RESOURCE CENTER

Analyst Reports

From Netflix to Hulu: Streaming Services under Cyber Attacks

The internet has become a significant part of modern life, with an estimated 5.4 billion users globally in 2022. The media industry has been particularly affected by the growth of the internet, with companies like Netflix evolving from DVD sales and rental to a subscription-based video streaming platform with 223 million subscribers. The COVID-19 pandemic has also led to a shift in consumer behavior, with more people staying at home and a decrease in demand for theaters and cinemas, leading to an increase in demand for video streaming services. Threat actors have taken advantage of this change, targeting user accounts on these platforms and creating a market for stolen accounts. This report, created by CatchProbe analysts using the CatchProbe DarkMap infrastructure, explores the findings on this issue.

Collaborative Cyberattacks

Our research has revealed that threat actors often work together and support each other, forming groups that are capable of launching devastating attacks. These groups can range from small, highly specialized teams to larger networks of individuals with varying levels of technical expertise. Together, these threat groups are capable of causing significant harm, including stealing sensitive data, disrupting critical infrastructure, and spreading malware to infect systems and devices. They are also known to engage in extortion and ransom attacks. Read the report now to find out more about their recent collaborations and their impacts.

Credential Stuffing Activities

Despite the evolving technologies and methods, threat actors have not completely abandoned some of their old techniques. Some of the most damaging attacks are the ones that seem the simplest and easiest to execute. Among the three methods, "Credential Stuffing" stands out as one of the most prominent examples that targets users, along with "Brute Force" and "Password Spraying." Given how easy it is to use and how little technical expertise is needed, credential stuffing is becoming more and more popular among threat actors.

Target: Gamers

If you pay attention to the news, you can't help but notice that the number of companies that have suffered data breaches recently has been on the rise. In addition, cybercriminals are going after a wider variety of data sources, both to sell and to use for extortion purposes. And there is a wealth of data in the gaming industry that is attractive to a diverse range of cybercriminals. Intellectual property theft is one of the most significant concerns for these businesses. And it is easy to understand why threat actors would be interested in this: the creation of a game or platform requires a sizeable investment, and so this has obvious appeal to threat actors involved in corporate espionage. But as the size of the online gaming market has expanded, it has drawn other types of cybercriminals looking to profit from ransomware, online fraud, and stolen accounts. This second target is gamers.

Albania severed its ties with Iran

Countries now use the internet for everything from public opinion polls and global perception surveys to diplomacy. Despite the internet's widespread utility, it is not risk-free; national security concerns rank high among these dangers. A large number of countries have created cyber armies and are investing heavily in their development. It was previously debatable whether cyberwarfare belonged in the same category as land, sea, and air combat; however, NATO's official recognition of the concept in 2016 put that to rest. Albania, however, is the first country to cut diplomatic relations as a direct result of cyberattacks. This report examines the findings related to the cyberattacks and events that triggered this response, and how other countries responded to the decision.

Government Data Breaches

Leaks of classified and unclassified information that were previously only known to those working within the confines of the government have been happening for years. These leaks highlight the fact that in the digital age, information of any kind is vulnerable to compromise. We hope that by aggregating this data, we can not only help victims learn about data breaches, but also highlight the severity of cyberattack risks and their repercussions, particularly for government institutions, given that such breaches harm sensitive interests, such as those pertaining to security and faith in national security services. This report details recent data breaches in Russia, the US, Israel, and other nations.

Georgia Report Incremental Cyber Threats

Russia's patriotic hacktivism has cycled up and down since the end of the war and Georgia has been exposed to various cyberattacks. The targeting of many private and public sector websites in 2019 and the targeting of Georgian health institutions in September 2020 are some examples of this trend. The Georgian administration declared that it held Russia responsible for these attacks, but Russian authorities denied their claims. In this report, CatchProbe analysts examined the data collected using CatchProbe's web intelligence product DarkMAP to investigate how citizens of Georgia have been put in danger as a result of the recent cyberattacks against the country.

Recent Financial Breaches

According to the Ponemon Institute’s "Cost of a Data Breach Study: Global Analysis", per capita, data breach costs are nearly 40 percent more in the financial sector than the average of all industries combined. The increasing frequency, sophistication, and destructiveness of state-sponsored cyberattacks against financial institutions is a catalyst to the worsening cybersecurity risks to the financial system. Other major threats include third-party vulnerabilities and the more traditional methods of attacks such as denial of service, social engineering, drive-by downloads, and phishing to spread banking Trojans, as well as malicious insiders. This report reveals recent data leaks in financial services companies and outlines the steps that must be taken to detect and prevent data leaks.

Future of Ransomware

In 2020 alone, the amount of money lost o ransomware attacks totaled nearly $400 million USD. This number is expected to exceed $265 billion by 2031. This report will assess the trends in ransomware, to include an analysis of how these changes will likely impact the global threat environment in the years to come. More specifically, we will look at what changing TTPs tell us about the future of ransomware and what changes in organized crime are being noticed by threat intelligence researchers.

Killnet

As long as there are opportunities to profit from cybercrime, threat actors will continue to find new ways to exploit vulnerable systems and processes, and our investigations reveal the complexity with which these attacks have evolved to evade the adopted organizational cybersecurity defenses. This report analyzes the activities of the cyberthreat organization KILLNET. The majority of the organization's operations in a number of nations consist of cyberattacks with political or economic motivations. KillNet is known to have ties to Russia, and their cyberattacks have the potential to pose a threat to nations.

AI Powered Social Engineering

If asked to explain what they know about cyber security, most people would likely respond with an answer that references hackers, computer viruses, or some form of basic information security they learned at their job. Far fewer people would cite a technical aspect of cyber security unless it was related to their work, and fewer still would reference social engineering attacks. This is not very surprising given that social engineering is not itself a technical concept or attack method despite it being to one of the more successful ways that threat actors gain unauthorized access to private networks. And the reason for social engineering’s ongoing success is because it targets the weakest link in the security chain: people. And advances in artificial intelligence (AI) are expanding its success rate.

The Illicit Trade of Firearms

We need robust cyber intelligence to detect and monitor arms smugglers who are using the Internet for illicit activities or the online sales of 3D-printed weapons or its blueprints that are difficult to trace back to their original source once in the hands of the criminals. DarkMap identifies websites that facilitate the purchase or sale of weapons, as well as the threat actors who facilitate these transactions, and has demonstrated excellence in geo-profiling, profiling crime and criminals, and understanding criminal characteristics.

Evolving Ransomware Gang

Ransomware is successful because it is effective. In many cases, organizations lack the necessary cyber defenses to prevent cybercriminals from infiltrating their network in the first place, while criminal organizations are constantly adapting their tactics, techniques, and procedures (TTPs) to compensate for advances in information security and technology. A striking case study is the evolution of Lockbit. In comparison to its rivals, the Lockbit gang has made a number of major advances and because Lockbit attackers target businesses of all sizes, all organizations need to be informed about ransomware and the potential harm it can cause. This begins with efforts to detect the activities of the groups responsible for these damaging attacks. Therefore, the significance of cyber intelligence is once more at the forefront of the discussion. Our intelligence-based forecasts regarding the report were validated by the findings CatchProbe has uncovered.

Attacks & Threat Actors in the Recent Threat Landscape

This research was compiled by CatchProbe's expert cyber security team to aid in the identification and analysis of current cyber security risks, with a focus on the most prevalent attack vectors and threats encountered in 2022. The findings of this report also demonstrate that the amount and range of vulnerabilities posed by these data breaches to institutions is constantly rising, and cybercriminals' persistent efforts to obtain and leak sensitive information leaves organizations vulnerable to significant risks.

North Korean Threat Actors

North Korean state-sponsored cyber threat groups targeting many government institutions have been found to target critical infrastructures of countries and leak data from many important systems. This report sheds light, in particular, on the activities of the Lazarus Group. Because their attacks have the potential to be viewed as both criminal acts and acts of terror, the Group poses a threat not only to individuals but also to organizations and nations. The report includes an analysis of the damages caused by their cyberattacks, as well as an analysis of the motivations behind their activities.

The Quiet Theft of Your Computing Resources

Different types of malware have their moments in the spotlight, often times raising the public’s awareness of certain threats thanks to significant media attention that eventually wanes. This is most recently evidenced by the media’s focus on ransomware and its proliferation following the outbreak of COVID-19. However, prior to ransomware becoming the primary focus of global attention the world was dealing with a different type of malware that today receives relatively little attention despite its increased use over the years. This malware is commonly known as cryptojacking malware. Cryptojacking refers to the use of malware that leverages a computer’s resources in order to “mine” cryptocurrencies. This report examines its evolution in more detail.

The Rising Tension

As a global manufacturer and exporter, Taiwan is particularly prominent in the electronics and technology sectors as it provides the production networks and components that are necessary for EU and US exports. And at a first glance, it per se is a $490 billion economy – roughly the size of Belgium or Poland. Taiwan also dominates the global chip market, producing an average of 65 percent of the world's chip supply. But is it now all under the risk of cyberattacks due to the rising tension between Taiwan and China? This report reviews the cyber events that have occurred, especially following the US House Speaker Nancy Pelosi's visit to Beijing.

Risks to Personal Data Security

The number of “data surfaces” people and businesses expose themselves to is significant. This report is going to demonstrate how web and threat intelligence can help expose these different data touch points and how they can be exploited by threat actors. While most data exploited by criminal threat actors is leveraged for monetary gain, this report will also look at data-based threats for non-monetary gain. The report will also examine ways you can reduce the amount of data you expose to third parties, as well as how you or your organization can remain alert to data breaches and data loss.

Target of Cyberattacks: The Energy Sector

The halt or delay of production or distribution of energy has severe repercussions because almost every sector relies on energy, particularly crucial ones such as health, agriculture, and logistics, and there are already limitations on the quantity and utilization of sources. Due to its critical relevance, politically-motivated threat actors and APT groups have been attracted to the energy sector. The attacks on the energy sector, their outcomes, and the sources of the threat actors' motivation for carrying out these attacks were investigated using the CatchProbe infrastructure. Findings were then analyzed and interpreted by CatchProbe analysts to create this report. The research also highlights potential future risks and the severity of the threat.

Threats of E-Commerce

Since the year 2000, e-commerce systems have become more advantageous than traditional marketing methods, as they have facilitated communication and enabled even the smallest retailer to market their products globally. But in the midst of its developments, threat actors were drawn in by the increasing volume and began attacking e-commerce systems for financial gain. Read CatchProbe’s report now to find out how threat actors utilize their skills to make their attacks appear more plausible as revealed by the findings of DarkMap which are procan be investigated further in the subsequent sections of this report.

Healthcare Cyber Attacks

In recent years, technological advancements such as the archiving of patient information on electronic media, the remote monitoring of patients using technological methods, the use of medical devices with varying degrees of automation and the integration of institutions into the health sector through a strong and fast communication network have provided numerous benefits, but have also made the health sector susceptible to cyberattacks. CatchProbe experts analyzed and examined the information acquired utilizing the CatchProbe DarkMap infrastructure which uncovered tens of thousands of threat actors, groups, and illegal platforms that have been identified to launch attacks against the healthcare sector to compile this report.

Drug Traffic Report

DarkMap continuously monitors Telegram channels to detect threat actors, as Telegram has become a heavily used communication tool in drug dealing. The examination of the discovered platforms reveals that numerous drug cartels have developed their own e-commerce platforms, as well as a delivery chain that ensures that the disruption of one does not affect the others. Moreover, because of the use of cryptocurrencies for payments and the numerous safety measures that are implemented throughout the process of the delivery of the drug, the market for illegal drugs is growing at an alarming rate. Read CatchProbe's report now to find out more.

Government Data Breaches: Russia

This report reveals the destructive effects and consequences of the data leaks resulting from cyber operations carried out against countries and public institutions and analyzes the current cyber intelligence activities and the importance of cyber intelligence factor in ensuring public security. The findings revealed and analyzed here were being shared on the dark web to harm the Russian government and its state institutions. Read CatchProbe's report now to learn more about the threats governments face.

Latest Leaked: Critical Data Breaches

Cybersecurity is an ongoing battle, with cybercriminals constantly seeking ways to steal information and security experts trying to stop them. Read CatchProbe’s report now to learn about the most recent critical data breaches, active threat groups and heavily targeted sectors as well as the most common causes of information leaks in organizations, and the consequences organizations’ face if they fail to protect data.

Cybercrime: Money Laundering

Money laundering techniques, which are integral for preserving the power of criminal organizations, have adapted to technological advancements and have begun to be carried out virtually. Constantly modifying their money laundering strategies, criminal actors are likely already employing the next technique when it is revealed. This demonstrates the significance of cyber intelligence feeds. DarkMap continuously monitors potential threats and illegal platforms. Undoubtedly, knowing the characteristics of the threat actors, the new techniques they employ, and their thoughts will strengthen the fight against this crime. Read the remaining sections of the report to view the findings detected by DarkMap.

Malicious Mobile Software & Espionage Activities

The tiny computer that we carry around in our pockets is now the most significant element of our lives, people use them throughout the day, store even the most private information on them, and use numerous sophisticated services. Which is also why our cell phones are susceptible to a wide range of threats. Some threat actors act with political and ideological motivations, while others target smartphones for financial gain. Either way, if the campaign is successful, the outcomes are disastrous. To learn more about the most recent incidents, read CatchProbe's report now.

Antisemitic Cyber Attacks

Threat actors favor the Dark Web because browsers cannot index it. Darkmap infrastructure, on the other hand, is continually scanning the environment in order to collect various types of data. DarkMap's scans revealed that, Israeli government entities as well as private websites are constantly attacked by cybercriminals. The scans performed by DarkMap also uncovered a number of leaks that were not motivated by anti-Semitism but yet affected a significant number of Israeli citizens. To learn more, read CatchProbe's report now.

Next Target: Moldova

The President of Belarus Alexander Lukashenko’s briefings at the Belarusian Security Council meeting turned the eyes to Moldova while the war between Russia and Ukraine continues. The map President Lukashenko was pointing at had an extremely important detail regarding the war plans in Ukraine: an arrow pointing to Moldova through the city of Odessa. An image that may as well be an announcement of what’s already well-known, an image that seems quite suitable for Russia's war strategies.

Pakistan Army & Nadra

By using the CatchProbe product family, the leaked, published and disclosed information regarding the data leaks of Pakistan Army and Nadra on the internet was obtained and analyzed which showed the threats they face. It is noteworthy that the passwords created by the employees of these institutions had used a simple password policy, which pose the most danger to the institution. Moreover, many other leaks such as important customer records, personal data of personnel and immigrants and many passports are found to be being sold online. Explore the CatchProbe's Government Intelligence report to find out more.

Cyberwar Between Russia & Ukraine

The war between Russia and Ukraine enter into a different dimension with each passing day while the tension continues to rise. The war continues where it is called the 5th battlefield, the cyberworld. And a point that escaped everyone's attention was when the whole world wasfocused on the military build-up of Russia in the region. Which is the cyberattacks that started long before the military invasion. State-sponsored cyberattacks are undoubtedly at the forefront of Russia's war strategies. As a matter of fact, in 2008, Russia launched two-pronged cyberattacks against Georgia, together with the Russian intelligence agency GRU and state-sponsored hackers.

Structured Malware Analysis on Energy Systems of Azerbaijan

This report was created as a result of the cyber intelligence study performed on the cyber-attack campaign that was discovered to be against the public and private sector of Azerbaijan. The malware was found to be a RAT-type malware written specifically for remote control operations. The malware was obtained from the analyses and technically examined with reverse engineering studies to understand the motivation for its creation. The studies discovered and determined a first of its kind "Remote Access Trojan" (RAT) type malware called PoetRAT which was created using advanced techniques. In line with the technique, usage pattern and timing of the campaign, it is predicted that it and similar attacks will continue to be perpetrated.