Between 2009 and 2015, the two individuals – Aleksandr Skorodumov, 33, of Lithuania, and Pavel Stassi, 30, of Estonia – served as administrators for an organization that offered bulletproof hosting to malware families such as Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The organization, which was founded and led by Russian nationals Aleksandr Grichishkin…

The threat group, tracked until now by Mandiant as UNC1878, has been around since at least October 2018. The UNC classification is assigned to “uncategorized” entities before the cybersecurity firm can determine with certainty if it’s a financially-motivated group (FIN) or a state-sponsored advanced persistent threat actor (APT). The threat group, tracked until now by…

The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers. Two common attack methodologies have been phishing (where the pandemic has provided the opportunity to add two of the most compelling social engineering triggers:…

The attackers are a group that uses the BlackMatter ransomware and the victim is Fort Dodge, Iowa-based New Cooperative, which has 60 members and offers agronomy, grain, feed, energy, and software solutions. New Cooperative has confirmed that it’s dealing with a “cybersecurity incident” that has impacted some of its systems. The company says it has…

WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals. On Thursday, WooCommerce said that on July 13 it received a report of a critical vulnerability in the plugin, urging users to update their installations as soon as possible, but without…

One of the most common ways cybercriminals breach enterprises is by finding security vulnerabilities in the applications they use. The last year delivered a plethora of security challenges. Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure…

From Egregor to Doppelpaymer to Ryuk, it continues to command headlines. Pandemic-fueled phishing scams, the lack of visibility across remote endpoints, and lax attitudes have been a boon for ransomware groups over the last year. Worst of all, ransomware no longer discriminates. It dominates small towns and municipal offices, video game makers, and shamelessly, healthcare…

The automated scam service has been named Classiscam by Group-IB and it’s meant to help cybercriminals steal money and payment data from unsuspecting victims, through the use of fake pages mimicking those of legitimate classifieds, marketplaces and delivery services. The Classiscam scheme is powered by Telegram chatbots, which generate a complete phishing kit, including courier…

The year 2020 has given us a contentious U.S. election, a global economic crisis, and most notably a global pandemic. Disinformation has wreaked havoc in our ability to discern fact from truth, ransomware has been delivering ever more serious consequences, and insider leaks continue to validate privacy concerns despite increased adoption of privacy laws across…

What was it like working cybersecurity this year? We know all the obvious answers: The pandemic forced just about everyone to work from home, security teams had to scramble to protect disparate networks and home setups, and cybercriminals made life miserable by taking advantage of the chaos. But with 2020 a few days shy of…