One Strategy, Multiple Use Cases
Business Risk Intelligence for Addressing Risk Across the Enterprise
Cybersecurity & emergent malware
Malware developers continually adapt their malware to bypass detection and controls. These new malware strains are often developed by actors operating in the Deep & Dark Web and then released into the wild without forewarning, leaving companies flat-footed and reactive.
Because Flashpoint’s Subject Matter Experts are embedded in illicit Deep & Dark Web communities, we are able to gain insights into malware development as it happens and facilitate a proactive approach to mitigation.
In one instance, Flashpoint analysts embedded within a criminal underground community obtained an early version of unreleased point-of-sale (POS) malware yet to be deployed in the wild.
Through coordination with various antivirus companies, information about the POS malware was quietly released in a manner that was timed and controlled — with the intent to not only prevent harm, but to prevent the malware’s author and POS customers from reacting.
Physical Security & Executive Protection
As the overlap between the cyber and physical threat landscapes expands, threat actors continue active in illicit online communities pose serious risks to organizations’ physical security. But, as most enterprise physical security teams lack visibility into the cyber threat landscape and vice versa, organizations often are not fully aware of relevant physical threats.
In addition to extensive experience engaging with threat actors on the Deep & Dark Web, many of Flashpoint’s Subject Matter Experts have closely honed their physical security skills during time served in the US military and/or with public-sector intelligence agencies. When combined with targeted Deep & Dark Web monitoring, Flashpoint’s expertise helps organizations proactively identify and mitigate physical security risks.
When a high-profile executive from a Fortune 100 company planned to attend a popular public event, the company’s physical security teams used Flashpoint’s Business Risk Intelligence to identify and investigate previously-unknown threat actors located in the vicinity of the event.
This visibility enabled security teams to leverage a threat-based approach by deploying resources in priority areas to protect their executive and reduce risks to physical security.
Third-Party Vendor Risk/incident response
While organizations are often focused on their own security policies and procedures, they also need to have similar awareness of the risk posed by their vendors, customers, and partners — many of whom can have access to sensitive systems and data.
Flashpoint’s expansive coverage of the Deep & Dark Web provides a robust view into a company’s ecosystem and helps rapidly assess the risks posed by third party relationships.
A Fortune 50 customer was indirectly hacked through one of their international clients, resulting in the exfiltration of sensitive customer information. Utilizing Flashpoint’s data, the company was able to obtain information from the underground criminal forum where the customer information was released.
In addition to confirming the existence of this data, the company further learned that the leak was much greater in scale than initially thought, totaling over 90 million U.S. records pertaining to hospital patients. Flashpoint analysts assisted the company in obtaining a sample set of the data and worked with the customer to help limit further exposure.
Fraud is one of the most persistent threats across the enterprise that is not easily detectable with purely technical indicators. Ranging from social engineering and insider trading to phishing, credential harvesting, and identity theft, threat actors are constantly developing new exploits for financial gain. Combatting fraud often presents challenges stemming from detection difficulties, language barriers, technical complexities, and lack of visibility into the Deep & Dark Web.
Flashpoint’s multilingual Subject Matter Experts have spent years immersed in the Deep & Dark Web analyzing fraud across various illicit communities that often have complex techniques, tactics, and procedures (TTPs) to engage in fraud. This combination of in-depth expertise with these TTPs and robust intelligence equips organizations with the context and visibility necessary to proactively mitigate even the most complex fraud schemes.
Flashpoint uncovered a plot to exploit the upcoming US implementation of Europay MasterCard Visa (EMV). Deep & Dark Web intelligence revealed that threat actors had developed specific EMV-chip recording software and manufacturing techniques to fabricate chip-enabled credit cards.
Flashpoint’s financial industry customers used this information to get ahead of the threat prior to the US-launch of EMV, enabling them to engage in intelligence-led anti-fraud implementations and tailored go-to-market strategies in order to mitigate the financial loss and damaged brand reputation associated with large-scale fraud.
Insider threats arise when rogue employees exploit access to their organization’s sensitive internal information for personal or political gain. While enterprise security teams often focus on mitigating external attacks, many organizations lack visibility into the potential threat of insiders secretly profiting off of confidential corporate knowledge or intellectual property. Likewise, others may desire to engage in violent political action that can harm both the company’s physical property and reputation.
Flashpoint combines an intimate familiarity with malicious insiders’ techniques, tactics, and procedures (TTPs) with targeted monitoring of the Deep & Dark Web to help organizations proactively mitigate insider threats.
Flashpoint’s intelligence from an underground forum revealed that a rogue employee of a multinational technology company was preparing to profit from stolen source code from unreleased, enterprise-level software.
Flashpoint immediately alerted the company and helped them complete an internal investigation, work with law enforcement to support the employee’s arrest, prevent the illicit sale, and preserve the company’s intellectual property.