Cisco Blogs


Cisco Blog > Threat Research

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau

Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008

Update 5/8: We’ve made the source code available via Github here

After the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to many variants and campaigns targeting even localized regions in their own specific languages. Although it is possible that these multiple variants are sponsored by the same threat actor, the most likely conclusion is that multiple threat actors are jumping in to claim a portion of an ever increasing ransomware market. One of the latest variants is called TeslaCrypt and appears to be a derivative of the original Cryptolocker ransomware. Although it claims to be using asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES instead. Talos was able to develop a tool which decrypts the files encrypted by the TeslaCrypt ransomware.

 

TeslaCrypt-1

Click for Larger Image

Read More »

Tags: , , , ,

Best Practices: Device Hardening and Recommendations

On April 13th, 2015, Cisco PSIRT was made aware of multiple instances of customer disruption in a specific region caused by a denial of service attack against Cisco devices. We responded quickly to support speedy restoration for our customers.

Our ongoing investigation has shown that the storage of some Cisco devices was erased, removing both the Cisco IOS and device configuration from the non-volatile RAM. Once rebooted, these devices became non-operational, affecting connectivity to the global Internet.

Cisco PSIRT, together with other internal Cisco teams, responded to support affected customers, review configuration backups of affected devices, and to analyze all available log files and Netflow information.

At this time, we have seen a common element across all inspected devices: a combination of weak credentials and a lack of device hardening. There has been no evidence of a Cisco bug or vulnerability being exploited. Should this situation change and we discover the use of a vulnerability, Cisco will disclose in accordance with our Security Vulnerability Policy.

Read More »

Tags: , , ,

Industry Recognition for Security Excellence

Cybersecurity is a company-wide initiative. It touches every line of business, the technology, the fabric of the organization, its culture, brand and reputation. Customers are telling us that their most important issues are security and assuring the integrity of the products and data in their networks. In light of the heightened potential for cyber threats, trust is more important than ever throughout the entire IT industry. A trustworthy product requires that security be integrated throughout the product lifecycle based on a transparent and open culture of the company, its policies, its processes, its supply chain, and its partners.

John Stewart, Senior Vice President and Chief Security and Trust Officer here at Cisco, drives trustworthy systems development, supply chain security, cloud security and customer data protection, as well as validation of Cisco’s cyber security practices. This week, John was presented with the RSA Conference Award for Excellence in Information Security during the conference keynote. We are excited for John and see the award as recognition of the work Cisco is doing around the world to raise security awareness and the importance of trust, accountability and transparency from IT vendors.

I was chatting with John after the award presentation and he told me what an honor it was to receive this level of recognition, because it affirms we’re on the right path. We recognize the enormity of the security task before us and it makes us all proud to work for a company that is totally committed to the security of our solutions and of our company.

You can read more about the award here.

Tags: ,

Hardening the Cisco TelePresence DX Systems

The Cisco TelePresence Hardening Guide has been updated, adding the DX70, DX80, and DX650 models. The Cisco DX Series run the Google Android operating system, which has special considerations for security.

The updates cover security areas related to:

  • Access to the Google Play store and 3rd party apps
  • Remote access to the device
  • Simple versus Enhanced mode
  • Syncing the system to external accounts
  • Serial and console access
  • Bluetooth considerations

The hardening guide can be found at the following URL:
http://www.cisco.com/web/about/security/intelligence/TP_Harden_Guide_wp.html

Give it a read and learn how to harden your TelePresence DX system.

Tags: , ,

Cisco’s First Transparency Report on Law Enforcement Requests for Customer Data

As Cisco’s products and services evolve to new models, we find ourselves coming in contact with our customer’s data more regularly. We approach this role as stewards of this data with our customers interest foremost in our mind. One area of widespread interest as it relates to this data is how we interact with Global Law Enforcement regarding this data.   To that end, today Cisco is launching its first global Transparency Report on Law Enforcement Requests for Customer Data. In this report, Cisco details our principles regarding how we will treat law enforcement requests for customer data if, and when we receive such requests. We also provide specifics regarding how many requests we have received from global law enforcement agencies for our customer’s data.

Read More »

Tags: , , , , , , ,