Emerging Threats

Our musings on navigating the ever-evolving cyber & physical threat landscapes.

Blog > Emerging Threats

Hacking the Elections

The issue of cybersecurity has surfaced prominently during the current United States election cycle — not merely in terms of driving policy debates between the candidates, but more broadly as outside actors have attempted to influence the outcome (and raise doubts about the credibility) of the electoral process itself. The United States Intelligence Community recently […]

Read more

The Shadow Brokers’s “Trick or Treat” Leak Exposes International Stage Server Infrastructure

Key Takeaways The hacker collective known as “The Shadow Brokers” has published another leak related to the “Equation Group” — a group of hackers believed to be operated by the National Security Agency (NSA). The group posted an archive titled “trickortreat,” leaking the pair (redirector) keys allegedly connecting stage servers of numerous covert operations conducted […]

Read more

An After-Action Analysis of the Mirai Botnet Attacks on Dyn

Key Takeaways • On October 21, 2016, a series of distributed denial-of-service (DDoS) attacks against Dyn DNS impacted the availability of a number of sites concentrated in the Northeast US and, later, other areas of the country. Impacted sites included: PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape. • While the attacks were still […]

Read more

Mirai Botnet Linked to Dyn DNS DDoS Attacks

By FP_Analyst
October 21, 2016

Key Takeaways Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against the “Krebs On Security” blog and OVH. As of 1730 EST, the attacks against Dyn DNS are still ongoing. Flashpoint […]

Read more

Analysis of “DirtyCow” Kernel Exploit

Key Takeaways On October 20, 2016, Ars Technica published an article about a serious kernel-level Linux exploit which allows for local privilege escalation attacks. Red Hat Product Security has identified this exploit being used in the wild and addressed the apparent vulnerability caused by this exploit. Other Linux distribution operating systems are also in the […]

Read more

Current Trends in Mobile Threats Targeting Financial Services

Key Findings Malware targeting credentials and payment information remains a major threat to mobile users. Call and SMS interception are in demand and support a variety of unauthorized retail and banking transactions. Calls and SMS Telephony Denial of Service (TDoS) are in demand; however, due to the excessive cost of the technique, they are only available […]

Read more

When Vulnerabilities Travel Downstream

CVEs Assigned to Upstream Devices Exploited by Mirai IoT Botnet Key Findings • While investigating the recent large-scale distributed denial-of-service (DDoS) attacks, Flashpoint identified the primary manufacturer of the devices that utilize the default username and password combination known as root and xc3511. • Default credentials pose little threat when a device is not accessible […]

Read more

“thedarkoverlord” Targets Finance in Next Wave of Extortion Attacks

Key Findings  On September 25, 2016, “thedarkoverlord,” a notorious threat actor behind the recent extortion attempts of several healthcare organizations, gained access to highly-sensitive information from WestPark Capital investment firm. The CEO of WestPark Capital refused the actor’s blackmail demands, and as a result, partial information was released to the public by thedarkoverlord Flashpoint identified […]

Read more

Anatomy of Locky and Zepto Ransomware

The criminals behind the notorious Locky and Zepto ransomware spam campaigns continue to shift tactics in an effort to circumvent anti-virus detection. Recently, the cybercriminal syndicate has been leveraging obfuscated Windows Script Files (.wsf) and HTML Applications (.hta) inside a zip archive. Such files allow JScript, VBScript, and other scripting languages to execute. By using […]

Read more