Business Risk Intelligence

Flashpoint produces Business Risk Intelligence (BRI) to provide visibility into the Deep & Dark Web.

Our technology and subject matter expertise enable us to uncover, track, and provide intelligence to help

mitigate potential or existing insider threats.

Flashpoint Deep and Dark Web Collection

Scrape and Index Deep and Dark Web

TECHNOLOGYTRADECRAFT

To capture, process, and deliver relevant data and intelligence

To safely infiltrate, maintain access, and enable collections from hard-to-

reach, malicious venues

• Trickbot Banking Trojan:

• 2016 first variant of Trickbot malware, maybe same group as Dyre malware (loaded via phishing, usually a MS Word attachment)

• Used for ATO (account takeover) by credential theft using webinjects• In July 2017 Trickbot added a worm propagation module (SMB)• In Nov 2017 Trickbot added SOCKS5 proxy for account checking (now at 6000 machines)

Example of Current Intelligence from DDW

Dark Web market for credentials from malware like TrickbotAccount Takeover (ATO)

Sentry MBA is a popular ATO tool for different retail and online sites

Todays config discussions around Netflix, Amtrak, Directv

“Ploutus" Malware for ATMsConfidential

• Ploutus:

• 2013 first arrived in Mexico for NCR machines• 2016 was updated to be compatible with 40 other ATM vendors• requires physical access to the ATM machine• On March 7, 2017, the threat actor "aguichy" (Skype handle "aguichi123") wrote on the

forum Carding Hispano that they were willing to sell Ploutus malware for $10 USD

Image BigCaption

Flashpoint continues to see discussions on various software and hardware related to the energy sector

Potential Insiders/Threats in Oil and Gas Industries

Flashpoint Insider Threat ProgramIn 2015 Flashpoint was thrust into Insider Threat

Actor “Da5h” posts for sale source code to HP software in the top tier forum Lampeduza

Confidential

IP address of the actor

Third Party Risk

Incident Response

Cyber Threat

Intelligence (CTI)

Executive & EmployeeProtection

Physical Security

Fraud Prevention

Insider Threats M&A Anti-Money

LaunderingBrand

Protection

Traditional Cybersecurity and Security Operations

Insider Threat Expertise Foundational to BRI

Business Risk Intelligence (BRI)

Deep & Dark WebCybercriminals, Fraudsters, Insiders, Hackers, Hacktivists, Terrorists, and Extremists

Questions?

• Dedicated Integrated Intel Coordinator (BRIC)• Insider Threat Blueprint• Threat Briefings• State of the Union Industry Report• Onsite Strategy Assessments• Tailored Scoring Mechanism• ITP Program Metric Development• M&A Exposure• Flashpoint Academy

How other enterprises are building Intelligence Programs

• Increase the security function’s positive impact and recognition across the business

• Share with stakeholders across the business the techniques to define near term and long term intelligence and outcome requirements to support business decisions

• Conduct self-assessments for how well your organization leverages BRI today

• Learn how to establish a plan for BRI improvements that is impactful and measurable

• Share knowledge of how to properly drive and utilize risk intelligence laterally across your organization

• Learn proven strategies and methods to establish and drive intelligence-based communication for risk-based decision makers

Flashpoint Academy