Cisco Blogs
Share

Combating evolving threats with a global intelligence network

- September 27, 2017 - 0 Comments

Hackers are always finding new ways to target service providers. But Cisco’s global intelligence network Talos can help protect them against the latest threats

In 2015, a group of hackers known as SSHPsychos were causing trouble. They were abusing service provider resources to try and guess people’s user names and passwords, in order to infect systems with malware that could launch distributed denial of service (DDoS) attacks.

And their methods were creating more traffic for secure shell (SSH) login attempts than the whole of the rest of the internet.

Talos, Cisco’s global threat intelligence network, had been monitoring the group’s actions for some time, and gained an understanding of their methods. We decided it was time to take action. So we worked with the US service provider Level 3  to remove some of the key network resources that SHHPsychos were using. That severely weakened the group, making the internet a safer place.

As the previous success of SSHPsychos shows, there are lots of risks to service providers out there. Hackers might try to disrupt your operations, like they did in the large-scale DDoS attack launched last year on the US company Dyn, which manages domain name services. The breach caused major disruptions to services for many large companies.

(If you’re interested in finding out more about the attack against Dyn, which used a botnet of just 100,000 IoT devices, and getting recommendations on how service providers can protect against this type of attack, Sam Rastogi’s blog is a great place to start.)

Hackers might also try and steal customer data, or use ransomware to shut down parts of your system until you pay up.

The methods hackers use change fast, and they are creative in finding new ways to attack. What’s more, the growth of the cloud and the number of connected devices is creating more potential ways to target networks. It’s hard for any one organisation to keep up.

A global intelligence network

That’s why Cisco security uses Talos . Our team of expert researchers monitors web requests, email traffic, and other data to gain an in-depth understanding of threats and their causes. Talos brings together expertise from a range of different sources including software development, malware research and intelligence analysis.

This means that we can create our security solutions using the latest intelligence, and update them as we learn more about how hackers are working.

So our customers can keep on top of global security threats as fast as they are developing.

Tackling threats by working together

Some of Talos’ best work comes through working in partnership with service providers. One of our biggest recent achievements was disrupting a group of hackers who were using the Angler exploit kit, which was linked to several high profile cyber attacks.

One hacker was using Angler to target up to 90,000 victims a day. And overall, the technology was thought to be generating $60m annually from ransomware infections alone.

Talos decided to carry out an in-depth analysis of the data it had on Angler , and found that a lot of its activity was related to one service provider, Limestone Networks. Talos then worked with Limestone to gather more information about how Angler worked. And the team deepened its knowledge through an ongoing collaboration with Level 3’s research team.

Once we understood how Angler worked, we updated our products so that our customers would not be affected by it. And we also added new rules to Snort, our open source threat detection and prevention software.

The best possible protection

By working in partnership with the service provider community, we can help protect their infrastructures from attack. But in today’s world, it would be naïve to assume that you can keep out all attackers, all of the time. Sooner or later, even the best defences will be breached.

Through the intelligence provided by Talos, Cisco can provide security solutions that combat threats before, during and after a cyber attack. In a dangerous world, it’s the best possible protection against the threats that service providers face.


Find out more about how Cisco Service Provider Security Solutions can help protect you against evolving global threats

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.