Avatar

Talos Group

Talos Security Intelligence & Research Group

The Talos Security Intelligence and Research Group (Talos) is made up of leading threat researchers supported by sophisticated systems to create threat intelligence for Cisco products that detects, analyzes and protects against both known and emerging threats. Talos maintains the official rule sets of Snort.org, ClamAV, SenderBase.org and SpamCop. This blog profile is managed by multiple authors with expertise that spans software development, reverse engineering, vulnerability triage, malware investigation and intelligence gathering.

Talos is the primary team that contributes threat information to the Cisco Collective Security Intelligence (CSI) ecosystem. Cisco CSI is shared across multiple security solutions and provides industry-leading security protections and efficacy. In addition to threat researchers, CSI is driven by intelligence infrastructure, product and service telemetry, public and private feeds and the open source community.

Articles

March 30, 2020

THREAT RESEARCH

COVID-19 relief package provides another platform for bad actors

The ongoing COVID-19 pandemic continues to yield new subject matter that bad actors can turn into fodder for enticing victims into clicking on malicious links and attachments. On March 27, the CARES Act was signed into law by the President, enacting a wide range of stimulus packages designed to aid Americans and businesses during the […]

March 27, 2020

THREAT RESEARCH

Threat Roundup for March 20 to March 27

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar 20 and Mar 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

March 26, 2020

THREAT RESEARCH

Threat Update: COVID-19

The COVID-19 pandemic is changing everyday life for workers across the globe. Cisco Talos continues to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns. Talos has not yet observed any new techniques during this event. Rather, we have seen malicious actors […]

March 20, 2020

THREAT RESEARCH

Threat Roundup for March 13 to March 20

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar 13 and Mar 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

March 13, 2020

THREAT RESEARCH

Threat Roundup for March 6 to March 13

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar 6 and Mar 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

March 6, 2020

THREAT RESEARCH

Threat Roundup for February 28 to March 6

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 28 and Mar 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

March 5, 2020

THREAT RESEARCH

Bisonal: 10 years of play

Bisonal is a remote access trojan (RAT) that’s part of the Tonto Team arsenal. The peculiarity of the RAT is that it’s been in use for more than 10 years — this is an uncommon and long period for malware. Over the years, it has evolved and adapted mechanisms to avoid detection while keeping the core of […]

February 28, 2020

THREAT RESEARCH

Threat Roundup for February 21 to February 28

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 21 and Feb 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]

February 25, 2020

THREAT RESEARCH

New Research Paper: Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem

Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the ability of some technologies to detect the packed malware. High entropy is […]