Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime

Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors

Since the May 12, 2017, “WannaCry” ransomware worm attack, researchers have struggled with the question of attribution. As of this writing, a number of researchers have linked the activity to the suspected North Korean-affiliated “Lazarus Group” due to similarities in the code and the infrastructure. Flashpoint analysts conducted similar analyses, but also included a linguistic […]

Read more

Diaries of a Fraudster

By FP_Analyst
May 11, 2017

Last week, a fraudster published his own “diary” on the Deep & Dark Web. As far as the typical excitement of reading someone else’s diary goes, it’s a little disappointing. But in terms of providing insight into the mind of a fraudster, there are some juicy tidbits that detail the individual’s rise and maturation as […]

Read more

Threat Actors Leverage “Phonecord” Bot to Harass Victims

Although the majority of cyber threat actors are fueled by the desire for financial or political gain, some actors lack traditional motivations altogether. Often referred to as “attention-seekers”, these actors’ malicious activities are driven typically by nothing more than a desire to attract attention by causing chaos for their own amusement. Despite their reputation for […]

Read more

Dataset from “xDedic” Marketplace Suggests Government, Corporate RDP Servers Targeted

April 25, 2017

Background The xDedic marketplace is a predominant cybercriminal marketplace on the dark web known for hosting sales of access to compromised Remote Desktop Protocol (RDP) servers. RDP is Microsoft’s proprietary protocol that provides users with a graphical interface to connect to another computer over a network connection. System administrators frequently use RDP to control servers […]

Read more

Cybercrime Economy: An Analysis of Cybercriminal Communication Strategies

April 19, 2017

Malicious actors’ widespread preference for encrypted tools and services continues to fuel the ongoing debate over encryption. While jihadist groups such as ISIS first drew public attention to the issue during the high-profile battle between the FBI and Apple over the mobile phone belonging to one of the San Bernardino shooters in 2015, various threat […]

Read more

Evaluating Cyber and Physical Risks During International Travel

Whether for business or pleasure, international travel can present various cyber and physical risks. Unfortunately, the precarious state of the geopolitical and threat landscape has increased some of these risks, yielding widespread concern and uncertainty among those seeking to travel safely and securely. Given that certain threats may be particularly damaging not only to individual travelers […]

Read more

Attribution is [not] Broken

March 30, 2017

Everyone has his or her little window into Pretty Pink Panda #53, which someone else calls Lucky Leprechaun 98, which is really Red Leader, but only if you have a secret handshake to know that name, then it’s RL, because clearances. Attribution is broken. It has always been broken. And will always will be broken. […]

Read more

Risk vs. Threat: Best Practices from a Fortune 50 Retailer

March 23, 2017

I’m happy to present a guest post from an experienced cyber intelligence analyst for a Fortune 50 retailer — who happens to be a Flashpoint client. He wanted to share some best practices based on his experience leveraging cyber threat intelligence to assess business risk, address threats, and shape the strategy for his company’s information […]

Read more