18 Jan 2022

Are Initial Access Brokers the Next Crime Target for Governments?

Initial Access Brokers (IAB) are poised to become a force in 2022, due to a unique skill set that positions them as a valuable commodity for the deployment of hostile cybercrime activity. IABs serve as middlemen, specializing in the exploitation of victims and gaining initial entry. Once achieved and sustained, these actors sell these unique accesses to interested customers on dark web forums and markets. In this capacity, they execute the first phase of a cyber-attack chain, performing the necessary research prior to conducting an operation. Emilio Iaisiello explores the implications of the growth of IABs.

Read More
08 Nov 2021

Feds Offer $10 Million Bounty for DarkSide Info

The US State Department has ramped up its search for ransomware perpetrators connected with the DarkSide threat group by offering a massive $10 million bounty for information leading to the location or arrest of the leaders of the cybercrime group. The federal government has been seeking to take down the

Read More
05 Nov 2021

US offers $10m bounty for Colonial Pipeline hackers

A bounty of up to $10 million is being offered by the United States government for information about the hacking group, DarkSide. DarkSide committed a ransomware attack on a 5,500-mile-long fuel pipeline on the east coast of the United States in May. The pipeline attacked carries 45% of all fuel

Read More
29 Jul 2021

BlackMatter & Haron, Evil Ransomware Newborns or Rebirths

According to researchers, disappeared ransomware groups DarkSide and REvil have simply rebranded as Haron and BlackMatter. The two ransomware groups took down their leak sites and forums, going dark over the past several months. However, researchers claim that Haron and BlackMatter contain many of the hallmarks of the formerly active

Read More
13 Jul 2021

Guess announces breach of employee SSNs and financial data after DarkSide ransomware attack

Fashion brand Guess has notified customers who have been impacted by a ransomware attack that occurred in February. The company has not clarified the number of victims, however, unauthorized access to certain Guess systems occurred in the early days of February, leading to a breach of driver’s license numbers, passport

Read More
28 May 2021

Feds Warn DarkSide May Not Stay Dark

DarkSide, a cybercriminal gang that allegedly disbanded following the Colonial Pipeline ransomware attack, may not stay out of the hacking game for long, according to a new report. Key government cybersecurity and counterintelligence officials stated that while DarkSide may have actually halted its operations, the group could re-emerge under a

Read More
24 May 2021

Ransomware: An update on the nature of the threat

The technology of ransomware has evolved in sophistication and the business models of the criminal groups behind it have as well. The result: The threat from ransomware has reached pandemic proportions. This post provides an executive level overview of the nature of this threat. This post is part of the OODA Cybersecurity Sensemaking series and is designed to be read as an introduction to our accompanying post on how to mitigate the threat of ransomware to your organization.

Read More
19 May 2021

Dark Side Reports Closing Shop: What’s the Future for Ransomware Gangs?

The ransomware attack against Colonial Pipeline revealed how disruptive this malware can be when it impacts civilian critical infrastructure.  The successful shutdown of 5,500 miles of pipeline created concern among gas-strapped populations and a government wondering if this attack was the work of cyber criminals or a foreign adversary looking for retribution.

Read More
14 May 2021

Toshiba unit struck by DarkSide ransomware group

On Friday, Toshiba Tec Corp announced that one of its units was targeted by a ransomware attack likely perpetrated by the DarkSide hacking group. Toshiba is well known for its production of barcode scanners, Point-of-Sale systems, printers, and other electrical equipment. The company stated that the unit targeted was located

Read More