Cisco Talos Blog

November 18, 2020 11:00

Back from vacation: Analyzing Emotet’s activity in 2020

By Nick Biasini, Edmund Brumaghin, and Jaeson Schultz. Emotet is one of the most heavily distributed malware families today. Cisco Talos observes large quantities of Emotet emails being sent to individuals and organizations around the world on an almost daily basis. These emails

July 6, 2020 16:00

WastedLocker Goes "Big-Game Hunting" in 2020

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *

July 1, 2020 11:02

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary * Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. * These campaigns make use of existing email threads from compromised acco

May 21, 2020 11:23

Vulnerability Spotlight: Memory corruption vulnerability in GNU Glibc leaves smart vehicles open to attack

By Sam Dytrych and Jason Royes. Executive summary Modern automobiles are complex machines, merging both mechanical and computer systems under one roof. As automobiles become more advanced, additional sensors and devices are added to help the vehicle understand its internal and

May 11, 2020 11:00

Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer

By Nick Biasini, Edmund Brumaghin and Nick Lister. * Cisco Talos is detailing an information stealer, Astaroth, that has been targeting Brazil with a variety of lures, including COVID-19 for the past nine to 12 months. * Complex maze of obfuscation and anti-analysis/evasion t

April 23, 2020 11:37

Threat Spotlight: MedusaLocker

By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of

February 13, 2020 14:07

Threat actors attempt to capitalize on coronavirus outbreak

* Coronavirus is dominating the news and threat actors are taking advantage. * Cisco Talos has found multiple malware families being distributed with Coronavirus lures and themes. This includes emotet and several RAT variants. Executive Summary Using the news to try and incr

January 13, 2020 14:13

New Snort rules protect against recently discovered Citrix vulnerability

By Edmund Brumaghin, with contributions from Dalton Schaadt. Executive Summary Recently, the details of a critical vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway servers were publicly disclosed. This vulnerability is currently being tracked us

November 5, 2019 09:00

How adversaries use politics for compromise

By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were