Flashpoint Intelligence Team Experts Explore Emerging Threats at Upcoming RSA Conference 2019
Leaders of the Flashpoint Hunt Team and Americas Intelligence Team Unveil Cybercrime Trends in Two Talk Sessions
New York, NY, February 21, 2019 — Flashpoint, the global leader in Business Risk Intelligence (BRI), today announced that its industry-leading intelligence analysts will present in two sessions at RSA Conference next month. Flashpoint analysts will be speaking alongside other market-leading researchers from Microsoft, F5 Networks, and Chainalysis. The event takes place from March 4-8, 2019 at Moscone Center in San Francisco.
Christopher “Tophs” Elisan will present, “Exploit Kits, Malware ROI and the Shift in Attack Vectors,” with Lior Ben-Porat and Daniel Frank, security researchers at Microsoft and F5 Networks, respectively. As Flashpoint’s Director of Intelligence, Elisan serves as the leader of the company’s renowned Hunt Team and is a seasoned reverse engineer, malware researcher and published author.
“This talk delves into the case of GandCrab, which our Hunt Team has been following through illicit online communities since it began recruiting affiliates needed to spread the now infamous ransomware of the same name,” Elisan said. “The team obtained early access to the ransomware sample and was able to collect indicators of compromise and actionable intelligence regarding the impending ransomware threat.”
The Flashpoint Hunt Team is part of the company’s global intelligence team. It is comprised of a collection of talented and driven researchers who interface directly with customers and also support law enforcement investigations. With the team’s access to varied intelligence sources, as well as illicit online communities, it is able to paint a complete picture of attack infrastructures and the threat actors behind them, providing actionable intelligence that makes a difference to private and public sector organizations.
“Specific to GandCrab, the team is also able to follow developments not only in the backend systems the threat actors have access to, but also on the different improvements made to each GandCrab version used in different attack campaigns,” Elisan continued. “As the threat progresses, the Hunt Team is at the forefront and continually monitoring not only this threat actor but other threat actors that pose a threat.”
Latin America Cybercrime
Ian Gray, Flashpoint’s Director of Intelligence, Americas, is also presenting at RSA Conference alongside Carles Lopez-Penalver, cybercrime analyst at Chainalysis. The talk, “Bitcoin Por Favor: Cybercriminal Usage of Cryptocurrency in Latin America,” builds on both analysts’ extensive knowledge of activity in illicit communities that could negatively impact businesses in Latin America. Gray focuses heavily on this type of analysis and researches cybercriminal usage of new and emerging technologies for malicious purposes in English and Portuguese-language communities.
“We will examine the use of cryptocurrencies in Latin America by comparing other popular payments systems in illicit communities. Select Latin American cybercriminals have integrated cryptocurrencies into their individual operations, however it remains secondary to conventional forms of payment,” Gray said. “Cybercriminals continue to use conventional methods and other national payments systems. This is largely due to socio-economic factors within the region, lack of technological awareness and the convenience of mobile person-to-person payments.”
Flashpoint Intelligence Team
Including the Hunt Team and Americas team, Flashpoint has eight specialized groups that comprise its global intelligence team, and each member has tailored expertise that helps identify and solve different threats facing organizations across cybersecurity, fraud, insider threat, and corporate & physical security teams.
- Tactical Threat Monitoring (TTM) Team: Identifies and reviews large volumes of data from many sources in numerous languages in order to assess potential risks to our customers. TTM provides insights to customers in the form of tactical-level findings, translation support, and identification of new threats, and tactics, techniques and procedures (TTPs).
- Corporate & Physical Security Team: Tracks conspiring actors and threats across illicit communities in order to support physical threat investigations. The physical & corporate security team delivers extensive access to closed- or invite-only sources, as well as relevant open-web sources of data. Finished intelligence derived from these sources facilitates risk assessments and the development and implementation of mitigation measures in response to imminent threats to physical assets, including employees, facilities and data.
- Counterterrorism Team: Identifies and analyzes information on terrorist activity, including the dissemination of propaganda through illicit communities and chat services platforms, as well as recruitment activities. The team’s expertise and experience with data gathering in these illicit and dangerous locations on the internet enables them to understand the scope of threats and produce actionable intelligence for response teams.
- Regional Expert Teams: Addresses regional specific requests for information (RFIs) for clients, and provides analysis on key trends, threat actors and campaigns originating from each region. Dedicated teams include the Americas, Asia Pacific, Europe, and Middle East & Africa.
In addition to unique sources and tradecraft, these teams cover more than 20 languages including Arabic, Mandarin, Farsi, Turkish, Kazakh, Spanish, French, German, Russian, Ukrainian, Italian, and Portuguese.
Session Days and Times
“Exploit Kits, Malware ROI and the Shift in Attack Vectors”
1:05 p.m. PST | Monday, March 4, 2019
Location: Moscone West 2022
“Bitcoin Por Favor: Cybercriminal Usage of Cryptocurrency in Latin America”
3:35 p.m. PST | Monday, March 4, 2019
Location: Moscone West 2022
To meet with either Elisan or Gray at RSA Conference, request a meeting, visit booth #1759 in Moscone South, or register for the second-annual IGNITE party featuring Dual Core on Monday, March 4, from 7:00-10:00 p.m. PST.
For all the details on Flashpoint’s presence at the show, visit our RSA Conference page.
Flashpoint delivers Business Risk Intelligence (BRI) to empower organizations worldwide with meaningful intelligence and information that combats threats and adversaries. The company’s sophisticated technology, advanced data collections, and human-powered analysis uniquely enables large enterprises and the public sector to bolster cybersecurity, confront fraud, detect insider threats and build insider threat programs, enhance corporate and physical security, improve executive protection, and address vendor risk and supply chain integrity. Flashpoint is backed by Georgian Partners, Greycroft Partners, TechOperators, K2 Intelligence, Jump Capital, Leaders Fund, Bloomberg Beta, and Cisco Investments. For more information, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.