SMS-based Two-Factor Authentication (2FA) has been declared insecure

Two-Factor Authentication or 2FA adds an extra layer of security by entering a random passcode sent to you via an SMS or call when you log on to your account. Two factor authentication via telephone text messages has up until today been one of the most common forms of 2FA. While 2FA tokens are used to deter attackers due to the need for real-time data from the potential victim, today’s malware is specifically designed to circumvent this security measure.

US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns. NIST says: “If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre- registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance.” This goes well in hand with a large number of reports that the end point devices might be under control of the attacker via malware. 

Large ddos attack affecting multiple clients

Large DDOS attack affecting Multiple Client

Update: The attack seems to have been resolved by the provider at 20.oo central european time.

Intelliagg have seen an increase in traffic related to the bot-net named “mirai” that comprises of hacked devices such as home routers and surveillance cameras and other “internet of thing” (iot) devices.

Today a large distributed denial of service attack have affected several of our clients. The attack is ongoing and has currently not been resolved.

What we know

The early research of the attack shows that the majority of the affected sites and clients have a tie to DYNDNS who reported the attack at 16.00 Central european time. 

It is unclear wether more DNS providers are targeted in the attack but given the initial research on some of the big sites that have gone down that is likely.

Intelliagg will continue to investigate and update information on this attack.

Who is affected

It is looking like the attack is persistent and have targeted the Core DNS service from a bot net with an so called DNS amplification attack. Initially it seemed to only affect .com addresses but we are now getting reports that .se addresses are affected. According to our reports so far it seems addresses are not affected.

Recommended action

If you are affected and know that you have as you dns provider we recommend to temporarily move DNS to a alternate provider or set up a temporary local DNS server. several of our clients have mitigated the attack by temporarily move the DNS resolution to amazon AWS.

For more information and updates

If you are affected have any questions or would like any advice on mitigation please send an e-mail to 

Malware in syndicated adverts

Over the last month we have seen a great increase in adversaries buying access to existing ad providers that are accepted by the large advertising syndicates and has been using these domains to serve targeted malware through main stream and well known media sites. This targeted malware seems to be originating from Russia and Eastern Europe.

Intelliagg Launches the deeplight engine


Intelliagg (Threat finder Ltd), provider of cyber threat intelligence services and software platforms for real-time cyber threat intelligence Intelligence, today announced it has completed the software integration after the acquisition of DARKSUM, Inc. a leading innovator in darknet collection and analytics. Under the terms of the agreement, Intelliagg has acquired all the assets, software, employees and intellectual property of DARKSUM for an undisclosed sum.

The combination of the DARKSUM and Intelliagg technologies revolutionizes the intelligence collection market by unifying world-class machine learning capabilities with complete darknet collection.

The Technology stack powering the new intelliagg service will be known as deep-light and will be available for licensing as well as powering the intelliagg managed services.


“Intelliagg built its reputation in security by enabling customers to effectively identify and respond to breaches and emerging threats. With this acquisition, our customers can now also better detect advanced threats found on the darknet – Breaches that are becoming more complex and severe with each passing day,” said Thomas Olofsson, co-founder of Intelliagg.

“With Deeplight, Intelliagg improves its capabilities in detecting and acting upon advanced threats by shining a light on those threat actors who are hiding on the darker areas of the net. By detecting and responding to known and unknown threats, and by providing a platform to detect, respond to, and automate actions, Intelliagg has further reinforced its position of moving its clients from a reactive to a proactive position”

“We founded DARKSUM with a vision to help clients be in a proactive stance when monitoring for threats found only in the dark web,” said Eric Michaud, CEO, DARKSUM. “By joining Intelliagg and applying their machine learning platform to our datasets we are able to better detect breaches and new threat actor behavior. DARKSUM has solved a problem that previously required significant manpower, expensive custom toolsets, and compute time. We are very excited to join the Intelliagg family and deliver new detection capabilities to customers.”

Key capabilities of the combination of the Deeplight solutions include the ability to:

Detect physical and cyber Threats against your organization

  • Continuous monitoring for and automatic detection of threats from private and open sources the use multi-domain analysis using machine learning.
  • Continuous monitoring of hundreds of thousands of darknet as well as open sources.
  • All events manually verified by skilled threat analysts

About Intelliagg

Intelliagg is a leading threat intelligence company working with organisations to control or evade data loss, reputational damage and targeted cyber crime through the provision of intelligence and automatic threat detection through machine learning.

The company provides a suite of professional and managed services that deal with cyber threat intelligence and incident response management.

Intelliagg was founded in London 2011 and is privately held by the founders.

The company’s founders had a vision to bridge the gap between technical cyber protection and theoretical risk assessment models with actionable threat intelligence.

For more information go to

JPEG image exploits found on most popular adult sites

There have been increased reports of JPEG malware, where malicious code can be inserted into what appears to be an innocuous file, with real jpeg files containing an image and designed to execute the code upon the opening of the file. The viewing of porn may not be allowed in your business, nor is it likely to be a comfortable topic you wish to openly discuss in your office.

However, businesses can’t escape the reality that porn sites get more visits per month than Netflix, Amazon and Twitter combined. The increased risk that malware on porn sites pose on businesses is no longer a topic businesses can afford to avoid. The chances of finding a porn site without images is about as likely coming across a text book without words, which makes it a perfect target for malware exploits hidden within image and video files.

Continuous Increase of Hacked Databases Offered On The Dark Web

The adversary called ‘thedarkoverlord’ operating on ‘TheRealDeal’ market is offering to sell copies of hacked US and UK health services. The database dumps contain between 41,000 and 220,000 unique personal records and medical records.

The purchase price ranges from 150BTC to 607BTC (BitCoin) ($395,000). This is a continuation of a trend that medical systems are being actively targeted because of their sensitive data and relatively poor protection.