Cisco Talos Intelligence Blog

May 28, 2021 12:05

Threat Roundup for May 21 to May 28

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 21 and May 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral

May 7, 2021 15:05

Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs

By Caitlin Huey and Andrew Windsor with contributions from Edmund Brumaghin. * Lemon Duck continues to refine and improve upon their tactics, techniques and procedures as they attempt to maximize the effectiveness of their campaigns. * Lemon Duck remains relevant as the operat

April 7, 2021 08:04

Sowing Discord: Reaping the benefits of collaboration app abuse

As telework has become the norm throughout the COVID-19 pandemic, attackers are modifying their tactics to take advantage of the changes to employee workflows. * Attackers are leveraging collaboration platforms, such as Discord and Slack, to stay under the radar and evade organ

November 18, 2020 11:11

Back from vacation: Analyzing Emotet’s activity in 2020

By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails

July 6, 2020 16:07

WastedLocker Goes "Big-Game Hunting" in 2020

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *

July 1, 2020 11:07

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary * Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. * These campaigns make use of existing email threads from compromised acco

May 21, 2020 11:05

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and

May 11, 2020 11:05

Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer

By Nick Biasini, Edmund Brumaghin and Nick Lister. * Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months. * Complex maze of obfuscation and anti-analysis/evasion t

April 23, 2020 11:04

Threat Spotlight: MedusaLocker

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of