Avatar

Jaeson Schultz

Technical Leader

Cisco Talos Security Intelligence & Research Group

Jaeson Schultz is a Technical Leader for Cisco Talos Security Intelligence & Research Group. Cisco's Talos Group is dedicated to advancing the state-of-the-art of threat defense and enhancing the value of Cisco's security products.

Jaeson has over 20 years’ experience in Information Security. Jaeson's computer experience ranges from hardware hacking, to log analysis and security policy recommendation, to thwarting misuse of Internet application layer protocols like DNS, HTTP, and SMTP. Prior to working in Information Security, Jaeson studied Computer Science at the University of Nevada at Las Vegas. Jaeson also currently holds an Amateur Extra radio license from the FCC under the call sign K8YJO.

Articles

September 17, 2014

THREAT RESEARCH

Help! My IP Address Has Been Hijacked!

SpamCop is a free, community-based spam email reporting service provided by Cisco. SpamCop analyzes reported spam, and extracts details about the sending IP, the URLs contained in the spam, and the networks over which the spam message has transited. This information is used to create the SpamCop Block List (SCBL). The SCBL a list of […]

September 5, 2014

THREAT RESEARCH

Danger at the Retail Point of Sale

This blog post was authored by Martin Lee and Jaeson Schultz. With the announcement that yet another major retailer has allegedly been breached, it is important to review how attackers compromise retail systems and how such intrusions can be prevented. In this latest case, retailers are working to determine if a large cache of credit […]

July 28, 2014

SECURITY

Far East Targeted by Drive by Download Attack

This blog was co-authored by Kevin Brooks, Alex Chiu, Joel Esler, Martin Lee, Emmanuel Tacheau, Andrew Tsonchev, and Craig Williams.   On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews.com was serving malicious Adobe Flash content. This site is a Chinese language news website covering events in East Asia from a […]

May 30, 2014

SECURITY

Walking in a Winter Wonderland

It is not uncommon to see an anti-spam system catch >99% of the spam passing through it. Most of the best anti-spam systems catch >99.9% of spam. In this environment, spammers try just about anything to evade spam filters. Some spammers believe that blasting at high volume is the key to success. Others believe complete […]

May 2, 2014

SECURITY

Spam Hits Three Year High-Water Mark

Takedowns of prolific spam botnets, such as Rustock in 2011 and Grum in 2012, had a substantial effect on reducing overall global spam volumes. This, combined with diminishing returns for spammers sending via bots, had left many email recipients basking in the comfort of (mostly) clean inboxes. No doubt this downward trend in global spam […]

January 31, 2014

SECURITY

Attack Attribution and the Internet of Things

On January 16, 2014, Proofpoint discussed a spam attack conducted via “smart devices which have been compromised.” Among the devices cited by Proofpoint as participating in the “Thingbot” were routers, set-top boxes, game consoles, and purportedly, even one refrigerator. Of course, news about a refrigerator sending spam generates considerable media attention, as it should, since […]

January 10, 2014

SECURITY

When Network Clocks Attack

In October 2013, Cisco TRAC discussed Network Time Protocol (NTP) as a possible vector for amplified distributed denial of service (DDoS) attacks. Litnet CERT has since revealed that their NTP servers were used in a denial of service (DoS) attack. Symantec also published information regarding an NTP amplification-based DDoS attack that occurred in December 2013. On December 7, 2013, a hackforums.net user posted an NTP amplification DDoS script to Pastebin. The NTP DDoS script is heavily obfuscated Perl, though the plain text at the top credits the "leaking" of the script to an individual who goes by the handle Starfall. Brian Krebs also mentioned someone going by the name Starfall as a paying user of booter.tw. They may be the same person.

January 9, 2014

SECURITY

Malicious Ads from Yahoo Just the Tip of the Iceberg

When Fox-IT published their report regarding malvertisements coming from Yahoo, they estimated the attack began on December 30, 2013, while also noting that other reports indicated the attack may have begun earlier. Meanwhile, Yahoo intimated a different timeframe for the attack, claiming “From December 31 to January 3 on our European sites, we served some […]

October 25, 2013

SECURITY

A Smorgasbord of Denial of Service

On October 22, 2013, Cisco TRAC Threat Researcher Martin Lee wrote about Distributed Denial of Service (DDoS) attacks that leverage the Domain Name System (DNS) application protocol. As Martin stated, the wide availability of DNS open resolvers combined with attackers’ ability to falsify the source of User Datagram Protocol (UDP) packets creates a persistent threat […]