Cisco Blogs

Cisco Blog > Security

Fake German Bill Spam Campaign Spreads Malware

Update 2014-01-10: This malicious campaign has expanded to include emails that masquerade as bills from NTTCable and from VolksbankU

Update 2014-01-21: We’ve updated the chart to include the Vodafon emails and latest URL activity

English language has emerged as the language of choice for international commerce. Since people throughout the world are used to receiving English language emails, spammers have 

TRAC-tank-vertical_logoalso adopted the English language as the means of getting their message to large numbers of international recipients. However, spam messages that are written in a local language and that reference local companies can be particularly enticing for recipients to open because they do not expect malicious messages to be written in anything other than English. Cisco has observed and blocked a large number of malicious spam messages written in German language masquerading as phone billing statements. Initially the spam run masqueraded as Telekom Deutschland, with subsequent messages masquerading as messages from NTTCable  and Volksbank.

Cisco TRAC was able to locate what appears to be a single attack attempt, likely a test run, on 2013-12-16 however the majority of the attack started on 2014-01-05 and is ongoing. The malware is currently targeting users as depicted in the heap map below. The vast majority of attacks are occurring in Germany. It is reported that the end goal of this malware is to harvest credentials.

This heat-map represents the malicious URL activity we have detected and blocked:


Read More »

Tags: , , ,

SecCon and the Limits of the Human Mind

One of the things I like best about Cisco’s focus on security is the internal SecCon conference we put on each year. It focuses on security threats, defenses, and innovation. Although I participate as a trainer, organizer, and reviewer, my favorite role this year was as an attendee. The conference theme, The State of the Hack, encompassed many elements, but the key one for me was trust and the human element.

The two external keynotes set the tone for talking about trust. Bruce Schneier started by pointing out that trust is an inherent element of living in a society of humans. It allows people to work together, and enables banking, transport, commerce, government, and all the elements necessary for a society to function. Without it, we’d have to raise our own food, and live independently of electricity, money, and even neighbors. Bruce mentioned the four mechanisms that enforce trust: morals, reputation, institutional (rules), and security systems. As security practitioners, we tend to focus on the latter, but should remember the first three as well. Reputation is the currency of trust, and is what allows us to trust financial institutions, police, friends, and our food supply. Reputation takes a long time to build up, over many interactions. Banks and stores need to be in business for years to build trust. You trust your friends and neighbors gradually with money, keys, and babysitting. But trust can be destroyed in just one action, as many transgressing politicians and security-breached vendors can attest.

Read More »

Tags: ,

OpenSSL Website Breached Via Hypervisor Management Interface Misconfiguration

The website of the OpenSSL project, which provides a widely-used SSL/TLS implementation, was breached on 29th December and defaced ( announcement). This defacement only affected the website of the project, however. The OpenSSL project has since checked the cryptographic hashes of the OpenSSL source code and confirmed that the source code has not been modified or compromised in any way. A compromise of the source code could result in a backdoor or other vulnerability being introduced. This is an important point since the Debian release of OpenSSL in 2006 had a bug which weakened the random number generator (wikipedia). However, the most worrying development of this breach is the way that the website was compromised, which was through the virtualization infrastructure of their hosting provider IndIT Hosting.

Whilst there are many potential avenues of attack against a website, what makes this attack notable is that instead of attacking the website directly, they attacked the hosting infrastructure of the website itself. In this case, it was the Virtual Machine hosting infrastructure operated by the hosting provider. VMWare, whose products were used to host the OpenSSL website issued the following statement:

Read More »


The Cisco RV325 – The newest edition to the Cisco Small Business Routing Portfolio

Now that the Holidays are upon us, and we look forward to 2014, the Cisco Small Business team continues to raise the Small Business networking bar with the introduction of the all new Cisco RV325. This Dual WAN, 14-port VPN Router, provides all of the same performance, security and reliability of the RV320 launched last June. Both routers are perfect for fast-growing small businesses or branch deployments. So if you are looking for more ports in the same enclosure, the RV325 is the Small Business router to take a look at.

RV320 and RV325

RV320 and RV325

Like the it’s smaller sibling the RV320, the RV325 is a perfect match with the Cisco Small Business SG300 Series Switches and WAP500 Series Access Points. As you saw from my last Blog, the WAP551 and WAP561 boasts a nice feature-set including Captive Portal and Single Point Set-up. The WAP 551/561 are controller-less Access Points meaning additional hardware is not required. The SG300 Series offers a nice blend of features at an affordable price and are designed Small Business. It has most of the features that can be found in today’s Enterprise-class Switches.

This formidable combination makes for the perfect solution for that many Small Businesses and Organizations can take advantage of. Add in our portfolio of award-winning Cisco Small Business Services, and you have a solution that all that guarantees a positive experience from Cisco Small Business Team.

One Option for this solution is the newly launched 200 Series of Smart Switches. There are four new models including 10-, 24-, 26-, and 50-port switches. These Full Power PoE Smart Switches are a great alternative as they offer a generous feature-set, solid performance and even greater affordability.

SG200 Series PoE Smart Switch

SG200 Series PoE Smart Switch


Happy Holidays and Happy New Year’s from the Team at Cisco Small Business.







Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Summary: What Next-Generation Wi-Fi Models Could Mean for Secure Mobility

With the adoption of the Internet of Things and Internet of Everything, advances in mobility and next-generation Wi-Fi are driving faster speeds, higher signal quality and more reliable connectivity, but how are they changing the way we think about mobile security?

As more people connect to both wired and wireless networks via smart phones, tablets and laptops, security will continue to be a top concern. New Wi-Fi models, such as Beamforming and Wi-Fi Direct, are helping drive mobile devices to the faster, more secure 5GHz band, therefore offering secure ways to enable the Internet of Everything to connect more people, processes, data and things.

As mobility trends drive new expectations from networks, a strategic and architectural approach to secure mobility is essential, and next-generation Wi-Fi makes this possible.

Read the full What Next Generation Wi-Fi Could Mean for Secure Mobility blog to learn more.

Tags: , , , , , , , , , ,