Cisco Talos Blog

September 24, 2020 11:00

The Internet did my homework

By Jaeson Schultz and Matt Valites. As students return to school for in-person and virtual learning, Cisco Talos discovered an increase in DNS requests coming into Umbrella resolving domains we classify as "academic fraud." Data from Pew Research on back-to-school date

September 21, 2020 00:01

New Snort, ClamAV coverage strikes back against Cobalt Strike

By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfusca

September 1, 2020 11:00

Quarterly Report: Incident Response trends in Summer 2020

By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others.  In

July 22, 2020 11:38

Prometei botnet and its quest for Monero

NEWS SUMMARY * We are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling

July 16, 2020 09:00

What to expect when you’re electing: Talos’ 2020 election security primer

Editor's note: Related reading on Talos election security research: * /what-to-expect-when-youre-electing * /election-roundtable-video * /what-to-expect-electing-disinformation-building-blocks After the 2016 General Election, the talk was all around foreign meddling. Rumo

July 6, 2020 16:00

WastedLocker Goes "Big-Game Hunting" in 2020

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *

July 1, 2020 11:02

Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks

By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary * Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. * These campaigns make use of existing email threads from compromised acco

June 29, 2020 13:59

PROMETHIUM extends global reach with StrongPity3 APT

By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * The threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years. * They continue to expand their victimology and attack seemingly non related countries. *

June 24, 2020 15:52

Vulnerability Spotlight: Denial-of-service vulnerability in NVIDIA driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Executive summary The NVWGF2UMX_CFG.DLL driver contains a denial-of-service vulnerability that an attacker could use to disrupt processes over a virtual machine. An adversary could exploit this bug