Cryptomining

July 22, 2020

SECURITY

Prometei botnet and its quest for Monero

1 min read

Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign employing a multi-modular botnet with multiple ways to spread and a payload focused on providing financial benefits for the attacker by mining the Monero online currency. The actor employs various methods to spread across the network, like SMB with […]

January 21, 2020

SECURITY

Breaking down a two-year run of Vivin’s cryptominers

1 min read

News Summary There is another large-scale cryptomining attack from an actor we are tracking as “Vivin” that has been active since at least November 2017. “Vivin” has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign. By Andrew Windsor. Talos has identified a new threat […]

November 13, 2019

THREAT RESEARCH

Hunting For LolBins

1 min read

Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of staying undetected within an organisation, usually during post-exploitation attack phases. Living-off-the-land tactics […]

September 17, 2019

THREAT RESEARCH

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

1 min read

A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware.

September 9, 2019

SECURITY

The Value of Threat Hunting

4 min read

Threat hunting, i.e. looking for threats that somehow got past your defenses, is featured in our Cisco Cybersecurity Series, "Hunting for Hidden Threats: Incorporating Threat Hunting Into Your Security Program."

July 1, 2019

THREAT RESEARCH

RATs and stealers rush through “Heaven’s Gate” with new loader

1 min read

Malware is constantly finding new ways to avoid detection. This doesn't mean that some will never be detected, but it does allow adversaries to increase the period of time between...

June 10, 2019

SECURITY

Cisco Encrypted Traffic Analytics: Necessity Driving Ubiquity

5 min read

Cisco's Encrypted Traffic Analytics (ETA) ensures the privacy of our most important business data and allowing us to detect malware that uses that same privacy to cover its tracks.

April 15, 2019

SECURITY

Black Hat Asia 2019: Watch Out for the Secondary Payload

5 min read

Cisco Security was a proud technology partner in the Network Operations Center (NOC) at Black Hat Asia, providing secure and open Internet access to attendees. See what the NOC discovered.