The Intelligence Corner

Our experts’ unique discoveries, observations, and opinions on what’s trending today in Business Risk Intelligence and the Deep & Dark Web.

Search results
Posts of Vitali Kremez

How Ransomware has become an ‘Ethical’ Dilemma in the Eastern European Underground

September 20, 2017

It’s no secret that the Deep & Dark Web (DDW) is home to illicit marketplaces and forums, as well as an array of cybercriminal communications. Less obvious, however, are the nuances of these communications, the unspoken code of conduct that exists in cybercriminal communities, and the “ethical” dilemma that certain types of attacks can cause. […]

Read more

New Version of “Trickbot” Adds Worm Propagation Module

July 27, 2017

On July 27, 2017, in coordination with Luciano Martins, Director of Cyber Risk Services at Deloitte, Flashpoint observed a new version – “1000029” – of the formidable “Trickbot” banking Trojan with a new “worm64Dll” module, spread via the email spam vector, impersonating invoices from a large international financial institution. Image 1: The latest Trickbot tt0002 […]

Read more

With a boost from Necurs, Trickbot expands its targeting to numerous U.S. financial institutions

The Necurs botnet first emerged in 2012 and has since become notorious for powering massive, malware-laden spam campaigns. Although the botnet’s historical association with Locky and Jaff Ransomware has long raised concerns from organizations across all sectors, Necurs is now delivering a different type of malware that poses a threat specifically to the financial sector: […]

Read more

“Necurs” Botnet Fuels Massive Spam Campaigns Spreading “Jaff” Ransomware

Starting on May 11, 2017, Flashpoint analysts observed several large spam campaigns originating from the Necurs botnet that aim to dupe recipients into opening malicious attachments that infect their computers with “Jaff” ransomware. These spam campaigns feature a multi-stage infection chain including a PDF file, a malicious Microsoft Office document, and finally, the Jaff ransomware […]

Read more

Dataset from “xDedic” Marketplace Suggests Government, Corporate RDP Servers Targeted

April 25, 2017

Background The xDedic marketplace is a predominant cybercriminal marketplace on the dark web known for hosting sales of access to compromised Remote Desktop Protocol (RDP) servers. RDP is Microsoft’s proprietary protocol that provides users with a graphical interface to connect to another computer over a network connection. System administrators frequently use RDP to control servers […]

Read more

U.S. Sanctions Against Russia Raise Questions Over National Security Policy

December 29, 2016

On December 29, 2016, United States President Barack Obama formally enacted measures targeting the Russian Federation in response to a campaign of Russian state-sponsored interference in the 2016 U.S. Presidential Election. The President approved an amendment to Executive Order 13964, updating a previous executive order that gave the Federal government expanded authority to respond to […]

Read more

Insider Threats: “The Shadow Brokers” Likely Did Not Hack the NSA

UPDATED 12/20/2016 3:45 PM ET  Key Takeaways • Based on the data released in the most recent dump by the threat actor known as “The Shadow Brokers,” Flashpoint assesses with medium confidence that the stolen information was likely obtained from a rogue insider. Flashpoint is uncertain of how these documents were exfiltrated, but they appear to […]

Read more

Flashpoint and Talos Analyze the Curious Case of the flokibot Connector

Key Takeaways • In the financial cybercrime landscape, we see a continuous progression of the malware known as “Floki Bot,” which has been marketed by the actor “flokibot” since September 2016. • Language is not a barrier: though experience suggests that many cybercriminals tend to stay within their language groups, those with a high level […]

Read more