threat spotlight

June 27, 2019

THREAT RESEARCH

Welcome Spelevo: New exploit kit full of old tricks

Nick Biasini authored this post with contributions from Caitlyn Hammond....

October 24, 2017

THREAT RESEARCH

Threat Spotlight: Follow the Bad Rabbit

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly […]

April 21, 2017

THREAT RESEARCH

Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs

This post was authored by Nick Biasini Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape.  It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via […]

May 3, 2016

THREAT RESEARCH

Threat Spotlight: Spin to Win…Malware

This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious content is through malicious advertisements known as malvertising. Talos has […]

April 20, 2016

THREAT RESEARCH

Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit […]

October 6, 2015

THREAT RESEARCH

Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomwa …

This post was authored by Nick Biasini with contributions from Joel Esler, Nick Hebert, Warren Mercer, Matt Olney, Melissa Taylor, and Craig Williams. Executive Summary Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit.  Angler is one of the largest exploit kit […]

May 4, 2015

THREAT RESEARCH

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated analysis tools […]

April 27, 2015

THREAT RESEARCH

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008 Update 5/8: We’ve made the source code available via Github here Update 6/9/2016: We’ve released a tool to decrypt any TeslaCrypt Version After the takedown of Cryptolocker, we have seen the rise […]