The Real IoT Opportunity for Enterprises? A Chance to Address Security Risks Head On
IoT and IoT-related threats are very real. A massive compromise of IoT devices can severely disrupt not only organizations, but also the Internet itself. Fortunately, we are still in the early days of the IoT, which means there’s still time for defenders to do their part to help secure it.
The Value of Collaboration in Weakening Attackers
Today’s attackers deploy complex and clever threats that are difficult to combat with just one method of defense. In some cases, defenders must go beyond tools for detecting attacks and devise a different approach for obstructing our adversaries’ ability to operate. As detailed in the Cisco 2016 Annual Security Report...
Midyear Security Report: Exploit Kits and Ransomware Get Creative
The modern online adversary is out to make money, not simply hack networks for the fun of it. In the Cisco 2015 Midyear Security Report, there’s yet more evidence that criminals are using tools with ever-increasing sophistication to steal valuable personal or financial data and sell it, coerce users into paying ransoms for their own […]
Threat Spotlight: “A String of Paerls”, Part 2, Deep Dive
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and […]
Threat Spotlight: A String of ‘Paerls’, Part One
This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman. Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this […]
Fake German Bill Spam Campaign Spreads Malware
Update 2014-01-10: This malicious campaign has expanded to include emails that masquerade as bills from NTTCable and from VolksbankU Update 2014-01-21: We’ve updated the chart to include the Vodafon emails and latest URL activity English language has emerged as the language of choice for international commerce. Since people throughout the world are used to receiving English […]
The Internet of Everything, Including Malware
We are witnessing the growth of the Internet of Everything (IoE), the network of embedded physical objects accessed through the Internet, and it’s connecting new devices to the Internet which may not traditionally have been there before. Unfortunately, some of these devices may be deployed with a security posture that may need improvement. Naturally when we saw […]
Massive Increase in Reconnaissance Activity – Precursor to Attack?
Update 2013-11-12: Watch our youtube discussion Update 2013-11-05: Upon further examination of the traffic we can confirm that a large percentage is destined for TCP port 445. This is indicative of someone looking for nodes running SMB/DCERPC. With that in mind it is extremely likely someone is looking for vulnerable windows machines or it is quite possible that […]
Zeus Botnet Impersonating Trusteer Rapport Update
Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called […]