It may surprise you to know that Cisco security researchers have been fighting quietly, for more than a decade, on your behalf to defeat cyber criminals.

Cisco Talos, our security intelligence and response organization, is an elite group of security experts focused on protecting you and your organizations from threats. Their tireless pursuit of attackers has resulted in the takedown of several notorious adversaries. Late last year, Talos researchers disrupted a significant international revenue stream generated by the Angler Exploit Kit that was linked to several high-profile malvertising/ransomware campaigns, which targeted up to 90,000 victims a day and is estimated to have generated more than $34 million annually.

I’d like to share some insights from one of their most successful criminal takedowns.

One year ago, Cisco and Internet service provider Level 3 Communications teamed up to takedown SSHPsychos. This sophisticated group of hackers had been building one of the largest distributed denial-of-service (DDoS) weapons in the world using Secure Shell (SSH), an encrypted terminal service that allows legitimate users to gain secure remote access to networks.

SSHPsychos“This was the most blatant daylight robbery we had ever seen,” said Craig Williams, senior technical leader from the Talos team.

Before their efforts were thwarted by Talos, these adversaries were responsible for producing a third of all SSH activity on the entire Internet. The actions of the Talos threat intelligence team severely degraded the group’s ability to hack servers and potentially disrupt business operations for thousands of organizations. Talos helped our customers save valuable time, money and resources by getting to the heart of the attack source.

The Good Fight chronicles the Talos team’s efforts that led to the discovery of SSHPsychos, and pulls back the curtain to show how our Talos researchers, together with Level 3 Communications, crippled this malicious group. SSHPsychos is just one example of the highly organized and well-funded groups that Talos defends against daily. I encourage you to read about this discovery and learn more about how these dedicated researchers work relentlessly to protect the Internet for us all.


Martin Roesch

Vice President and Chief Architect

Cisco Security Business Group