Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

January 15, 2021

THREAT RESEARCH

Threat Roundup for January 8 to January 15

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between January 8 and January 15. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

January 6, 2021

THREAT RESEARCH

A Deep Dive into Lokibot Infection Chain

1 min read

News summary Lokibot is one of the most well-known information stealers on the malware landscape. In this post, we’ll provide a technical breakdown of one of the latest Lokibot campaigns. Talos also has a new script to unpack the dropper’s third stage. The actors behind Lokibot usually have the ability to steal multiple types of […]

December 21, 2020

THREAT RESEARCH

Talos Vulnerability Discovery Year in Review — 2020

1 min read

Cisco Talos' Systems Vulnerability Research Team discovered 231 vulnerabilities this year across a wide range of products. And thanks to our vendor partners, these vulnerabilities were patched and published before any attackers could exploit them. Mitigating possible zero-day breeches in your defenses is the easiest and fastest way to prevent wide-ranging and business-critical cyber attacks.

December 18, 2020

THREAT RESEARCH

Threat Roundup for December 11 to December 18

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between December 11 and December 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

December 17, 2020

THREAT RESEARCH

Talos Tools of the Trade

1 min read

If you’re looking for something to keep you busy while we’re all stuck inside during the holidays, Cisco Talos has a few tools for you you can play with in the coming days and weeks. We recently updated GhIDA to work with the latest version of IDA and we are releasing new features for the […]

December 14, 2020

THREAT RESEARCH

Threat Advisory: SolarWinds supply chain attack

1 min read

Cisco Talos is monitoring yesterday’s announcements by FireEye and Microsoft that a likely state-sponsored actor compromised potentially thousands of high-value government and private organizations around the world via the SolarWinds Orion product. FireEye reported on Dec. 8 that it had been compromised in a sophisticated attack in which state-sponsored actors stole sensitive red team tools. […]

December 11, 2020

THREAT RESEARCH

Threat Roundup for December 4 to December 11

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between December 4 and December 11. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

December 9, 2020

THREAT RESEARCH

FireEye Breach Detection Guidance

1 min read

Cyber security firm FireEye recently disclosed an incident that was reported to have resulted in the inadvertent disclosure of various internally developed offensive security tools (OSTs) that were used across FireEye red-team engagements. Some of these tools appear to be based on well-known offensive frameworks like Cobalt Strike. This is even evident in the naming […]

December 4, 2020

THREAT RESEARCH

Threat Roundup for November 27 to December 4

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 27 and December 4. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]

December 1, 2020

THREAT RESEARCH

Xanthe – Docker aware miner

1 min read

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered an interesting campaign affecting Linux systems employing a multi-modular botnet with several ways to spread and a payload focused on providing financial benefits for the attacker by mining Monero online currency. The actor […]

November 20, 2020

THREAT RESEARCH

Threat Roundup for November 13 to November 20

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 13 and November 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]

November 18, 2020

THREAT RESEARCH

Back from vacation: Analyzing Emotet’s activity in 2020

1 min read

By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sent automatically by previously infected systems   attempting to infect […]

November 17, 2020

THREAT RESEARCH

Nibiru ransomware variant decryptor

1 min read

Nikhil Hegde developed this tool. Weak encryption The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string “Nibiru” to compute the 32-byte key and 16-byte IV values. The […]

November 13, 2020

THREAT RESEARCH

Threat Roundup for November 6 to November 13

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 6 and November 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically […]

November 12, 2020

THREAT RESEARCH

CRAT wants to plunder your endpoints

1 min read

By Asheer Malhotra. Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT. Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint. One of the plugins is a ransomware known as “Hansom.” CRAT has been attributed to the Lazarus […]

November 6, 2020

THREAT RESEARCH

Threat Roundup for October 30 to November 6

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 30 and November 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

October 30, 2020

THREAT RESEARCH

Threat Roundup for October 23 to October 30

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between October 23 and October 30. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

October 30, 2020

THREAT RESEARCH

Cisco Talos Advisory on Adversaries Targeting the Healthcare and Public Health Sector

1 min read

Background Cisco Talos has become aware that an adversary is leveraging Trickbot banking trojan and Ryuk ransomware to target U.S. hospitals and healthcare providers at an increasing rate. Security journalists reported on October 28, 2020 that the adversary was preparing to encrypt systems at “potentially hundreds” of medical centers and hospitals, based on a tip from a […]