Cisco Blogs


Cisco Blog > Security

Cisco Security Intelligence Operations NCSAM 2013

For the last couple of years, Cisco Security Intelligence Operations has released a series of blog posts for National Cybersecurity Awareness Month. The theme for this month from the National Cyber Security Alliance is "Our Shared Responsibility." The Department of Homeland Security is running a series on this theme, as are many other private organizations.

Our action and inaction have consequences for systems and services used by us, our friends, and our places of employment. Attackers use accounts compromised due to poor passwords and lack of two-factor authentication to launch other attacks on users connected to those accounts. End-user systems infected with malicious software are leveraged to conduct distributed denial of service attacks against financial and government websites. Users who fall victim to spear phishing attacks open the door for attackers to leap frog their way through sensitive networks and collect proprietary information from our places of employment.

Read More »

Tags: , , , , , ,

Introducing Kvasir

Cisco's Advanced Services has been performing penetration tests for our customers since the acquisition of the Wheel Group in 1998. We call them Security Posture Assessments, or SPA for short, and I've been pen testing for just about as long. I'll let you in on a little secret about penetration testing: it gets messy!

During our typical assessments we may analyze anywhere between 2,000 and 10,000 hosts for vulnerabilities, perform various exploitation methods such as account enumeration and password attempts, buffer/stack overflows, administrative bypasses, and others. We then have to collect and document our results within the one or two weeks we are on site and prepare a report.

How can anyone keep track of all this data, let alone work together as a team? Are you sure you really found the holy grail of customer data and adequately documented it? What if you’re writing the report but you weren’t the one who did the exploit? Read More »

Tags: , , , ,

Watering-Hole Attacks Target Energy Sector

Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host.

Observed watering-hole style domains containing the malicious iframe have included:

  1. An oil and gas exploration firm with operations in Africa, Morocco, and Brazil;
  2. A company that owns multiple hydro electric plants throughout the Czech Republic and Bulgaria;
  3. A natural gas power station in the UK;
  4. A gas distributor located in France;
  5. An industrial supplier to the energy, nuclear and aerospace industries;
  6. Various investment and capital firms that specialize in the energy sector.

Encounters with the iframe-injected web pages resulted from either direct browsing to the compromised sites or via seemingly legitimate and innocuous searches. This is consistent with the premise of a watering-hole style attack that deliberately compromises websites likely to draw the intended targets, versus spear phishing or other means to entice the intended targets through illicit means.

Read More »

Tags: , , , , ,

Summary: Friend or Foe? When IoT Helps You Get Hacked by Your Security

August 14, 2013 at 5:00 am PST

Businesses of all types and sizes stand to benefit greatly from the Internet of Things (IoT), with a wealth of intelligence for planning, management, policy, and decision-making that will help them maximize productivity and efficiency while minimizing costs. However, if not properly protected by integrating it with a solid network security solution, the consequences can be devastating. Read More »

Tags: , , , , , , , ,

Summary of Microsoft Security Bulletin for August 2013

That’s right folks, today is Patch Tuesday and Microsoft has published its monthly security bulletin for August 2013. The bulletins address a total of 23 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, and Microsoft Exchange. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.

The bulk of the August updates correct several vulnerabilities in Internet Explorer. Although little technical information is available currently, it’s likely that attackers may develop future exploits based on the vulnerabilities.

Multiple vulnerabilities correct vulnerabilities in Microsoft Windows. A few of the vulnerabilities involve improper processing of ICMP network packets and could allow for attacks that cause affected systems to stop responding to additional network traffic. Although service failures are a concern for production systems, an exploit would allow no system access. Read More »

Tags: , , , , ,