The Intelligence Corner

Our experts’ unique discoveries, observations, and opinions on what’s trending today in Business Risk Intelligence and the Deep & Dark Web.

Search results
Posts of Ronnie Tokazowski

Targeted Attacks Against South Korean Entities May Have Been as Early as November 2017

On January 31, 2018, KrCERT/CC, the Republic of Korea’s (South Korea) Computer Emergency Response Team, released a notice regarding an Adobe Flash vulnerability, designated CVE-2018-4878. The notice stated that this zero-day vulnerability affects all versions of Adobe Flash Player ActiveX up to 28.0.0.137, which Adobe released on January 9, 2018. KrCERT/CC recommended uninstalling Flash Player […]

Read more

BEC Campaigns Target Organizations Across Sectors Using Credential Phishing

In general, business email compromise (BEC) scams are widely viewed as a type of cybercrime that necessitates relatively minimal technical ability. Despite this, analysts industry-wide have observed BEC operators progressing from simple schemes such as 419 and fake lottery scams – in which unwitting victims are duped into sending payments to fraudsters after being promised […]

Read more

U.S. DOJ Announces Takedowns of AlphaBay and Hansa Underground Markets

On July 20, 2017, at 10:00 AM EST, the U.S. Department of Justice (DOJ) announced a joint international law enforcement operation resulting in the takedown of the AlphaBay Market. Formerly the most popular underground market in the Deep & Dark Web (DDW), AlphaBay facilitated numerous illicit activities, including narcotics trafficking and the sale of vast […]

Read more

WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by […]

Read more

Attribution is [not] Broken

March 30, 2017

Everyone has his or her little window into Pretty Pink Panda #53, which someone else calls Lucky Leprechaun 98, which is really Red Leader, but only if you have a secret handshake to know that name, then it’s RL, because clearances. Attribution is broken. It has always been broken. And will always will be broken. […]

Read more

Business Email Compromise: The Oft-Overlooked Costly Dark Horse of Attacks

Business Email Compromise (BEC), also known as “free money scams”, is a constant threat to organizations, their employees, and their users. Although little sophistication is needed to carry out a successful BEC, these types of attacks continue to occur more frequently and inflict greater damage than ever before. Unfortunately, this means that many of us […]

Read more

Insider Threats: “The Shadow Brokers” Likely Did Not Hack the NSA

UPDATED 12/20/2016 3:45 PM ET  Key Takeaways • Based on the data released in the most recent dump by the threat actor known as “The Shadow Brokers,” Flashpoint assesses with medium confidence that the stolen information was likely obtained from a rogue insider. Flashpoint is uncertain of how these documents were exfiltrated, but they appear to […]

Read more

New Mirai Variant Leaves 5 Million Devices Worldwide Vulnerable — High Concentration in Germany, UK and Brazil

Key Takeaways • Flashpoint confirms the existence of a new Mirai variant and its involvement in the recent Deutsche Telekom outage. Flashpoint has linked at least one distributed denial-of-service (DDoS) attack to this variant. Flashpoint assesses with high confidence that the new Mirai variant is likely an attempt by one of the existing Mirai botmasters […]

Read more

Flashpoint Monitoring of Mirai Shows Attempted DDoS of Trump and Clinton Websites

Key Takeaways Between 16:20:43 UTC on November 6, 2016 and 8:19 UTC on November 7, 2016, Flashpoint observed four 30-second HTTP Layer 7 attacks targeting the campaign websites of presidential candidates Donald Trump and Hillary Clinton. There were no observed or reported outages for either of the sites.   Flashpoint assesses that unsophisticated actors are […]

Read more