2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many new attacks including backdoors in legitimate software such as CCleaner, designed to target high tech companies as well as M.E.Doc, responsible for initial spread of Nyetya. Despite all those, headline making attacks are only a small part of the day to day protection provided by security systems.

In this post we review some of the findings created by investigating the most frequently triggered Snort signatures as reported by Cisco Meraki systems and included in the Snort default policy set.