Tuesday, October 13, 2015

Project Aspis


One of the hardest jobs on the Internet is to work the abuse desk at a hosting provider.  These teams have to strike a difficult balance between protecting their customers, ensuring that their services aren’t being abused by malicious actors and delivering the service and convenience their customers expect.  They don’t get near enough credit for their work.

Recently, Talos had the privilege to work with the abuse team from Limestone Networks.  In the course of our joint investigation, we learned that Limestone Networks had been working against the same actor abusing their services for months.  Based on our findings, this actor was costing them approximately $10,000 a month in fraudulent charges plus wasted engineering time and the overhead of managing the abuse tickets this actor was causing.  By working together, Talos and Limestone Networks were able to make their network a difficult one for the actor to work in by rapidly identifying and terminating the systems they were trying to use.  As a result, the actor moved off of their network.

The results of this experience were so positive, both for Limestone Networks and Talos, that today Talos is announcing Project Aspis.

What is Project Aspis?
Provided by Talos, Project Aspis assists hosting providers, in certain situations, who are dealing with malicious actors who are persistent in their environment and a threat to others on the Internet.

How does it work?
Working together with the hosting provider -- at no cost -- Talos will share its expertise, resources and capabilities.  Network and systems forensics, reverse engineering, threat intelligence sharing and, in the right circumstances, even a dedicated research engineer to work with.  This collaboration will help the hosting provider maintain a safe and cost-effective environment and assist Talos in its mission of pissing off the bad guys.

What to do if you’re affected?
Any hosting provider can request our help by emailing project-aspis@external.cisco.com.  In the email, please include the following information:

  • Dedicated point of contact with email and phone
  • A description of the situation you are facing
  • Any forensic information you can share up front
  • Any indicators of compromise you’re already leveraging

Project Aspis is Talos’ next step to extend our efforts to protect our customers beyond their perimeter. Collaborations like this create the foundations necessary for quickly identifying and degrading large-scale threat actors, reduce the costs for hosting providers and protect our customers before a packet even reaches their network -- helping build a safer Internet for everyone.

No comments:

Post a Comment