WastedLocker Goes "Big-Game Hunting" in 2020
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *
Threat Spotlight: MedusaLocker
By Edmund Brumaghin, with contributions from Amit Raut. Overview MedusaLocker is a ransomware family that has been observed being deployed since its discovery in 2019. Since its introduction to the threat landscape, there have been several variants observed. However, most of
Threat Source newsletter for April 16, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. B
Threat Source newsletter for April 9, 2020
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Nearly all devices have some sort of fingerprint scanner now, used to log users in. But these scanners prevent their
Threat Source newsletter (Jan. 16, 2019)
Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. This wasn’t your average Patch Tuesday. Microsoft’s monthly security update was notable for a few reasons. For start
2019: The year in malware
February * Attackers use a malicious PowerPoint presentation to target members of the Tibetan government in the hopes of infecting them with ExileRAT. March * Talos discovers a new point-of-sale malware for sale online called “GlitchPOS” that is easy enough to use that any
Incident Response lessons from recent Maze ransomware attacks
By JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it's a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many dif
Hunting for LoLBins
By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud service
How adversaries use politics for compromise
By Nick Biasini and Edmund Brumaghin. Executive Summary With the U.S. presidential primaries just around the corner, even malware authors can't help but get behind the frenzy. Cisco Talos recently discovered several malware distribution campaigns where the adversaries were uti