Cisco Blogs


Cisco Blog > Security

Help! My IP Address Has Been Hijacked!

SpamCop is a free, community-based spam email reporting service provided by Cisco. SpamCop analyzes reported spam, and extracts details about the sending IP, the URLs contained in the spam, and the networks over which the spam message has transited. This information is used to create the SpamCop Block List (SCBL). The SCBL a list of IP addresses believed to be sending Unsolicited Bulk Email.

As part of its service, each week SpamCop sends millions of email messages to notify network administrators about malicious activity that is observed occurring on their networks. SpamCop receives all types of replies in response to our notification emails. Many times recipients of SpamCop’s notifications will reply to SpamCop and claim, “we did not send the spam”. The SpamCop Deputies responsible for following up on these replies have heard every excuse under the sun. For them, “we did not send the spam” is the spam block list equivalent of “the dog ate my homework.”

Read More »

Tags: , , ,

A Visibility-Driven Approach to Next-Generation Firewalls

Cisco ASA with FirePOWER Services has redefined the next-generation firewall (NGFW) as an adaptive, threat-focused platform, delivering superior, multi-layered protection, unparalleled visibility, and reduced security costs and complexity.

This innovative new solution addresses three strategic imperatives—being visibility-driven, threat focused, and platform-based. In this post, we will examine the necessity of a foundation of full contextual awareness and visibility—to see everything in an environment, detect multi-vector threats and eliminate the visibility gaps in traditional defenses comprised of disparate point technologies that sophisticated attackers exploit.

In an aptly titled recent post from Joseph O’Laughlin, “You Cannot Protect What You Can’t See,” he discusses why visibility (and subsequent control) into only applications and users is no longer enough to protect today’s dynamic environments and outlines how visibility into the network enables better network protection. This core concept of visibility into the network is at the heart of Cisco ASA with FirePOWER Services (and our Next-Generation Intrusion Prevention Systems too) that sets it apart from all other network security competitors. Read More »

Tags: , , , , , ,

Introducing the Industry’s First Threat-Focused Next-Generation Firewall

Cisco is a strong proponent for shifting the mindset regarding the capabilities a Next-Generation Firewall (NGFW) must provide to stay relevant in a world that is dealing with dynamic threats. While nothing is technically wrong with legacy NGFWs, much is wrong with their approach.

To meet current and future needs, a NGFW must now provide full visibility and contextual awareness across applications, hosts, and the network, address dynamic threats, quickly correlate and identify multi-vector threats and deliver the dynamic controls organizations now require to combat advanced threats. It must do all of this while reducing complexity. These capabilities are crucial for enabling continuous protection across the attack continuum—before, during and after an attack.

Read More »

Tags: , , , , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware

This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.

img_MetricsHave you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.

Table of contents

Attack in a Nutshell
Timeline
Technical Breakdown
Reversing of the Mac Malware
Reversing of the Windows Malware
IOCs
Conclusion
Protecting Users Against These Threats

Malvertising is a short form for “malicious advertising.” The idea is very simple: use online advertising to spread malware. Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Danger at the Retail Point of Sale

This blog post was authored by Martin Lee and Jaeson Schultz.

With the announcement that yet another major retailer has allegedly been breached, it is important to review how attackers compromise retail systems and how such intrusions can be prevented. In this latest case, retailers are working to determine if a large cache of credit card information offered for sale on an underground trading forum originated as a result of a systems breach.

The presence of large amounts of financial and personal information within retail systems means that these companies are likely to remain attractive targets to attackers. Illicit markets exist for such information so that attackers are able to easily monetize stolen data. Although we don’t know the details of this specific attack, it may follow the same pattern as other major breaches in the retail sector. Incidents involving Point of Sale (POS) malware have been on the rise, affecting many large organizations.

In addition to the risk of fraud to the individuals affected, the consequences for the breached organizations are severe. News of customer data theft not only damages the brand, but recovering from the breach can also cost into the millions of dollars as systems are investigated, cleaned, repaired, and new processes are implemented to prevent future similar attacks.


POS Attack
Read More »

Tags: , , ,