Connect with us

Technology

Group-IB reveals Hi-Tech Crime Trends 23/24: surge in ransomware against backdrop of growing AI, macOS threats

Published

on

SINGAPORE, Feb. 29, 2024 /PRNewswire/ — Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, is proud to announce the launch of its new report Hi-Tech Crime Trends 2023/2024, the latest edition of the company’s annual round-up of the most pressing global cyber threats to organizations and individuals. In the research, Group-IB analysts reveal how the unholy alliance between ransomware groups and Initial Access Brokers (IABs) is still the powerful engine for cybercriminal industry, evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak sites (DLS). Global threat actors also demonstrated increased interest in Apple platforms, exemplified by the fivefold increase in underground sales related to macOS information stealers.

The growing appetite of nation-state sponsored threat actors, also known as advanced persistent threat (APT) groups, has shown that no region is immune to cyber threats. Group-IB experts discovered a 70% increase in the number of public posts offering zero-day exploits for sale, and also identified cybercriminals’ malicious use of legitimate services and artificial intelligence (AI) infused technologies as the main cyber risks for 2024.

The first edition of Hi-Tech Crime Trends was launched 12 years ago, and the information contained in the report enables businesses, NGOs, governments, and law enforcement agencies around the world to fight cybercrime and help potential victims. For the first time, Hi-Tech Crime Trends includes a section outlining the intricate relationship between artificial intelligence (AI) and cybersecurity threats, outlining how this new technology is being leveraged by cybercriminals, including the misuse of large language models (LLM) such as ChatGPT, and the potential risks to corporate data through AI integration.

Nothing artificial about this threat

Threat actors have already shown how AI can help them develop malware only with a limited knowledge of programming languages, brainstorm new TTPs, compose convincing text to be used in social engineering attacks, and also increase their operational productivity.

Large language models (LLM) such as ChatGPT remain in widespread use, and Group-IB analysts have observed continued interest on underground forums in ChatGPT jailbreaking and specialized generative pre-trained transformer (GPT) development, looking for ways to bypass ChatGPT’s security controls. Group-IB experts have also noticed how, since mid-2023, four ChatGPT-style tools have been developed for the purpose of assisting cybercriminal activity: WolfGPT, DarkBARD, FraudGPT, and WormGPT – all with different functionalities.

FraudGPT and WormGPT are highly discussed tools on underground forums and Telegram channels, tailored for social engineering and phishing. Conversely, tools like WolfGPT, focusing on code or exploits, are less popular due to training complexities and usability issues. Yet, their advancement poses risks for sophisticated attacks.

Group-IB’s Hi-Tech Crime Trends 2023/2024 also highlighted the sale of compromised ChatGPT credentials on the dark web, building upon past research. With more employees relying on ChatGPT for work optimization and its storage of past interactions, compromised logins could expose sensitive information, posing significant security risks for businesses.

From January 2023 to October 2023, Group-IB detected more than 225,000 logs up for sale on the dark web containing compromised ChatGPT credentials. Group-IB’s Threat Intelligence platform found these compromised credentials within the logs of information-stealing malware traded on illicit dark web marketplaces.

Notably, the number of compromised hosts with access to ChatGPT detected by Threat Intelligence between June 2023 and October 2023 was more than 130,000, an increase of 36% compared to the preceding five-month period (January-May 2023). The number of available logs containing ChatGPT logs peaked in the final month of the study – in October 2023 – when 33,080 were registered. Group-IB’s analysis found that the majority of the logs containing ChatGPT accounts were breached by the LummaC2 information stealer.

Double trouble: ransomware gangs and initial access brokers wreak havoc

Group-IB’s Threat Intelligence unit constantly monitors all ransomware activity and detected 4,583 companies that had their information, files, and data published on ransomware DLSs in 2023. This marks a growth of 74% compared to the previous year, when 2,629 such posts were made. Group-IB researchers note that the number of total ransomware attacks worldwide is likely to be much larger, with probable instances of organizations paying the ransom or groups deciding not to go ahead with their threat of publishing data on a DLS.

Companies based in North America most commonly appeared in the DLS posts of ransomware groups, accounting for 2,487 (or 54%) of the annual total, and more than double the corresponding figure in 2022 (1,192 companies). Roughly 26% of posts on ransomware DLSs related to companies from Europe (1,186, up 52% YoY) and 10% were from the APAC region (463, up 39% YoY).

The United States was the most common target for ransomware groups, as 1,060 US-based companies were the subject of ransomware DLS posts in 2023. The next most affected countries were Germany (129), Canada (115), France (103), and Italy (100). 

In terms of affected industries, attacks as per ransomware DLS on manufacturing (580 instances) and real estate (429) companies rose year-on-year by 125% and 165%, respectively, and these key sectors were the two most targeted worldwide. Notably, Group-IB observed a 88% year-on-year increase in ransomware DLS posts related to healthcare companies, and a 65% rise in posts concerning government and military organizations.

Throughout the reporting period, Group-IB experts uncovered 27 new advertisements for ransomware-as-a-service programs on dark web forums, including well-known groups such as Qilin, as well as other collectives that have yet to be seen in the wild. As was the case in 2022, LockBit was 2023’s most prominent ransomware-as-a-service group with 1,079 posts on its DLS (24% of the annual total). In second place was BlackCat with 427 posts (9% of annual total) and third was Clop (385 posts or 9%).

Researchers also found that Initial Access Brokers (IABs) are continuing to play a significant role in the ransomware market. In 2023, they found 2,675 instances of corporate put up for sale – almost an identical figure compared with 2022, when 2,702 offers were found.

Notably, Group-IB data shows that the average price for corporate access in 2023 was $2,470, which represents a 27% reduction compared to the preceding year. Group-IB analysts believe that this drop in average price is due to a rise in the number of new sellers entering the market that have lowered the price of their offers in order to attract buyers.

Companies in the United States (29%), the United Kingdom (4%) and Brazil (4%) were the most commonly featured in IAB offers. Professional services, government and military organizations, financial services, manufacturing, and real estate were the verticals that appeared most frequently.

APTitude test

Group-IB researchers discovered that the Asia-Pacific region was the world’s main battleground for nation-state sponsored threat actors, also known as advanced persistent threat (APT) groups last year. In sum, Group-IB attributed 523 attacks to nation-state actors across the globe in 2023.

Attacks on APAC organizations accounted for 34% of the global total, with Group-IB experts asserting that this may be due to the high level of financial technology development in this global economic hub in addition to geopolitical tensions. Europe was the second-most targeted region, accounting for 22% of all APT attacks, and the Middle East and Africa (MEA) was third (16% of APT attacks in 2023).

Unsurprisingly, government and military entities were the prime target of APT attacks in 2023, accounting for 28% of the annual figure. This strengthens the theory of Group-IB’s Threat Intelligence unit that APT actors are predominantly striving to gain access to strategically important evidence and weaken government entities in their country or region of target. Financial services (6%), telecommunications (5%), manufacturing, IT and media (all 4%) were also heavily affected, Group-IB researchers found.

In the past year, prominent APT groups, including the North Korean collective Lazarus, launched new tactics. Lazarus executed the first-ever double supply chain attack, exploiting a vulnerability in X_TRADER, a software by Trading Technologies. This allowed access to the network of the widely-used 3CX Desktop App for VoIP calls, compromising a wide range of 3CX clients. Group-IB researchers also noted APT groups’ ongoing malicious use of legitimate services like Dropbox, OneDrive, Google Drive, and messengers like Telegram.

Turbulence ahead

In 2023, cyber threats shifted focus from Windows and Android to Apple platforms due to their rising popularity and market share, with iOS becoming increasingly targeted. Malware spread through the App Store, alongside increased use of Apple cloud services, contributed to this trend. By March 6, 2024, Apple is expected to allow third-party app stores for iOS apps in Europe, posing security concerns amidst 1.7 million app rejections in 2022. Threat actors have already adapted Android schemes to iOS, exemplified by GoldFactory and the GoldPickaxe.iOS malware – аctive in Thailand and Vietnam – which prompts victims to record videos of their faces and submit them to the threat actors, which could be used by the latter to gain unauthorized access to the victim’s banking accounts. Additionally, the number of sales posts on the most popular underground forums (xss[.]is and exploit[.]in) for information stealers designed to operate on macOS increased fivefold in 2023, from 8 in 2022 to 49.

Javascript sniffers, also known as malicious JavaScript code implanted in compromised websites designed to intercept payment card details from customers who make online transactions, are also likely to pose a risk to online store owners, consumers, and banks in 2024. Group-IB researchers discovered 5,037 websites compromised with JS-sniffers in 2023, of which 2,474 were unique. A total of 14 new JS-sniffer families were also discovered in 2023, highlighting the continued development of this threat.

“As highlighted by Group-IB’s Hi-Tech Crime Trends 2023/2024 report, the rise of AI in both legitimate businesses and the cybercriminal underworld was a critical trend of 2023. With the increased misuse of ChatGPT and the development of underground LLM tools, the potential for sophisticated attacks has escalated, compounded by the alarming surge in compromised ChatGPT credentials. This along with cybercriminals’ increased interest in malware designed for macOS demonstrates that it is imperative for organizations to recognize and address this evolving threat landscape, safeguarding sensitive information and fortifying cybersecurity measures to mitigate risks posed by AI-driven cybercrime,” Dmitry Volkov, CEO at Group-IB, said.

A full round-up of the top global threats and invaluable insights from the Group-IB Threat Intelligence unit can be found in the full Hi-Tech Crime Trends 2023/2024 report.

View original content to download multimedia:https://www.prnewswire.com/news-releases/group-ib-reveals-hi-tech-crime-trends-2324-surge-in-ransomware-against-backdrop-of-growing-ai-macos-threats-302075538.html

SOURCE Group-IB

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Pillsbury Notice of Data Breach

Published

on

By

NEW YORK, July 18, 2026 /PRNewswire/ — Pillsbury Winthrop Shaw Pittman LLP (“Pillsbury”) was among many law firms targeted by sophisticated social engineering attempts in an incident last year. While the firm quickly detected and blocked the activity, an unauthorized actor was able to access some of the firm’s documents during a short window of time. Pillsbury notified any impacted clients last year and undertook a detailed process to review the accessed documents for personal information. Pillsbury then began notifying individuals whose personal information was affected. That process is now complete, and today, Pillsbury is publishing substitute notice as a final step.

For more information, please visit the substitute notice on our website at https://www.pillsburylaw.com/en/breach-notice.html

View original content to download multimedia:https://www.prnewswire.com/news-releases/pillsbury-notice-of-data-breach-302828892.html

SOURCE Pillsbury Winthrop Shaw Pittman LLP

Continue Reading

Technology

From Remote Racing to Embodied AI: Fibocom and Intedigo Bring 5G Bidirectional Data Transmission into Real-World Applications

Published

on

By

SHANGHAI, July 18, 2026 /PRNewswire/ — From July 17 to 20, Fibocom and Intedigo will jointly present a cross-regional, beyond-visual-line-of-sight (BVLOS) teleoperation demonstration at Booth H3-C408 during the World Artificial Intelligence Conference (WAIC) 2026. Visitors will be able to enter a remote driving cockpit and control a real race car located at HURA PARK in Jiading, Shanghai, steering, accelerating, and braking in real time while experiencing how 5G connectivity enables remote operation.

More than an immersive driving experience, the demonstration provides a live validation of 5G bidirectional data transmission for embodied AI teleoperation. The vehicle continuously sends live track video, vehicle status, and operating data to the remote cockpit, while control commands are transmitted back to the vehicle, creating a closed-loop teleoperation system. Stable, low-latency, and highly reliable connectivity is essential for high-dynamic maneuvers such as high-speed cornering, precision braking, and continuous lane changes.

Developed by Intedigo, the remote driving system connects a real race car with an immersive remote driving cockpit. It supports 1080p@60Hz video transmission, glass-to-glass (G2G) video latency of less than 80 ms, and control latency of less than 10 ms. The demanding racing environment magnifies differences in video continuity and control responsiveness, making communications performance directly perceptible, measurable, and verifiable.

At the joint demonstration, Fibocom’s FM160 5G module provides cellular connectivity for the system. Powered by the Qualcomm Snapdragon™ X62 5G Modem-RF System, the FM160 supports SA and NSA network architectures as well as 3GPP Release 16. On the downlink, it supports NR Carrier Aggregation (NR CA) with bandwidth of up to 120 MHz, delivering peak speeds of up to 3.5 Gbps in NSA mode and 2.5 Gbps in SA mode. On the uplink, it supports UL MIMO and delivers peak speeds of up to 900 Mbps in SA mode. These capabilities support the continuous transmission of HD video and vehicle status data, along with reliable delivery of control commands.

As embodied AI moves into factories, data centers, logistics operations, and industrial parks, robots are becoming increasingly capable of performing tasks autonomously. Yet complex environments, unexpected events, and edge cases still require Human-in-the-Loop (HITL) remote intervention to help ensure safe and reliable operation.

Daniel Liu, CEO of Intedigo, said:

“5G represents the pinnacle of human communications and the starting point of machine communications. In the past, communications connected people to people; in the future, they will connect people to robots and robots to robots. Remote racing is simply the easiest entry point for people to understand this concept. What we are truly validating is a communications system capable of supporting remote collaboration for embodied AI. HURA makes low-latency remote driving a tangible experience, while RoBOX extends this capability to robots and a broader range of intelligent terminals. Together with Fibocom, we hope to enable more machines to receive remote assistance whenever needed while remaining continuously connected and operating reliably.”

Simon Tao, VP of Wireless Solutions Business Group and General Manager of MBB BU at Fibocom, said:

“As embodied AI enters real-world industrial environments, reliable connectivity will become the foundation for telemetry feedback, remote control and operational management. Fibocom’s 5G solutions, represented by FM160, provide the cellular connectivity required for continuous on-site data transmission and reliable control command delivery. Fibocom will continue collaborating with ecosystem partners such as Intedigo to bring cellular connectivity to more robots, autonomous machines and mobile intelligent terminals, enabling embodied AI systems to stay continuously connected and respond reliably in real-world applications.”

From remote race cars to robots, unmanned equipment, and mobile intelligent terminals, 5G is evolving from connecting people to connecting machines. This joint demonstration makes the capabilities of 5G bidirectional data transmission directly perceptible, experiential, and verifiable, helping pave the way for embodied AI to scale across real-world applications.
 

About Fibocom

Fibocom, founded in 1999, is China’s first wireless communication module company listed on both the A-share and H-share markets (300638.SZ, 0638.HK). As a global leading provider of wireless communication modules and AI solutions, Fibocom leverages wireless communication and artificial intelligence as its core technologies to provide integrated hardware and software solutions that empower industry applications. These solutions accelerate the transformation from “Connect Everything” to “Intelligent Connectivity” across diverse industries.

Fibocom’s one-stop solutions encompass cellular communication, AI, automotive, and GNSS modules, as well as AI toolchains, supporting industry-side and mainstream large model integration, and providing AI Agent, global connectivity, and cloud services, driving the digital intelligence upgrades in industries such as robotics, consumer electronics, low-altitude economy, intelligent transportation, smart retail, and smart energy.

View original content to download multimedia:https://www.prnewswire.com/news-releases/from-remote-racing-to-embodied-ai-fibocom-and-intedigo-bring-5g-bidirectional-data-transmission-into-real-world-applications-302828996.html

SOURCE Fibocom Wireless Inc.

Continue Reading

Technology

DR. PHONE FIX ANNOUNCES SECOND TRANCHE CLOSING OF NON-BROKERED CONVERTIBLE DEBENTURE UNIT FINANCING

Published

on

By

/NOT FOR DISTRIBUTION TO U.S. NEWSWIRE SERVICES OR FOR DISSEMINATION IN THE UNITED STATES/

EDMONTON, AB, July 18, 2026 /CNW/ — Dr. Phone Fix Canada Corporation (“Dr. Phone Fix” or the “Company”) (TSXV: DPF) is pleased to announce that, further to its news release dated May 19, 2026 and June 24, 2026 (the “Prior News Releases”), it has closed the second tranche of its non-brokered private placement (the “Offering”) of convertible debenture units of the Company (each, a “Unit”). The Company issued 726 Units, at a price of $1,000 per Unit, for aggregate gross proceeds of $726,000. Each Unit is comprised of (i) one $1,000 principal amount unsecured convertible debenture of the Company (a “Convertible Debenture”) and (ii) 3,125 common share (“Common Share”) purchase warrants of the Company (each, a “Warrant”). Additional detail on the Offering, including terms of the Convertible Debentures and Warrants, is set out in the Prior News Releases.

In connection with the Offering, the Company paid a finder’s fee consisting of an aggregate cash fee of $50,820 and issued an aggregate of 317,625 common share purchase warrants of the Company (each, a “Finder’s Warrant”) to certain qualified arm’s length parties. Each Finder’s Warrant is exercisable to acquire one Common Share of the Company at an exercise price of $0.22 prior to the date that is 24 months from the date of issuance.

All securities issued pursuant to the Offering, including any Common Shares issuable upon conversion of the Convertible Debentures or exercise of the Warrants and Finder’s Warrants, are subject to a statutory hold period of four months and one day from the closing of the Offering, in accordance with applicable securities laws and TSX Venture Exchange (the “TSXV”) policies. 

The Offering remains subject to final acceptance of the TSXV.

This news release does not constitute an offer to sell or a solicitation of an offer to buy any of the securities described in this news release in the United States. Such securities have not been, and will not be, registered under the U.S. Securities Act, or any state securities laws, and, accordingly, may not be offered or sold within the United States, or to or for the account or benefit of persons in the United States or “U.S. Persons”, as such term is defined in Regulation S promulgated under the U.S. Securities Act, unless registered under the U.S. Securities Act and applicable state securities laws or pursuant to an exemption from such registration requirements.

About Dr. Phone Fix

Dr. Phone Fix is a national, award-winning, eco-friendly, and customer-centric leader in Canada’s cell phone and electronics repair and certified pre-owned device industry. Founded in 2019, the Company now operates 44 retail locations nationwide through a standardized and scalable operating platform designed to support consistent execution across multiple markets, delivering fast, reliable, and environmentally conscious repair services alongside a curated selection of certified pre-owned devices and premium accessories. Dr. Phone Fix maintains strong partnerships with OEMs and certified suppliers, ensuring consistently high-quality standards across its national footprint. With a focus on responsible device lifecycle management, customer service, and operational discipline, Dr. Phone Fix continues to set the benchmark for device care and resale in Canada.

www.docphonefix.com

NEITHER THE TSXV NOR ITS REGULATION SERVICES PROVIDER (AS THAT TERM IS DEFINED IN THE POLICIES OF THE TSXV) ACCEPTS RESPONSIBILITY FOR THE ADEQUACY OR ACCURACY OF THIS NEWS RELEASE.

Forward-Looking Information and Cautionary Statements

Certain information in this news release constitutes forward-looking statements under applicable securities laws. Any statements that are contained in this news release that are not statements of historical fact may be deemed to be forward-looking statements. Forward-looking statements are often identified by terms such as “may”, “should”, “anticipate”, “expect”, “potential”, “believe”, “intend” or the negative of these terms and similar expressions. Forward-looking statements in this news release include statements relating to: the final acceptance of the Offering by the TSXV; and the expected use of proceeds following the closing of the Offering. Forward-looking information in this news release is based on certain assumptions and expected future events, namely: the Company’s financial condition and development plans do not change as a result of unforeseen events; the TSXV will provide its final acceptance of the Offering; and the Company will be able to obtain the financing required in order to develop and continue its business and operations. These statements involve known and unknown risks, uncertainties and other factors, which may cause actual results, performance or achievements to differ materially from those expressed or implied by such statements, including but not limited to: the Company’s inability to obtain TSXV final acceptance for the Offering; the potential failure to complete the balance of the Offering or to raise the full anticipated gross proceeds; market conditions and investor demand for the Company’s securities; the Company’s inability to deploy the proceeds as currently intended; and general economic and market conditions. Readers are cautioned that the foregoing list is not exhaustive. Readers are further cautioned not to place undue reliance on forward-looking statements, as there can be no assurance that the plans, intentions or expectations upon which they are placed will occur. Such information, although considered reasonable by management at the time of preparation, may prove to be incorrect and actual results may differ materially from those anticipated. Forward-looking statements contained in this press release are expressly qualified by this cautionary statement and reflect the Company’s expectations as of the date hereof and are subject to change thereafter. The Company undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, estimates or opinions, future events or results or otherwise or to explain any material difference between subsequent actual events and such forward-looking information, except as required by applicable law.

 

SOURCE Dr. Phone Fix

Continue Reading

Trending