Cybercrime

Cybercrime / Industry Updates

Probing an Active Digital Trail of Iranian Hackers

WhoisXML API threat researcher Dancho Danchev obtained a publicly accessible list of email addresses known to be owned and used by Iranian hackers. The email addresses led us to more than 4,400 domain names, any of which can be weaponized and used in phishing, credential theft, and other forms of cyber attacks. more

Who Could Be Behind the Latest GitHub-Hosted Malware Infrastructure?

GitHub is a popular code repository used by almost all software developers. Anyone can access it to share their code with practically anyone interested. Unfortunately, not every GitHub user is trustworthy. It has, in fact, been used to host malware at least a couple of times. more

Should We Consider the Maze Ransomware Extinct?

The Maze Ransomware Group is one of the most notorious threat actor groups targeting large enterprises, such as Cognizant, Xerox, and Canon, and stealing massive amounts of sensitive data. Some of their ransomware distribution methods include spamming, phishing, and brute forcing. more

Is Your Software a Top Impersonation Target?

Anything conveniently obtainable online is often ripe for cybercriminal picking, and that's certainly true for the most commonly used software. We can't live without them, after all, if we are to thrive and not just survive in the digital world. more

XCSSET Shows How Threat Actors Cope with OS Changes, Does Away with Python Like macOS

Just as software and hardware vendors push upgrades and updates for their products and services to stay secure against the latest threats, so do threat actors work as fast as possible to stay abreast of OS and version modifications. That's exactly what the XCSSET malware operators have done for their campaigns targeting macOS users to continue working. more

DIY Web Attacks Might Still Live on via WebAttacker

Age is rarely an issue when it comes to malware campaigns, and that's certainly true for WebAttacker. WebAttacker is a do-it-yourself (DIY) malware creation kit that became popular back in 2006. It was the first exploit kit made available to cybercriminals in the Russian underground market for as little as US$20. more

Exposing a Currently Active Ashiyane Digital Security Domain Infrastructure

The infamous gray hat security company Ashiyane Digital Security Team has gone back online in 2021. At that time, WhoisXML API threat researcher Dancho Danchev exposed more than 100 domains belonging to the group. This analysis was recently expanded to further explore the Iran-based threat group's Internet-connected infrastructure. more

What Is the Current State of Malicious PPI Businesses and Affiliate Networks?

Pay-per-install (PPI) businesses and affiliate networks made for a booming cybercriminal underground market from 2008 to 2013. Buoyed by the proliferation of fake antivirus (FakeAV) peddlers, operators made staggering profits from the sale of rogue security software.
 more

From Counterfeiting to Phishing: Cybersquatting Properties Target Network Device Makers

Early last July 2022, news broke out about the arrest of a CEO who allegedly sold fake Cisco networking devices. While he used e-commerce sites as sales channels, the idea that counterfeit products are also peddled through cybersquatting domains is not too far-fetched. more

Q2 2022 Domain Registration Trends Report

We tracked the digital spillovers of the Russia-Ukraine war two weeks after it began and saw how the news was reflected in domain registrations. We also noticed that even this year’s Oscars slapping incident drove relevant domain registrations. more