Malware is not a new attack vector but, over the past few years, the Cyberint research team was observed a resurgence of this threat. In particular, a specific type of malware known as InfoStealers has become a serious risk. This blog post will drill down on InfoStealers and discuss the lifecycle of an InfoStealer attack, from beginning to end.

On March 15, the FBI arrested an individual suspected of being the notorious Pompompurin, the admin of one of the most popular cybercrime forums today – BreachForums.The individual is a 21-year-old, Conor Brian Fitzpatrick who federal agents claim admitted to being the famous Pompompurin. Pompompurin is a famous cybersecurity individual which whom anyone in the community is familiar. The BreachForums is still up and running and is currently managed by another admin named Baphomet.

Cybersecurity isn’t easy in any industry, but it is perhaps most challenging for the banking, financial services, and insurance (BFSI) sector. Financial institutions are highly digitized and have large, complex IT infrastructures with many environments and assets to protect. At the same time, these enterprises are highly targeted by threat actors, leading to a constant barrage of attacks to detect and disrupt.

First observed in 2019 and advertised (Figure 1) as a ‘Malware-as-a-Service’ (MaaS) threat on various cybercriminal forums, Raccoon is an information stealer targeting victim credentials and cryptocurrency wallets. Seemingly favored by some threat actors due to its simplicity, the malware element of Raccoon omits advanced features, such as those used to evade detection, and instead focuses on the ‘stealer’ task in hand.

Ransomware is one of the most painful threats to organizations worldwide. As this industry keeps on growing both in number of groups and improved technology, every now and then global authorities are able to get their hands on individuals and important data that can mitigate and prevent this threat. This week, the FBI was able to take down the notorious Hive Ransomware group’s Onion Site.

Over the weekend, a relatively new ransomware group named Nevada Ransomware initiated a first massive campaign, targeting any ESXi machine that is exposed to the internet. The group seemed to compromise hundreds of servers over the weekend and caused major damage. Although the scale of this campaign is one of the biggest we have seen, it might already have a solution.

In the world of cybersecurity, it’s widely understood that threat intelligence must be “actionable.” Although this is true, it’s just one characteristic of what makes threat intelligence valuable to a business. There are several other criteria that must be satisfied for intelligence to be impactful. At Cyberint, we believe that impactful intelligence is the next step in the evolution of cyber threat intelligence.

Cybersquatting, or domain squatting, is registering, trafficking in, or using an internet domain name solely with the bad faith intent of profiting from the goodwill generated by a trademark that belongs to someone else. It refers to a bad faith abusive registration of a domain name in violation of someone else’s trademark rights.

We are proud to announce that Cyberint has been named a Sample Vendor in the ‘Hype Cycle for Security Operations, 2022’ under three categories: Digital Risk Protection Services; External Attack Surface Management and Threat Intelligence Products & Services. Cyberint has also been named in 2022 Gartner reports ‘Emerging Tech Impact Radar: Security’ and ‘Emerging Tech: Adoption Growth Insights in Digital Risk Protection Services’.

A phishing attack is a fraudulent email pretending to be from a safe, familiar, or reliable source intended to induce the email recipient to reveal personal information such as financial information, personally identifiable information (PII), Passwords, or credit and bank account numbers to the writer.