CYBER THREAT INTELLIGENCE BLOG

Durov arrested cybercrime world in turmoil

Telegram’s CEO and Founder Durov Under Arrest: Cybercriminals React

Pavel Durov, the founder and CEO of Telegram, was arrested in Paris on August 25, 2024 on charges related to his platform allegedly being used for illegal activities. Three days later, he was indicted and released on bail, with six charges related to illicit activity on Telegram. While people all over the world discuss Telegram’s loose moderation measures and wonder if providers of web services should be liable for the actions of their users, a certain type of Telegram users — cybercriminals using the platform — have something to say too.   In recent years, as detailed by KELA, Telegram has become popular as a platform for a wide range of cybercrimes. These include selling illegally obtained data, such as personal information, sensitive documents, and compromised accounts, and using the platform to facilitate infostealer, ransomware, hacktivist and other operations. Among reasons why Telegram is attractive to cybercriminals are anonymity and the ability to build communities, enabling cybercriminals to both hide their identities from law enforcement and have access to multiple potential sellers. Now these cybercriminals are concerned with repercussions that Durov’s arrest can cause to their operations. While some of them discuss additional safety precautions, others go on the offensive and support Durov with cyberattacks against France. KELA has reviewed cybercriminals’ actions and discussions on the matter.
Olympics Cyber threats

2024 Paris Olympics: Compromised Before the Starting Gun

Olympic fever is well and truly upon us, with the Olympic Games starting in Paris on July 26th. However, it’s not just athletes warming up for fun and games, with eight-ten times the number of cyberattacks predicted for the Paris Olympics as were seen in the 2021 Olympic Games in Tokyo. As Tokyo saw 450M security events blocked — the risk has never been greater.  You can download our dedicated report for a full view of potential attack types, targets and threat actors looking to conduct Olympic-related attacks, or read on for an overview of the report. 
the 5 most targeted entry points

Hackers’ Wishlist: The 5 Most Targeted Entry Points

In the ever-evolving landscape of cybercrime, one truth remains constant: valid credentials are the golden ticket. In 2023, corporate credentials became the go-to method for compromising networks, fueled by a booming cybercrime ecosystem overflowing with stolen logins. This easy access is further bolstered by a surge in infostealer-related activity (up 266% in 2023).(1) This begs the question: what are hackers looking for when they buy these credentials? At KELA, we analyzed activity on cybercrime forums to identify the most targeted corporate entry points. This blog dives into this data, revealing the top targets and, more importantly, how threat actors obtain stolen credentials to compromise them.
Boost ROI with KELA Cyber Intelligence - Social

The Power of KELA’s Cyber Intelligence Platform: Blocking Ransomware Attacks and Driving ROI

David Carmel, CEO, KELA Cyber   In today’s digital landscape, ransomware and extortion attacks are a pervasive threat that can bring enterprises to a standstill. These attacks, where malicious actors encrypt and steal critical data and demand ransom for its release and for not leaking it publicly, can cost organizations millions, not just in ransom payments, but also in lost productivity, data recovery efforts, and damage to reputation. However, with KELA’s cyber intelligence platform, enterprises can significantly mitigate these risks, block ransomware attacks, and drive substantial returns on investment (ROI).
Role of CTI in NIST

NIST and CTI: The Perfect Match for Building a Cyber Resilient Organization

To establish and maintain robust standards for cybersecurity and protecting sensitive data — the NIST Cybersecurity Framework (NSF) has become ubiquitous. The NSF outlines five key functions to support organizations in understanding, managing and reducing cybersecurity risk — Identify, Protect, Detect, Respond and Recover.  In this article, we will take a closer look under the hood at each of the five functions, and how, aligned with the NIST framework — Cyber Threat Intelligence (CTI) can support meeting and exceeding regulatory compliance. 
breachforums seizure

BreachForums Seized by FBI: Inside the Notorious Cybercrime Marketplace

On May 15, 2024, both the TOR and clear-web BreachForums domains, as well as Telegram channels associated with BreachForums were seized by the FBI. KELA presents the activity on BreachForums (Breached) and its predecessor, RaidForums, the most popular English-speaking cybercrime forums for sharing leaked databases and other information, in numbers. 
Lockbit Horoshev Dmitry

Catch Me If You Can: The LockBit Edition – Explained

It’s Not Over, Yet…  Law enforcement has once again targeted LockBit, the notorious ransomware gang, but the end of this group remains uncertain. Despite multiple high-profile crackdowns, LockBit’s operations continue unabated, illustrating their resilience against law enforcement efforts. This ongoing challenge is highlighted by insights from KELA’s threat researchers, recently featured on Wired.com. As we delve deeper into LockBit’s history and recent takedown attempts, it becomes clear why a full shutdown might still be a distant goal.

Sharing is Caring: Ransomware and Extortion Actors Increase Threat Levels through Cooperation

Intimidating victims is all part of the game when ransomware and extortion actors steal data and aim to grab a pay day from the potential leak by demanding a ransom in return for not publicizing their haul. At KELA, we’ve noticed that threat actors have started leveraging one another’s data to maximize the level of threat, and sometimes even collaborating to distribute stolen information more widely. Really warms the heart, eh?
Database Dumps - Is There a Reason for Concern blog

How Scary is that Data Leak, Really? According to Cyber Threat Intelligence, You Might Be Able to Sleep Easy

Threat actors — such attention seekers, #amiright? Always coveting the spotlight by doing diabolical deeds like stealing and compromising information, from passwords and usernames to social security numbers, emails and more. Of course, stolen databases are a genuine worry for security teams, as when a stolen database is sold or leaked for free by cybercriminals, attackers can use them to launch attacks or gain a foothold into their organization. So it’s no wonder that when a threat actor claims to have stolen data from a “big name” company, it attracts a whole lot of interest and fear.  But, is there always a reason to be afraid? From false claims and exaggerations, to readily-available data scraped from public sources — here are three reasons you might want to question the next flashy database dump headline.
Fake Ransomware - The New Cyber Deceit blog

New Phone, Who Dis? The Importance of Verifying Threats in the Age of Fake RaaS

They say imitation is the sincerest form of flattery. If that’s the case, some ransomware-as-a-service (RaaS) threat actors must be feeling seriously good about themselves lately.  With ransomware operations hitting the headlines, and the global cost of ransomware damage predicted to hit $231B by 2031, threat actors are increasingly creating fake operations, often leveraging the fame of other actors to get more attention to their own activities in order to get a slice of the action.