October 23, 2019Rise of Threat Actor Groups on the Dark WebThe dark web is constantly changing, and in the same way that marketplaces come and go, new groups form and disband. In recent months, GroupSense researchers have observed several groups forming. In this post, we will compare the differences between a threat actor motivated by ideology and a fraudster looking to profit financially from a […]
October 22, 2019Securing Our Children’s Future: Take Control of Identity Theft Targeting ChildrenIdentity theft is a growing concern across the globe and threat actors have already turned their attention to children. A recent report shared that over 1 million children in the U.S. were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses. The identities of children make attractive and high value targets […]
October 10, 2019The Fall of Darknet MarketsLast week, in Darknet Drama, we discussed the increase of disappearing admins of darknet markets. Recently, we’ve found an abundance of evidence confirming our predictions for more casualties in the darknet. First, one of the most valued sources of leaked intel, “Intel Repository”, went down, as confirmed by this thread on darknet cybersecurity location “Torum”: […]
October 3, 2019Darknet DramaThe darknet is under attack by law enforcement and even those within its own community. There seems to have been a never-ending stream of darknet incidents since the beginning of 2019. The year began with DDoS attacks on rich darknet markets, most likely from different sources, and with different goals. After Dream Market succumbed and […]
September 30, 2019How Cyber War Games Can Impact the Cyber Security IndustryCollaboration and communication within the cybersecurity industry are key to thwarting cyber attacks from threat actors. As we have repeatedly seen, threat actors constantly communicate with each other, especially through the dark web, attempting to sell their services and products. The third annual Cyber War Games, expertly crafted by our partner, TLR Communications, took place […]
September 24, 2019The Nightmare of Disappearing Darknet MarketsThe administrators of the Nightmare Market performed an exit scam In July 2019. Discussion and speculation around exit scams is common on dark web forums. Figure 1: Exit scam motivations The screenshot above is from a reputable darknet forum. In it, a user named “r00b00t” explains their view on the disappearances of darknet markets and […]
August 14, 2019Anti-vaxxers Could Be Turning to the Dark Web for Help in Avoiding VaccinationsThe anti-vax movement has always claimed that vaccines are at the root of a wide-range of health problems for kids. Some have attributed them to autism while others have claimed that they cause long-term health issues. Whatever the case may be, the group attributed to this movement have sometimes thrown medical research or advice out […]
August 8, 2019Another Day, Another Breach: A Few Thoughts on How We Can Do BetterBreach announcements come with such frequency these days that it is hard to keep track. When a major finance company was breached last week, most of us in the information security industry assumed the usual vector and outcomes. This one was different, and much noise is being made about the methods and infrastructure affected. For […]
June 28, 2019Empire Market Could be the Next Dropped or Seized Dark Web MarketplaceThe seizures and disappearances of numerous major dark web marketplaces, including Hansa, Dream Market, Wall Street, and Rapture have left Empire Market as the largest and most likely last major dark web market. In the past two months, Empire Market has dominated its niche on the dark web with posts and offers of drugs, fraud, […]
June 4, 2019A CISO’s Perspective: Michael Lines Shares How CISOs Can SucceedAs a CISO, you constantly worry if today is the day you’ll have a security incident. It’s a common problem. There are huge expectations on you and your team, but the support from the business is not always in line with those expectations. For today’s post, we interviewed cyber risk expert Michael Lines. Over the […]
May 15, 2019Venezuela’s Unrest Evident on the Dark NetIn case you’re unaware, there’s significant unrest in Venezuela. The country has had political and civil unrest for years, but recently came under increased global scrutiny due to the continued collapse of its economy, and its worsening living conditions. Its people have suffered from power outages, water shortages and lack of toilet paper, food, and […]
April 24, 2019Supply Chain and Third Party Risk: A growing concern for enterprise and governmentsCyber reconnaissance isn’t just about protecting your organization – it’s also about keeping an eye on your business partners and supply chain. This is important, as attackers often find it easier to breach third-party suppliers and move laterally into well protected organizations. Larger organizations – including government institutions – typically have strong, mature security programs […]
April 19, 2019Billions of credentials spanning 1,700 breaches released onlineAn unnamed Russian threat actor has released a file containing 3 billion unique combinations of emails and passwords on a well known Russian forum. The records appear to have been sourced from an illicit distributor of credentials, claiming to have 13 billion records. Figures 1 & 2 above are screenshots of breached credential websites operated […]
April 1, 2019Don’t be April Fooled by Cyber FraudWith losses skyrocketing past $1.4 billion, cyber fraud is no laughing matter. Last year alone, over 300,000 consumers reported cyber fraud and malware attacks to the FBI’s Internet Crime Complaint Center (IC3). In celebration of a fool’s holiday, we thought we’d share a few interesting tools and scenarios we’ve seen recently, so without further ado […]
March 25, 2019The 5 Reasons WhatsApp Could be a National Security RiskLast week I was asked by one of the 24-hour news networks to comment on camera about Jared Kushner’s use of WhatsApp for official White House business. The news network wanted my thoughts on the vulnerabilities and risks associated with this behavior. My first thought was that this was outside the core focus of what […]
March 19, 2019Facebom: A targeted bruteforce tool poses a serious threat to individuals and enterprisesRecently, “teamkelvinsecteam’, one of the most active hacking groups released Facebom on a deep web forum; Facebom is an individualized brute force software targeting Facebook. Due to the targeted nature of this tool, the GroupSense research team believes Facebom poses a threat to individuals and enterprises alike. So what if everyone’s Facebook account gets hacked? […]
March 7, 2019VOIP Voice Conversations Posted on Forum, PII ExposedBy virtue of monitoring conversations in illicit forums, our team frequently stumbles across some unwitting enterprise’s data. Often the data is in the form of a database dump, personally identifiable information (PII), account information, or credentials. Occasionally, though, there is something unique. What’s worse than a data dump? Recently our team observed a well-known threat […]
January 29, 2019The Rise of Cyber Threat Intelligence in the War on Internet Fraud
January 7, 2019Signal Versus Noise
November 6, 2018The Death and Resurrection of Intel Cutout
November 5, 2018Leaked Voter Databases Could be Weaponized for Election Meddling
October 10, 2017Behind the Scenes: CISOs and the Intelligence CommunityWhy would companies be recruiting and hiring information security executives from the Intelligence Community? The answer is in the intelligence discipline and how it applies to a holistic and effective security program.
October 9, 2017How To Use The Intelligence Cycle To Secure Your BrandThe Intelligence Cycle in Action: A case study illustrating how the Intelligence Cycle enables intelligence and security professionals to establish a plan of action and execute on that plan to deliver a high-quality intelligence product to their clients.
July 24, 2017How to Use Maltego to Conduct Threat ResearchMaltego is an interactive, visual data mining and link analysis tool used to conduct online investigations through a library of plugins called “transforms.” In this guide, we'll show you how to use Maltego to do threat research within your own organization.