Initial Access Broker Landscape in NATO Member States on Exploit Forum
by Eric Clay and Zaid Osta This report conducts a case study on a large sample of initial access broker (IAB) posts on the Russian-language hacking forum Exploit.in (hereinafter referred to as “Exploit”), targeting critical infrastructure in NATO member states across Europe and North America. We first examine the anatomy of typical IAB posts and […]
Dark Web Drama: LockBit and the AN Security Breach Saga
by Tammy Harper (CYPFER) & Eric Clay (Flare) Background An out-of-place data leak appears. The dark web is no stranger to drama. Threat groups often collude, fight, and attempt to expose each other. This past week witnessed a notable example of such conflict, involving a confrontation between the LockBit ransomware group and a threat actor […]
Crowdsourced DDoS Attacks Amid Geopolitical Events
by Zaid Osta, CTI Analyst This report explores the rising trend of crowdsourced distributed denial-of-service (DDoS) attacks within the context of recent geopolitical events, examining case studies from the ongoing Russia-Ukraine and Israel-Hamas conflicts. Download the full report PDF Key Findings Introduction DDoS attacks involve a large network of devices or compromised systems, often known […]
The Cybercrime Ecosystem and U.S. Healthcare in 2023
By: Eric Clay, Security Researcher Download the PDF Introduction: Analyzing Cybercrime Targeting the Healthcare Sector The cybercrime ecosystem continues to reach new heights of organization, coordination, and sophistication. Every year, cybercriminals develop and use new tools, which are increasingly commoditized and sold in as-a-service business models. The rapid advancement in cybercrime poses significant challenges for […]
Report – Data Extortion Ransomware & The Cybercrime Supply Chain: Key Trends in 2023
In the past few years, threat actors have escalated ransomware from not only jeopardizing the availability of data, but also its confidentiality. This report will delve into the growing trend of data extortion in ransomware, analyzing data from numerous such attacks to understand changing trends, major threat actors, and affected industries. We aim to equip […]
Report – Stealer Logs, Single Sign On, and the New Era of Corporate Cybercrime
Introduction How many credentials do you have saved in your browser? How many form fills? How many credit cards? These may seem like innocuous questions, but the advent of infostealer malware makes them all too relevant. Infostealer variants such as RedLine, Raccoon, and Vidar infect computers and steal the browser fingerprint, which contains all of […]
Report – Initial Access Brokers, Russian Hacking Forums, and the Underground Corporate Access Economy
Download the report PDF Introduction More than 100 companies across 18 industries had access to their IT infrastructure, cloud environments, networks, or applications sold on Russian hacking forums so far in 2023. Initial access brokers (IABs) operate across multiple dark web forums and specialize in gaining access to corporate IT environments which are then auctioned […]
Report – The Legal Cyberthreat Landscape
Ransomware attacks have increased by more than 100% across all industries from 2022 to 2023. The legal sector is especially at risk due to the sensitive nature of information that law firms hold. Our research into how at-risk law firms are with two primary measures: Learn more about changes to legal risk over time and […]
Report – Stealer Logs & Corporate Access
There’s been a surge of infostealer malware variants such as RedLine, Aurora, Raccoon, Vidar, and more, over the last few years. As described in the name, this type of malware steals information from the devices they infect. To better understand the threat of infostealer malware, we analyzed trends of 19.6 million stealer logs such as: […]
Report – The Typology of Illicit Telegram Channels
Threat actors always seek out new ways to carry out their cybercrimes more easily and cheaply. Previously, cybercriminals flocked to the dark and deep web, but, instant messaging platforms like Telegram are gaining traction. Illicit Telegram channels are a growing issue, as threat actors see them as more anonymous and secure areas for communication. Read […]