In 2020 Toll Group went twice through a ransomware attack, now Sophos which acted as a response and investigation team for the events, announces that the entry point was an account of an employee who died but remained active in the system.
Nefilim Ransomware Attack Used “Ghost” Credentials.
According to the report by Sophos, the Nefilim group responsible for the infidelity attack that was on the company’s network for about a month without the defense systems identifying suspicious activity, the user used by the attack group belonged to a deceased employee but his account was locked/deleted due to being integrated into various services.
Read more about Examples and Numbers of Social Engineering attacks ›
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
The Payment Trap No One’s Watching – Supply Chain’s Hidden Cyber Exposure
🧾 Payment Systems Are Your Cyber Blind Spot
🚨 Your vendors may be your biggest threat – and you’d never know.
🔍 Cybercriminals are hijacking invoice emails and vendor accounts to reroute payments without triggering a single alarm.
🧠 They don’t need malware – they need your trust.
📦 Most supply chain payment processes are built for speed, not scrutiny. That’s the exact vulnerability attackers exploit.
📤 A supplier “updates” their bank details.
📩 A finance contact “confirms” the update.
💸 The money? Gone.
⚠️ These attacks look like normal business interactions – not breaches.
And that’s why they work.
💬 If you’re not simulating these threats, you’re silently exposed.
Finance teams, CISOs, Procurement Leaders – this is your wake-up call.
🔒 AUMINT helps you uncover hidden risks in your approval flows, supplier communication, and payment process before attackers do.
📅 Want to test your system with zero risk? Book your free simulation review.
#CyberSecurity #FinanceLeaders #CISOs #VendorRisk #SocialEngineering #FraudPrevention #SupplyChainSecurity #AUMINT
🚨 Top Ransomware Leak Sites Every Security Leader Must Watch 🚨
Ransomware gangs are not just encrypting data – they’re publishing stolen info to pressure victims.
🔍 Knowing their leak sites gives you a critical early warning system.
Here are the most active ransomware leak blogs on the darknet:
🛑 AvosLocker – http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion/
🛑 Babuk – http://nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid.onion/
🛑 Bl@ckT0r – http://bl4cktorpms2gybrcyt52aakcxt6yn37byb65uama5cimhifcscnqkid.onion/
🛑 CL0P^_- LEAKS – http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/
🛑 CONTI.News – http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/
🛑 Cuba – http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/
🛑 Grief – http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion/
🛑 LockBit BLOG – http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion/
🛑 Lorenz – http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/
🛑 LV Blog – http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/
🛑 Quantum Blog – http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid.onion/
🛑 Ragnar_Locker Leaks – http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion/index.php
🛑 RANSOMEXX – http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/
🛑 Suncrypt – http://x2miyuiwpib2imjr5ykyjngdu7v6vprkkhjltrk4qafymtawey4qzwid.onion/press
⏰ Monitoring these leak sites gives your security team a chance to react before data hits public forums.
🔐 At AUMINT.io, we integrate threat intel from these sources into attack simulations that build resilience and sharpen detection skills.
📞 Want to protect your org from ransomware extortion waves? Connect with us today.
#Ransomware #ThreatIntel #CyberSecurity #Darknet #SocialEngineering #FraudPrevention #AUMINTio #CISO #SecurityOps
🛠️ Top Digital Forensics Tools Every Security Team Must Know 🛠️
Digital forensics is the frontline in stopping cyber fraud and social engineering attacks.
⏳ Fast analysis means faster breach detection and response.
Here are essential cheat sheets and references that cut investigation time dramatically:
📄 APFS File System Format Reference Sheet – https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt61c336e02577e733/5eb0940e248a28605479ccf0/FOR518_APFS_CheatSheet_012020.pdf
⚡ EZ Tools Cheat Sheet – https://www.sans.org/posters/eric-zimmerman-tools-cheat-sheet/
🚀 EZ Tools – Results in Seconds at the Command Line – https://www.sans.org/posters/eric-zimmermans-results-in-seconds-at-the-command-line-poster/
🔍 FOR500 Windows Forensic Analysis – https://www.sans.org/posters/windows-forensic-analysis/
🕵️♂️ FOR508 Hunt Evil Windows Host Normal Behavior – https://www.sans.org/posters/hunt-evil/
🧠 FOR526 Memory Forensics Analysis – https://www.sans.org/posters/dfir-memory-forensics/
🌐 FOR572 Network Forensics and Analysis – https://www.sans.org/posters/network-forensics-poster/
📱 FOR585 Smartphone Forensics (Android, iOS, Interactive) – https://digital-forensics.sans.org/media/DFIR_FOR585_Digital_Poster.pdf?_ga=2.220159129.1694995964.1606443208-2142145849.1569879967
🧰 SIFT & REMnux Linux Toolkits – https://www.sans.org/posters/sift-remnux-poster/
Master these references and toolkits to gain the upper hand against attackers.
🔐 At AUMINT.io, we build simulations that leverage forensic intel for real-world attack readiness.
📞 Ready to empower your team with forensic expertise and cut investigation time? Let’s connect!
#DigitalForensics #CyberSecurity #IncidentResponse #ThreatHunting #AUMINTio #CISO #SOC #DFIR #CyberAwareness