Bad Packets LLC
| ISIN | 🆔 |
|---|---|
| Industry | Cybersecurity |
| Founded 📆 | 2017 |
| Founders 👔 |
|
| Headquarters 🏙️ | , , |
Area served 🗺️ | |
| Products 📟 | Bad Packets® CTI |
| Members | |
Number of employees | |
| 🌐 Website | badpackets |
| 📇 Address | |
| 📞 telephone | |
Bad Packets is a cybersecurity company based in Chicago, Illinois. Bad Packets provides cyber threat intelligence data to academic institutions, government CERT teams, and ISAC organizations. Bad Packets operates a global honeypot network to monitor exploit activity targeting vulnerabilities in enterprise networks, internet of things (IoT) devices and cloud computing environments.[1]
History[edit]
Bad Packets was founded in 2017 in Chicago, Illinois by co-founders Troy Mursch and Mathew Woodyard.
Illicit cryptocurrency mining incidents[edit]
In 2017, Bad Packets was the first to disclose that the websites of Showtime Networks[2][3] and PolitiFact[4][5][6] were infected with cryptojacking malware targeting users visiting those sites.
In 2018, Bad Packets collaborated with Concordia University researchers to co-author the peer-reviewed academic research paper, "A first look at browser-based cryptojacking" which analyzed both incidents in further detail.[7]
On February 27, 2019, cybersecurity investigative journalist Brian Krebs reported the cryptocurrency mining service used in these attacks, Coinhive, was shutting down permanently.[8]
IoT botnet research[edit]
In 2019, Bad Packets partnered with Lancaster University researchers who detected 1,600 industrial control devices globally to be infected with the Mirai malware.[9] Bad Packets cyber threat intelligence data was instrumental in additional research profiling IoT-based botnet traffic using DNS which significantly reduced botnet detection time.[10]
Critical VPN vulnerabilities[edit]
On August 24, 2019, Bad Packets identified 14,500 vulnerable Pulse Secure VPN servers globally that were unpatched against a critical vulnerability that allows remote unauthenticated attackers to compromise the VPN server and connected clients.[11][12] This vulnerability was widely reported by the NSA,[13] NCSC,[14] FBI,[15] and CISA[16] to be exploited by nation-state advanced persistent threat actors for ransomware attacks.
On December 31, 2019, threat actors exploited this critical Pulse Secure VPN flaw to compromise the computer network of Travelex in a ransomware cyberattack. Bad Packets warned Travelex that they were using vulnerable Pulse Secure VPN servers on September 13, 2019, but received no response.[17][18][19]
References[edit]
- ↑ "The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle" (PDF). USENIX Association. Retrieved August 27, 2021.
- ↑ "CBS's Showtime caught mining crypto-coins in viewers' web browsers". The Register. Retrieved May 28, 2021.
- ↑ "No Incident Unnoticed: Interview with Troy Mursch from Bad Packets Report". SecurityTrails. Retrieved July 14, 2021.
- ↑ "Hackers have turned Politifact's website into a trap for your PC". The Washington Post. Retrieved May 28, 2021.
- ↑ McMillan, Robert (27 October 2017). "Your Computer May Be Making Bitcoin for Hackers". The Wall Street Journal. Retrieved May 28, 2021.
- ↑ "Your Browser Could Be Mining Cryptocurrency For a Stranger". WIRED. Retrieved May 28, 2021.
- ↑ Eskandari, Shayan; Leoutsarakos, Andreas; Mursch, Troy; Clark, Jeremy (2018). "A first look at browser-based Cryptojacking". Arxiv:1803.02887 [Cs, Econ]. arXiv:1803.02887. arXiv:1803.02887. Retrieved May 28, 2021.
- ↑ "Crypto Mining Service Coinhive to Call it Quits". Krebs on Security. Retrieved May 28, 2021.
- ↑ "Lancaster academics detect 1.6K industrial control devices globally to be infected with the Mirai malware". Lancaster University. Retrieved May 28, 2021.
- ↑ "Profiling IoT-based Botnet Traffic using DNS". Lancaster University. Retrieved May 28, 2021.
- ↑ "Pulse Secure VPN contains multiple vulnerabilities". Carnegie Mellon University. Retrieved May 28, 2021.
- ↑ "Pulse Secure VPN Servers Leak:Incident Case Study" (PDF). HHS.gov. Retrieved May 28, 2021.
- ↑ "Mitigating Recent VPN Vulnerabilities" (PDF). National Security Agency. Retrieved May 28, 2021.
- ↑ "Vulnerabilities exploited in VPN products used worldwide". National Cyber Security Centre. Retrieved May 28, 2021.
- ↑ "Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks". FBI.gov. Retrieved May 28, 2021.
- ↑ "Continued Exploitation of Pulse Secure VPN Vulnerability". Cybersecurity and Infrastructure Security Agency (CISA). Retrieved May 28, 2021.
- ↑ "Cyber gangsters demand payment from Travelex after 'Sodinokibi' attack". ComputerWeekly. Retrieved May 28, 2021.
- ↑ "Travelex showdown highlights growing 'professionalization' of cyber gangs". S&P Global. Retrieved July 14, 2021.
External links[edit]
Initial page creation for Bad Packets[edit]
Bad Packets - Revised Draft (removed references that were not independent of the subject)[edit]
Added additional references to meet WP:CORPDEPTH requirement[edit]
User:Pahunkat Looking at https://badpackets.net/references/#news-media-references please explain how the WP:CORPDEPTH requirement is not met?
Resubmission for Bad Packets[edit]
User:CNMall41 I've already included plenty of references that discuss the company itself with significant coverage, such as The Wall Street Journal article (https://www.wsj.com/articles/major-companies-shared-vulnerability-used-in-travelex-cyberattack-11579177596?mod=e2tw). I would suggest you read | Journalism ethics and standards for further understanding that journalists will not simply write about Bad Packets or any other company – just for the sake the writing about the company – unless it's sponsored content (such as a puff piece) and thus not meeting the requirements of WP:CORPDEPTH in an ethical fashion.
This article "Bad Packets" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Bad Packets. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
