This post is authored by Jaime Filson and Dave Liebenberg.
A mosaic made up of 1-800 tech support scam websites
The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director at the Microsoft Cybercrime Center, tech support scammers have made nearly $1.5 billion off of 3.3 million unwitting victims just this year. These scammers typically convince the victim into allowing them access to his/her computer through remote control applications such as TeamViewer. They then present benign processes as malicious, or at times even spread malware themselves. Afterwards, they charge hundreds of dollars for the service.
There are several avenues through which these scammers reach their victims. One of the most insidious are pop-ups and websites asserting that the user’s computer is riddled with viruses, and that the only way to fix the problem is to call a provided tech support number.
Talos has been monitoring the incessant creation of these fake tech support websites in order to better understand the way in which these scams operate. We decided to call a company ourselves for some reverse social engineering. Our experiment provided some interesting insights into the methods these scammers use to fool their victims as well as the infrastructure supporting their operations. In addition, we discovered a broad New Delhi-based scamming network employing multiple websites and VOIP phone numbers to carry out their duplicitous activities.
Read More >>
Tags: Apple, fraud, mac, scam, social engineering, Talos, TeamViewer
More employees need access to more enterprise resources from more devices than ever, and attacker ingenuity and persistence have reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. And the problem is only going to grow as 500 billion new devices are expected to be connected to the network by 2030.
How can you protect what you can’t see?
In the face of an ever-increasing number of attack vectors and advanced threats, Cisco is committed to helping organizations extend security everywhere – in effect, to wherever employees are and wherever data is – without sacrificing operational efficiency. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation.
Introducing Cisco ISE 2.0
The newly redesigned Cisco ISE security management platform provides greater visibility, usability, and control.
Deeper Visibility Provides Superior Network Insight and Control
Expanding ISE’s Reach and Scope within Diverse Network Environments. Customers can now deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x NADs manufactured by non-Cisco vendors. This extends the reach and scope of advanced authorization capabilities in ISE to ensure endpoint compliance across a more varied range of networks.
Access Policy become geo-location driven! Create and enforce access policy controls based on specific geo-location information thanks to the integration with the Cisco Mobility Services Engine (MSE). For example, a healthcare organization can control a doctor’s access to patient records only while in the hospital, a corporation can grant executives’ access to confidential information for a board meeting while only in the board room, a school can control a student’s ability to stream content only when physically inside the classroom.
Read More »
Trends like bring-your-own-device, mobility, and cloud computing are creating a surge in the number and types of devices connecting to the network and driving demand for WAN bandwidth. Remote and branch office employees expect fast, secure connectivity but most enterprises don’t have spare operational budget to increase their WAN bandwidth to backhaul all traffic to headquarters in order to keep it secure.
Enter Intelligent WAN, or IWAN. With IWAN, the Internet becomes a reliable, cost-effective way to supplement the WAN. Cisco’s IWAN also enables secure direct Internet access (DIA). Instead of backhauling branch office Internet traffic across the WAN, traffic is redirected to the Cisco Cloud Web Security (CWS) proxy, located in one of our data centers around the world, for inspection.
Now Cisco CWS is available on even more Integrated Services Routers (ISRs) for improved IWAN capabilities and additional deployment flexibility. Enterprises can use Cisco’s newest branch routing platform, the ISR 4000 Series, to redirect traffic to a CWS proxy using Generic Routing Encapsulation (GRE) over IPsec.
Read More »
Tags: branch security, Cisco Cloud Web Security, Cisco iWAN, ISR4k
Just a few months ago at Cisco Live U.S., we announced both our strategy and several new offerings for Security Everywhere Across the Extended Network. We believe that our vision of delivering Security Everywhere – from the cloud to the network to the endpoint – is essential to reduce risk, gain competitive advantage and make security a growth engine for organizations. Today we are extending Security Everywhere with new capabilities and services that deliver greater visibility, context and control from the cloud to the network to the endpoint, for organizations of all sizes.
Extending Security Deeper into the Network and Endpoints
Employees need access to more enterprise resources from more devices than ever and attacker ingenuity and persistence has reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. Controlling and detecting lateral movement of these threats inside a network is a major challenge most organizations face. Cisco is further improving its market leading capabilities to meet this challenge by simplifying the deployment of software based segmentation, leveraging more of the network’s intelligence, and extending flow based visibility for detecting insider and advanced persistent threats beyond the network to one of the most commonly deployed endpoint agents in the world.
- Cisco Identity Service Engine (“ISE”) 2.0 provides several new capabilities that extend the visibility and control of the network for security. The new integration with the Cisco Mobility Services Engine (MSE) provides geo-location for access control. For example, it can grant specific access to top secret resources required for confidential conversations in the boardroom, but then change that level of access as soon as participants leave the meeting to prevent ongoing access. A new work center for TrustSEC deployments dramatically simplifies the deployment of software based segmentation across the network along with new expanded support for third party network access devices. ISE is also an amazingly valuable source of contextual information for security systems that can help any system execute its role better. With ISE 2.0, we are further expanding our industry leading partner community to include several new vendors including Check Point, Infoblox, and Invincea while expanding partners ability to take real time action in the network with new adaptive network control capabilities to augment the rapid threat containment integrations with Lancope Stealthwatch and FireSIGHT Management Center.
- Cisco AnyConnect, our world-class VPN for secure mobility that is deployed by organizations across the globe, now delivers deep endpoint visibility into application flows, allowing security administrators to extend visibility down to the device and track behavior off and on premise and quickly spot and scope internal threats arising from compromised systems or inappropriate insider behavior.
Extending Security Further with the Cloud
Enterprises of all sizes are adopting the cloud. From productivity to line-of-business to vertical applications, SaaS and public cloud are enabling the Digital Economy. At the same, more than half the employees in the enterprise today are working outside of the network perimeter. To accelerate this transformation, Cisco is extending security further into the cloud with the following new offerings:
Read More »
Tags: #SecurityEverywhere, AMP Threat Grid, Cisco AnyConnect, Cisco Cloud Web Security, Cisco Identity Service Engine (ISE), Cisco Threat Awareness Service, cloud access security, opendns, Security Everywhere
An often overused yarn of our day is that “we live in an increasingly more connected world.” While overused, I can’t think of any better way to describe what Cisco is doing in our security ecosystem with Cisco Platform Exchange Grid (pxGrid). And it has been quite an active first year since release of pxGrid for use in customer deployments, from building an ecosystem of 30 partners to work in multiple security standards groups in the IETF.
Cisco pxGrid is an information grid that security and other IT platforms can integrate with to share relevant contextual information with any other platform connected to it. Cisco platforms can exchange information with Cisco platforms. Partners can exchange information with Cisco platforms. Partners can exchange information with other partners. It is one of the main methods used by technology partners to create use-case focused product integrations within the Cisco Security Technical Alliance Ecosystem Program.
Read More »
Tags: Check Point, ietf, InfoBlox, LogRythm, pxGrid