San Francisco, May 6, 2024 — Cyble, the leading provider of AI-driven cybersecurity solutions, is excited to announce its participation in the prestigious RSA Conference 2024, held at Moscone South Expo, San Francisco, from May 6th to May 9th. Visit Cyble at Booth N-2353 to discover how Cyble is revolutionizing cybersecurity practices and enhancing network resilience. At RSA Conference 2024, Cyble will introduce attendees to its innovative Cyble Vision Platform through compelling live demonstrations, highlighting how it empowers organizations to proactively tackle cybersecurity threats. The Cyble team, including Founder and CEO Beenu Arora, Co-founder and COO Manish Chachada, and other key members of the leadership team, will be present to discuss and provide insights into the latest trends and challenges in cybersecurity.

Engage with Our Founders and Experts at RSA Conference 2024

Beenu Arora - Co-founder and CEO of Cyble. Beenu is a visionary leader with a deep understanding of the cybersecurity landscape and a passion for advancing cybersecurity measures through innovative technologies. Manish Chachada - Co-founder and COO of Cyble. Manish brings strategic oversight to operations and a commitment to delivering exceptional cybersecurity solutions to global clients. Dipesh Ranjan - Chief Partner Officer, SVP – Global Growth. Dipesh drives strategic partnerships and global expansion efforts at Cyble, leveraging his extensive expertise in cybersecurity and market development. Mandar Patil - SVP, Sales. Mandar leads the sales strategies at Cyble, focusing on accelerating growth and enhancing customer engagements through tailored cybersecurity solutions. Taylor Pettis - VP of Marketing. Taylor oversees Cyble’s marketing strategies, enhancing brand visibility and engagement through innovative campaigns and communications.

Event Details:

Date: May 6-9, 2024 Location: Booth N-2353, Moscone South Expo, San Francisco

What to Expect:

Insightful Engagements: Gain valuable insights from our founders Beenu Arora and Manish Chachada, and leadership team members Dipesh Ranjan, Mandar Patil, and Taylor Pettis. Interactive Product Demos: Experience the advanced capabilities of our AI-driven solutions and learn how they can safeguard your digital assets. Expert Discussions: Delve into discussions on the most pressing cybersecurity issues and explore tailored solutions with our experts. "We are excited to showcase our latest innovations and insights at RSA Conference 2024. Meeting with industry professionals and peers is a fantastic opportunity to discuss how Cyble’s solutions can be tailored to meet the evolving challenges of cybersecurity," said Beenu Arora, CEO of Cyble. Join our team at Booth N-2353 for a hands-on look at how our AI-driven solutions can empower your cybersecurity strategy and safeguard your operations. For more information or to schedule a personal meeting with any of our leadership team members, please visit our event page at https://cyble.com/upcoming-events/rsa-conference-2024/ About Cyble: Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats. Media Contact: Cyble Inc enquiries@cyble.com Ph: +1 678 379 3241

Cyble Research & Intelligence Labs (CRIL) recently discovered evidence suggesting that the threat actors behind the DragonForce ransomware group might have leveraged a leaked LockBit 3.0 (Black) builder to craft their own ransomware builder. Detailed analysis revealed striking similarities between the binaries generated by the leaked LockBit 3.0 builder and DragonForce's own ransomware builder.  The findings come as part of a larger trend where newer threat actor groups are observed relying on previously-existing malware to form their own operational tools to deploy in campaigns.

DragonForce Ransomware Binary Likely Based on LockBit 3.0 Build

[caption id="attachment_64928" align="alignnone" width="660"] Source: Cyble[/caption] The DragonForce ransomware group began its operations on November 2023, employing double extortion tactics to target victims. The group is potentially linked to the Malaysian hacktivist group 'DragonForce' known for conducting campaigns against various government agencies and organizations present in the Middle East and Asia during 2021 and 2022.  While the group is known to have announced its intention to launch ransomware operations in 2022, proper attribution remains difficult due to limited information. CRIL Researchers recently came across a DragonForce ransomware binary based on a LockBit Black (third-known LockBit variant) binary. The LockBit ransomware builder was known to have been shared on X (Twitter) on September 2022. Ransomware builders allow ransomware operators specific options and customizability while generating ransomware payloads. The builder included a “config.json” file to customize payloads for functionalities such as encryption, filename encryption, impersonation, file/folder exclusion, exclusion based on languages spoken in CIS (Commonwealth of Independent States) countries, and ransom note templates. [caption id="attachment_64931" align="alignnone" width="938"] Source: Cyble[/caption] Comparison between a LockBit builder-generated ransomware binary to that of a DragonForce builder generated ransomware binary revealed several similarities in code structure, functions and process termination. These similarities suggest a strong likelihood that the DragonForce ransomware binary was developed based on the utilisation of the leaked LockBit binary file.

DragonForce Ransomware Operations

[caption id="attachment_64935" align="alignnone" width="936"] Source: Cyble[/caption] Earlier this year in February 2024, DragonForce listed two American companies, 'Westward360' and 'Compression Leasing Services' as victims on its leak site. Earlier in December 2023, the group claimed responsibility for an attack where over 600 GB of data was stolen from the Ohio Lottery. The stolen data consisted of both player and employee records with sensitive information such as names, addresses, winnings, dates of birth, and social security numbers. The Ohio Lottery confirmed the cyber-incident and stated that it involved significant data theft. In the same month, Yakult Australia fell victim to the DragonForce ransomware gang's operations impacting its Australia and New Zealand divisions with over 95GB of data being stolen in the attack. The Yakult Australia data breach is believed to contain business documents, spreadsheets, credit applications, employee records, and copies of identity documents, including passports. The company later acknowledged the incident and disclosed details relating to the incident to relevant authorities such as the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre. It is notable that in both attacks, the impacted systems continued to operate normally suggesting the group employs stealthy techniques. The discovery of DragonForce's use of a leaked LockBit builder underscores the general conduct of newer ransomware groups employing existing ransomware tools and the interconnected nature of cybercriminal operations. Last year in July 2023, researchers from VMware discovered similarities between the 8Base Ransomware and earlier ransomware groups such as RansomHouse and Phobos. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Atlanta, Georgia, April 20, 2024 —Cyble, a leading force in AI-based cybersecurity, proudly unveils the relaunch of AmIBreached, marking a significant milestone in the realm of digital defense. AmIBreached 3.0, Cyble's dark web search engine, empowers consumers to detect, prioritize, and effectively mitigate dark web risks.   With cyber threats continuing to evolve in sophistication and scale, consumers and organizations face an ever-growing challenge to safeguard their digital assets. With the launch of AmIBreached 3.0, Cyble reinforces its commitment to providing cutting-edge tools that empower consumers to stay ahead of cyber adversaries.  "Today's cyber landscape demands continuous innovation to counter emerging threats effectively," noted Beenu Arora, Co-founder and CEO of Cyble. The launch of AmIBreached 3.0 underscores our dedication to equipping consumers with the tools and insights they need to mitigate risks and fortify their defenses against cyber attacks," he added. AmIBreached 3.0 stands as Cyble's most extensive dark web monitoring engine, boasting access to over 150,447,938,145 records sourced from a myriad of breaches, hacking forums, and indexed conversations. This vast repository of data enables organizations to gain unparalleled visibility into potential threats and vulnerabilities lurking in the dark corners of the internet.   Manish Chachada, Co-founder, and COO of Cyble, commented "By leveraging AmIBreached 3.0's advanced capabilities, consumers can proactively identify and neutralize cyber risks before they escalate into full-fledged security breaches."  With access to over 150 trillion records, AmIBreached 3.0 provides comprehensive coverage of the dark web, ensuring consumers and organizations have visibility into a vast array of potential threats.  AmIBreached 3.0 offers real-time monitoring capabilities, enabling organizations to stay abreast of emerging cyber threats and take proactive measures to mitigate risks. The platform delivers actionable intelligence tailored to each organization's specific needs, empowering them to prioritize and address vulnerabilities effectively.  AmIBreached 3.0's launch marks a significant step forward in Cyble's mission to empower consumers and enterprises with the tools and insights they need to defend against cyber threats. By enabling businesses to proactively monitor the dark web for signs of compromised data, AmIBreached 3.0 plays a pivotal role in strengthening their cybersecurity posture and safeguarding their critical assets.  About Cyble:  Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, and with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats.  Media Contact: Cyble Inc enquiries@cyble.com Ph: +1 678 379 3241