Cisco Blogs


Cisco Blog > Security

David McGrew Discusses Legacy Encryption Solutions with Mike Danseglio of 1105 Media at RSA 2013

Today, many encrypted networks use insecure cryptography. Attackers exploiting weak cryptography are nearly undetectable, and the data you think is secure is less safe every day. Legacy encryption technology can’t keep up with current advances in hacking and brute force computing power. Additionally, legacy solutions are increasingly inefficient as security levels rise, and perform poorly at high data rates. In order to stay ahead of this challenge, encryption needs to evolve.

Read More »

Tags: , , , , , , ,

Announcing Cisco Wearable IPS

With the industry’s drive toward personal and wearable devices, soon people will be walking around with smart glasses, watches, phones, and even shoes. Not to mention they’ll be driving networked cars.

In the future, the task of securing your personal network will become increasingly difficult, which creates a new frontier to the threat landscape, one that is certainly personal. How are people expected to secure all these devices in their everyday personal network? How will we be protected while walking around a crowded shopping mall, admiring koalas at the zoo, or boogieing down in a busy nightclub? Who will combat this emerging threat?

Cisco will.

Read More »

Tags: , ,

March Madness May Equal to Malware Madness

March 29, 2013 at 8:05 am PST

basketball1Are you excited about March Madness? Turn on a TV and it will be hard to avoid the games, the news, the commentaries, and the jokes about it. If you eavesdrop in any restaurant, bar, or office conversation, I can assure you that you will hear something about it. Even U.S. President Barack Obama filled out a March Madness bracket. Productivity in many offices drops significantly as employees search and watch videos to see how their bracket picks are progressing. At Cisco, we have an open policy and employees can watch and search the scores of their favorite teams. Watch this video posted by CNN where Kip Compton, Cisco’s Video Collaboration Group CTO, talks about March Madness.

During the last couple of years, the industry saw a spike in web malware during the March Madness season. SQL injection attacks, iframe injections, JavaScript, and Java malware were some of the most prevalent. A few months ago, I provided details about some of today’s cyber-criminal tools— exploit kits—and some of the weapons of choice like Blackhole, RedKit, Styx, CrimeBoss, and Cool.

A few things to keep in mind:

  • Legitimate business sites may have vulnerabilities that allow a hostile site to deliver malware.
  • In most drive-by downloads, the victim is willing to dismissively click pop-ups and warnings as they navigate to the desired content. In this case, users may just click on pop-ups or ads to watch videos about their favorite team.
  • Most drive-by downloads can be prevented by keeping software up to date. Read More »

Tags: , , , , , , , ,

Chronology of a DDoS: SpamHaus

Around 12:00 GMT March 16, 2013, a distributed denial of service (DDoS) attack took offline both the spamhaus.org website and a portion of its e-mail services. SpamHaus was able to restore connectivity by March 18; however, SpamHaus is still weathering a massive, ongoing DDoS attack. The DDoS attacks have also had less severe but measurable consequences for the Composite Block List (CBL) as well as Project Honey Pot.

The attackers appear to have hijacked at least one of SpamHaus’ IP addresses via a maliciously announced BGP route and subsequently used a Domain Name System (DNS) server at the IP to return a positive result for every SpamHaus Domain Name System-based Block List (DNSBL) query. This caused all SpamHaus customers querying the rogue nameserver to erroneously drop good connections.

According to the New York Times, Sven Olaf Kamphuis is acting as a “spokesman for the attackers.” Kamphuis is allegedly associated with hosting provider “the CyberBunker,” which is housed in an old, five-story NATO bunker located in the Netherlands. CyberBunker has a reputation for “bulletproof hosting,” not only because of the physically fortified infrastructure, but also for their permissive terms of use, stating “Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine.” Kamphuis is also allegedly affiliated with the StopHaus group, which publicly claimed responsibility for the BGP hijack attack via Twitter.  Read More »

Tags: , , , , , , ,

Thoughts on DarkSeoul: Data Sharing and Targeted Attackers

The attacks against South Korean media and banking organizations last week severely disrupted a handful of organizations with a coordinated distribution of “wiper” malware designed to destroy data on hard drives and render them unbootable. At 14:00 KST on March 20, 2013, the wiper was triggered across three media organizations and four banks, setting off a firestorm of speculation and finger-pointing and that which continues as of this writing. In this post, I’ll share a perspective no one else seems to be talking about, but may be the real motivation behind these attacks.

The What and the Possible Why

Let’s start with what we know:

  • The attack was highly targeted
  • The malware was specifically designed to distribute the wiper payload throughout the impacted organizations
  • The malware was timed to deploy its destructive payload simultaneously across all affected organizations
  • The resulting loss of data and downtime has been severe

While the “what” of the attack is well established, the “why” and “how” are still a matter of debate. Theories postulated include an outright act of warfare from North Korea designed to economically disrupt South Korea, or an act of sabotage to cover the tracks of data exfiltration allegedly wrought by China. But what if there were an explanation that was less about countries and politics and more about that all-time motivator of crime: money? Consider, if you will, the following timeline. Read More »

Tags: , , , , , , ,