In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Updates on ThiefQuest, the Quickly-Evolving macOS Malware
July 17, 2020
Right as July of this year began, we noticed an emerging malware dubbed by most as ThiefQuest (also known as EvilQuest), a threat that targets macOS devices, encrypts files, and installs keyloggers in affected systems. It has been found in pirated versions of macOS shared on popular torrent sites. Developments on the malware have been ...
- Threat Actors Introduce Unique ‘Newbie’ Hacker Forum
July 16, 2020
A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals. Digital Shadows on Thursday published a report that takes a deep dive into CryptBB, ...
- Iranian cyberspies leave training videos exposed online
July 16, 2020
One of Iran’s top hacking groups has left a server exposed online where security researchers say they found a trove of screen recordings showing the hackers in action. Discovered by IBM’s X-Force cyber-security division, researchers believe the videos are tutorials the Iranian group was using to train new recruits. According to X-Force analysts, the videos were recorded ...
- LokiBot Redux Attacks Massive List of Common Android Apps
July 16, 2020
Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that’s attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices. The apps targeted include: Amazon, eBay, Facebook, Grinder, Instagram, Netflix, PlayStation, Reddit, Skype, Snapchat, TikTok, Tinder, Tumblr, Twitter, Uber and VK, ...
- New BlackRock Android malware can steal passwords and card data from 337 apps
July 16, 2020
A new Android malware strain has emerged in the criminal underworld that comes equipped with a wide range of data theft capabilities allowing it to target a whopping 337 Android applications. Named BlackRock, this new threat emerged in May this year and was discovered from mobile security firm ThreatFabric. Researchers say the malware was based on the ...
- Diebold Nixdorf warns of a new class of ATM ‘black box’ attacks across Europe
July 16, 2020
ATM maker Diebold Nixdorf is warning banks of a new type of ATM “black box” attack that was recently spotted used across Europe. ATM “black box” attacks are a type of jackpotting attack — when cybercriminals make an ATM spit out cash. A jackpotting attack can be executed with malware installed on an ATM, or by ...