As we continue to observe National Cyber Security Awareness Month, it’s time this week to think about integrity verification and what it means for your network and your organization.
As today’s network threats increase in sophistication, the resulting risks to a business’s or government agency’s network may go undetected for days, months or even years. According to the Ponemon Institute’s 2015 Cost of Data Breach Study, malicious attacks take an average of 256 days to identify.
The same network that is also at the heart of nearly every business today is also the critical foothold for IT teams to deal with those threats before, during and after the attack. Ensuring the integrity of network hardware and software is a critical first step in ensuring that IT systems are built with a foundation of trust. Non-genuine or suspect networking hardware and software are serious threats to network robustness, its role as a critical piece of the security of your organization and ultimately, your business.
The realities of today show that the network infrastructure itself is also a target of the increased sophistication of threat actors. We’ve talked about both the evolution of those threats and the important role modern technologies have in providing robust defenses to the infrastructure itself. The ability to confirm the trustworthiness of the backbone of your business – the network – is a critical component to verifying the trust you place in it, and is based on explicit facts.
Read More »
Tags: Cisco Security and Trust Organization, integrity verification service, security and trust
Post authored by Martin Rehak, Veronica Valeros, Martin Grill and Ivan Nikolaev.
In order to complement the comprehensive information about the Angler exploit kit from our Talos colleagues [Talos Intel: Angler Exposed], let’s have a very brief look at what an Angler and CryptoWall infection looks like from the network perspective. We will present one of the recent Angler incidents discovered by Cognitive Threat Analytics (CTA).
Cognitive Threat Analytics works after the attack. It sifts through the logs produced by the client’s web proxy for any malware that may have slipped through the perimeter defences, such as this specific case here. CTA was able to observe the attack in its entirety (including the phases where the perimeter defence successfully blocked several stages in the attacker’s plan) and notify the security team immediately for follow-up and investigation.
So, how does an incident start for the analyst?
We can see that the incident has been categorised as an Exploit Kit infection. The system asserts 95% confidence in this incident being a true positive, and classifies it on the level 8 (out of 10) on the risk scale.
Read More »
Tags: Advanced Malware Protection, angler, Cognitive Threat Analytics, Cryptowall, exploit kit, ransomware
One of the hardest jobs on the Internet is to work the abuse desk at a hosting provider. These teams have to strike a difficult balance between protecting their customers, ensuring that their services aren’t being abused by malicious actors and delivering the service and convenience their customers expect. They don’t get near enough credit for their work.
Recently, Talos had the privilege to work with the abuse team from Limestone Networks. In the course of our joint investigation, we learned that Limestone Networks had been working against the same actor abusing their services for months. Based on our findings, this actor was costing them approximately $10,000 a month in fraudulent charges plus wasted engineering time and the overhead of managing the abuse tickets this actor was causing. By working together, Talos and Limestone Networks were able to make their network a difficult one for the actor to work in by rapidly identifying and terminating the systems they were trying to use. As a result, the actor moved off of their network.
The results of this experience were so positive, both for Limestone Networks and Talos, that today Talos is announcing Project Aspis.
What is Project Aspis?
Provided by Talos, Project Aspis assists hosting providers, in certain situations, who are dealing with malicious actors who are persistent in their environment and a threat to others on the Internet.
Read More »
Tags: Aspis, security, Talos, threat intelligence
Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated “Critical” and address vulnerabilities in Internet Explorer, JScript/VBScript, and the Windows Shell. The other half of the bulletins are rated “Important” and address vulnerabilities in Edge, Office, and the Windows Kernel.
Bulletins Rated Critical
MS15-106, MS15-108, are MS15-109 are rated Critical in this month’s release.
MS15-106 is this month’s Internet Explorer security bulletin for versions 7 through 11. In total, 14 vulnerabilities were addressed with most of them being memory corruption conditions that could allow arbitrary code execution. This bulletin also addresses 2 memory corruption flaws and 2 information disclosure flaw in the JScript/VBScript scripting engine for Internet Explorer versions 8 through 11 only. Users and organizations that currently use Internet Explorer 7 or who do not have Internet Explorer installed will need to install MS15-108 to address the vulnerabilities in the VBScript/JScript scripting engine. Read More »
Tags: bulletin, Microsoft, ms tuesday, patch, Talos
Email is how your company keeps business moving. It’s so easy to click the Send button that your employees may not realize the risk. In the past you may have found it easier to turn a blind eye, especially for an issue that does not appear to be a business priority. But a never-ending cycle of email controversies and breach news are raising awareness for the risk of unsecure email. Understanding the challenge and how to solve it – without interrupting your business processes – is quickly becoming a priority.
The Risks to Your Bottom Line
Your company is exchanging emails that contain corporate data that’s valuable to you, your customers, and your partners. But the content in these emails can also be valuable to your competitors and hackers who can sell your data for a nice profit. Without the proper security measures in place, it’s easy for an unauthorized person to capture corporate data in email as it travels across the public Internet. Worse yet, you and your company may never know it’s happening. And the results can be costly.
According to the Ponemon Institute’s annual “Cost of a Data Breach” report, the average cost of responding to and resolving a corporate data breach is $3.8 million. And that number does not reflect potential lawsuits, brand damage or the revenue loss of customer business. It also doesn’t account for any regulatory fines that may be associated with expanding industry or state requirements.
Read More »
Tags: cisco esa, email encryption, email security, email security appliance, zct, zix, zixgateway