Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime

Psychology of an Eastern European Cybercriminal: Mindset Drives Behavior

By FP_Analyst
February 14, 2017

Most conversations about the Eastern European cybercrime landscape focus heavily on the specific threats originating from this community of actors. For security practitioners and intelligence analysts, this often means in-depth technical analysis on everything from new strains of malware and emerging fraud schemes to zero-day vulnerabilities and large-scale DDoS attacks. While such information is undoubtedly […]

Read more

MongoDB Ransomers Overwriting Each Others’ Notes, Leaving Admins with No Options

Open MongoDB database servers with default settings have been a source of stress for security teams for well over a year. These vulnerable databases can result in breaches affecting millions of people. Though administrators have been warned to secure these servers, the lack of doing so has resulted in tens of thousands of open MongoDB […]

Read more

U.S. Sanctions Against Russia Raise Questions Over National Security Policy

December 29, 2016

On December 29, 2016, United States President Barack Obama formally enacted measures targeting the Russian Federation in response to a campaign of Russian state-sponsored interference in the 2016 U.S. Presidential Election. The President approved an amendment to Executive Order 13964, updating a previous executive order that gave the Federal government expanded authority to respond to […]

Read more

Insider Threats: “The Shadow Brokers” Likely Did Not Hack the NSA

UPDATED 12/20/2016 3:45 PM ET  Key Takeaways • Based on the data released in the most recent dump by the threat actor known as “The Shadow Brokers,” Flashpoint assesses with medium confidence that the stolen information was likely obtained from a rogue insider. Flashpoint is uncertain of how these documents were exfiltrated, but they appear to […]

Read more

Flashpoint and Talos Analyze the Curious Case of the flokibot Connector

Key Takeaways • In the financial cybercrime landscape, we see a continuous progression of the malware known as “Floki Bot,” which has been marketed by the actor “flokibot” since September 2016. • Language is not a barrier: though experience suggests that many cybercriminals tend to stay within their language groups, those with a high level […]

Read more

New Mirai Variant Leaves 5 Million Devices Worldwide Vulnerable — High Concentration in Germany, UK and Brazil

Key Takeaways • Flashpoint confirms the existence of a new Mirai variant and its involvement in the recent Deutsche Telekom outage. Flashpoint has linked at least one distributed denial-of-service (DDoS) attack to this variant. Flashpoint assesses with high confidence that the new Mirai variant is likely an attempt by one of the existing Mirai botmasters […]

Read more

Flashpoint Monitoring of Mirai Shows Attempted DDoS of Trump and Clinton Websites

Key Takeaways Between 16:20:43 UTC on November 6, 2016 and 8:19 UTC on November 7, 2016, Flashpoint observed four 30-second HTTP Layer 7 attacks targeting the campaign websites of presidential candidates Donald Trump and Hillary Clinton. There were no observed or reported outages for either of the sites.   Flashpoint assesses that unsophisticated actors are […]

Read more

Hacking the Elections

The issue of cybersecurity has surfaced prominently during the current United States election cycle — not merely in terms of driving policy debates between the candidates, but more broadly as outside actors have attempted to influence the outcome (and raise doubts about the credibility) of the electoral process itself. The United States Intelligence Community recently […]

Read more