Cisco Blogs


Cisco Blog > Security

Attackers Slipping Past Corporate Defenses with Macros and Cloud Hosting

Macro malware is a good example of malware writers and distributors using old tricks that most users have forgotten to spread malware. Unlike earlier macro malware, these macros don’t infect other documents but download password stealing trojans and install them on targets. Macro malware typically arrives via email with an attachment that contains a macro-based phishing attack in the form of an MS Office document (usually Word or Excel). The malicious code is written using the older Visual Basic for Applications (VBA) scripting language.

What makes the current versions of macro malware particularly dangerous is that the code is often heavily obfuscated, making detection difficult. Furthermore, once the document is opened and macros are enabled, the malware installs and begins to monitor Internet Explorer, Chrome, and Firefox browser activities with the capability of grabbing screenshots and logging keystrokes. The attacker’s ultimate goal is stealing these login credentials that give access to corporate and financial data.

Distribution of malware by email using malicious Word and Excel files containing macros is on the rise. Popular malware used by cyber criminals including Dridex, Vawtrack, Betabot, and Rovnix have been distributed using this tactic. Based on data analyzed by Cisco Managed Threat Defense Team, email attacks where macros are the method of infection are up 50% from February and have more than doubled since October of last year.

email-attacks-per-month-clustered

Email Attacks per Month

Keep reading to learn more about Email Attacks Using Malicious Macros

Tags: , , , , ,

Dridex Attacks Target Corporate Accounting

In February, Cisco Managed Threat Defense (MTD) security investigators detected a rash of Dridex credential-stealing malware delivered via Microsoft Office macros. It’s effective, and the lures appear targeted at those responsible for handling purchase orders and invoices. Here’s a breakdown of the types of emails we’ve observed phishing employees and inserting trojans into user devices.

Subjects captured from Dridex campaign in February 2015

Subjects captured from Dridex campaign in February 2015

Read More »

Tags: , , , , ,

Fake Volume License Trojan Targets Corporate Users and Evades Sandboxes

Two weeks ago, multiple Cisco Managed Threat Defense (MTD) customers received an email that appeared to come from the Microsoft Volume Licensing Service Center (VLSC).  The email shown below is very similar to the real email Microsoft sends.  It had a personalized welcome line and appears to contain a link to login to the Volume Licensing Service Center:

The phish email supposedly from Microsoft Volume Licensing

The phish email supposedly from Microsoft Volume Licensing

Read More »

Tags: , ,

Reducing the Attack Surface: Takeaways from the 2015 Annual Security Report

As the Cisco 2015 Annual Security Report shows, current security approaches aren’t sufficient. Attackers are shifting methods and becoming more sophisticated in their approaches, users are unwittingly complicit enablers, and defenders struggle to keep up with all of these things. It is time for defenders to take a different approach to security that not only outwits attackers but also makes security a competitive advantage that enables business growth.

By taking a threat-centric and operational approach to security, organizations can reduce complexity and fragmentation, while providing superior visibility, continuous control, and advanced threat protection across the extended network and the entire attack continuum.

Using Cisco technology, this approach is enabled by broad visibility for superior intelligence across the extended network, where all the solutions a customer deploys communicate with each other. Organizations using siloed solutions will have holes in their security. Siloed solutions do not provide full protection since they do not communicate with one another, thus leaving security gaps and the inability to create actionable intelligence.

Cisco can provide a holistic solution to this problem by reducing the attack surface and extending protection across the network – before, during and after attacks.

Read More »

Tags: , , , , , ,

Threat Detection: A Big Data Approach to Security

Cisco recently announced the availability of Managed Threat Defense (MTD), an innovative managed security solution that applies real-time, predictive analytics to detect attacks and protect against advanced malware across extended networks. MTD helps our customers address the ever-changing nature of threats that threaten their most important asset—data. MTD is delivered through a cost-effective business model that allows our customers to leverage Cisco’s investment in security technology, global threat intelligence knowledge base, talent, and global reach.

To learn more about MTD, watch the video datasheet below:

While developing this solution, the MTD development team talked to dozens of customers around the world. As a result of these discussions, two dominant themes emerged:

Read More »

Tags: ,