targeted attacks

July 26, 2018

SECURITY

Using machine learning to target threats

3 min read

This blog post begins with a joke about two people in a forest and a bear. A bear appears out of nowhere and starts to chase these two guys during...

June 30, 2014

SECURITY

Threat Spotlight: A String of ‘Paerls’, Part One

5 min read

This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman.  Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this […]

July 19, 2013

SECURITY

Zeus Botnet Impersonating Trusteer Rapport Update

1 min read

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called […]

June 13, 2013

SECURITY

Scope of ‘KeyBoy’ Targeted Malware Attacks

2 min read

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 released an analysis of malware dubbed ‘KeyBoy,’ also exploiting unknown vulnerabilities in Microsoft Office, similarly patched by MS12-060, […]

May 7, 2013

SECURITY

The Effects of #OpUSA

2 min read

In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In […]

May 4, 2013

SECURITY

Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities

2 min read

Update 2 5/9/2013: Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply the Fix It immediately. Update 5/6/2013: An […]

May 1, 2013

SECURITY

Coordinated Attacks Against the U.S. Government and Banking Infrastructure

8 min read

Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to […]

February 27, 2013

SECURITY

Missing the Mark on Cloud-based Intelligence

This week, Juniper Networks announced a new cloud-based threat intelligence service focused on fingerprinting attackers’ individual devices. We’d like to officially welcome Juniper to the cloud-based security intelligence market—a space where Cisco has a proven track record of leadership through Security Intelligence Operations (SIO). Imitation is indeed the sincerest form of flattery, but in Juniper’s […]