Group IB Service Ltd. is for-profit global security, computer forensics, and adversary-centric cyber intelligence company that focuses on investigating and preventing hi-tech cybercrimes, map adversaries, attribute threats, performs external and internal threat hunting, detect and stop fraud, and mitigate digital risks. Since 2003, the corporate has been active within the field of computer forensics and knowledge security, protecting the most important international companies – like Microsoft and Toyota to call a couple of – against financial losses and reputation risks. Group-IB’s technological leadership is made on the company’s 17 years of hands-on experience in threat research, analysis, cybercrime investigations round the world and 65,000 hours of cybersecurity incident response.
Group-IB runs the most important computer forensics laboratory in Eastern Europe, with an experienced investigation team ready to identify suspects, and collect and analyse evidence on the cybercrime scene. They also collaborate with enforcement in preparing legal cases altogether jurisdictions.
Group-IB IT&A global revenue:
– 2018: 55% revenue growth vs 2017
– 2019: 60% revenue growth vs 2018
– 2020: 96% revenue growth vs 2019
Ratings(based on 8 reviewers)
5 Star ——– 75%
4 Star ——– 25%
Evaluation & Contracting ——- 4.7/5
Planning & Transition ——- 4.7/5
Delivery & Execution ——- 4.7/5
Industries: Cloud Security; Cyber Security; Fraud Detection; Information Technology; Network Security
Clients served: UNIQLO; DHL; BRITISH AMERICAN TOBACCO; RAIFFEISEN BANK; UFC; TOYOTA; BRITISH PETROLEUM; VIBER; BACARDI; MICROSOFT
Global Headquarters: Singapore
Number of employees: 500-999
Contact: info@group-ib.com; +65 3159-3798
Operating Countries: over 60, including Singapore, Netherlands , UAE, Vietnam, Argentina, Australia, Turkey, Brazil, Canada, Lebanon, the UK, the US, et al. .
HISTORY
Group-IB was founded in October 2003 by a gaggle of scholars of Bauman Moscow State Technical University, headed by Ilya Konstantinovich Sachkov. It started as an acting agency for investigating cyber-attacks and over the years participated within the first successful cybercrime case in Russia where the organizers of the criminal groups involved in financial theft from bank accounts using malware for PCs, mobile devices, phishing attacks, and targeted attacks on financial institutions in Russia were identified and arrested. The company’s prime operation is during a series of international operations and leverages close cooperation with law of nations enforcement agencies to show and track criminals. consistent with Group-IB, up to 80% of all high-profile investigation cases within the field of high-tech crime in Russia are supported by its experts.
In 2010 Group-IB found out the most important computer forensics lab in Eastern Europe. the corporate established its Computer Emergency Response Team (CERT) in 2011—the first round-the-clock computer security incident response team in Eastern Europe, called CERT-GIB.
INTERNATIONAL COOPERATION
In 2013 Group-IB alongside its CERT-GIB entered into a strategic partnership with International Multilateral Partnership Against Cyber Threats, a cybersecurity alliance supported by the United Nations .
CERT-GIB is an accredited member of Trusted Introducer—an association that has many European computer security incident response teams and a member of FIRST (Forum of Incident Response and Security Teams), which enables CERT-GIB to exchange data with CERTs and promptly block dangerous websites worldwide.
It is also a member of OWASP, the most important association of specialists in vulnerability assessment and web application security to reinforce the safety of commercial systems – OWASP SCADA Security Project.
It has also collaborated with OASIS, a worldwide non-profit consortium that works on the event , convergence and adoption of knowledge exchange standards.
In 2015, Microsoft and Group-IB presented joint research on the economic impact of cyber-attacks.
TECHNOLOGY
GIB’s threat data collection is predicated on the high-tech infrastructure that includes:
investigation materials and forensics expertise; compromised data tracking and data extraction from botnets; automatic search and monitoring of “underground” forums; vast databases of known cybercriminals and gangs that identify intersections and analyzes social graphs; identification of latest threats using behavioural analysis and machine learning technology; infections detection attempts of remote and other indications of fraud schemes targeting clients of online banking and Internet portals without installation on client devices;
phishing resource detection and rogue mobile applications and extraction of their phishing kits(modules designed to store and transmit stolen data).
PRODUCTS
Threat Intelligence & Attribution: analysing and attributing attacks and protecting network infrastructure that it had been ‘granted the Cybersecurity Award for IT Products in Singapore Business Review’s Technology Awards 2021.’
Threat Hunting Framework: an adversary-centric detection of targeted attacks and unknown threats recognized as a “product leader” and “innovation leader” by KuppingerCole Analysts AG.
Fraud Hunting Platform: real-time client-side digital identity protection and fraud prevention which has been recommended together of the simplest Online Fraud Detection and Enterprise Fraud Management solutions.
Digital Risk Protection: AI-driven digital risk identification and mitigation platform which is granted Innovation Excellence award from Frost & Sullivan analytical agency.
Anti-Piracy: Monitors 100 000+ resources in Russian and English starting from torrent trackers and streaming services to groups in social networks and pirated platforms within the Deep Web. Detects resource owners and establishes direct contact.
Atmosphere: Cloud Email Protection
EXPERIENCE PORTFOLIO
Lazarus: state-sponsored attack: In 2017, company experts made a search of the complex technological infrastructure, communications channels, and concealment techniques, presented new evidence of Lazarus attribution to North Korea and revealed details of the attack which stole $18 Million from Europe, South America and Bangladesh.
Cobalt: logical attacks: Group-IB experts were the primary to get the “jackpotting” attack tactics employed by the Cobalt gang to force 34 ATMs operated by First Bank(Taiwan) to spit out cash stolen over $2 Millions using malware. Group-IB released a report “Cobalt: Logical attacks on ATMs” that provided an in depth analysis of the attack scheme.
Corkow: In February 2016, Group-IB published a report titled “Analysis of attacks against trading and credit card systems” about the primary major successful attack on a trading system provoking major exchange volatility which the bank claimed to possess lost $3.2 Million by Corkow criminal group.
Anunak/Carbanak: In late 2014 Fox-IT and Group-IB jointly released a report on the Anunak (aka Carbanak) hacker group that had stolen quite 1 billion rubles from over 50 Russian banks. The group has not performed successful thefts since early 2015.
ISIS attacks on Russian cyberinfrastructure: consistent with the report released by Group-IB in March 2015, hackers from the self-proclaimed Islamic State of Iraq and therefore the Levant (ISIS) attacked 600 Russian Internet resources in 2014 which primarily defaced websites placing pictures and video with ISIS propaganda. consistent with Group-IB’s report, these attacks were performed not just by ISIS cyber division, Cyber Caliphate, but by 3 more criminal groups called Team System Dz, FallaGa Team and Global Islamic Caliphate totalling over 40 members.
Blackhole: In Autumn 2013 Group-IB supported investigative activity that resulted within the arrest of Dmitry Fedotov and was sentenced to prison for 7 years; the author of the infamous Blackhole exploit pack, which was, at the time, wont to conduct 40% of infections worldwide.
Attacks on legal entities: Carberp, Germes, Hodprot: In 2012 enforcement agencies, with assistance from Sberbank and Group-IB, arrested the most important criminal gang in Russia where the leaders were sentenced to between 5 and eight years in prison. In two years, the group managed to infect over 1.5 million computers worldwide and steal approximately $250 million from bank accounts from over 100 banks throughout the planet .
Android Trojans: “5th Reich”, WapLook, Cron: In April 2015 members of a hacker group, which had infected over 340,000 Android-based devices to steal money from bank accounts, were arrested with the help of Group-IB and Sberbank. Group leaders were arrested in September 2014 with assistance from Group-IB. In May 2017 Russian Ministry of Internal Affairs announced the arrest of Cron gang that had infected quite 1 mln smartphones. Group-IB provided expert support to the investigation. The hackers infected up to three ,500 smartphones daily and managed to steal about $1 mln in total.
Group-IB successfully protected the Sochi 2014 Olympic brand, products and ticket sales, blocked pirated links to TV series and films owned by Sony Pictures, Paramount Pictures, Fox TV series, Discovery Channel, Amedia (which has exclusive rights to HBO TV series in Russia), also as fraudulent websites abusing brands of popular banks and payment systems.
Author Bio:
Deep Pathak was born in 2000 in Guwahati, India. Deep ranked 14th all over India in the CITDEE engineering entrance exam in 2019. Deep is an incrementalist and learns by undertaking ambitious self-challenging projects. Criticisms and rejections are his metaphorical shadows and so are his ambition and persistent effort. He is a voracious reader and writer of various subjects and has won recognition in international essay competition; a firm devotee of the enlightenment; and believes in the potential of constructive amalgamation of science and arts to increase the scientific knowledge base and start new areas of research. Culture matters a lot for him and he is the most efficient in a calm and serene environment. Deep wants to light sustainable and the brightest torches of enlightenment: the case for reason, science, humanism and progress.