The Intelligence Corner

Our experts’ unique discoveries, observations, and opinions on what’s trending today in Business Risk Intelligence and the Deep & Dark Web.

Search results
Posts of John Costello

Threat Actors Discuss Circumvention Techniques Against “Bank Drop” Detection

May 31, 2017

The ubiquity of cybercrime has given rise to the widespread implementation of robust security measures across all sectors. While cybercriminals are often known for their ability to adapt and carry out their malicious campaigns despite increased security, they have also recognized that collaborating and sharing information pertaining to tactics, techniques, and procedures (TTPs) are integral […]

Read more

Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors

Since the May 12, 2017, “WannaCry” ransomware worm attack, researchers have struggled with the question of attribution. As of this writing, a number of researchers have linked the activity to the suspected North Korean-affiliated “Lazarus Group” due to similarities in the code and the infrastructure. Flashpoint analysts conducted similar analyses, but also included a linguistic […]

Read more

New Mirai Variant Leaves 5 Million Devices Worldwide Vulnerable — High Concentration in Germany, UK and Brazil

Key Takeaways • Flashpoint confirms the existence of a new Mirai variant and its involvement in the recent Deutsche Telekom outage. Flashpoint has linked at least one distributed denial-of-service (DDoS) attack to this variant. Flashpoint assesses with high confidence that the new Mirai variant is likely an attempt by one of the existing Mirai botmasters […]

Read more

By Accident or Design? Supply Chain Risks of Chinese-made Devices

Key Takeaways • On November 15, 2016, American media outlets reported that Android devices in the United States were found to be transmitting sensitive user information back to a server in Shanghai, China. The total number of known affected devices is 120,000, which were manufactured by Florida-based BLU Products. • The incident was caused by […]

Read more

Overview of President-Elect Donald Trump’s Cyber Policy

November 10, 2016

Key Takeaways • President-elect Donald Trump’s unique campaign and status as an outsider have made his cyber policy positions difficult to predict. • Trump’s cybersecurity vision calls for a “Cyber Review Team” composed of law enforcement, military, and private sector experts. The team would conduct a “top-to-bottom” review of U.S. cybersecurity infrastructure. • Trump’s vision […]

Read more

Flashpoint Monitoring of Mirai Shows Attempted DDoS of Trump and Clinton Websites

Key Takeaways Between 16:20:43 UTC on November 6, 2016 and 8:19 UTC on November 7, 2016, Flashpoint observed four 30-second HTTP Layer 7 attacks targeting the campaign websites of presidential candidates Donald Trump and Hillary Clinton. There were no observed or reported outages for either of the sites.   Flashpoint assesses that unsophisticated actors are […]

Read more

An After-Action Analysis of the Mirai Botnet Attacks on Dyn

Key Takeaways • On October 21, 2016, a series of distributed denial-of-service (DDoS) attacks against Dyn DNS impacted the availability of a number of sites concentrated in the Northeast US and, later, other areas of the country. Impacted sites included: PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape. • While the attacks were still […]

Read more