Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime

Flashpoint Monitoring of Mirai Shows Attempted DDoS of Trump and Clinton Websites

Key Takeaways Between 16:20:43 UTC on November 6, 2016 and 8:19 UTC on November 7, 2016, Flashpoint observed four 30-second HTTP Layer 7 attacks targeting the campaign websites of presidential candidates Donald Trump and Hillary Clinton. There were no observed or reported outages for either of the sites.   Flashpoint assesses that unsophisticated actors are […]

Read more

Hacking the Elections

The issue of cybersecurity has surfaced prominently during the current United States election cycle — not merely in terms of driving policy debates between the candidates, but more broadly as outside actors have attempted to influence the outcome (and raise doubts about the credibility) of the electoral process itself. The United States Intelligence Community recently […]

Read more

Recommended DDoS Attack Mitigation Strategies

November 2, 2016

In light of the recent Mirai botnet DDoS attacks against DNS servers, Flashpoint would like to raise awareness on certain suggested mitigation strategies. These recommendations are relevant for organizations with Internet-facing authoritative DNS servers. For organizations running their own DNS servers, is it crucial for network team members to both be aware of the current […]

Read more

The Shadow Brokers’s “Trick or Treat” Leak Exposes International Stage Server Infrastructure

Key Takeaways The hacker collective known as “The Shadow Brokers” has published another leak related to the “Equation Group” — a group of hackers believed to be operated by the National Security Agency (NSA). The group posted an archive titled “trickortreat,” leaking the pair (redirector) keys allegedly connecting stage servers of numerous covert operations conducted […]

Read more

An After-Action Analysis of the Mirai Botnet Attacks on Dyn

Key Takeaways • On October 21, 2016, a series of distributed denial-of-service (DDoS) attacks against Dyn DNS impacted the availability of a number of sites concentrated in the Northeast US and, later, other areas of the country. Impacted sites included: PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape. • While the attacks were still […]

Read more

Mirai Botnet Linked to Dyn DNS DDoS Attacks

By FP_Analyst
October 21, 2016

Key Takeaways Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against the “Krebs On Security” blog and OVH. As of 1730 EST, the attacks against Dyn DNS are still ongoing. Flashpoint […]

Read more

Analysis of “DirtyCow” Kernel Exploit

Key Takeaways On October 20, 2016, Ars Technica published an article about a serious kernel-level Linux exploit which allows for local privilege escalation attacks. Red Hat Product Security has identified this exploit being used in the wild and addressed the apparent vulnerability caused by this exploit. Other Linux distribution operating systems are also in the […]

Read more

Current Trends in Mobile Threats Targeting Financial Services

Key Findings Malware targeting credentials and payment information remains a major threat to mobile users. Call and SMS interception are in demand and support a variety of unauthorized retail and banking transactions. Calls and SMS Telephony Denial of Service (TDoS) are in demand; however, due to the excessive cost of the technique, they are only available […]

Read more

When Vulnerabilities Travel Downstream

CVEs Assigned to Upstream Devices Exploited by Mirai IoT Botnet Key Findings • While investigating the recent large-scale distributed denial-of-service (DDoS) attacks, Flashpoint identified the primary manufacturer of the devices that utilize the default username and password combination known as root and xc3511. • Default credentials pose little threat when a device is not accessible […]

Read more