Cisco Talos Intelligence Blog

March 1, 2022 19:03

Crowd-sourced attacks present new risk of crisis escalation

This post is also available in: 日本語 (Japanese) * An unpredictable and largely unknown set of actors present a threat to organizations, despite their sometimes unsophisticated techniques. Customers who are typically focused on top-tier, state-sponsored attacks should remain awa

July 16, 2020 09:07

What to expect when you’re electing: Talos’ 2020 election security primer

Editor's note: Related reading on Talos election security research: * /what-to-expect-when-youre-electing * /election-roundtable-video * /what-to-expect-electing-disinformation-building-blocks After the 2016 General Election, the talk was all around foreign meddling. Rumors s

September 20, 2017 17:09

CCleaner Command and Control Causes Concern

Introduction Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about th

July 5, 2017 14:07

The MeDoc Connection

Summary The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the

April 9, 2015 03:04

Threat Spotlight: SSHPsychos

Introduction Talos has been monitoring a persistent threat for quite some time, a group we refer to as SSHPsychos or Group 93. This group is well known for creating significant amounts of scanning traffic across the Internet. Although our research efforts help inform and protect

August 16, 2012 18:08

New Threat: DistTrack

Sourcefire is aware of at least one ongoing incident in the energy vertical involving a threat named "DistTrack".  This is a new, destructive threat that has not perviously been seen in the wild.  At this time, the earliest known sightings were on 8/14.  Preliminary indications a

April 12, 2012 17:04

Special Delivery -- Phoenix Exploit Kit

You would think that spam masquerading as a delivery company would be getting a little long in the tooth, but that isn't the case.Last week the winner was "DHL Attention 846698", which looks something like this: Good day! Dear Consumer , Recipient's address is wrong PLEASE

February 29, 2012 10:02

Low Hanging Fruit

We spend a lot of time watching what is going on in the world.  One of the advantages of having a customer-based intelligence sharing program as well as a distribution of our own sensors in the wild is that we are able to watch as threats change.  When new threats come into play,

February 16, 2012 10:02

Agile Security

Up until this past year, I had never included any marketing materials in my slides.  It never seemed to fit in with a technical presentation, even though I always believed in the Sourcefire product line's ability to defend our customers in the face of a rapidly changing landscape