Cisco Blogs


Cisco Blog > Threat Research

Your Files Are Encrypted with a “Windows 10 Upgrade”

This post was authored by Nick Biasini with contributions from Craig Williams & Alex Chiu

Update 8/1: To see a video of this threat in action click here

Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload. These campaigns are usually focussed around social events and are seen on a constant basis. Today, Talos discovered a spam campaign that was taking advantage of a different type of current event.

Microsoft released Windows 10 earlier this week (July 29) and it will be available as a free upgrade to users who are currently using Windows 7 or Windows 8. This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain. The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign.

win10_blacked_out

Read More »

Changing the Way We Deliver Vulnerability and Threat Intelligence

We are making some changes to the way Cisco Security provides and shares vulnerability and threat intelligence to make it more consumable by our customers and the security community. The Cisco Security IntelliShield Service has been successfully delivering multi-vendor security intelligence to our customers for 15 years. During this time, the security intelligence market has continued to evolve to more integrated and automated solutions. Similarly, the Cisco Security strategy has evolved to add machine-readable security content.

We have seen an ever-increasing volume of multi-vendor reporting over the years. IntelliShield started publishing security intelligence alerts in May 2000 and we published 1337 alerts that first year. By 2005 that had increased to 1555 alerts and in 2010 to 5210 alerts. In 2014, IntelliShield published 7242 alerts and the volume continues to increase. As the volume of security activity has increased, security teams are faced with the challenge of efficiently handling that increased volume. The solution for this increased volume is to automate the reporting and sharing of vulnerability and threat intelligence through machine-to-machine standardized formats.  Read More »

Tags: ,

Change is Coming to the Security Industry – and This is a Good Thing

Cisco presents a vision of the future in the Cisco 2015 Midyear Security Report that we expect many—particularly in the security industry—might find a little controversial. We suggest that over the next five years, there will be a continued wave of industry consolidation—driven less by financially motivated M&A and more by the need for capable solutions—that brings together niche innovators and long-standing players for the greater cause of protecting organizations.

And then what? This consolidation will lead to the development of an integrated threat defense architecture that will help to reduce time to detection and remediation of both known and emerging threats. This architecture will bring unprecedented visibility into the threat landscape, and provide control, global intelligence, and context across many solutions.

While disruptive, this change is necessary. Right now, as an industry, we’re just not doing an effective job helping all end users defend themselves from the highly sophisticated and ever-changing tactics of today’s threat actors.

As noted in the Cisco 2015 Midyear Security Report, Read More »

Tags: , , ,

Midyear Security Report: Exploit Kits and Ransomware Get Creative

The modern online adversary is out to make money, not simply hack networks for the fun of it. In the Cisco 2015 Midyear Security Report, there’s yet more evidence that criminals are using tools with ever-increasing sophistication to steal valuable personal or financial data and sell it, coerce users into paying ransoms for their own data, and generally reap financial rewards for their exploits.

The Angler exploit kit continues to lead the market in terms of sophistication and effectiveness. As explained in the Cisco 2015 Midyear Security Report, Angler packs a significant punch because it uses Flash, Java, Internet Explorer, and Silverlight vulnerabilities to achieve its objectives. Angler is very effective, in part due to its ability to compromise users by using multiple vectors: Cisco found that 40 percent of users who encounter an Angler exploit kit on the web are compromised, compared to just 20 percent of users who encounter other widely used exploit kits.

Angler successfully fools users and evades detection with several innovative techniques. For example, as we discuss in the report, our researchers believe Angler’s authors use data science to create computer-generated landing pages that look normal enough to pass muster from heuristic scanners. In addition, Angler has recently started using “domain shadowing” to dodge detection—the exploit kit authors compromise a domain name registrant’s account, and then register thousands of subdomains under the legitimate domain of the compromised user. While domain shadowing isn’t new, we’ve monitored growing use of this technique since last 2014: according to our researchers, more than 75 percent of known subdomain activity by exploit kit authors since that time can be attributed to Angler. Read More »

Tags: , ,

Announcing the 2015 Midyear Security Report

Our 2015 Midyear Security Report (MSR) is out this week, and it’s been a bumpy year when you consider the innovative, resilient, and evasive nature of the global cyber attacks we’ve seen in recent months. Our team continues to see adversaries who rapidly refine their ability to develop and deploy malware that evades detection. It is sobering to note that our MSR confirms that the security industry is just not keeping pace with the attackers.

The MSR is our follow-up to the Cisco Annual Security Report (ASR), which we publish in January. The 2015 MSR updates you on what we’ve seen in the first half of 2015, with analysis and insights about the latest attack trends and advice on what to do about them.

Some of the top troubling trends in this year’s six-month update include: Read More »

Tags: , ,