While the world is starting to see the light at the end of the tunnel when it comes to the coronavirus pandemic, the cybercriminal underground is finding ways to continue its schemes as civil society is trying to repair the wreckage COVID-19 has caused. Intel 471 has observed actors in the underground tailoring their criminal …
Cybercriminals still leveraging COVID-19 pandemic for… Read More »
The cybercrime underground often mimics behaviors that we see in everyday facets of life. Intel 471’s latest discovery is an example of one of these patterns: when a product takes off in the marketplace, users will rush to obtain it and find unique ways to use it in order to fit their needs. The latest …
EtterSilent: the underground’s new favorite maldoc… Read More »
Both of these things are true: Big data is big business, and cybercriminals love money. So it shouldn’t be a surprise that these two ideas have blended together in some corners of the cybercrime underground. Through Intel 471’s observation and analysis of open source information and behavior on multiple closed forums, we found actors adopting …
How China’s cybercrime underground is making money off… Read More »
It is a well-worn cliche in cybersecurity: criminals prey on banks and financial services because that’s where the money is. In 2021, that remains a fact. However, while the overall crime remains the same, who is responsible for it and the method by which the crimes are carried out have been modified. While the financial …
financial-cybercrime-2021-jackpotting-atm-malware Read More »
With the ransomware incident that shut down a major fuel pipeline in the United States, another well-known variant on the cybercrime underground has been thrust into the international spotlight. On May 10, 2021, the U.S. Federal Bureau of Investigation announced the attack on Colonial Pipeline was caused by the DarkSide ransomware variant, which forced the …
The ransomware attack on Colonial Pipeline has caused a large amount of trouble in the United States. It looks as if that trouble has made its way back to the cybercrime underground. Intel 471 has observed numerous ransomware operators and cybercrime forums either claim their infrastructure has been taken offline, amending their rules, or they …
The moral underground? Ransomware operators retreat… Read More »
Be it personal or professional, it’s now an ordinary fact of life that people own dozens of different online accounts. From the essential to the mundane, every facet of our lives can be linked to a service that’s probably tethered to its users by an account name and password. For cybercriminals, those account names and …
Cybercriminals have so many schemes aimed at your… Read More »
Since its release in 2012, Cobalt Strike has been one of the most popular tools for penetration testers to use when simulating how known threat actor tools will look when targeting an organization’s network. However, there is a downside to that popularity: the criminals love it, too. And if they are using it, it’s definitely …
At the recent 2021 RSA conference, some of the best and brightest minds the cybersecurity industry has to offer came together to present numerous ideas on how to stop cybercriminals from carrying out their crimes. At the very same time in other corners of the internet, those very same cybercriminals were holding their own formal …
Call for crimes? Russian-language forum runs contest… Read More »
A notorious ransomware gang says it’s no longer trying to avoid targets that are based in the United States, and despite the heightened focus from lawmakers, the group says it’s doubling its focus on U.S. targets. In a short interview posted to the Russian OSINT Telegram channel that has since been deleted, an alleged representative …
Alleged REvil member says gang has no fear over U.S.… Read More »
When it comes to attributing malicious cyber activity, there are two buckets by which actors generally fall in: “financially-motivated” or “nation-state.” The former is ultimately interested in money, while the latter is more concerned with obtaining or exploiting sensitive information to gain an advantage over a government or commercial entity. For the past decade, defenders …
The blurry boundaries between nation-state actors and… Read More »
Cortex XSOAR is updating its offerings with Threat Intelligence Management (Cortex XSOAR TIM 2.0) to simplify how users leverage threat insights across all their SecOps workflows. Rishi Bhargava, VP of Product Strategy at Palo Alto shared, “We are proud to launch our TIM 2.0 solution with Intel 471, a key threat intelligence partner in the …
How SOAR plus threat intelligence empowers security… Read More »
Retail has long been a cornerstone of business on the internet, giving people a convenient way to track down any and every product or service they could possibly want. However, even as subsets of the retail industry — such as dining or hospitality — find ways to leverage the internet to enhance their business, the …
Cybercriminals shop around for schemes targeting retail Read More »
When you break down how transportation companies actually work, you can find yourself looking at nothing but supply chains. From moving people or goods from one place to another, keeping track of the vehicles that are transporting those people or goods, the third parties that are responsible for the maintenance and operations of those vehicles, …
A big reason why ransomware has grown into such a large cybersecurity problem is because it’s easy for criminals to get involved. With promises of millions of dollars and very little threat of legal trouble, attacks are happening at a rate that is increasingly difficult for enterprises to keep up with. What makes it so …
Three ways ransomware-as-a-service has become easier… Read More »
Ransomware is a top threat that security teams should be tailoring their systems to defend against. But in order to do so, they may need to look further than the ransomware itself. And by widening that scope, these teams may protect their enterprise beyond the damage that ransomware can cause. The activity that Intel 471 …
Here’s how information stealers pose a threat beyond… Read More »
There is a group in the cybercriminal underground that is trying to collect troves of enterprise data the same way that millions of gamers collect Pokémon. Since surfacing in April 2020, the group — which refers to itself as ShinyHunters — has been behind some of the most notable data breaches that have been made …
ShinyHunters: Here's how to stop the new hacking group Read More »
One of the most damaging forms of cybercrime is also one that requires very little technical knowledge to pull off. Business email compromise, or BEC for short, cost U.S. companies $1.8 billion in losses in 2020, representing 43 percent of all cybercrime losses for the year. Yet despite the low bar of entry, actors involved …
Authored by Max Kersten, John Fokker, Thibault Seret and Intel471 This blog post also ran on McAfee’s Enterprise ATR blog. Executive Summary McAfee Enterprise ATR believes, with high confidence, that the Groove gang is associated with the Babuk gang, either as a former affiliate or subgroup. These cybercriminals are happy to put aside previous Ransomware-as-a-Service …
The manufacturing sector is highly dependent on a secure supply chain. Companies powering this sector are acutely aware of how a cyber attack on any part of a supply chain can bring their business to a screeching halt. When it comes to cybersecurity protections, this sector must focus on protecting its technological supply chain, as …
Manufacturers should focus on protecting their supply… Read More »
Two-factor authentication is one of the easiest ways for people to protect any online account. So, of course criminals are trying to circumvent that protection. Intel 471 has seen an uptick in services on the cybercrime underground that allow attackers to intercept one-time password (OTP) tokens. Over the past few months, we’ve seen actors provide …
Cybercriminals going after one-time passwords with… Read More »
The public sector is an extremely high-value target for cybercrime due to the wealth of valuable information it possesses, such as PII and confidential and sensitive documents. Intel 471 has observed government-run systems being exploited in multiple ways for both financial gain or in politically motivated cyberattacks. By analyzing and distinguishing the common threats and …
The public sector is a juicy target for cybercriminals Read More »
If you look back through all of the research Intel 471 has released on cybercriminals making money on stolen digital assets, a major takeaway is that the cyber underground will adopt any scheme, as long as it results in money being made. With the world trying to move past the global COVID-19 pandemic, another opportunity …
Cybercriminals cash in on black market vaccine schemes Read More »
One of the lingering impacts of the COVID-19 pandemic is the havoc it has wreaked on the global supply chain. There have been extreme fluctuations in the availability of goods, ports around the world are severely backlogged with full containers, and shipping and logistics companies are having trouble finding workers to transport cargo. It is …
Cybercrime underground flush with shipping companies’… Read More »
Cryptocurrency is a cybercriminal’s best friend. Actors all over the world have leveraged this technology’s increased anonymity to buy and sell illegal goods, services, stolen data, underground infrastructure and force victims to pay ransom. While blockchain analysis enables researchers and law enforcement to glean information from illicit transactions, criminals have countered by adopting the use …
How cryptomixers allow cybercriminals to clean their… Read More »
Months after law enforcement agencies took down the notorious Emotet botnet, Intel 471 observed the Trickbot banking trojan downloading and executing possible updated Emotet binaries. This marks the first time we observed Emotet malware activity after the takedown was announced in January. Bots associated with Trickbot, tagged several different gtags (lip125, fat2, top118 and others), …
Last month, Intel 471 observed the emergence of Emotet, a notorious strain of malware that had been dormant for most of 2021 after law enforcement agencies forced it offline. We wrote in January that “Only time will tell if the takedown will have a long-term impact on Emotet operations. The groups who run these botnets …
How the new Emotet differs from previous versions Read More »
There’s been a shift in the ransomware-as-a-service ecosystem. Be it due to law enforcement, infighting amongst groups or people abandoning variants altogether, the RaaS groups dominating the ecosystem at this point in time are completely different than just a few months ago. Yet, even with the shift in the variants, ransomware incidents as a whole …
A reset on ransomware: Dominant variants differ from… Read More »
The Log4j vulnerability has rocked the IT world, with the vast majority of tech teams consumed with trying to gauge how it impacts their organizations. The popular logging tool is used in tens of thousands of software packages, so assessing the damage that could be inflicted by exploiting the vulnerability is an extremely tall task …
Here’s how the cybercriminal underground has reacted… Read More »
We develop lots of different Android apps at Yalantis, and our experience shows that almost every application we deal with needs image cropping functionality. Image cropping can be used for various purposes, from ordinary adjustment of user profile images to more complex features that involve aspect ratio cropping and flexible image transformations. Since we want …
Introducing uCrop, Our Own Image Cropping Library for Android Read More »