threat spotlight

November 18, 2020

THREAT RESEARCH

Back from vacation: Analyzing Emotet’s activity in 2020

1 min read

By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails are typically sent automatically by previously infected systems   attempting to infect […]

June 27, 2019

THREAT RESEARCH

Welcome Spelevo: New exploit kit full of old tricks

1 min read

Nick Biasini authored this post with contributions from Caitlyn Hammond....

October 24, 2017

THREAT RESEARCH

Threat Spotlight: Follow the Bad Rabbit

1 min read

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly […]

April 21, 2017

THREAT RESEARCH

Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs

1 min read

This post was authored by Nick Biasini Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape.  It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via […]

May 3, 2016

THREAT RESEARCH

Threat Spotlight: Spin to Win…Malware

1 min read

This post was authored by Nick Biasini with contributions from Tom Schoellhammer and Emmanuel Tacheau The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious content is through malicious advertisements known as malvertising. Talos has […]

April 20, 2016

THREAT RESEARCH

Threat Spotlight: Exploit Kit Goes International Hits 150+ Countries

1 min read

This post authored by Nick Biasini Talos is constantly monitoring the threat landscape and exploit kits are a constantly evolving component of it. An ongoing goal of Talos is to expose and disrupt these kits to protect the average internet user being targeted and compromised. We were able to gain unprecedented insight into Angler exploit […]

October 6, 2015

THREAT RESEARCH

Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomwa …

3 min read

This post was authored by Nick Biasini with contributions from Joel Esler, Nick Hebert, Warren Mercer, Matt Olney, Melissa Taylor, and Craig Williams. Executive Summary Today, Cisco struck a blow to a group of hackers, disrupting a significant international revenue stream generated by the notorious Angler Exploit Kit.  Angler is one of the largest exploit kit […]

May 4, 2015

THREAT RESEARCH

Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors

9 min read

This post was authored by Ben Baker and Alex Chiu. Executive Summary Threat actors and security researchers are constantly looking for ways to better detect and evade each other.  As researchers have become more adept and efficient at malware analysis, malware authors have made an effort to build more evasive samples.  Better static, dynamic, and automated analysis tools […]