Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime

Fentanyl Sales in the Deep & Dark Web

July 28, 2017

As the U.S. opioid epidemic persists, the drugs that are fueling the crisis have found a customer base in Deep & Dark Web (DDW) marketplaces. Fentanyl, a synthetic opioid more potent than heroin, is one such drug that is being sold in underground marketplaces. Fentanyl is sold in various illicit marketplaces. For years, surface web […]

Read more

New Version of “Trickbot” Adds Worm Propagation Module

July 27, 2017

On July 27, 2017, in coordination with Luciano Martins, Director of Cyber Risk Services at Deloitte, Flashpoint observed a new version – “1000029” – of the formidable “Trickbot” banking Trojan with a new “worm64Dll” module, spread via the email spam vector, impersonating invoices from a large international financial institution. Image 1: The latest Trickbot tt0002 […]

Read more

U.S. DOJ Announces Takedowns of AlphaBay and Hansa Underground Markets

On July 20, 2017, at 10:00 AM EST, the U.S. Department of Justice (DOJ) announced a joint international law enforcement operation resulting in the takedown of the AlphaBay Market. Formerly the most popular underground market in the Deep & Dark Web (DDW), AlphaBay facilitated numerous illicit activities, including narcotics trafficking and the sale of vast […]

Read more

Business Email Compromise: A Bigger Threat than Ransomware?

By FP_Analyst
July 20, 2017

The large-scale attacks that have become defining characteristics of 2017 have given rise to stronger defenses across the enterprise. Forced to adapt in response, more adversaries are recognizing that bypassing these defenses to generate illicit funds is sometimes best achieved through less-sophisticated — yet lucrative — schemes like Business Email Compromise (BEC). In fact, the […]

Read more

With a boost from Necurs, Trickbot expands its targeting to numerous U.S. financial institutions

The Necurs botnet first emerged in 2012 and has since become notorious for powering massive, malware-laden spam campaigns. Although the botnet’s historical association with Locky and Jaff Ransomware has long raised concerns from organizations across all sectors, Necurs is now delivering a different type of malware that poses a threat specifically to the financial sector: […]

Read more

WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by […]

Read more

“Necurs” Botnet Fuels Massive Spam Campaigns Spreading “Jaff” Ransomware

Starting on May 11, 2017, Flashpoint analysts observed several large spam campaigns originating from the Necurs botnet that aim to dupe recipients into opening malicious attachments that infect their computers with “Jaff” ransomware. These spam campaigns feature a multi-stage infection chain including a PDF file, a malicious Microsoft Office document, and finally, the Jaff ransomware […]

Read more

Threat Actors Discuss Circumvention Techniques Against “Bank Drop” Detection

May 31, 2017

The ubiquity of cybercrime has given rise to the widespread implementation of robust security measures across all sectors. While cybercriminals are often known for their ability to adapt and carry out their malicious campaigns despite increased security, they have also recognized that collaborating and sharing information pertaining to tactics, techniques, and procedures (TTPs) are integral […]

Read more