Cybercrime & Digital Threats

We discuss the behaviors and external indicators of some phishing campaigns that we observed from the latter part of December 2020 to the first weeks of January 2021.

Cybercriminals use legitimate-looking domains in their phishing-and-scam schemes in an effort to lure more victims and avoid early detection.

We discovered a Negasteal variant that uses hastebin to filelessly deliver Crysis ransomware to the victim's system.

We discuss the present state of the malicious uses and abuses of AI and ML and the plausible future scenarios in which cybercriminals might abuse these technologies for ill gain.

We take a closer look at an emerging underground market that is driven by malicious actors who sell access to a gargantuan amount of stolen data, frequently advertised in the underground as “cloud of logs."

Communication apps have caught the eye of malicious actors who are always looking to integrate new techniques in their malicious activities.

Threat actors take advantage of the spread of COVID-19 for malicious campaigns. Goods and services related to the virus also appear in underground marketplaces and cybercriminal forums.

Starting this year, Ryuk began using another dropper called BazarLoader (also known as BazarBackdoor), which is primarily distributed via phishing emails that contain either malicious attachments or links to websites that host malware.

Our underground monitoring revealed several ways how criminals have been entertaining themselves during isolation, with normal activities that offer cyber-crime-related prizes.