Cryptomining
Breaking down a two-year run of Vivin’s cryptominers
News Summary There is another large-scale cryptomining attack from an actor we are tracking as “Vivin” that has been active since at least November 2017. “Vivin” has consistently evolved over the past few years, despite having poor operational security and exposing key detai…
Hunting For LolBins
Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of stayin…
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”
By Christopher Evans and David Liebenberg. Executive summary A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor w…
RATs and stealers rush through “Heaven’s Gate” with new loader
Malware is constantly finding new ways to avoid detection. This doesn’t mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines…
Cisco Encrypted Traffic Analytics: Necessity Driving Ubiquity
In June 2017, Cisco announced the Encrypted Traffic Analytics (ETA) solution – a breakthrough technology stack that allows us to gain insight into encrypted traffic without decryption. That insight provides an unprecedented view into the use of encryption across your entire network and allows us to…
Black Hat Asia 2019: Watch Out for the Secondary Payload
Black Hat 2019 returned to Singapore with Black Hat Asia with four days of Trainings and Briefings, with the Business Hall. Cisco Security is proud to be a Technology Partner of Black Hat in the Network Operations Center’s (NOC) Security Operations. The focus of the NOC is to provide secure and open…
Cisco Security at Work: Threatwall at Mobile World Congress 2019
If you attended a Cisco Live or an RSA conference in the past couple of years you may have come across a display entitled “Cisco Security at Work”. This display, often referred to as the Threatwall, is a live display of threats on the wireless network at the conferences where it is deployed. Current…
Malicious Cryptomining is Exploding. Are you at risk?
Cryptocurrency is making it easier for hackers to get paid while protecting their anonymity. Malicious cryptomining is on the rise – moving more mainstream, and as a result, more profitable than ever. And the market volatility of cryptocurrency makes this emerging threat more financially lucra…
Today’s critical threats: A Cisco Security threat report
For more than a decade, Cisco’s security reports have been a definitive source of intelligence for security professionals interested in the state of the global industry. These comprehensive reports provided detailed accounts of the threat landscape and their organizational implications. Today we are…