Cisco Blogs

Cisco Blog > Threat Research

Project Aspis


One of the hardest jobs on the Internet is to work the abuse desk at a hosting provider.  These teams have to strike a difficult balance between protecting their customers, ensuring that their services aren’t being abused by malicious actors and delivering the service and convenience their customers expect.  They don’t get near enough credit for their work.

Recently, Talos had the privilege to work with the abuse team from Limestone Networks.  In the course of our joint investigation, we learned that Limestone Networks had been working against the same actor abusing their services for months.  Based on our findings, this actor was costing them approximately $10,000 a month in fraudulent charges plus wasted engineering time and the overhead of managing the abuse tickets this actor was causing.  By working together, Talos and Limestone Networks were able to make their network a difficult one for the actor to work in by rapidly identifying and terminating the systems they were trying to use.  As a result, the actor moved off of their network.

The results of this experience were so positive, both for Limestone Networks and Talos, that today Talos is announcing Project Aspis.

What is Project Aspis?
Project Aspis is a service provided by Talos that, in certain situations, assists hosting providers who are dealing with malicious actors who are persistent in their environment and a threat to others on the Internet.  
Read More »

Tags: , , ,

Microsoft Patch Tuesday – October 2015

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated “Critical” and address vulnerabilities in Internet Explorer, JScript/VBScript, and the Windows Shell. The other half of the bulletins are rated “Important” and address vulnerabilities in Edge, Office, and the Windows Kernel.

Bulletins Rated Critical

MS15-106, MS15-108, are MS15-109 are rated Critical in this month’s release.

MS15-106 is this month’s Internet Explorer security bulletin for versions 7 through 11. In total, 14 vulnerabilities were addressed with most of them being memory corruption conditions that could allow arbitrary code execution.  This bulletin also addresses 2 memory corruption flaws and 2 information disclosure flaw in the JScript/VBScript scripting engine for Internet Explorer versions 8 through 11 only. Users and organizations that currently use Internet Explorer 7 or who do not have Internet Explorer installed will need to install MS15-108 to address the vulnerabilities in the VBScript/JScript scripting engine. Read More »

Tags: , , , ,

The Risks of Outdated Email Encryption and the Advantages of ZixGateway with Cisco Technology

Email is how your company keeps business moving. It’s so easy to click the Send button that your employees may not realize the risk. In the past you may have found it easier to turn a blind eye, especially for an issue that does not appear to be a business priority. But a never-ending cycle of email controversies and breach news are raising awareness for the risk of unsecure email. Understanding the challenge and how to solve it – without interrupting your business processes – is quickly becoming a priority.

The Risks to Your Bottom Line

Your company is exchanging emails that contain corporate data that’s valuable to you, your customers, and your partners. But the content in these emails can also be valuable to your competitors and hackers who can sell your data for a nice profit. Without the proper security measures in place, it’s easy for an unauthorized person to capture corporate data in email as it travels across the public Internet. Worse yet, you and your company may never know it’s happening. And the results can be costly.

According to the Ponemon Institute’s annual “Cost of a Data Breach” report, the average cost of responding to and resolving a corporate data breach is $3.8 million. And that number does not reflect potential lawsuits, brand damage or the revenue loss of customer business. It also doesn’t account for any regulatory fines that may be associated with expanding industry or state requirements.

Read More »

Tags: , , , , , ,

Evolution of attacks on Cisco IOS devices

While “SYNful Knock” is the latest identified malware targeting Cisco devices running Cisco IOS, we have identified and investigated six other malware incidents during the last four years that target Cisco devices running Cisco IOS. The nature of threats is evolving and Cisco will continue to adapt technology delivering trustworthy solutions that our customers can rely on. This also means that customers will need to evolve, fully utilizing the security tools that are available, as well as ensuring security best practices are in place.

The malware used in these evolved Cisco IOS attacks show increasing levels of complexity in the type of modifications made to Cisco IOS, the behavior of its Command and Control (C&C) network (when present), and the platforms they target.

Before talking about specifics of each investigated malware incident, it is important to note that in all cases, no evidence has been found that attackers exploited a previously known or unknown vulnerability to install the malware. All available data points suggest either the use of compromised administrator credentials or physical access to the devices or images.

The following table and associated description provides a brief overview of the malware samples, as well as an overview of the actions that Cisco took in response to those findings. The source of this information is internal analysis performed by Cisco forensics teams.


Read More »

Tags: ,

Cybersecurity: The Holistic Trust Approach

In the past few years, the security industry has invested heavily in the detection and containment of attacks and breaches as a primary focus of innovation. To help protect Cisco, its customers, products, services and partners, we have embarked on a journey to build security and trust into every aspect of our business, including the culture of our workplace itself. The rapid evolution of the threat landscape has made this trust journey a necessity. Exploits are more frequent, better financed, more sophisticated and are causing more damage. Technology shifts like mobility and BYOD are the new normal and have resulted in more points of access for malware, resulting in a larger attack surface. In order to be more effective against the broad range of security threats, the industry must focus on foundational security being present in critical systems. By ensuring that trustworthiness is built into the technology, processes and policies involved in your IT systems, you can reduce risk and the attack surface while enabling more effective overall security.

Read More »

Tags: , , ,