Cisco Talos Blog

June 7, 2021 08:00

Intelligence-driven disruption of ransomware campaigns

By Neil Jenkins and Matthew Olney. Note: Our guest co-author, Neil Jenkins, is the Chief Analytic Officer at the Cyber Threat Alliance. He leads the CTA's analytic efforts, focusing on the development of threat profiles, adversary playbooks and other analysis using the threa

April 7, 2021 08:06

Sowing Discord: Reaping the benefits of collaboration app abuse

As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ

March 23, 2021 16:50

Defending Microsoft Exchange from encrypted attacks with Cisco Secure IPS

This blog was authored by Brandon Stultz Microsoft released fixes for several critical vulnerabilities in Exchange Server earlier this month. One of these vulnerabilities (CVE-2021-26855) — aka "ProxyLogon" — is especially dangerous. ProxyLogon is a server-side request

February 9, 2021 14:17

Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows

* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others h

September 29, 2020 12:41

LodaRAT Update: Alive and Well

* During our continuous monitoring of LodaRAT, Cisco Talos observed changes in the threat that add new functionality. * Multiple new versions of LodaRAT have been spotted being used in the wild. * These new versions of LodaRAT abandoned their previous obfuscation techniques.

March 31, 2020 13:23

Trickbot: A primer

The group behind Trickbot has expanded its activities beyond credential theft into leasing malware to APT groups.

February 25, 2020 16:37

New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem

Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can i

February 12, 2020 14:45

Loda RAT Grows Up

By Chris Neal. * Over the past several months, Cisco Talos has observed a malware campaign that utilizes websites hosting a new version of Loda, a remote access trojan (RAT) written in AutoIT. * These websites also host malicious documents that begin a multi-stage infection c

July 31, 2019 11:02

Malvertising: Online advertising's darker side

Executive summary One of the trickiest challenges enterprises face is managing the balance between aggressively blocking malicious advertisements (aka malvertising) and allowing content to remain online, accessible for the average user. The days of installing a basic ad blocker