Collective Intelligence Podcast, Vitali Kremez on TreasureHunter Source Code Leak
It’s been a busy couple of weeks on the cybercrime front starting with the TreasureHunter malware source code leak and culminating in last week’s takedown of bulletproof hosting provider MaxiDed, a known outpost for command and control infrastructure belonging to groups such as Carbanak, AdGholas and the operators of the Mirai IoT botnet.
Vitali Kremez, director of research at Flashpoint, talks to Editorial Director Mike Mimoso about both events and their short- and long-term impact on cybercrime.
The TreasureHunter leak, disclosed by Flashpoint on May 10, was not your average malware source code leak. Not only was the code made public for the point-of-sale malware, but compounding the issue was also the leak by the same actor of the source code for the malware’s graphical user interface builder and administrator panel. This gives criminals an opportunity to build their own variants of the malware in a relatively quicker fashion.
Flashpoint worked in close collaboration with researchers at Cisco Talos, sharing intelligence on the leak in order to have updated Snort rules and ClamAV signatures ready upon disclosure hoping to head off copycats looking to capitalize on the leak. Flashpoint said it had observed conversations on Russian-speaking cybercrime forums about improvements that could be made to the code and how to weaponize it.
Wrapping up the discussion, Vitali and Mike discuss the MaxiDed takedown, announced last week by the Dutch National Police. Vitali explains the importance of international cooperation in takedowns such as this, and what kind of a dent this makes in the context of overall underground activity.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.