Group-IB is an official partner of INTERPOL, Europol and local law enforcement agencies. With 15-plus years of experience and highly qualified experts, Group-IB leverages its own infrastructure and proprietary external threat hunting system. Collecting a large array of real-time data, the platform uses patented algorithms and machine learning for rapid data correlation.

Every data item Group-IB collects is from its own intelligence collection feed. The company believes collection is its top advantage over competitors. Group-IB’s data collection and research efforts assert that most threats targeting the financial sector come from Russian-speaking criminals, the company’s particular area of expertise. Tools on the backend are designed for investigating Advanced Persistent Threats and the company has a Threat Intelligence Team responsible for hunting any existing patterns.

Group-IB has investigated financially motivated cybercriminals for 16 years. This quality research from open sourced domains and advanced threat actors is their advantage against competitors as it is not easily duplicated.

Compromised Data shows elements such as the source, threat actor, domain and money mules. Here, analysts can see how effective certain phishing pages have been at compromising organizations and what a page looked like at the time of detection. Banks can easily use this information to mitigate fraud losses and identify other compromises. Group-IB tracks different banking trojans to obtain malware samples that are then executed in the Sandbox environment.

Group-IB’s Sandbox is designed to emulate a financial institution workspace. It estimates the percentage of a file that is malicious and feeds back a video capture of how a file behaved in the Sandbox. Analysts also receive a summary of the behavior capabilities a file is believed to possess as well as a process tree for visibility into how it operates.

The newly added Attacks feature contains a clean graph of all intersections from one element to the original phishing page’s other domains, IP addresses, SSL certs, emails, phone numbers and files. Analysts can use that information to determine if an attack is targeted, and/or if that phishing page is targeting other financial institutions and organizations.

Human Intelligence includes proprietary information written about different threats targeting organizations around the world and serves as a strong driver of Group-IB’s reputation and the research it turns out. The feature regularly updates written reports about a variety of threat groups.

The recently added Advanced Threats makes it easier for analysts to consume the wealth of information proffered. It offers a high-level overview of groups using cards with descriptions, timelines of criminal campaigns from inception to present day and activity mapped to the cyber kill chain for more accurate reconnaissance planning. Red Teams can use this capability to test out different tools and techniques to determine if Blue Teams are prepared for such attacks.

Using Tailored Reports analysts can write reports on specific organizations. Some are dispatched reports, sent monthly/quarterly/annually to summarize changes to the cyber threat landscape. The reports not only include changes to threats that occurred during the time period but also predictions. Starting price is $100,000 - $300,000. Phone, email, and website support are included and feature a knowledgebase.

 Tested by: Matthew Hreben