This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.
Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.
Table of contents
Attack in a Nutshell
Reversing of the Mac Malware
Reversing of the Windows Malware
Protecting Users Against These Threats
Malvertising is a short form for “malicious advertising.” The idea is very simple: use online advertising to spread malware. Read More »
Tags: adware, AMP, Cisco Security, CWS, esa, hacking, kyle, kyle and stan, malicious advertisment, malvertising, malware, reversing, security, spyware, stan, Talos, threat, threat spotlight, wsa
Many web sites provide a setting to reduce the amount of explicit, or objectionable, content returned by the site. The user configures these settings, but many users are unaware such a setting exists, or that it needs to be set for each web site. Additionally, the security administrator cannot audit that users have configured the setting. As a result, users can be exposed to objectionable content or can inadvertently trigger filtering of objectionable content on the Cisco security service (Cisco WSA or CWS), sometimes causing uncomfortable questions from human resources or from management.
An emerging standard defines a new HTTP header, “Prefer: Safe,” which does not require the user to configure each web site. This feature is implemented by Firefox, Internet Explorer 10, and Bing. We anticipate more clients and more content providers will support this emerging standard.
Both Cisco Web Security Appliance (WSA) and Cloud Web Security (CWS) support this emerging standard, and can be configured to insert this header on behalf of HTTP and HTTPS clients. In this way, the security administrator can cause all traffic to default to avoiding explicit or objectionable content, without relying on users to configure their browser or to configure each visited web site.
Tags: Cisco Security Service, content, CWS, HTTP, security, website, wsa
In the ever-changing world of enterprise branch environments, a high number of businesses are planning to migrate their WAN to the Internet. To be exact, Nemertes Research (Benchmark 2012–13 Emerging WAN Trends) estimates that number to be close to 50%. That’s 50% of businesses migrating to Internet for WAN.
And why is that happening? Enterprises are trying to optimize their WAN to increase ROI. Internet has become a much more stable platform, offering significant price-to-performance gains. Thus, the growth of new cloud traffic, high bandwidth applications, and video can be easily load balanced across multiple WAN lines, one of which or both can be Internet links. Some of the enterprises go even further and enable local Internet breakout from the branch. Not only does it eliminate the need to unnecessarily backhaul the traffic to the corporate HQ or data center, but also helps to free up the precious WAN bandwidth for critical business related applications. This enables enterprises to provide guest Internet access within the branch and then slowly offer the same services to corporate users, both for trusted public clouds applications and general Internet access. Read More »
Tags: #IWANWed, AMP, bandwidth, Cisco Cloud Web Security, Cisco iWAN, cloud, CWS, integrated services router, ISR, IWAN
As the day draws to a close, and especially during the early morning, users become far more likely to click on links that lead to malware. Those responsible for network security need to ensure that users’ awareness of information security continues after work hours, so that users “don’t click tired.”
Read More »
Tags: CWS, malware, TRAC, UK, user behaviour