Cisco Talos Blog

March 15, 2024 10:00

The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.

February 14, 2024 08:00

How are attackers using QR codes in phishing emails and lure documents?

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.

November 28, 2023 08:00

What is threat hunting?

Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about searching for the unknown.

November 9, 2023 08:00

What is NIS2, and how can you best prepare for the new cybersecurity requirements in the EU?

Given the increased geopolitical importance of cybersecurity, NIS2 is a logical step in creating more harmonized and stronger defense capabilities across the European Union.

October 18, 2023 11:42

What is Cracktivator software?

Learn about Talos' research into cracked versions of the Microsoft Windows operating system and applications. Discover why the use of cracktivator software is a growing trend.

October 4, 2023 08:10

What is the dark web?

What is the dark web, and how is it different from the deep web?

August 9, 2023 08:00

What is commercial spyware?

As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.

July 19, 2023 08:00

Why are there so many malware-as-a-service offerings?

Ransomware-as-a-service is a relatively new version of these commodity groups, such as DarkSide, known for the cyber attack in 2021 that disrupted the Colonial oil pipeline and made gas more expensive for thousands of U.S. consumers.

June 14, 2023 08:00

What does it mean when ransomware actors use “double extortion” tactics?

RA Group also introduces a new wrinkle to double extortion attacks: the threat that it will sell the data on the dark web. Double extortion tactics are known for leaking stolen data, but the sale is a potentially new gambit.