CYBER THREAT INTELLIGENCE BLOG

DarkRaaS and CornDB: Evidence of a Coordinated Network

DarkRaaS & CornDB: Evidence of a Coordinated Network?

Analysis of Related Threat Actors: DarkRaaS and CornDB In October and November 2024, two notable threat actors, DarkRaaS and CornDB, emerged on BreachForums, displaying striking similarities in their operations, targets, and methodologies. This analysis examines the activities of these actors and the evidence suggesting their likely connection.
OWASP Top 10 for LLMs_ protecting GenAI with AiFort 2400x1240

OWASP Top 10 for LLMs: Protecting GenAI with AiFort

Over the past year, organizations have been racing to adopt AI to accelerate their business operations and improve user experience. As AI technologies become more integrated into core business processes, new attack vectors and vulnerabilities have emerged as an inherent part of Large Language Models (LLMs). The risks are pervasive, as human language – the primary interface for LLMs – can be easily exploited by both malicious attackers and regular users, often unintentionally.
cti for company

8 Reasons You Need Cyber Threat Intelligence for Your Organization

As both the number and the sophistication of cyberattacks continues to grow, the Harvard Business Review makes a case for threat-informed defense, describing a need for “greater transparency, accuracy, and precision around how we perform against likely threats” as a way to stay secure against the mounting risk.    At KELA, we deliver 100% real, actionable, timely and contextual intelligence about threats and threat actors, helping organizations mitigate digital security risks — but how does this kind of cyber threat intelligence (CTI) practically equate to business benefits or risk reduction? This article looks at eight key examples, and how they deliver value to your organization. 
NIS2 compliance CTI

Streamlining NIS2 Compliance with Cyber Threat Intelligence

NIS, or the Network Information Systems Directive, is getting an update this year, and by the 17th of October 2024, organizations in member states in the EU will need to be fully compliant with its second iteration, NIS2. The stakes are high, as for the first time, NIS2 introduces personal liability for companies who fail to comply with the requirements. Fines are distinguished by whether a business is considered an essential or an important entity, and could reach as much as €10M or 2% of global annual revenue, whichever is higher.  

What is Ransomware? And Why is it Such a Big Business?

Between Q2 2023 and Q2 2024, KELA has tracked more than 5,000 victims of ransomware and extortion actors, and the numbers are only growing year-on-year. Ransomware has become a huge business, and monetization opportunities are far broader than just the ransom demand itself.    Our latest eBook takes a deep dive into the business of the ransomware supply chain, looking at headline-grabbing attacks, key personas that leverage the cybercrime underground for financial gain, and best practices for protecting your own organization. Download the eBook here, or keep reading for some choice highlights. 

Telegram’s Policy Shift: How Cybercriminals Are Reacting to New Data Sharing Rules

Telegram recently made waves by updating its privacy policy, marking a significant departure from its long-standing reputation as a haven for privacy-focused users, including cybercriminals. The messaging platform, known for its hands-off moderation approach, will now share users’ phone numbers and IP addresses with law enforcement following court orders. This change applies to various criminal investigations, expanding beyond the previous limit of only terror-related offenses. You can read the full details of the new policy on Telegram’s Privacy Policy page.
Durov arrested cybercrime world in turmoil

Telegram’s CEO and Founder Durov Under Arrest: Cybercriminals React

Pavel Durov, the founder and CEO of Telegram, was arrested in Paris on August 25, 2024 on charges related to his platform allegedly being used for illegal activities. Three days later, he was indicted and released on bail, with six charges related to illicit activity on Telegram. While people all over the world discuss Telegram’s loose moderation measures and wonder if providers of web services should be liable for the actions of their users, a certain type of Telegram users — cybercriminals using the platform — have something to say too.   In recent years, as detailed by KELA, Telegram has become popular as a platform for a wide range of cybercrimes. These include selling illegally obtained data, such as personal information, sensitive documents, and compromised accounts, and using the platform to facilitate infostealer, ransomware, hacktivist and other operations. Among reasons why Telegram is attractive to cybercriminals are anonymity and the ability to build communities, enabling cybercriminals to both hide their identities from law enforcement and have access to multiple potential sellers. Now these cybercriminals are concerned with repercussions that Durov’s arrest can cause to their operations. While some of them discuss additional safety precautions, others go on the offensive and support Durov with cyberattacks against France. KELA has reviewed cybercriminals’ actions and discussions on the matter.
Olympics Cyber threats

2024 Paris Olympics: Compromised Before the Starting Gun

Olympic fever is well and truly upon us, with the Olympic Games starting in Paris on July 26th. However, it’s not just athletes warming up for fun and games, with eight-ten times the number of cyberattacks predicted for the Paris Olympics as were seen in the 2021 Olympic Games in Tokyo. As Tokyo saw 450M security events blocked — the risk has never been greater.  You can download our dedicated report for a full view of potential attack types, targets and threat actors looking to conduct Olympic-related attacks, or read on for an overview of the report. 
the 5 most targeted entry points

Hackers’ Wishlist: The 5 Most Targeted Entry Points

In the ever-evolving landscape of cybercrime, one truth remains constant: valid credentials are the golden ticket. In 2023, corporate credentials became the go-to method for compromising networks, fueled by a booming cybercrime ecosystem overflowing with stolen logins. This easy access is further bolstered by a surge in infostealer-related activity (up 266% in 2023).(1) This begs the question: what are hackers looking for when they buy these credentials? At KELA, we analyzed activity on cybercrime forums to identify the most targeted corporate entry points. This blog dives into this data, revealing the top targets and, more importantly, how threat actors obtain stolen credentials to compromise them.
Boost ROI with KELA Cyber Intelligence - Social

The Power of KELA’s Cyber Intelligence Platform: Blocking Ransomware Attacks and Driving ROI

David Carmel, CEO, KELA Cyber   In today’s digital landscape, ransomware and extortion attacks are a pervasive threat that can bring enterprises to a standstill. These attacks, where malicious actors encrypt and steal critical data and demand ransom for its release and for not leaking it publicly, can cost organizations millions, not just in ransom payments, but also in lost productivity, data recovery efforts, and damage to reputation. However, with KELA’s cyber intelligence platform, enterprises can significantly mitigate these risks, block ransomware attacks, and drive substantial returns on investment (ROI).