Cisco Blogs


Cisco Blog > Threat Research

Threat Spotlight: Upatre – Say No to Drones, Say Yes to Malware

This post was authored by Nick Biasini and Joel Esler

Talos has observed an explosion of malicious downloaders in 2015 which we’ve documented on several occasions on our blog. These downloaders provide a method for attackers to push different types of malware to endpoint systems easily and effectively. Upatre is an example of a malicious downloader Talos has been monitoring since late 2013. However, in the last 24-48 hours, things have shifted dramatically. We’ve monitored at least fifteen different spam campaigns that are active between one and two days.  While the topic associated with the spam message has varied over time, the common attachment provided is a compressed file (.zip or .rar) that contains an executable made to look like a PDF document by changing the icon.

Execution

When Upatre is executed, a PDF document is quickly downloaded and displayed while Upatre is delivered in the background. The document displayed has been either one of two PDFs.  The first PDF, which was used until March 17, contained some information about Viagra:

Figure 1: Sexual Dysfunction, what’s your function?

Figure 1: Sexual Dysfunction, what’s your function?

Read More »

Tags: , , ,

#CiscoChat: Incident Response in a Complex Threat Environment

Though 2014 has come and gone, one trend that dominated its headlines has unfortunately continued to do the same this year. So, what happens to an organization’s cybersecurity readiness plan when there aren’t enough security professionals to protect the network? What are the tested security strategies that can help organizations prepare, manage, respond to and recover from incidents in a quick and effective manner?

During our next #CiscoChat, we’ll seek to answer these questions and invite you to share your thoughts and solutions with us.  #CiscoChat is a program where industry experts answer your questions and participate in an open discussion on a particular topic.  Everyone is welcome to join simply by searching the hashtag #CiscoChat on Twitter and including it in your tweets to be seen by others participating. Read More »

Tags: , , , , ,

What It Means to be a Woman of Influence

It was a wonderful honor to be named to Silicon Valley Business Journal 100 Women of Influence just over a week ago; one that will help greatly with accelerating my initiatives for cloud safety—not just for business, but also for us all.

And for the honor, I owe much thanks to many incredible mentors who have believed in me and for the immense opportunities they have provided me.

Read More »

Secure Access Control in the Internet of Everything

In my role leading the development of Cisco’s IoT Systems and Software, I spend a fair amount of time speaking at industry events and talking with customers and partners. There is a lot of excitement about the Internet of Everything (IoE) – the intelligent connection of people, processes, data and things to the Internet – as it continues to take hold, bringing unprecedented economic opportunities to both the private and public sectors.

Read More »

Tags: , , , , , ,

Three Key Considerations When Evaluating Threat Intelligence Solutions

To address today’s evolving threat landscape, there’s been a shift from traditional event-driven security to intelligence-led security. Threat intelligence plays an integral role in this shift.

When you hear the term “Threat Intelligence,” it’s easy to have preconceived notions of what it means. Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” I like that Gartner’s definition does not include intent. Why? Intent implies that the “menace” is trying to target you, but we know that too often this isn’t the case. Pretty much any piece of malware out there will damage unintended targets. One example is Stuxnet. It targeted Iranian nuclear enrichment facilities. Unfortunately it escaped the purported air-gapped system and has been seen in at least 10 other countries. In more practical terms threat intelligence must be:

  • Tactical
  • Contextual
  • Automated

Read More »

Tags: , , ,