Business Risk Intelligence
Flashpoint produces Business Risk Intelligence (BRI) to provide visibility into the Deep & Dark Web.
Our technology and subject matter expertise enable us to uncover, track, and provide intelligence to help
mitigate potential or existing insider threats.
Flashpoint Deep and Dark Web Collection
Scrape and Index Deep and Dark Web
TECHNOLOGYTRADECRAFT
To capture, process, and deliver relevant data and intelligence
To safely infiltrate, maintain access, and enable collections from hard-to-
reach, malicious venues
• Trickbot Banking Trojan:
• 2016 first variant of Trickbot malware, maybe same group as Dyre malware (loaded via phishing, usually a MS Word attachment)
• Used for ATO (account takeover) by credential theft using webinjects• In July 2017 Trickbot added a worm propagation module (SMB)• In Nov 2017 Trickbot added SOCKS5 proxy for account checking (now at 6000 machines)
Example of Current Intelligence from DDW
Dark Web market for credentials from malware like TrickbotAccount Takeover (ATO)
Sentry MBA is a popular ATO tool for different retail and online sites
Todays config discussions around Netflix, Amtrak, Directv
“Ploutus" Malware for ATMsConfidential
• Ploutus:
• 2013 first arrived in Mexico for NCR machines• 2016 was updated to be compatible with 40 other ATM vendors• requires physical access to the ATM machine• On March 7, 2017, the threat actor "aguichy" (Skype handle "aguichi123") wrote on the
forum Carding Hispano that they were willing to sell Ploutus malware for $10 USD
Image BigCaption
Flashpoint continues to see discussions on various software and hardware related to the energy sector
Potential Insiders/Threats in Oil and Gas Industries
Flashpoint Insider Threat ProgramIn 2015 Flashpoint was thrust into Insider Threat
Actor “Da5h” posts for sale source code to HP software in the top tier forum Lampeduza
Confidential
IP address of the actor
Third Party Risk
Incident Response
Cyber Threat
Intelligence (CTI)
Executive & EmployeeProtection
Physical Security
Fraud Prevention
Insider Threats M&A Anti-Money
LaunderingBrand
Protection
Traditional Cybersecurity and Security Operations
Insider Threat Expertise Foundational to BRI
Business Risk Intelligence (BRI)
Deep & Dark WebCybercriminals, Fraudsters, Insiders, Hackers, Hacktivists, Terrorists, and Extremists
• Dedicated Integrated Intel Coordinator (BRIC)• Insider Threat Blueprint• Threat Briefings• State of the Union Industry Report• Onsite Strategy Assessments• Tailored Scoring Mechanism• ITP Program Metric Development• M&A Exposure• Flashpoint Academy
How other enterprises are building Intelligence Programs
• Increase the security function’s positive impact and recognition across the business
• Share with stakeholders across the business the techniques to define near term and long term intelligence and outcome requirements to support business decisions
• Conduct self-assessments for how well your organization leverages BRI today
• Learn how to establish a plan for BRI improvements that is impactful and measurable
• Share knowledge of how to properly drive and utilize risk intelligence laterally across your organization
• Learn proven strategies and methods to establish and drive intelligence-based communication for risk-based decision makers
Flashpoint Academy