to seeing you this Thursday.
➡️ Register now!
#DigitalRisks #Summit #Cybersecurity
The Digital Risk Summit is just one day away!
🔹Pascal Hetzscholdt is a Senior Director (Content Protection) at Wiley Publishing Company. His impressive background includes the Dutch National Police, Hollywood movie studios and Motion Picture Association!
🔹We are incredibly honored to have Mr. Hetzscholdt join us for the Digital Risk Summit, bringing a fantastic report about the IP and content protection.
🔹The summit participants will be introduced to current challenges, the state of cybercrime landscape and important must-have tools and practices everyone should use to fight back the cybercriminals.
We’ve only just scratched the surface of what Pascal has in store for the summit. Make sure to join us tomorrow for a truly exciting presentation. Register now!
The Digital Risk Summit is just one day away!
🔹Pascal Hetzscholdt is a Senior Director (Content Protection) at Wiley Publishing Company. His impressive background includes the Dutch National Police, Hollywood movie studios and Motion Picture Association!
🔹We are incredibly honored to have Mr. Hetzscholdt join us for the Digital Risk Summit, bringing a fantastic report about the IP and content protection.
🔹The summit participants will be introduced to current challenges, the state of cybercrime landscape and important must-have tools and practices everyone should use to fight back the cybercriminals.
We’ve only just scratched the surface of what Pascal has in store for the summit. Make sure to join us tomorrow for a truly exciting presentation. Register now!
#digitalrisks #summit
The virtual doors of the Digital Risk Summit are now wide open!
Independent analysts, cybersecurity experts, companies from various industries and some of the best Group-IB specialists are coming together for this exciting event!
⭐️ Get ready to hear some exciting reports and dive into practical cases showcasing how different organizations protect their brands online.
💪 On top of that we will present the ultimate Group-IB solution for fighting scammers.
📺 Curious to hear more? Be sure to join the live stream!
The virtual doors of the Digital Risk Summit are now wide open!
Independent analysts, cybersecurity experts, companies from various industries and some of the best Group-IB specialists are coming together for this exciting event!
⭐️ Get ready to hear some exciting reports and dive into practical cases showcasing how different organizations protect their brands online.
💪 On top of that we will present the ultimate Group-IB solution for fighting scammers.
📺 Curious to hear more? Be sure to join the live stream!
What a day! The Digital Risk Summit has officially concluded with lots of online participants having joined us!
📈 During the summit we presented the findings of our research into various fraudulent schemes, obtained with the help of neural networks and ML-based scorings of Group-IB Digital Risk Protection system, which was developed based on the expertise gathered by Group-IB in over a thousand of successfully solved investigations worldwide. Group-IB DRP analysts researched into a multitude of fraud schemes and the damage they cause to industries worldwide.
👨💼Conference participants included the United Nations International Computing Centre (UNICC), the global market research and advisory company Forrester, and Scamadviser, an independent project.
Read our overview of the event here.
📈 During the summit we presented the findings of our research into various fraudulent schemes, obtained with the help of neural networks and ML-based scorings of Group-IB Digital Risk Protection system, which was developed based on the expertise gathered by Group-IB in over a thousand of successfully solved investigations worldwide. Group-IB DRP analysts researched into a multitude of fraud schemes and the damage they cause to industries worldwide.
👨💼Conference participants included the United Nations International Computing Centre (UNICC), the global market research and advisory company Forrester, and Scamadviser, an independent project.
Read our overview of the event here.