Emerging Threats

Our musings on navigating the ever-evolving cyber & physical threat landscapes.

Blog > Emerging Threats

Flashpoint and Talos Analyze the Curious Case of the flokibot Connector

Key Takeaways • In the financial cybercrime landscape, we see a continuous progression of the malware known as “Floki Bot,” which has been marketed by the actor “flokibot” since September 2016. • Language is not a barrier: though experience suggests that many cybercriminals tend to stay within their language groups, those with a high level […]

Read more

New Mirai Variant Leaves 5 Million Devices Worldwide Vulnerable — High Concentration in Germany, UK and Brazil

Key Takeaways • Flashpoint confirms the existence of a new Mirai variant and its involvement in the recent Deutsche Telekom outage. Flashpoint has linked at least one distributed denial-of-service (DDoS) attack to this variant. Flashpoint assesses with high confidence that the new Mirai variant is likely an attempt by one of the existing Mirai botmasters […]

Read more

By Accident or Design? Supply Chain Risks of Chinese-made Devices

Key Takeaways • On November 15, 2016, American media outlets reported that Android devices in the United States were found to be transmitting sensitive user information back to a server in Shanghai, China. The total number of known affected devices is 120,000, which were manufactured by Florida-based BLU Products. • The incident was caused by […]

Read more

Hacking the Elections

The issue of cybersecurity has surfaced prominently during the current United States election cycle — not merely in terms of driving policy debates between the candidates, but more broadly as outside actors have attempted to influence the outcome (and raise doubts about the credibility) of the electoral process itself. The United States Intelligence Community recently […]

Read more

The Shadow Brokers’s “Trick or Treat” Leak Exposes International Stage Server Infrastructure

Key Takeaways The hacker collective known as “The Shadow Brokers” has published another leak related to the “Equation Group” — a group of hackers believed to be operated by the National Security Agency (NSA). The group posted an archive titled “trickortreat,” leaking the pair (redirector) keys allegedly connecting stage servers of numerous covert operations conducted […]

Read more

An After-Action Analysis of the Mirai Botnet Attacks on Dyn

Key Takeaways • On October 21, 2016, a series of distributed denial-of-service (DDoS) attacks against Dyn DNS impacted the availability of a number of sites concentrated in the Northeast US and, later, other areas of the country. Impacted sites included: PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, and RuneScape. • While the attacks were still […]

Read more

Mirai Botnet Linked to Dyn DNS DDoS Attacks

By Flashpoint Analyst Team
October 21, 2016

Key Takeaways Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against the “Krebs On Security” blog and OVH. As of 1730 EST, the attacks against Dyn DNS are still ongoing. Flashpoint […]

Read more

Analysis of “DirtyCow” Kernel Exploit

Key Takeaways On October 20, 2016, Ars Technica published an article about a serious kernel-level Linux exploit which allows for local privilege escalation attacks. Red Hat Product Security has identified this exploit being used in the wild and addressed the apparent vulnerability caused by this exploit. Other Linux distribution operating systems are also in the […]

Read more

Current Trends in Mobile Threats Targeting Financial Services

Key Findings Malware targeting credentials and payment information remains a major threat to mobile users. Call and SMS interception are in demand and support a variety of unauthorized retail and banking transactions. Calls and SMS Telephony Denial of Service (TDoS) are in demand; however, due to the excessive cost of the technique, they are only available […]

Read more

When Vulnerabilities Travel Downstream

CVEs Assigned to Upstream Devices Exploited by Mirai IoT Botnet While investigating the recent large-scale DDoS attacks against targets including Krebs On Security and OVH, Flashpoint identified the primary manufacturer of the devices that utilize the default username and password combination known as root and xc3511, respectively. These types of credentials exist all across the […]

Read more