Emerging Threats

Our musings on navigating the ever-evolving cyber & physical threat landscapes.

Blog > Emerging Threats

The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack

By Flashpoint Analyst Team
August 25, 2017

Introduction On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android devices running malicious applications and is designed […]

Read more

BEC Campaigns Target Organizations Across Sectors Using Credential Phishing

In general, business email compromise (BEC) scams are widely viewed as a type of cybercrime that necessitates relatively minimal technical ability. Despite this, analysts industry-wide have observed BEC operators progressing from simple schemes such as 419 and fake lottery scams – in which unwitting victims are duped into sending payments to fraudsters after being promised […]

Read more

With a boost from Necurs, Trickbot expands its targeting to numerous U.S. financial institutions

The Necurs botnet first emerged in 2012 and has since become notorious for powering massive, malware-laden spam campaigns. Although the botnet’s historical association with Locky and Jaff Ransomware has long raised concerns from organizations across all sectors, Necurs is now delivering a different type of malware that poses a threat specifically to the financial sector: […]

Read more

WikiLeaks Publishes CIA Documents Detailing “Brutal Kangaroo” Tool and LNK Exploits

On June 22, 2017, WikiLeaks released a new cache of documents detailing four tools allegedly used by the CIA as part of its ongoing “Vault 7” campaign. The leaked tools are named “EzCheese,” “Brutal Kangaroo,” “Emotional Simian,” and “Shadow.” When used in combination, these tools can be used to attack systems that are air-gapped by […]

Read more

“Necurs” Botnet Fuels Massive Spam Campaigns Spreading “Jaff” Ransomware

Starting on May 11, 2017, Flashpoint analysts observed several large spam campaigns originating from the Necurs botnet that aim to dupe recipients into opening malicious attachments that infect their computers with “Jaff” ransomware. These spam campaigns feature a multi-stage infection chain including a PDF file, a malicious Microsoft Office document, and finally, the Jaff ransomware […]

Read more

Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors

Since the May 12, 2017, “WannaCry” ransomware worm attack, researchers have struggled with the question of attribution. As of this writing, a number of researchers have linked the activity to the suspected North Korean-affiliated “Lazarus Group” due to similarities in the code and the infrastructure. Flashpoint analysts conducted similar analyses, but also included a linguistic […]

Read more

Threat Actors Leverage “Phonecord” Bot to Harass Victims

Although the majority of cyber threat actors are fueled by the desire for financial or political gain, some actors lack traditional motivations altogether. Often referred to as “attention-seekers”, these actors’ malicious activities are driven typically by nothing more than a desire to attract attention by causing chaos for their own amusement. Despite their reputation for […]

Read more

Large Protests Expected for May Day 2017

The origins of International Workers’ Day, also known as May Day, stem from an 1880s Chicago-based movement by labor unions to force the adoption of eight-hour work days. May 1, 1886, is considered the first official International Workers’ Day, which included several days of protests, violent clashes with police, and heavy anarchist involvement during the […]

Read more

Best Practices for Addressing Four Common Threats

Flashpoint’s customers represent a diverse mix of global organizations and business functions spanning nearly every industry. On one hand, this means that our team has gained extensive experience using Business Risk Intelligence (BRI) to help our customers address some of the rarest, most obscure threats emerging from the Deep & Dark Web. On the other […]

Read more