Emerging Threats

Our musings on navigating the ever-evolving cyber & physical threat landscapes.

Blog > Emerging Threats

Threat Actors Shift to Android-Based Carding, Struggle with iOS

By Flashpoint Analyst Team
May 9, 2018

Cybercriminals operating on Russian-language Deep & Dark Web (DDW) forums are demonstrating an increased interest in using mobile operating systems—specifically Android—to evade detection when using stolen payment card data to make fraudulent purchases online, Flashpoint analysts said. Since these schemes, known as carding, are typically carried out using desktop computers, many cybercriminals seem to believe […]

Read more

BEC: All We Need is Love and Mules

Business Email Compromise (BEC) scams have for years ensnared executives inside large organizations, including decision-makers at the highest levels who are duped by clever social engineering into transferring sometimes millions of dollars into a fraudulent account. A growing segment of this type of attack, however, plays on the heartstrings of the lonely and preys on […]

Read more

Botnet Operators Cash in on Travel Rewards Program Credentials

Flashpoint analysts have been tracking several small specialty shops in the Russian-language underground advertising access to the login credentials of customer accounts for travel and hospitality rewards points programs. Since the observed vendors appear to offer a small number of accounts from a large number of institutions, Flashpoint analysts believe the accounts were obtained incidentally […]

Read more

‘Rubella Macro Builder’ Crimeware Kit Emerges on Underground

A crimeware kit dubbed the Rubella Macro Builder has recently been gaining popularity among members of a top-tier Russian hacking forum. Despite being relatively new and unsophisticated, the kit has a clear appeal for cybercriminals: it’s cheap, fast, and can defeat basic static antivirus detection. First offered for sale in late February for the relatively […]

Read more

Crypto Elite Down on Blockchain’s Security Applications, Call for Hardware Bug-Disclosure Improvements

April 18, 2018

SAN FRANCISCO—The Cryptographers’ Panel at RSA Conference is an annual table-setter for the security field where the industry’s elders and the best of the next generation make an informal declaration about what’s going to matter for the next 12 months. In a rapid-fire hourlong panel on Tuesday, Ron Rivest, Adi Shamir (the R and S […]

Read more

Fraudsters Leverage HTTP Injectors to Steal Internet Access

Threat actors are seeking and exchanging HTTP injectors in order to gain unpaid mobile access to the internet, defrauding service providers and telecommunications companies in the process. Flashpoint analysts have observed widespread chatter pertaining to the use of HTTP injectors, which modify HTTP headers on network requests with malicious code that tricks captive portals into […]

Read more

Compromised Magento Sites Delivering Malware

Ecommerce websites running on the popular open-source Magento platform are being targeted by attackers who are using brute-force password attacks to access administration panels to scrape credit card numbers and install malware that mines cryptocurrency. Researchers at Flashpoint are aware of the compromise of at least 1,000 Magento admin panels, and said that interest in […]

Read more

Reddit in Cat-and-Mouse Game with Fraud-Related Accounts, Subreddits

Once authorities shut down the AlphaBay market last July, fraudsters went scurrying elsewhere to advertise the sale of illicit and dangerous goods, personally identifiable information (PII), stolen banking credentials, and to connect with other vendors and customers. Reddit is one surface-web avenue abused by criminals once the extensive Deep & Dark Web (DDW) marketplace went […]

Read more

Refund Fraud and Fake Receipts Proliferate on the Deep & Dark Web

Recognizing customer satisfaction as a key driver of retention, many retailers have implemented generous refund or replacement policies. Unfortunately, these policies can be susceptible to various forms of merchant abuse. Refund fraud is a pervasive form of merchant abuse in which a threat actor purchases a product from an online store and has it shipped […]

Read more