In face of so many new ransomware brands, and still remaining RaaS operations such as Medusa, Qilin, and DragonForce, prioritizing is not an easy task to accomplish. However, despite the amount of groups conducting attacks for extortion, the TTPs do not change that much; unless we are talking about Cl0p, Akira and other groups that pose a high risk.
Therefore, to prevent your company from falling prey to opportunists looking for such low-hanging companies to attack, Group-IB’s Threat Intelligence Team decided to write a very straightforward report on TTPs of The Gentlemen; whose TTPs overlap with techniques of other financially motivated threat actors conducting intrusions for extortion. The information shared in this blog comes from intrusion analysis and underground private sources monitored by Group-IB’s Threat Intelligence Team. Thus, the information has a high confidence level.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Landscape for Industrial Automation Systems in H2 2018
March 27, 2019
All statistical data used in this report was collected using the Kaspersky Security Network (KSN), a distributed antivirus network. The data was received from those KSN users who gave their consent to have data anonymously transferred from their computers. We do not identify the specific companies/organizations sending statistics to KSN, due to the product limitations and regulatory ...
- Malware Payloads Hide in Images: Steganography Gets a Reboot
March 25, 2019
Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look. One of the challenges of cybersecurity is that overfocusing on one threat trend means that another one can sneak up on you. This is especially problematic as our networks and the attack ...
- Medtronic’s Implantable Defibrillators Vulnerable to Life-Threatening Hacks
March 22, 2019
The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients’ chests) that gives a patient’s heart an ...
- OceanLotus adopts public exploit code to abuse Microsoft Office software
March 21, 2019
The OceanLotus hacking group is back with a new campaign in 2019 complete with new exploits, decoys, and self-extracting malicious archives. Also known as APT32, SeaLotus, APT-C-00, and Cobalt Kitty, OceanLotus is a hacking group which operates across Asia and focuses on gathering valuable intel on corporate, government, and political entities across Vietnam, the Philippines, Laos, ...
- Global threat group Fin7 returns with new SQLRat malware
March 20, 2019
The notoriously well-known threat group Fin7, also known as Carbanak, is back with a new set of administrator tools and never-before-seen forms of malware. Fin7 has been active since at least 2015 and since the group’s inception has been connected to attacks against hundreds of companies worldwide. Over 100 companies have been impacted in the United States ...
- Mirai Variant Goes After Enterprise Systems
March 18, 2019
The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises. Researchers have discovered a new variant of the infamous Mirai IoT botnet, which has been sniffing out and targeting vulnerabilities in enterprise wireless presentation and display systems since January. Palo Alto Network’s Unit 42 researchers said that the newest ...