By Chris Camacho & Steph Shample
As former users of the Flashpoint platform, typing in keywords of interest to our business such as malware, ransomware, bitcoin, or Iran for example, would yield many pieces of content. Though comprehensive in terms of volume of information, it still required pulling together something more concise that could be presented to business units. In an ideal world, there would be a page with high-level information on a given topic with opportunities to dive deeper into more content if needed.
Upon joining Flashpoint, and in speaking with customers, the need for more concise summaries on a given topic are universally crucial. These summaries also should point to what material is updated and when. Based on this client feedback, we began to produce Analyst Knowledge Pages, or AKPs, to complement our industry-leading intelligence reporting.
These pages, curated by expert Flashpoint Analysts, are an evolution of the collaboration we have seen on FPCollab. FPCollab lets us focus on a region, country, actor collective, or specific issue, and pull all of that information into one place. It is a one-stop shop that our customers can now use in any way they want. If extensive background and details are needed to brief your C-suite or senior management, that information is there in one page, with hyperlinks to other relevant material. If you need to provide information on a single issue or keyword, Control+F on the page will take you to exactly what you need for quick reference. A major benefit is that you are able to come back and read the historical, full page later.
As the team began to create these pages, put together applicable material, and templates, our analysts worked diligently to comb-through historical Flashpoint reporting. The team combined it chronologically, edited, and published the materials–all manually. Much of the heavy lifting came from our product team and our talented team of analysts (special shout-out to initiative leads Abigail Showman and yours truly, Steph)! With over 30 individual pages created since November 2019, and with many more on deck for publication before the end of March 2020, Flashpoint feels confident about the positive feedback received, and moving more of our intelligence production to these pages. It must also be emphasized that these pages are updated weekly to keep information current, and to provide aggregate material that enables clients to best understand the analysis, risk, and resulting actions needed on a given topic.
Below are a few examples of how we hope clients utilize these pages:
Ransomware: Ransomware is a trend in the criminal underground that will inevitably continue. As tactics evolve, Flashpoint analysts see spikes in Ransomware as a Service (RaaS) and extortion ransomware. The specific page on Extortion Ransomware covers the four variants, obtaining data in a ransom attack, providing a limited window for the victim to pay, and then publicly publishing private, sensitive, company information if they don’t pay. It began with Maze, and then expanded to Sodinokibi, Nemty, and several other variants. If this trend is successful at netting cyber actors money, and causing harm to the reputation of a company, it could expand. Flashpoint covers this topic all on one page, one report, with images and Indicators of Compromise (IOCs). Furthermore, the individual pages of each variant are linked within the Extortion page. If your organization is specifically concerned about Maze, users can click to the Maze ransomware page, which is more in-depth on that variant vs. the broader extortion page. Our hope is that this enables quick review of resources, with only one or two clicks, to posture businesses against ransomware risk.
Regional Landscapes: The team has expanded our Knowledge Pages for regions as well. The analysts focused on China diligently put together important information regarding country-relevant considerations — travel risks, Huawei, known Chinese Advanced Persistent Threat (APT) groups, and more. After this page was published, the team was looking to expand to provide even more value on this topic. A logical next step was considering information around the upcoming Olympic Games, considering the 2020 games are in Tokyo, Japan. This generated two more pages: the 2020 Tokyo Olympic Games Page and a Japan Page. Again, these pages cover all potential threats to the region, The Games, and the country of Japan. In true Flashpoint form of covering converged risk intelligence, the analysts and editors worked diligently to cover physical, cyber, and emerging threats to the Olympic Games. Analysis was pulled from past reports that covered Olympics hosted in Russia and the United Kingdom, and the threats they faced that could resurface in Japan. Cyber actor chatter emerging from underground forums is also included on the page. We hope it offers a robust picture of the threats and issues facing significant world events, such as the Olympics, as well as the regions and people that could be impacted, such as the broader Asia Pacific (APAC) region. The most recent pivot from these pages comes as Flashpoint tracks the cyber and physical risks of Coronavirus, which has its own page, but is also linked to the APAC pages and other countries in which it has a significant impact.
Iran: Another robust example of our Analyst Knowledge Pages are the pages focused on Iran. One page is for general country-specific content and one is for cyber-specific incidents. Iranian issues are everywhere–in oil, cyber, maritime and shipping, protests, and other social issues–both in and out of the country. These pages are frequently updated so that the evolution of Iran’s cyber program can be tracked, as well as concerns regarding the breakdown of the Joint Comprehensive Plan of Action (JCPOA), along with how that impacts Iranian issues and external relationships with Europe. The Iran pages also link to Russia, due to the relationship of these two countries growing in several key areas, like cyber and the conflict in Syria. The independent Iran and Russia country pages lead to a page specifically dedicated to the geopolitical overlap of Iran and Russia, which explores each country’s relationships with Islam, physical conflict in the Middle East, Russia training Iran in cyber, and much more.
These are several examples of our new Analyst Knowledge Page (AKP) initiative, which are frequently viewed and commented upon by our valued clients. Since page production has been constant, the Flashpoint platform will soon give these AKP’s a home of their own. Our hope is that this allows for even easier access and bookmarking of issues that need to be tracked, and that our analysis helps your day-to-day operations. Flashpoint values feedback of all kinds and would love to hear ideas for other pages, needs, or ideas for modifications to these Knowledge Pages.
If you’re interested in learning more about these pages or seeing a demo of the Flashpoint Intelligence Platform, visit https://go.flashpoint-intel.com/contact-us/request-a-Flashpoint-demo.