It is not uncommon to see an anti-spam system catch >99% of the spam passing through it. Most of the best anti-spam systems catch >99.9% of spam. In this environment, spammers try just about anything to evade spam filters. Some spammers believe that blasting at high volume is the key to success. Others believe complete randomization of the message headers will confuse the anti-spam system. Still others take a minimalist approach, sending only a URL in the body. As anti-spam systems close gaps in their coverage, spammers are forced to find new tricks (or resort to variations on old tricks). It’s an arms race.
One spam technique in particular is attracting more and more spammers. This technique is known in the email industry as “snowshoe” spam. Snowshoes are footwear that allows a person to walk over deep snow by distributing their weight over a larger surface area, thus preventing the wearer’s foot from sinking. But what do snowshoes have to do with unsolicited bulk email? In the email world “snowshoe” spam is unsolicited bulk email that is sent using a large number of IP addresses, and at a low message volume per IP address.
Cisco’s worldwide sensor network records details about a substantial quantity of spam. We analyze this large dataset for trends among senders. Below is a breakdown of spam by sender type. Note that the volume of snowshoe spam has more than doubled since November 2013.
Spam broken down by Sender Type
Read More »
Tags: spam, SpamCop, spamtrap, TRAC
News agencies like ABC News, CNN, and others have run stories on the FBI sting operation against more than 100 hackers who were involved in using and/or distributing the Blackshades RAT (articles in the hyperlinks for reference). For a mere US$40, a novice computer user can become a hacker and gain access to anyone’s computer, including gaining control over their video camera. If this novice hacker in the making needs help operating the RAT, many video instructions can be found on YouTube. This would be a form of free technical support. With over an estimated 500,000 computers infected, that leaves behind a serious footprint of compromised devices. As Marty Roesch, Cisco VP, Security Architect would say, “If you knew you were going to be compromised, would you do security differently?”
With over a half a million computers compromised from a single remote access toolkit, it is reasonable to think that a high percentage of those compromised computers would unknowingly be brought back to work and connected to the corporate network. Although inexpensive, the Blackshades RAT has an extensive set of capabilities such as keystroke logger, web cam control, full file access, etc. More than enough for the cyber attacker to assume the full identity of the owner of the compromised computer to allow them easy access to the business critical servers inside the data center as depicted in the diagram.
Read More »
Tags: #CLUS14, Blackshades, cisco live, cybersecurity, data center, malware, RAT
Security has emerged as a leading pain point for CIOs, executives, and even in the boardroom due to changing business models and growing attack surfaces, a threat landscape that is more dynamic by the day and the increasing complexity of IT environments.
With these challenges as a backdrop, attendees of our 25th annual Cisco Live! event last week in San Francisco absorbed over 170 hours of security-focused material, including hands-on labs, seminars, technical breakouts, panel discussions, and keynotes. This overwhelming amount of time and effort is a testament to Cisco’s commitment to protecting our customers against the latest threats across the full attack continuum—before, during, and after an attack.
In case you could not attend or make a session, particular highlights from the week included Chris Young and Bryan Palma’s keynote (must create Cisco Live account to view) examining the security challenges brought about by the Internet of Everything. Chief architect Martin Roesch also led a session exploring threat-centric security, examining the modern threat landscape, and how threat-centric security increases the effectiveness of threat prevention.
From a product perspective, momentum continued as we announced major updates and new products during Cisco Live! to help our customers address their security needs across the attack continuum with protection from the network to the data center to the endpoint to the cloud.
Tags: #CLUS14, Advanced Malware Protection, AMP, ASA, cisco live, cloud, cybersecurity, data center, ThreatGRID
We have been clear that we have a distinct approach to Advanced Malware Protection (AMP), specifically the unique way in which we leverage the compute and storage capabilities of the public cloud. Doing so enables us to do a great number of things to help customers more effectively fight malware, particularly when compared to traditional, point-in-time anti-malware systems of the past 20 years.
Read More »
Tags: #CLUS14, Advanced Malware Protection, advanced persistent threat, AMP, APT, malware, ThreatGRID
The news of high-profile targeted data center attacks has dominated security news recently. But data center attacks are even more prevalent than those headlines suggest. In fact, a survey conducted last summer by Network World suggests that 67 percent of data center administrators experienced downtime due to malware and related attacks in the previous 12 months.
A key challenge is that many of today’s security solutions are simply not designed for the data center, with limitations in both provisioning and performance. The situation will likely get worse before it gets better as data center traffic grows exponentially and data centers migrate from physical, to virtual, to next-generation environments like Software-Defined Networks (SDN) and Application Centric Infrastructures (ACI).
Read More »
Tags: #CLUS14, ACI, Adaptive Virtual Security Appliance, application centric infrastructure, ASAv, Cisco Validated Design, CVD, cybersecurity, malware, SDN, security, software defined networks