Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve all heard of the “dark web,” but many of us have no idea what it is and even less of how to access it. The Dark Web, a global challenge to law enforcement, is a region of the World Wide Web accessible only through special software permitting anonymity. Your search engine cannot index the Dark Web’s pages. They are not viewable on your standard web browser, requiring special software or configuration for access.

The Guacamaya group is a fairly new hacktivist group based in Latin America. The group was first seen around March 2022 as they released sensitive data of several companies based in Chile, Ecuador, Brazil and Colombia. As mentioned, the group is mainly focusing on LATAM but dabbles every now and then with campaigns in Russia. The group is defined as a data leakage threat group, which means they do not encrypt but only leak the stolen data, often they do it for free.

Open-source intelligence (OSINT) is essentially any information that can be obtained from publicly available sources. The practice of collecting this information is not new; in fact, in the early 1990s, the Deputy Director of the CIA asserted that over 80% of CIA analysis came from open-source information. Maps, phone books, printed materials, news reports, and other forms of content can provide a lot of information if one knows where and how to look.

Q3 of 2022 has provided us with many interesting insights into the ransomware industry. While the number of incidents this quarter slightly increased compared to the previous quarter.

On September 29, Microsoft Security Threat Intelligence reported two significant zero-day vulnerabilities being exploited in the wild. The two vulnerabilities, named “ProxyNotShell”, affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

It may sound counterintuitive, but the Dark Web presents an invaluable opportunity for businesses to flip the script on hackers. The Dark Web remains a relatively hidden digital space that comprises upwards of 5 percent of the entire internet. This is where cybercriminals go to peddle sensitive and valuable data after breaching vulnerable business networks.

Over the past few months, a new info stealer has emerged. Erbium Stealer is developed by an underground Russian-based group that has been operating since July. The group seems to work very professionally, creating proper documentation and keeping their clients in the loop regarding new features on an almost weekly basis, via their Telegram channel.

In a world where more and more communities and businesses are based on instant messaging applications, it is just a matter of time before instant messaging takes the spotlight away from the traditional social media and commerce platforms. Instant messaging applications are more convenient than conventional forums and social media groups. However, the instant messaging realm is also divided into different application types and purposes.

Lockbit3.0 is the number one ransomware group in the ransomware industry. The group’s operations are so vast and powerful, that we have witnessed weeks where Lockbit’s victim count was more than all other ransomware families altogether. Ever since Conti’s leaks, Lockbit overtook the ransomware throne without any intention of going down anytime soon.

For some time now the Cyberint Research Team has been witnessing attacks targeting China. While most campaigns related to OpChina are focusing on infrastructure and government data breaches, over the past weekend, a major breach of the popular social network TikTok occurred, revealing 1.7 billion records and relations to another popular Chinese app – WeChat. The group taking full responsibility for this breach is none other than the notorious BlueHornet, aka AgainstTheWest, aka APT49.