Representing its largest customer vertical, Flashpoint works with 10 of the top 10 global financial institutions to provide trusted intelligence, early warning reconnaissance, ongoing monitoring and reactive issue and incident response.
Below are examples of the types of use cases Flashpoint works with financial services customers to address:
CORPORATE DATA THEFT
A multinational agrochemical company was able to discover a serious data penetration by an Italian hacktivist group that resulted in the theft of vendor information, customer names, and employee data. In addition to becoming aware of the breach, the company also learned, via an IOCX, why it was targeted, finding that the attack was part of a protest against Genetically Modified Organism (GMO) products. The company took preemptive actions against potential identity fraud, and, with a deeper knowledge of the company’s adversaries and their motivations, is now better able to develop a more effective defense posture.
A Fortune 50 customer was indirectly hacked through one of their Mexican clients, resulting in the exfiltration of sensitive customer information. Utilizing Flashpoint’s data, the company was able to ascertain IOCXs related to the underground criminal forum where the customer information was released. In addition to confirming the existence of this data, the company further learned that the leak was much greater in scale than initially thought, totaling over 90 million U.S. records pertaining to hospital patients. Flashpoint analysts assisted the company in obtaining a sample set of the data and worked with the customer to help limit further exposure.
CORPORATE CARD FRAUD
Looking at threats on the horizon, Flashpoint analysts discovered critical IOCXs found on online illicit communities related to exploiting EMV (Europay MasterCard Visa) chip recording software and manufacturing techniques that could be used to fabricate chip-enabled credit cards. Armed with this context of how criminal actors were gearing up to exploit the upcoming implementation of EMV in the United States, Flashpoint customers reevaluat-ed their EMV rollout plans based on these IOCXs in order to mitigate potential financial losses based on advanced knowledge of how criminals might immediately exploit the new system.
CORPORATE INSIDER THREAT
A multinational IT corporation benefited from Flashpoint’s data when an attempted sale of the company’s source code of unreleased, enterprise-level software was discovered. Based upon IOCXs related to statements and revealing information from the actor, the firm was able to conduct an internal investigation and adjust their information security accordingly.
EMERGING FRAUD TECHNIQUES
A major U.S. bank learned of a malicious threat actor who released a new version of a password cracking tool specifically designed to compromise online accounts of customers at the bank. With the IOCXs determining the actor and the actor’s tradecraft, Flashpoint clients were able to mitigate this vulnerability rapidly.
Flashpoint customers were alerted to an IOCX discovered on online illicit communities outlining a new criminal technique to launder funds from compromised bank accounts and stolen credit cards. The technique involved leveraging subscription services offered via business accounts with a major online payment service. Once alerted to the IOCX, Flashpoint clients were able to take corrective measures to prevent further damage to their customers’ accounts.
Flashpoint analysts leveraged data from online illicit communities to identify the development of unreleased ransomware with IOCXs of who was producing the malicious software along with where and how the development was taking place. The software leveraged the RSA-2048 encryption algorithm to turn a victim’s computer into encrypted containers, locking out the owners until a ransom was paid. By understanding how the ransomware was being developed and by whom, Flashpoint customers were better prepared to combat the malware before it became widely deployed.
THREAT ACTOR PROFILING
Flashpoint’s data provides enhanced visibility into the complex cybercriminal landscape active on online illicit communities. A multinational bank that had identified certain criminal actors that had penetrated their systems and benefited from additional IOCXs to present a more comprehensive profile of the actors and their motives. With this increased awareness, the bank was better able to respond proactively to the continued threat presented by the actors.
Fortune 500 physical security teams leverage Flashpoint’s data to gather IOCXs offering insight into their on-the-ground security programs, whether monitoring for potential threats to executives during domestic and foreign travel or learning of ways that malicious actors seek to harm companies and their assets physically.