A Tale of Two Campaigns: Infostealer Infections, Victim Screenshots, and a Glimpse into the World’s Strangest Economy
It was the best of times for criminals, and the worst of times for lovers of cracked software. Infostealer campaigns represent a major issue today for consumers and corporations worldwide. Dedicated threat actors develop infostealer variants, a type of remote access trojan (RAT) that infects a host and extracts credentials saved in the browser, session […]
Breached Identities and Infostealers: One of the Largest Ongoing Data Leaks in History
Author: Eric Clay Breached identities facilitated by infostealer malware represent one of the most significant threats to corporate information security programs in 2024. The first half of this article will deal with “what is an infostealer,” so if you are already familiar with infostealers, feel free to skip directly to the following section. Infostealer malware […]
The Use of Large Language Models for Cyber Threat Intelligence in Cybercrime Forums
In a collaboration with the School of Criminology at the Université de Montréal and Complexity Science Hub, we studied using large language models (LLMs) for cybersecurity in cybercrime forums. Read the full report below:
Initial Access Broker Landscape in NATO Member States on Exploit Forum
by Eric Clay and Zaid Osta This report conducts a case study on a large sample of initial access broker (IAB) posts on the Russian-language hacking forum Exploit.in (hereinafter referred to as “Exploit”), targeting critical infrastructure in NATO member states across Europe and North America. We first examine the anatomy of typical IAB posts and […]
Dark Web Drama: LockBit and the AN Security Breach Saga
by Tammy Harper (CYPFER) & Eric Clay (Flare) Background An out-of-place data leak appears. The dark web is no stranger to drama. Threat groups often collude, fight, and attempt to expose each other. This past week witnessed a notable example of such conflict, involving a confrontation between the LockBit ransomware group and a threat actor […]
Crowdsourced DDoS Attacks Amid Geopolitical Events
by Zaid Osta, CTI Analyst This report explores the rising trend of crowdsourced distributed denial-of-service (DDoS) attacks within the context of recent geopolitical events, examining case studies from the ongoing Russia-Ukraine and Israel-Hamas conflicts. Download the full report PDF Key Findings Introduction DDoS attacks involve a large network of devices or compromised systems, often known […]
The Cybercrime Ecosystem and U.S. Healthcare in 2023
By: Eric Clay, Security Researcher Download the PDF Introduction: Analyzing Cybercrime Targeting the Healthcare Sector The cybercrime ecosystem continues to reach new heights of organization, coordination, and sophistication. Every year, cybercriminals develop and use new tools, which are increasingly commoditized and sold in as-a-service business models. The rapid advancement in cybercrime poses significant challenges for […]
Report – Data Extortion Ransomware & The Cybercrime Supply Chain: Key Trends in 2023
In the past few years, threat actors have escalated ransomware from not only jeopardizing the availability of data, but also its confidentiality. This report will delve into the growing trend of data extortion in ransomware, analyzing data from numerous such attacks to understand changing trends, major threat actors, and affected industries. We aim to equip […]
Report – Stealer Logs, Single Sign On, and the New Era of Corporate Cybercrime
Introduction How many credentials do you have saved in your browser? How many form fills? How many credit cards? These may seem like innocuous questions, but the advent of infostealer malware makes them all too relevant. Infostealer variants such as RedLine, Raccoon, and Vidar infect computers and steal the browser fingerprint, which contains all of […]
Report – Initial Access Brokers, Russian Hacking Forums, and the Underground Corporate Access Economy
Download the report PDF Introduction More than 100 companies across 18 industries had access to their IT infrastructure, cloud environments, networks, or applications sold on Russian hacking forums so far in 2023. Initial access brokers (IABs) operate across multiple dark web forums and specialize in gaining access to corporate IT environments which are then auctioned […]