Cybercrime

Exposing the New Potential Ways Royal Ransomware Gets Delivered

DEV -- 0569, a threat actor Microsoft has been monitoring, was recently observed deploying Royal ransomware via pages posing as legitimate software download sites and repositories, among other stealthy tactics. He has so far used fake download sites for Adobe Flash Player, AnyDesk, Zoom, and TeamViewer in phishing emails and domains.

Why Domain Seizure May Not Stop Money Mule Recruitment Campaigns

In the realm of cybersecurity, seizing domains unfortunately doesn't always mean the end for the threats they pose. Such could be the case for the 18 domains U.S. law enforcement agents recently took offline for their ties to a money mule recruitment operation reported by Bleeping Computer.

From Counties to Banks: Tracing the Footprint of Ransomware Attack IoCs

SecurityScorecard published a report on a cyber attack that a U.S. county victim announced on 11 September 2022. With ransomware attacks against local government units increasing in the past few years, WhoisXML API researchers decided to build on the list of IP addresses related to the attacks.

Watch Out, That Browser Extension Could Be Cloud9 in Disguise

Zimperium zLabs threat researchers recently reported the case of the Cloud9 Chrome Botnet, and rightly so. Many of us seem to forget just how much information cybercriminals can steal from our browsers.

Is There More to the New Transparent Tribe TTPs?

The Pakistan-India rivalry has been going on for some time now, not just in sports events but also online in the form of cyber attacks. Zscaler ThreatLabz has been monitoring a result of this ongoing friction -- Transparent Tribe, also known as "APT -- 36" -- since the start of this year.

Nothing Funny or Romantic about These RomCom IoCs and Artifacts

The threat actor dubbed "RomCom," known for deploying spoofed versions of popular software, has been quite busy these past few months. In the past, he was seen imitating Advanced IP Scanner and PDF Filler. More recently, though, he's been targeting Ukraine, the U.K., and other English-speaking countries by spoofing SolarWinds, KeePass, PDF Reader Pro, and Veeam.

Robin Banks May Be Robbing You Blind

You may be wondering who Robin Banks is, but you should instead ask what Robin Banks is. Robin Banks is a phishing-as-a-service (PhaaS) platform that first surfaced in March this year. The name is a play on the phrase "robbing banks," coined by IronNet researchers who introduced the malicious platform to the world.

Investment-Related Cybersquatting: Another Way to Lose Money?

This year, the stock market is at its most volatile state due to several factors. Debates abound about whether 2022 will be as bad as 2008, but we'll leave that up to the experts.

The Business of Cybercrime: Does Malicious Campaign Planning Take as Long as Legitimate Marketing Campaign Planning?

It has become customary for cybercriminals to ride on famous brands to make their nefarious campaigns work. The release of the world's most-awaited tech gadgets is no different. And given the public attention and techies' innate desire to be first to own the latest gadgets, threat actors will always zoom in on prospective buyers via the most ingenious scams.

2022 CSC Domain Security Report Finds Nearly Three-Quarters of Global 2000 Companies are at Alarmingly High Risk of Exposure to Security Threats

We have just released our third annual Domain Security Report that found three out of four Forbes Global 2000 companies have not adopted key domain security measures - exposing them to high risk of security threats. These companies have implemented less than half of all domain security measures.