Cisco Blogs
Share

How Cisco Talos is Fighting the Good Fight


May 24, 2016 - 2 Comments

It may surprise you to know that Cisco security researchers have been fighting quietly, for more than a decade, on your behalf to defeat cyber criminals.

Cisco Talos, our security intelligence and response organization, is an elite group of security experts focused on protecting you and your organizations from threats. Their tireless pursuit of attackers has resulted in the takedown of several notorious adversaries. Late last year, Talos researchers disrupted a significant international revenue stream generated by the Angler Exploit Kit that was linked to several high-profile malvertising/ransomware campaigns, which targeted up to 90,000 victims a day and is estimated to have generated more than $34 million annually.

I’d like to share some insights from one of their most successful criminal takedowns.

One year ago, Cisco and Internet service provider Level 3 Communications teamed up to takedown SSHPsychos. This sophisticated group of hackers had been building one of the largest distributed denial-of-service (DDoS) weapons in the world using Secure Shell (SSH), an encrypted terminal service that allows legitimate users to gain secure remote access to networks.

SSHPsychos“This was the most blatant daylight robbery we had ever seen,” said Craig Williams, senior technical leader from the Talos team.

Before their efforts were thwarted by Talos, these adversaries were responsible for producing a third of all SSH activity on the entire Internet. The actions of the Talos threat intelligence team severely degraded the group’s ability to hack servers and potentially disrupt business operations for thousands of organizations. Talos helped our customers save valuable time, money and resources by getting to the heart of the attack source.

The Good Fight chronicles the Talos team’s efforts that led to the discovery of SSHPsychos, and pulls back the curtain to show how our Talos researchers, together with Level 3 Communications, crippled this malicious group. SSHPsychos is just one example of the highly organized and well-funded groups that Talos defends against daily. I encourage you to read about this discovery and learn more about how these dedicated researchers work relentlessly to protect the Internet for us all.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. Security should be at the forefront of all companies - and it's nice to read how Cisco is leading the way - and has been long before others really recognized the myriad ways to having their security breached.

  2. Great Reading !