The rise in cybercrime has accelerated 600% over the last three years, and shows no signs of slowing down. Even though the pandemic accelerated online services, data, and particularly vulnerable home networks, the truth is that cybercriminals are caught only 0.03 percent of the time. That rate, combined with the fact that the average cost of a data breach stands at $3.86 million makes for an attractive calculation for cybercriminals.

2022 saw several significant and historical cases in the ransomware industry, new players were introduced and some already have caused major damage to top-of-the-line organizations around the world. Although LAPSUS$ commenced its operations in December 2021, they have made its greatest impact in 2022, compromising major organizations such as NVIDIA, Vodafone, Samsung Microsoft, LG and Okta.

Within the context of the recent Conti leaks, we have seen the Jabber chats, indicating the size, scope, order, and structure of the Conti group. The subsequent leaks contained screenshots, documents, and the holy-grail – the source code itself.

There is a war going on. We see a twist in the cyber world considering recent events. While some groups take sides, whether in favor of Russia or Ukraine, some groups have gone MIA, and others are completely ignoring and continuing with their usual business model. And then we have Conti, which, as it appears, took the biggest tumble. Conti is one of the most popular ransomware groups of our era.

As we witness history in the making, the scale and complexity of the conflict are immeasurable. When focusing on the cyber warfare aspect of the conflict we can see, first time in history, warfare that includes every type of cyber-personal, state-sponsored groups, ransomware groups, hacktivists, DDoS actors, script kitties and even volunteers that want to join the cause.

First observed in 2021 and advertised as a standalone version on various cybercriminal forums, Mars is an information stealer mainly targeting Windows victim credentials and cryptocurrency wallets including 2FA plugins and any essential system information. Mars is also capable of loading any type of file by downloading and executing them from a given drop-zone. Over the past several months, Mars took the place of a solid info stealer.

AvosLocker is a relatively new ransomware written in C++ that was first seen in June 2021. Their business model is ‘Ransomware-as-a-Service’ (RaaS), and even though they have been operating for less than a year now, they’ve been successful overall when it comes to victims. The group openly and publicly tries to recruit new members to its team and operates a TOR leak site, showcasing the latest victims, as all other ransomware groups do.

Over the past months, Cyberint Research Team observed a new group that emerged on several underground forums. What seemed to be “yet another info stealer seller” has turned out to be something far more interesting. As the group is named Jester Stealer, that were, at first, selling a fairly sophisticated info stealer (Figure 1). Other evidence suggests that there is much more to it. Cyberint Research Team discovered a developing threat group that gets their claws into whatever they can find.

Moving into 2022, looking back at the plentiful year of 2021, regarding security, we at the Cyberint Research Team will try and shed some light on the upcoming year: the key security risks and threats, and what we feel will change in the coming year. We will focus on the actions required to be as vigilant and protected as possible.

Subscriptions-based services are a reality we all are getting used to; most people no longer buy physical media for example, opting to use streaming services for movies and music. This has numerous advantages like letting us explore new artists and genres without additional costs and commitment. Yet, while best known for its implementation in the digital world, subscription payment models are slowly but surely being adopted by more and more industries.