Bad Packets by Okta

A browser extension promised security. In reality, it was a Trojan horse for your crypto. We tracked the extension, mapped the infrastructure and pulled the plug. Full breakdown of the takedown: bit.ly/40E9i9N

Watch @Okta’s exclusive interview with @HHieupc, a cybercrime investigator who explains the Vietnamese cybercrime-as-a-service ecosystem and how much of it operates in the open. Read our full research here: bit.ly/4r6NgHn

Fake accounts fuel global fraud. Our latest research uncovers a sprawling cybercrime-as-a-service ecosystem in Vietnam that sells fake and hacked accounts on a massive scale. Read our full research and raise your identity security posture: bit.ly/4b7Shtp

University students using "tutors" are being extorted for thousands, but the risk is bigger: When students turn over login credentials, malicious actors can pivot to sensitive university systems and perpetrate fraud. okta.com/blog/threat-in…

Your star hire might be a DPRK agent. 🇰🇵 @Okta reveals how state actors use stolen LinkedIn IDs, AI-generated faces, and forged git commits to bypass HR. Verify identities before they're on your payroll! #opentowork bit.ly/4quh8go

Google disrupted IPIDEA, a major residential proxy network. Our data confirms a sharp drop in their active IPs following the action. 📉 Protect your Okta org today: block IPIDEA and residential proxies with dynamic network zones bit.ly/3OiZVJz

Our promise to you: serving up the bad packets. That's why we wrote about how to use threat intel right in @Auth0 Actions. bit.ly/494lt4M

@heymingwei Thanks for the enrichment! AS200373 forever maintaining its place on the leaderboard.

Still tracking the bad packets, now powered by Okta log data! Top ASNs used in recent signup fraud attacks: • 212238 • 16276 • 44477 • 26548 • 200373 • 137409 • 214483 • 13213 • 397368

Revamped site, new IoCs. In addition to bad ASNs, we've got disposable email domains beloved by threat actors inside 👉 bit.ly/4b4GUUE

TTPs change, but you can keep up. Read our case study on how an @auth0 tenant used JA3 signatures to block 20mm+ fraudulent signup requests. bit.ly/4jTrAwv

Our latest research reveals DPRK threat actors are targeting more than just tech. 📊 6,500+ fake interviews 🏢 5,000+ companies 🌍 27% of targets outside the U.S. 🏦 Sectors hit: finance, healthcare, public admin & more Read the full report here: bit.ly/48aNNCw

@geeknik The RNG has chosen @geeknik as the winner of our BSides Las Vegas ticket! Please DM us with your contact information and we'll send it along to you.

Bad Packets is giving away a BSides Las Vegas ticket. Drop a comment below for a chance to win! Rules: One winner selected at random. No purchase necessary to enter. Government employees ineligible to participate. Void where prohibited. Winner will be announced on July 28th.

Drop all traffic from 109.205.213.0/24 (🇦🇿/🇬🇧/🇺🇸)* ____ *Geolocation vendors don't agree. Hosts associated with this netblock are physically located in 🇺🇸.

We’re excited to share @VerizonBusiness has finally dropped the 2023 Data Breach Investigations Report. Read up on all the latest cybersecurity intel, trends and advanced preventative measures. Download your copy here: vzbiz.biz/dbir-partner #DBIR

Monthly Top 10 Countries – May 2023 Unique active DDoS botnet hosts detected: 🇨🇳 China: 33,183 🇮🇳 India: 12,885 🇧🇷 Brazil: 5,312 🇰🇷 South Korea: 4,705 🇺🇸 United States: 3,805 🇹🇼 Taiwan: 3,630 🇻🇪 Venezuela: 2,371 🇷🇺 Russia: 2,274 🇦🇷 Argentina: 2,203 🇻🇳 Vietnam: 2,006 #threatintel

“The hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be hijacked and used to install malware instead.” wired.com/story/gigabyte…

The 2023 #DBIR is almost here! @VZDBIR is hosting webinar on June 6th to discuss key findings: verizon.com/business/resou…

Monthly Top 10 Countries – April 2023 Unique active DDoS botnet hosts detected: 🇨🇳 China: 36,151 🇮🇳 India: 9,598 🇻🇳 Vietnam: 5,872 🇰🇷 South Korea: 4,519 🇹🇼 Taiwan: 4,179 🇧🇷 Brazil: 3,701 🇺🇸 United States: 3,011 🇷🇺 Russia: 2,264 🇦🇷 Argentina: 1,353 🇪🇬 Egypt: 1,178 #threatintel