Cybercrime & Digital Threats

This report discusses how malicious actors will be able to deploy harpoon whaling attacks, which are highly targeted whaling attacks on specific groups of powerful and high-ranking individuals, by abusing AI tools.

This article gives an overview of the elements of virtual kidnapping and how malicious actors use social engineering tactics and abuse AI voice cloning tools and ChatGPT to launch these attacks.

This report delves into the nature of pig-butchering scams, how scammers carry out their operations, the new pig-butchering tactics we’ve observed in the wild, and what individuals can do to avoid falling for these fraudulent investments and dealing with massive amounts of debt.

We explore three differently sized criminal groups to determine how they compare to similarly sized legitimate businesses in terms of how they are organized. We also discuss the advantages of knowing the size of a target criminal organization for cybercrime investigators.

Our research identifies sensitive environmental variables in the Microsoft Azure environment that, when leaked, can be used by malicious actors to compromise the entire serverless environment.

We looked into professional and business networking platform LinkedIn and how cybercriminals abuse the platform to victimize users and companies, and how they monetize posted personal, career, and organizational information.

In this article, we briefly detail what IPFS is and how it works at the user level, before providing up to date statistics about the current usage of IPFS by cybercriminals, especially for hosting phishing content. We will also discuss emerging new cybercrime activities abusing the IPFS protocol and detail how cybercriminals already consider IPFS for their deeds.

A look into the cybercriminal gender gap, the status and perceptions on gender profiles in the underground, and the role assumptions have for law enforcement.

Our research paper shows how decision-makers that are in a position to affect ransomware at scale – including policy-makers and industry leaders – can use data-science approaches to understand ransomware risk holistically and build cybersecurity strategies that can affect the ransomware ecosystem as a whole.