Cisco Blogs


Cisco Blog > Small Business

Protect Mobile Devices, Protect Your Network

Reduce the risk of compromised company data by securing users’ smartphones

Once upon a time, a mobile phone was just a phone—you made and received calls on it, and that’s all. It posed zero risk to the security of your network or your business. Now, a mobile phone is so much more than just a phone. It’s a personal assistant, a portable game player, a digital camera, and most importantly, a full-fledged computer—and these smartphones definitely pose a security risk. Just like a laptop, smartphones, tablets, and other mobile devices can connect to your network, which means they could compromise your company’s data or leave your network vulnerable to attack from a hacker. You wouldn’t leave employees’ laptops unsecured, so why would you take chances with their mobile devices?

For the most part, the same security measures you ascribe to the computers on your network in the office should also be applied to mobile devices that have access to your LAN. Just like desktop PCs and laptops, all mobile devices need software protection to guard against malware and other attacks. Smartphones and tablets should have a firewall as well as antispam and antivirus software installed, such as the Cisco AnyConnect Secure Mobility Solution and Norton Smartphone Security offering.

Read More »

Tags: , , ,

Cisco Releases the 2011 Annual Security Report

December 14, 2011 at 11:06 am PST

Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.

Read More »

Tags: , , , , , , , , ,

Duqu: The Next Stuxnet?

Reports of the recently discovered Duqu trojan have spawned much speculation and even resulted in the trojan being dubbed “the son of Stuxnet” or “Stuxnet 2.0.”

So what is Duqu and how does it compare to Stuxnet?

Duqu is an infostealer trojan designed to sniff out sensitive data and send it to remote attackers. Conversely, Stuxnet was a worm with a malicious payload designed to programmatically alter industrial control systems.

I’ve heard Duqu called Stuxnet 2.0. Why is that?

Read More »

Tags: , , , ,

Cisco Releases IPS Signature to Detect Alleged German Government Trojan

Earlier today we released IPS Signatures 39866-0 and 39866-1 as part of the S603 update to our Cisco Services for IPS customers. These signatures detect or block network traffic associated with the “R2D2 trojan” allegedly used by German authorities to surveil individuals of interest. Originally discovered and announced by the Chaos Computer Club in Germany, this software contains functionality to install software, monitor and remotely control any computer it is installed upon.

This is not the first time Cisco Security Intelligence Operations has reported on this software. We released a public Malware Alert on 10/13 and discussed it in our weekly Cyber Risk Report. The following caption is from the Cyber Risk Report entry:

Read More »

Tags: , ,

Extracting EXE Drop Malware

In the last few years there has been a major shift in the vulnerability landscape from a focus on attacking network-based server applications to attacking client applications using malicious file formats. Due to this shift there has been a variety of new techniques developed by attackers for more reliable control post-exploitation.

One of the techniques that is commonly used by attackers is the EXE drop. Basically this technique revolves around placing an executable file within the data format in which the vulnerability takes place. Post exploitation, the payload searches for the file descriptor that is associated with the data file, copies the EXE file from it to disk, and executes the EXE file in a new process. Some examples of data formats that are commonly used in an EXE drop exploit are Office documents, Shockwave Flash Files, and image files. The EXE drop technique is useful for several reasons; one reason is because it makes coding the payload easier. The executable can be crafted quickly and compiled for a specific target. Also, by copying an executable file to disk (persistent storage) it’s fairly easy to maintain residency by adding an entry to the autorun registry keys for example.

Read More »

Tags: , ,