targeted attacks

July 26, 2018

SECURITY

Using machine learning to target threats

This blog post begins with a joke about two people in a forest and a bear. A bear appears out of nowhere and starts to chase these two guys during their walk in the forest. Surprised, they both start running for their lives, but then one of them stops to put on his running shoes. His buddy says, “Wh…

June 30, 2014

SECURITY

Threat Spotlight: A String of ‘Paerls’, Part One

This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman.  Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attem…

July 19, 2013

SECURITY

Zeus Botnet Impersonating Trusteer Rapport Update

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer pr…

June 13, 2013

SECURITY

Scope of ‘KeyBoy’ Targeted Malware Attacks

On June 6, 2013, malwaretracker.com released an analysis of Microsoft Office-based malware that was exploiting a previously unknown vulnerability that was patched by MS12-060. The samples provided were alleged to be targeting Tibetan and Chinese Pro-Democracy Activists. On June 7, 2013, Rapid7 relea…

May 7, 2013

SECURITY

The Effects of #OpUSA

In the days leading up to #OpUSA, security professionals were busy making preparations for the supposed flood of new attacks coming on 7 May 2013. As we mentioned on 1 May 2013, publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist onl…

May 4, 2013

SECURITY

Department of Labor Watering Hole Attack Confirmed to be 0-Day with Possible Advanced Reconnaissance Capabilities

Update 2 5/9/2013: Microsoft has released a “Microsoft fix it” as a temporary mitigation for this issue on systems which require IE8. At this time, multiple sites have been observed hosting pages which exploit this vulnerability. Users of IE8 who cannot update to IE9+ are urged to apply…

May 1, 2013

SECURITY

Coordinated Attacks Against the U.S. Government and Banking Infrastructure

Prologue On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out…

February 27, 2013

SECURITY

Missing the Mark on Cloud-based Intelligence

This week, Juniper Networks announced a new cloud-based threat intelligence service focused on fingerprinting attackers’ individual devices. We’d like to officially welcome Juniper to the cloud-based security intelligence market—a space where Cisco has a proven track record of leadership through Sec…