Threat Research

January 22, 2016

SECURITY

Overcoming the DNS “Blind Spot”

2 min read

[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in […]

January 7, 2016

THREAT RESEARCH

Rigging compromise – RIG Exploit Kit

1 min read

This Post was Authored by Nick Biasini, with contributions by Joel Esler Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges with exploit kits is at any given time […]

September 23, 2015

SECURITY

Cognitive Research: Fake Blogs Generating Real Money

5 min read

Summary In the past several months Cisco Cognitive Threat Analytics (CTA) researchers have observed a number of blog sites using either fake content or content stolen from other sites to...

September 17, 2015

SECURITY

SYNful Knock: Protect Your Credentials, Protect Your Network

1 min read

Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices. You can read my earlier blog on […]

June 5, 2015

THREAT RESEARCH

My Resume Protects All Your Files

4 min read

This post was authored by Nick Biasini Talos has found a new SPAM campaign that is using multiple layers of obfuscation to attempt to evade detection.  Spammers are always evolving to get their messages to the end users by bypassing SPAM filters while still appearing convincing enough to get a user to complete the actions required […]

June 5, 2015

THREAT RESEARCH

Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense

6 min read

This post was authored by Nick Biasini Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught our attention due to  a change to the URL […]

May 20, 2015

THREAT RESEARCH

Little Links, Big Headaches

4 min read

This post was authored by Earl Carter & Jaeson Schultz. Talos is always fascinated by the endless creativity of those who send spam. Miscreants who automate sending spam using botnets are of particular interest. Talos has been tracking a spam botnet that over the past several months that has been spamming weight loss products, male erectile […]

May 4, 2015

THREAT RESEARCH

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

9 min read

This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated analysis tools […]

April 27, 2015

THREAT RESEARCH

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

7 min read

This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008 Update 5/8: We’ve made the source code available via Github here Update 6/9/2016: We’ve released a tool to decrypt any TeslaCrypt Version After the takedown of Cryptolocker, we have seen the rise […]