Cybercrime

From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime

Business Email Compromise: A Bigger Threat than Ransomware?

By Flashpoint Analyst Team
July 20, 2017

The large-scale attacks that have become defining characteristics of 2017 have given rise to stronger defenses across the enterprise. Forced to adapt in response, more adversaries are recognizing that bypassing these defenses to generate illicit funds is sometimes best achieved through less-sophisticated — yet lucrative — schemes like Business Email Compromise (BEC). In fact, the […]

Read more

With a boost from Necurs, Trickbot expands its targeting to numerous U.S. financial institutions

The Necurs botnet first emerged in 2012 and has since become notorious for powering massive, malware-laden spam campaigns. Although the botnet’s historical association with Locky and Jaff Ransomware has long raised concerns from organizations across all sectors, Necurs is now delivering a different type of malware that poses a threat specifically to the financial sector: […]

Read more

WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by […]

Read more

“Necurs” Botnet Fuels Massive Spam Campaigns Spreading “Jaff” Ransomware

Starting on May 11, 2017, Flashpoint analysts observed several large spam campaigns originating from the Necurs botnet that aim to dupe recipients into opening malicious attachments that infect their computers with “Jaff” ransomware. These spam campaigns feature a multi-stage infection chain including a PDF file, a malicious Microsoft Office document, and finally, the Jaff ransomware […]

Read more

Threat Actors Discuss Circumvention Techniques Against “Bank Drop” Detection

May 31, 2017

The ubiquity of cybercrime has given rise to the widespread implementation of robust security measures across all sectors. While cybercriminals are often known for their ability to adapt and carry out their malicious campaigns despite increased security, they have also recognized that collaborating and sharing information pertaining to tactics, techniques, and procedures (TTPs) are integral […]

Read more

Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors

Since the May 12, 2017, “WannaCry” ransomware worm attack, researchers have struggled with the question of attribution. As of this writing, a number of researchers have linked the activity to the suspected North Korean-affiliated “Lazarus Group” due to similarities in the code and the infrastructure. Flashpoint analysts conducted similar analyses, but also included a linguistic […]

Read more

Diaries of a Fraudster

By Flashpoint Analyst Team
May 11, 2017

Last week, a fraudster published his own “diary” on the Deep & Dark Web. As far as the typical excitement of reading someone else’s diary goes, it’s a little disappointing. But in terms of providing insight into the mind of a fraudster, there are some juicy tidbits that detail the individual’s rise and maturation as […]

Read more