Ransomware in Context: 2024, A Year of Tumultuous Change

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "Ransomware in Context: 2024, A Year of Tumultuous Change" with a light orange arrow pointing down.

2024 has started off dramatic shifts in the ransomware landscape. In December of 2023 international law enforcement took down the BlackCat leaks site, leading to the group removing all ethical restrictions for their affiliates and declaring all organizations in Western Europe and the United States viable targets to include nuclear power plants and childrens hospitals. […]

LockBit’s Conversation on XSS Forum with an Initial Access Broker

Gradient blue background. There is a light orange oval with the white text "BLOG" inside of it. Below it there's white text: "LockBit's Conversation on XSS Forum with an Initial Access Broker" with a light orange arrow pointing down.

In February of 2024, admins of the Russian hacking forum XSS banned the primary LockBit account active on the forum. The ban was the result of a dispute between LockBit, and an initial access broker operating under the username “aa.”  The following is a conversation between AA and LockBit, posted on XSS as aa sought […]

Threat Spotlight: Data Extortion Ransomware Threats

A navy background with the white text "Data Extortion Ransomware Threats"

Over the last few years, the ransomware landscape has changed significantly. Between 2022 and 2023, ransomware attacks increased by more than 100% year-over-year, with more attacks consisting of double and triple extortion. At a high level, the categories of ransomware can be defined as: Modern ransomware attacks are no longer a lone individual sitting at […]

Cyberguerre moderne : attaques DDoS participatives

Fond bleu dégradé. Il y a un ovale orange clair avec le texte blanc « BLOG » à l'intérieur. En dessous, il y a le texte blanc : "Cyberguerre moderne : attaques DDoS participatives". Il y a un texte blanc en dessous qui dit « En savoir plus » avec une flèche orange clair pointant vers le bas.

Over the past few years, politically motivated threat actors have increasingly gone online to find allies for their causes. While ten years ago most hactivism like this was anonymous, modern actors favoring certain political elements or governments leverage a broader ecosystem. Since Distributed Denial of Service (DDoS) attacks require little technical skill, they offer a […]

Exploit Forum - Les courtiers d'accès initiaux dans les États membres de l'OTAN

Fond bleu dégradé. Il y a un ovale orange clair avec le texte blanc « BLOG » à l'intérieur. En dessous, il y a un texte blanc : « Paysage initial des courtiers d'accès dans les États membres de l'OTAN sur le forum Exploit ». Il y a un texte blanc en dessous qui dit « En savoir plus » avec une flèche orange clair pointant vers le bas.

Initial access brokers (IABs) gain unauthorized access to the system then sell this access to other malicious actors. Based on a large sample of IAB posts on the Russian-language hacking forum Exploit.in (Exploit), IABs increasingly target entities within NATO member states, with research revealing recent activity in 21 of 31 countries. Additionally, access to organizations […]

Pleins feux sur les menaces : nouvelle frontière des exploits de l'IA

Un fond bleu marine avec le texte blanc « New Frontier of AI Exploits ».

À mesure que l’apprentissage automatique (ML) et l’intelligence artificielle (IA) deviennent de plus en plus complexes, ils ouvrent de nouvelles possibilités aux organisations et aux acteurs de la menace. Au cours des quinze dernières années, les réseaux de neurones et les technologies d’apprentissage profond ont évolué à un rythme rapide. Au cours des quatre dernières années, depuis la sortie de GPT1 jusqu'à GPT4 aujourd'hui, les modèles d'IA ont évolué de […]

Pleins feux sur les menaces : Ransomware d’extorsion de données : principales tendances en 2023

data extortion ransomware key trends in 2023

Ransomware Trends Overview As ransomware’s fundamental nature shifts from encryption to data exfiltration, organizations’ data backup and recovery practices no longer protect them from attacks. Over the course of the past few years, the cybercriminal landscape changed too. More and more criminal ransomware organizations are adopting “as-a-Service” business models on the dark web which open the […]

Pleins feux sur les menaces : courtiers à accès initial aux forums de piratage russes

Un fond bleu marine avec le texte blanc en majuscules « Initial Access Brokers on Russian Hacking Forums ».

Russian Hacking Forum Trends Initial access brokers (IAB) are sophisticated, focused, and specialized threat actors that focus on finding and gaining access to corporate environments. Once they compromise these environments, they auction off or sell the access on dark web forums.  To date in 2023, more than 100 companies across 18 industries had access to […]

Pleins feux sur les menaces : le Dark Web et l'IA

Un fond bleu marine avec le texte blanc en majuscules « The Dark Web and AI ».

Executive Overview More than 200,000 credentials to AI language models are currently being sold on the dark web as part of stealer logs, files containing thousands of credentials derived from infostealer malware. This certainly raises the risk that employees will leak sensitive data into models, and then lose the credentials. However, we see even more […]