The topic of this article may not meet Wikitia's general notability guideline. (Learn how and when to remove this template message)
|Products||Bad Packets® CTI|
Bad Packets is a cybersecurity company based in Chicago, Illinois. Bad Packets provides cyber threat intelligence data to academic institutions, government CERT teams, and ISAC organizations. Bad Packets operates a global honeypot network to monitor exploit activity targeting vulnerabilities in enterprise networks, internet of things (IoT) devices, and cloud computing environments.
Bad Packets was founded in 2017 in Chicago, Illinois by co-founders Troy Mursch and Mathew Woodyard.
Illicit cryptocurrency mining incidents
In 2017, Bad Packets was the first to disclose that the websites of Showtime Networks and PolitiFact|PolitiFact were infected with Cryptojacking_malware|cryptojacking malware targeting users visiting those sites.
In 2018, Bad Packets collaborated with Concordia University researchers to co-author the peer-reviewed academic research paper, "A first look at browser-based cryptojacking" which analyzed both incidents in further detail.
On February 27, 2019, cybersecurity investigative journalist Brian Krebs reported the cryptocurrency mining service used in these attacks, Coinhive, was shutting down permanently.
IoT botnet research
In 2019, Bad Packets partnered with Lancaster University researchers who detected 1,600 industrial control devices globally to be infected with the Mirai malware. Bad Packets cyber threat intelligence data was instrumental in additional research profiling IoT-based botnet traffic using Domain_Name_System|DNS which significantly reduced Botnet|botnet detection time.
Critical VPN vulnerabilities
On August 24, 2019, Bad Packets identified 14,500 vulnerable Pulse Secure VPN servers globally that were unpatched against a critical vulnerability that allows remote unauthenticated attackers to compromise the VPN server and connected clients. This vulnerability was widely reported by the NSA, National_Cyber_Security_Centre_(United_Kingdom)|NCSC, Federal_Bureau_of_Investigation|FBI, and Cybersecurity_and_Infrastructure_Security_Agency|CISA to be exploited by nation-state advanced persistent threat actors for Ransomware|ransomware attacks.
On December 31, 2019, threat actors exploited this critical Pulse Secure VPN flaw to compromise the computer network of Travelex in a ransomware Travelex cyberattack. Bad Packets warned Travelex that they were using vulnerable Pulse Secure VPN servers on September 13, 2019, but received no response.
- "Threat Intelligence – Bad Packets". Bad Packets. Retrieved May 28, 2021.
- "Coinhive miner found on official Showtime Network websites in latest case of cryptojacking". Bad Packets. Retrieved May 28, 2021.
- "CBS's Showtime caught mining crypto-coins in viewers' web browsers". The Register. Retrieved May 28, 2021.
- "Hackers have turned Politifact's website into a trap for your PC". The Washington Post. Retrieved May 28, 2021.
- "Your Computer May Be Making Bitcoin for Hackers". The Wall Street Journal. Retrieved May 28, 2021.
- "Your Browser Could Be Mining Cryptocurrency For a Stranger". WIRED. Retrieved May 28, 2021.
- "A first look at browser-based Cryptojacking". arXiv:1803.02887. Retrieved May 28, 2021.
- "Crypto Mining Service Coinhive to Call it Quits". Krebs on Security. Retrieved May 28, 2021.
- "Lancaster academics detect 1.6K industrial control devices globally to be infected with the Mirai malware". Lancaster University. Retrieved May 28, 2021.
- "Profiling IoT-based Botnet Traffic using DNS". Lancaster University. Retrieved May 28, 2021.
- "Pulse Secure VPN contains multiple vulnerabilities". Carnegie Mellon University. Retrieved May 28, 2021.
- "Pulse Secure VPN Servers Leak:Incident Case Study" (PDF). HHS.gov. Retrieved May 28, 2021.
- "Over 14,500 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510". Bad Packets. Retrieved May 28, 2021.
- "Mitigating Recent VPN Vulnerabilities" (PDF). National Security Agency. Retrieved May 28, 2021.
- "Vulnerabilities exploited in VPN products used worldwide". National Cyber Security Centre. Retrieved May 28, 2021.
- "Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks". FBI.gov. Retrieved May 28, 2021.
- "Continued Exploitation of Pulse Secure VPN Vulnerability". Cybersecurity and Infrastructure Security Agency (CISA). Retrieved May 28, 2021.
- "Cyber gangsters demand payment from Travelex after 'Sodinokibi' attack". ComputerWeekly. Retrieved May 28, 2021.