Articles
Attack Analysis with a Fast Graph
3 min read
This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda. Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, […]
Angling for Silverlight Exploits
6 min read
This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering. https://www.youtube.com/watch?v=Yrc0U3pjVZM Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we […]
Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN
7 min read
Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most criminal services in the underground, the dark art of traffic generation is a niche specialty that must be purchased to ensure drive-by campaign success. For the past year we have been tracking a threat actor (group) that compromises legitimate websites and redirects victims to EP landing pages. Over the past three months we observed the same actor using malvertising - leveraging content delivery networks (CDNs) to facilitate increased victim redirection - as part of larger exploit pack campaigns.
Understanding Security Through Probability
3 min read
This post was also authored by Min-yi Shen and Martin Lee. Security is all about probability. There is a certain probability that something bad will happen to your networks or your systems over the next 24 hours. Hoping that nothing bad will happen is unlikely to change that probability. Investing in security solutions will probably […]
Dynamic Detection of Malicious DDNS
6 min read
This post was co-authored by Andrew Tsonchev. Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence […]
Fiesta Exploit Pack is No Party for Drive-By Victims
5 min read
This post was also authored by Andrew Tsonchev and Steven Poulson. Update 2014-05-26: Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution. Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire’s Vulnerability Research […]
Detecting Payment Card Data Breaches Today to Avoid Becoming Tomorrow’s Headline
6 min read
A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at least three other well-known U.S. retailers”. Given the current […]
Big Data in Security – Part V: Anti-Phishing in the Cloud
8 min read
In the last chapter of our five part Big Data in Security series, expert Data Scientists Brennan Evans and Mahdi Namazifar join me to discuss their work on a cloud anti-phishing solution. Phishing is a well-known historical threat. Essentially, it’s social engineering via email and it continues to be effective and potent. What is TRAC currently doing […]
Big Data in Security – Part IV: Email Auto Rule Scoring on Hadoop
6 min read
Following part three of our Big Data in Security series on graph analytics, I’m joined by expert data scientists Dazhuo Li and Jisheng Wang to talk about their work in developing an intelligent anti-spam solution using modern machine learning approaches on Hadoop. What is ARS and what problem is it trying to solve? Dazhuo: From a high-level view, Auto […]
- 1
- 2