Prioritizing “critical” vulnerabilities: A threat…

未分類 / By

By the Intel 471 Intelligence Analysis team. Recently, there have been many vendor security advisories containing multiple critical vulnerabilities potentially impacting organizations that may be conflicted with patch prioritization when looking at the variables seen for each reported vulnerability. Threat intelligence can supplement publicly disclosed information and provide a contextual view of exploitation efforts and …

Prioritizing “critical” vulnerabilities: A threat… Read More »

Recent Trickbot disruption operation likely to have…

未分類 / By

Key points Recent disruption actions against Trickbot likely will have only a short-term impact on Trickbot operations. Trickbot operators have multiple methods to avoid centralization of their command and control infrastructure which would make the botnet resilient to take down. If bogus data has been inserted into Trickbot as claimed and Trickbot operators are unable …

Recent Trickbot disruption operation likely to have… Read More »

Criminals posing as Lazarus Group threatened Travelex:…

未分類 / By

A group posing as notorious nation-state-linked hacking group “Lazarus Group” threatened to hit British foreign exchange company Travelex with a distributed-denial-of-service (DDoS) attack unless it paid 20 bitcoins. According to an email discovered by Intel 471 researchers, attackers threatened to hit Travelex with an “extremely powerful” attack that would “peak over 2 Tbps” until the …

Criminals posing as Lazarus Group threatened Travelex:… Read More »

Leveraging Intel 471’s Malware Intelligence Data using…

未分類 / By

Intel 471’s Malware Intelligence provides our clients with constant coverage of top-tier malware families. It delivers near real-time alerts of targeting changes, spamming and malware campaigns, updates in infrastructure and much more. In the first in a series of blogs and white papers, we take a look at how this high-volume and high-fidelity data has …

Leveraging Intel 471’s Malware Intelligence Data using… Read More »

Trickbot down, but is it out?

未分類 / By

Summary Since the separate and independent actions taken against Trickbot, we have observed successful disruption of its command and control infrastructure. However, the actors linked to Trickbot have not ceased their criminal activities. These actors have continued engaging in ransomware activity, using BazarLoader instead of Trickbot. We are unable to assess the long-term impact of …

Trickbot down, but is it out? Read More »

Ransomware-as-a-service: The pandemic within a pandemic

未分類 / By

Ransomware is a massive problem. But you already knew that. Technical novices, along with seasoned cybersecurity professionals, have witnessed over the past year a slew of ransomware events that have devastated enterprises around the world. Even those outside of cybersecurity are now familiar with the concept: criminals behind a keyboard have found a way into …

Ransomware-as-a-service: The pandemic within a pandemic Read More »

Steal, then strike: Access merchants are first clues…

未分類 / By

Cybercrime does not happen in a vacuum. While ransomware variants like REvil, Ryuk and DoppelPaymer have become household names for cybersecurity professionals, those deploying ransomware only represent part of the process by which criminals are forcing organizations to either pay them millions or watch their business go under. The broader picture shows an underground marketplace …

Steal, then strike: Access merchants are first clues… Read More »

No pandas, just people: The current state of China’s…

未分類 / By

China’s internet is a lot different than the rest of the world. Yet, that hasn’t stopped its population from engaging in cybercrime. Despite the various measures the Chinese government has taken to censor and surveil its residents on the internet, a significant cybercrime underground full of financially motivated actors exists. Efforts like “The Great Firewall” …

No pandas, just people: The current state of China’s… Read More »

More annoying than crippling: Joker’s Stash takedown…

未分類 / By

Law enforcement has allegedly seized proxy servers used in connection with the blockchain-based domains belonging to Joker’s Stash, a prolific vendor of compromised financial card data in the cybercrime underground. On December 17, an image adorned the shop’s website that claimed the U.S. Federal Bureau of Investigation and Interpol had taken it into law enforcement’s …

More annoying than crippling: Joker’s Stash takedown… Read More »

TA505’s modified loader means new attack campaign…

未分類 / By

After months of inactivity, hacking group TA505’s Get2 Loader has sprung back into operation, possibly signaling that the group is ready for a new round of malicious activity. On December 14, 2020, the Get2 loader had resurfaced with new download and execute configuration parameters named “LD” and “ED.” Intel 471 last observed the loader in …

TA505’s modified loader means new attack campaign… Read More »

Cybercriminals are interested in your SCADA systems

未分類 / By

The public learned this week of an alarming cybersecurity incident that could have physically harmed people: Someone managed to access a system that controlled a Florida city’s water treatment plant, temporarily adjusting sodium hydroxide levels to amounts that could have made the population sick had the chemicals been introduced into the water supply. While city …

Cybercriminals are interested in your SCADA systems Read More »

Hiding in plain sight: Bulletproof Hosting’s dueling…

未分類 / By

A June 2020 feature in The New Yorker was really more cyberpunk than cybersecurity. The story focuses on the people who ran CyberBunker, a server farm built in an underground European military bunker that served as a host for spammers, botnet command-and-control servers, malware and online scams. The story follows the familiar arc of dystopian …

Hiding in plain sight: Bulletproof Hosting’s dueling… Read More »

Egregor operation takes huge hit after police raids

未分類 / By

Law enforcement action carried out last week in Ukraine has targeted the people behind some of the most notorious ransomware gangs of the past year. On Feb. 9, 2021, Ukrainian law enforcement conducted a joint operation with U.S. and French authorities against several Ukrainian nationals believed to be deeply involved with Egregor ransomware operations. Intel …

Egregor operation takes huge hit after police raids Read More »

Bulletproof hosting: How cybercrime stays resilient

未分類 / By

If we were to list all of the malicious acts carried out by cybercriminals who leverage bulletproof hosting (BPH), we’d have a report that would rival “Infinite Jest” or “War & Peace” for length. Bulletproof hosting has been hand-in-glove with cybercrime for decades, supplying criminals with the infrastructure they need to carry out their crimes. …

Bulletproof hosting: How cybercrime stays resilient Read More »

Friendly fire: Four well-known cybercriminal forums…

未分類 / By

Since the beginning of the year, Intel 471 has observed four well-known cybercriminal forums dealing with a breach, including two since the beginning of March. The forums, all predominantly Russian-language forums, saw the breaches publicly disclosed elsewhere, with some instances of user data being leaked or put up for sale. Intel 471 does not know …

Friendly fire: Four well-known cybercriminal forums… Read More »

How China’s cybercrime underground is making money off…

未分類 / By

Both of these things are true: Big data is big business, and cybercriminals love money. So it shouldn’t be a surprise that these two ideas have blended together in some corners of the cybercrime underground. Through Intel 471’s observation and analysis of open source information and behavior on multiple closed forums, we found actors adopting …

How China’s cybercrime underground is making money off… Read More »