Active Directory Credentials, Ransomware, and Identity: The New Frontier for Cybersecurity
Cybercriminals are opportunists. In most cases ransomware groups and threat actors aren’t targeting specific industries or sectors, but instead are following the path of least resistance in an effort to maximize their profitability. Infostealer logs represent perhaps the clearest and easiest of those paths today for threat actors to gain access to corporate systems. Infostealer […]
The Account and Session Takeover Economy
Defining exposure, costs, and impact of compromised end user accounts Executive Summary Session hijacking has emerged as the preeminent way for cybercriminals to execute account takeover attacks (ATO) and they enable the bypassing of traditional security measures like multi-factor authentication (MFA). This research report explores the prevalence of session hijacking across industries, highlighting its increasing […]
A Tale of Two Campaigns: Infostealer Infections, Victim Screenshots, and a Glimpse into the World’s Strangest Economy
It was the best of times for criminals, and the worst of times for lovers of cracked software. Infostealer campaigns represent a major issue today for consumers and corporations worldwide. Dedicated threat actors develop infostealer variants, a type of remote access trojan (RAT) that infects a host and extracts credentials saved in the browser, session […]
Breached Identities and Infostealers: One of the Largest Ongoing Data Leaks in History
Breached identities facilitated by infostealer malware represent one of the most significant threats to corporate information security programs in 2024. The first half of this article will deal with “what is an infostealer,” so if you are already familiar with infostealers, feel free to skip directly to the following section. Infostealer malware is a type […]
The Use of Large Language Models for Cyber Threat Intelligence in Cybercrime Forums
In a collaboration with the School of Criminology at the Université de Montréal and Complexity Science Hub, we studied using large language models (LLMs) for cybersecurity in cybercrime forums. Read the full report below:
Initial Access Broker Landscape in NATO Member States on Exploit Forum
by Eric Clay and Zaid Osta This report conducts a case study on a large sample of initial access broker (IAB) posts on the Russian-language hacking forum Exploit, targeting critical infrastructure in NATO member states across Europe and North America. We first examine the anatomy of typical IAB posts and explore recent sample IAB posts […]
Dark Web Drama: LockBit and the AN Security Breach Saga
Background An out-of-place data leak appears. The dark web is no stranger to drama. Threat groups often collude, fight, and attempt to expose each other. This past week witnessed a notable example of such conflict, involving a confrontation between the LockBit ransomware group and a threat actor known as KonstLiv3. This strife led to an […]
Crowdsourced DDoS Attacks Amid Geopolitical Events
by Zaid Osta, CTI Analyst This report explores the rising trend of crowdsourced distributed denial-of-service (DDoS) attacks within the context of recent geopolitical events, examining case studies from the ongoing Russia-Ukraine and Israel-Hamas conflicts. Download the full report PDF Key Findings Introduction DDoS attacks involve a large network of devices or compromised systems, often known […]
The Cybercrime Ecosystem and U.S. Healthcare in 2023
By: Eric Clay, Security Researcher Download the PDF Introduction: Analyzing Cybercrime Targeting the Healthcare Sector The cybercrime ecosystem continues to reach new heights of organization, coordination, and sophistication. Every year, cybercriminals develop and use new tools, which are increasingly commoditized and sold in as-a-service business models. The rapid advancement in cybercrime poses significant challenges for […]
Report – Data Extortion Ransomware & The Cybercrime Supply Chain: Key Trends in 2023
In the past few years, threat actors have escalated ransomware from not only jeopardizing the availability of data, but also its confidentiality. This report will delve into the growing trend of data extortion in ransomware, analyzing data from numerous such attacks to understand changing trends, major threat actors, and affected industries. We aim to equip […]
