Analysis of high-profile cyber breaches often reveals how intruders gain their initial footprint in the targeted organizations and bypass perimeter defenses to establish a backdoor for persistent activities. Such stealthy activities may continue until intruders complete their ultimate mission—claiming the “crown jewels” of the victim organization.
“Lateral movement” is a term increasingly used to describe penetration activities by intruders (more information on lateral movement is available in Verizon’s 2014 Data Breach Investigations Report). These activities begin with network reconnaissance, typically leading to compromises, hijacking of user accounts and ultimately privilege escalation to access sensitive data. Organizations may go to great lengths to detecting and stopping the initial breach and final data exfiltration as well as establishing more intelligence at their ingress/egress perimeters. But how can you minimize the damage caused by an intruder’s lateral movement once your network is already compromised?
Read More »
Tags: Cisco, malware, security, TrustSec
Even in the world of cybercrime, when a top “vendor” drops out of the market, competitors will scurry to fill the void with their own products. As reported in the Cisco 2014 Midyear Security Report, when Paunch—the alleged creator and distributor of the Blackhole exploit kit—was arrested in Russia in late 2013, other malware creators wanted to fill the gap.
“Blackhole” and its more expensive brother “Cool” were the most widely used and well-maintained exploit kits. After Paunch’s takedown, we observed that many other exploit kits, including Fiesta and Neutrino, became more active in the market. However, a clear leader has yet to emerge.
While there’s more competition in the exploit kit market, it’s not translating to a greater number of deployed kits, as Cisco research shows. In fact, the total number of active exploit kits has dropped dramatically—by 87 percent—since Paunch’s arrest.
Read More »
Tags: exploit kit, exploits, malware, midyear security report
As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group
The Cisco Visual Networking Index revealed an obvious truth that none of us can deny—mobile data traffic is on the rise and shows no signs of stopping:
- By 2018, over half of all devices connected to the mobile network will be “smart” devices
- Tablets will exceed 15 percent of global mobile data traffic by 2016
- By the end of this year, the number of mobile-connected devices will exceed the number of people on earth, and by 2018, there will be nearly 1.4 mobile devices per capita
With the explosion in the number of smart mobile devices and employees increasingly taking advantage of BYOD, securing company and personal data in a world where the mobile endpoint is a new perimeter presents technical and legal challenges for organizational leaders.
What are some of the most prevailing challenges? The personal use of company-owned devices happens more frequently than IT may realize and a complex legal environment can leave both employees and IT confused on how personal privacy is being protected. It is important for human resources to weigh in here as well.
Read More »
Tags: byod, Cisco, data security, future of mobility, malware, mobility, security, vni
Malware can find its way into the most unexpected of places. Certainly, no website can be assumed to be always completely free of malware. Typically, there are many ways that websites can be compromised to serve malware:
Read More »
Tags: cloud security, incident response, IPS, malware, security, TRAC
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard
In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and dynamic analysis indicators. In this second part of the blog series we will cover the malicious documents and malicious executables. For the technical deep dive see the write up on the VRT blog here.
Tags: malware, phishing, security, spear phishing, TRAC, VRT