|
Initial Access Broker
Initial access brokers (or IABs) are cyber threat actors who specialize in gaining unauthorized access to computer networks and systems and then selling that access to other threat actors such as ransomware. IABs are parts of ransomware as a service economy, also called "cybercrime as a service economy". Description IABs use a variety of methods to gain initial access, including exploiting vulnerabilities in remote access services like RDP and VPNs, bruteforcing login credentials, and leveraging malware that steals account information. Access are often sold on auctions in underground criminal forums or directly provided to ransomware affiliate groups to expedite attacks. IABs seek access to virtual private networks, remote desktop protocol, Web applications, and email servers. Email services will be used to commit spear phishing and business email compromise (BEC). In 2020, the average price for a network access is $5,400. The median price is $1,000. By providing initial ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Threat Actor
In cybersecurity, a threat actor, bad actor or malicious actor is either a person or a group of people that take part in Malice (law), malicious acts in the cyber realm including: computers, devices, systems, or Computer network, networks. Threat actors engage in cyber related offenses to exploit open Vulnerability, vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: Cybercrime, cyber criminals, Nation state, nation-state actors, Ideology, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. Background The development of cyberspace has brought both advantages and disadvantages to society. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Email Server
Within the Internet email system, a message transfer agent (MTA), mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using the Simple Mail Transfer Protocol. In some contexts, the alternative names mail server, mail exchanger, or MX host are used to describe an MTA. Messages exchanged across networks are passed between mail servers, including any attached data files (such as images, multimedia, or documents). These servers often keep mailboxes for email. Access to this email by end users is typically either by webmail or an email client. Operation A message transfer agent receives mail from either another MTA, a mail submission agent (MSA), or a mail user agent (MUA). The transmission details are specified by the Simple Mail Transfer Protocol (SMTP). When a recipient mailbox of a message is not hosted locally, the message is relayed, that is, forwarded to another MTA. Every time an MTA receives an email message, it a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dridex
Dridex, also known as Bugat and Cridex, is a type of malware that specializes in stealing bank credentials through a system that utilizes macros from Microsoft Word. It primarily targets Windows users who open malicious email attachments in Word or Excel, triggering macros that download Dridex and infect the system, exposing the user to banking theft. Dridex is designed to steal banking information from infected machines and immediately launch fraudulent transactions. It installs a keyboard logger and performs injection attacks to capture sensitive data. History Dridex first appeared in 2012 as an evolution of the earlier Cridex and Bugat banking trojans. It incorporated elements of its predecessors’ code but introduced a peer-to-peer (P2P) communication architecture to enhance concealment and redundancy. By 2015, it had become one of the most prevalent financial malware strains, particularly targeting banking credentials through email-based phishing campaigns and malic ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Conti (ransomware)
Conti is malware developed and first used by the Russia-based hacking group "Wizard Spider" in December, 2019. It has since become a full-fledged Ransomware as a service, ransomware-as-a-service (RaaS) operation used by numerous threat actor groups to conduct ransomware attacks. The Conti malware, once deployed on a victim device, not only encrypts data on the device, but also spreads to other devices on the network, obfuscates its presence, and provides a remote attacker control over its actions on the objective. All versions of Microsoft Windows are known to be affected. The United States government offered a reward of up to $10 million for information on the group in early May 2022. Description RaaS model According to leaked playbook core team-members of a Conti operation manage the malware itself, while recruited affiliates are tasked with exploitation of victim networks and encryption of their devices. Conti's ransomware as a service model varies in its structure fro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Clop (cyber Gang)
Clop (sometimes written “Cl0p”) is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met. Clop increasingly uses pure extortion approaches with "encryption-less ransomware". It also employs more complex attacks, such as zero-day, that have a significant impact and allows them to demand higher ransom payments. Description Clop is a Russian-speaking ransomware gang. According to the US Cybersecurity and Infrastructure Security Agency (CISA), Clop is "driving global trends in criminal malware distribution". Clop avoids targets in former Soviet countries and its malware can't breach a computer that ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BlackCat (cyber Gang)
BlackCat, also known as ALPHV and Noberus, is a computer ransomware family written in Rust. It made its first appearance in November 2021. By extension, it is also the name of the threat actor(s) who exploited it. BlackCat operates on a ransomware as a service (RaaS) model, with developers offering the malware for use by affiliates and taking a percentage of ransom payments. For initial access, the ransomware relies essentially on stolen credentials obtained through initial access brokers. The group operated a public data leak site to pressure victims to pay ransom demands. The group targeted hundreds of organizations worldwide, including Reddit in 2023 and Change Healthcare in 2024. Since its first appearance it was one of the most active ransomware operations. As of February 2024, the U.S. Department of State was offering rewards of up to US$10 million for leads that could identify or locate ALPHV/BlackCat ransomware gang leaders. In March 2024, a representative for Black ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
