threat spotlight
Back from vacation: Analyzing Emotet’s activity in 2020
1 min read
By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sent automatically by previously infected systems attempting to infect […]
Welcome Spelevo: New exploit kit full of old tricks
1 min read
Nick Biasini authored this post with contributions from Caitlyn Hammond....
Threat Spotlight: Follow the Bad Rabbit
1 min read
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly […]
Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs
1 min read
This post was authored by Nick Biasini Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape. It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via […]
Threat Spotlight: Spin to Win…Malware
1 min read
This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious content is through malicious advertisements known as malvertising. Talos has […]
Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries
1 min read
This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit […]
Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomwa …
3 min read
This post was authored by Nick Biasini with contributions from Joel Esler, Nick Hebert, Warren Mercer, Matt Olney, Melissa Taylor, and Craig Williams. Executive Summary Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit. Angler is one of the largest exploit kit […]
Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
9 min read
This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other. As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples. Better static, dynamic, and automated analysis tools […]