Threat Research
Bedep Lurking in Angler’s Shadows
This post is authored by Nick Biasini. In October 2015, Talos released our detailed investigation of the Angler Exploit Kit which outlined the infrastructure and monetary impact of an exploit kit campaign delivering ransomware. During the investigation we found that two thirds of Angler’s payl…
The Internet of Things Is Not Always So Comforting
Over the past few years, the Internet of Things (IoT) has emerged as reality with the advent of smart refrigerators, smart HVAC systems, smart TVs, and more. Embedding internet-enabled devices into everything presents new opportunities in connecting these systems to each other, making them “sm…
Bypassing MiniUPnP Stack Smashing Protection
This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software i…
Overcoming the DNS “Blind Spot”
[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard] The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring D…
Rigging compromise – RIG Exploit Kit
This Post was Authored by Nick Biasini, with contributions by Joel Esler Exploit Kits are one of the biggest threats that affects users, both inside and outside the enterprise, as it indiscriminately compromises simply by visiting a web site, delivering a malicious payload. One of the challenges wit…
Cognitive Research: Fake Blogs Generating Real Money
Summary In the past several months Cisco Cognitive Threat Analytics (CTA) researchers have observed a number of blog sites using either fake content or content stolen from other sites to drive traffic to click on ad-loaded web sites. We have observed traffic volume up to 10,000 requests per hour, ta…
SYNful Knock: Protect Your Credentials, Protect Your Network
Interest in IT security has never been higher. So when a new type of attack comes along, it attracts the attention of our customers and others in the industry. Earlier this week Cisco and Mandiant/Fireye released information about the so-called SYNful Knock malware found on Cisco networking devices.…
My Resume Protects All Your Files
This post was authored by Nick Biasini Talos has found a new SPAM campaign that is using multiple layers of obfuscation to attempt to evade detection. Spammers are always evolving to get their messages to the end users by bypassing SPAM filters while still appearing convincing enough to get a user…
Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense
This post was authored by Nick Biasini Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught ou…