This post is co-authored by Jaeson Schultz and Craig Williams.
Every so often, we observe certain spam campaigns that catch our interest. On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam and we wanted to explain why the bad guys seem to be moving in that direction with a real world example. As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013.
Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. Depending on how an anti-spam technology works, this can cause severe problems with detection. Typically technologies that use multiple defensive layers of protection, like Cisco’s ESA, are much more successful at combating snowshoe spam. We’ve previously discussed these tactics in a previous blog post.
Tags: anti-spam, esa, spam, Talos
A few years ago, a point-product security vendor proudly declared their technology was the silver bullet that stopped ALL security threats from penetrating the corporate network. Many of us in the industry raised our collective eyebrows in surprise at such a bold claim.
While the naive or inexperienced might have believed such an outrageous claim, we all knew there is no such thing as a silver bullet in security and that no matter how cutting edge or sophisticated your security is, attacks will get through and it is onlya matter of time before any organisation is compromised. Read More »
Tags: Cisco, Cyber Resilience, security, security breach, threat-centric
More organizations are starting to view cybersecurity as a strategic risk. They have to—it’s becoming unavoidable. Technology and the business are so intertwined. Regulators are issuing more compliance measures that include information security directives. And all the while, adversaries are relentless in their campaigns to compromise defenses to steal information, money, or otherwise create disruption.
Read More »
Tags: cybersecurity, midyear security report, risk, Risk Management, security
Enterprise security professionals have their hands full these days—monitoring networks for security breaches, managing the implications of “bring your own device” policies, and patching systems to combat “weak links,” or vulnerabilities that could allow online criminals to grant entry.
Regarding this last task, security practitioners may be able to take an approach to addressing vulnerabilities that allows them to more effectively allocate resources toward resolving these challenges. As detailed in the Cisco 2014 Midyear Security Report, urgent critical vulnerabilities—those that merit the time and attention of security executives—make up a very small number of reported vulnerabilities. While all reported vulnerabilities should be patched, it’s wise to focus on those that pose the most danger.
Cisco publishes thousands of multivendor alerts every year, and zero-day vulnerabilities (for which patches are not yet available) tend to win the lion’s share of attention from security practitioners and the media because of their perceived urgency. However, only about two percent of the thousands of reported vulnerabilities were being activity exploited soon after published reports.
Read More »
Tags: Cisco, midyear security report, security, vulnerabilities
Analysis of high-profile cyber breaches often reveals how intruders gain their initial footprint in the targeted organizations and bypass perimeter defenses to establish a backdoor for persistent activities. Such stealthy activities may continue until intruders complete their ultimate mission—claiming the “crown jewels” of the victim organization.
“Lateral movement” is a term increasingly used to describe penetration activities by intruders (more information on lateral movement is available in Verizon’s 2014 Data Breach Investigations Report). These activities begin with network reconnaissance, typically leading to compromises, hijacking of user accounts and ultimately privilege escalation to access sensitive data. Organizations may go to great lengths to detecting and stopping the initial breach and final data exfiltration as well as establishing more intelligence at their ingress/egress perimeters. But how can you minimize the damage caused by an intruder’s lateral movement once your network is already compromised?
Read More »
Tags: Cisco, malware, security, TrustSec