Cisco developed Next Generation Encryption (NGE) in 2011. NGE was created to define a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for our customers. These are the best standards that can be implemented today to meet the security and scalability requirements for network security in the years to come; or to interoperate with the cryptography that will be deployed in that time frame. Most importantly, all of the NGE algorithms, parameters, and key-sizes are widely believed to be secure. No attacks against these algorithms have been demonstrated.
Recently there has been attention on Quantum-Computers (QC) and their potential impact on current cryptography standards. Quantum-computers and quantum algorithms is an area of active research and growing interest. Even though practical quantum-computers have not been demonstrated until now, if quantum-computers became a reality they would pose a threat to crypto standards for PKI (RSA, ECDSA), key exchange (DH, ECDH) and encryption (AES-128). These standards are also used in Cisco NGE.
An algorithm that would be secure even after a quantum-computer is built is said to have postquantum security or be quantum-computer resistant (QCR). AES-256, SHA-384 and SHA-512 are believed to be postquantum secure.
Read More »
Tags: cryptography, encryption, Next Generation Encryption, postquantum cryptography
As we continue to observe National Cyber Security Awareness Month, it’s time this week to think about integrity verification and what it means for your network and your organization.
As today’s network threats increase in sophistication, the resulting risks to a business’s or government agency’s network may go undetected for days, months or even years. According to the Ponemon Institute’s 2015 Cost of Data Breach Study, malicious attacks take an average of 256 days to identify.
The same network that is also at the heart of nearly every business today is also the critical foothold for IT teams to deal with those threats before, during and after the attack. Ensuring the integrity of network hardware and software is a critical first step in ensuring that IT systems are built with a foundation of trust. Non-genuine or suspect networking hardware and software are serious threats to network robustness, its role as a critical piece of the security of your organization and ultimately, your business.
The realities of today show that the network infrastructure itself is also a target of the increased sophistication of threat actors. We’ve talked about both the evolution of those threats and the important role modern technologies have in providing robust defenses to the infrastructure itself. The ability to confirm the trustworthiness of the backbone of your business – the network – is a critical component to verifying the trust you place in it, and is based on explicit facts.
Read More »
Tags: Cisco Security and Trust Organization, integrity verification service, security and trust
Post authored by Martin Rehak, Veronica Valeros, Martin Grill and Ivan Nikolaev.
In order to complement the comprehensive information about the Angler exploit kit from our Talos colleagues [Talos Intel: Angler Exposed], let’s have a very brief look at what an Angler and CryptoWall infection looks like from the network perspective. We will present one of the recent Angler incidents discovered by Cognitive Threat Analytics (CTA).
Cognitive Threat Analytics works after the attack. It sifts through the logs produced by the client’s web proxy for any malware that may have slipped through the perimeter defences, such as this specific case here. CTA was able to observe the attack in its entirety (including the phases where the perimeter defence successfully blocked several stages in the attacker’s plan) and notify the security team immediately for follow-up and investigation.
So, how does an incident start for the analyst?
We can see that the incident has been categorised as an Exploit Kit infection. The system asserts 95% confidence in this incident being a true positive, and classifies it on the level 8 (out of 10) on the risk scale.
Read More »
Tags: Advanced Malware Protection, angler, Cognitive Threat Analytics, Cryptowall, exploit kit, ransomware
One of the hardest jobs on the Internet is to work the abuse desk at a hosting provider. These teams have to strike a difficult balance between protecting their customers, ensuring that their services aren’t being abused by malicious actors and delivering the service and convenience their customers expect. They don’t get near enough credit for their work.
Recently, Talos had the privilege to work with the abuse team from Limestone Networks. In the course of our joint investigation, we learned that Limestone Networks had been working against the same actor abusing their services for months. Based on our findings, this actor was costing them approximately $10,000 a month in fraudulent charges plus wasted engineering time and the overhead of managing the abuse tickets this actor was causing. By working together, Talos and Limestone Networks were able to make their network a difficult one for the actor to work in by rapidly identifying and terminating the systems they were trying to use. As a result, the actor moved off of their network.
The results of this experience were so positive, both for Limestone Networks and Talos, that today Talos is announcing Project Aspis.
What is Project Aspis?
Provided by Talos, Project Aspis assists hosting providers, in certain situations, who are dealing with malicious actors who are persistent in their environment and a threat to others on the Internet.
Read More »
Tags: Aspis, security, Talos, threat intelligence
Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated “Critical” and address vulnerabilities in Internet Explorer, JScript/VBScript, and the Windows Shell. The other half of the bulletins are rated “Important” and address vulnerabilities in Edge, Office, and the Windows Kernel.
Bulletins Rated Critical
MS15-106, MS15-108, are MS15-109 are rated Critical in this month’s release.
MS15-106 is this month’s Internet Explorer security bulletin for versions 7 through 11. In total, 14 vulnerabilities were addressed with most of them being memory corruption conditions that could allow arbitrary code execution. This bulletin also addresses 2 memory corruption flaws and 2 information disclosure flaw in the JScript/VBScript scripting engine for Internet Explorer versions 8 through 11 only. Users and organizations that currently use Internet Explorer 7 or who do not have Internet Explorer installed will need to install MS15-108 to address the vulnerabilities in the VBScript/JScript scripting engine. Read More »
Tags: bulletin, Microsoft, ms tuesday, patch, Talos