New Snort, ClamAV coverage strikes back against Cobalt Strike
By Nick Mavis. Editing by Joe Marshall and Jon Munshaw. Cisco Talos is releasing a new research paper called “The Art and Science of Detecting Cobalt Strike.” We recently released a more granular set of updated SNORTⓇ and ClamAVⓇ detection signatures to detect attempted obfusca
Quarterly Report: Incident Response trends in Summer 2020
By David Liebenberg and Caitlin Huey. For the fifth quarter in a row, Cisco Talos Incident Response (CTIR) observed ransomware dominating the threat landscape. Infections involved a wide variety of malware families including Ryuk, Maze, LockBit, and Netwalker, among others. In
Prometei botnet and its quest for Monero
NEWS SUMMARY * We are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling
What to expect when you’re electing: Talos’ 2020 election security primer
Editor's note: Related reading on Talos election security research: * /what-to-expect-when-youre-electing * /election-roundtable-video * /what-to-expect-electing-disinformation-building-blocks After the 2016 General Election, the talk was all around foreign meddling. Rumo
WastedLocker Goes "Big-Game Hunting" in 2020
By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary * After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment. *
Threat Spotlight: Valak Slithers Its Way Into Manufacturing and Transportation Networks
By Nick Biasini, Edmund Brumaghin and Mariano Graziano. Threat summary * Attackers are actively distributing the Valak malware family around the globe, with enterprises, in particular, being targeted. * These campaigns make use of existing email threads from compromised acco
PROMETHIUM extends global reach with StrongPity3 APT
By Warren Mercer, Paul Rascagneres and Vitor Ventura. News summary * The threat actor behind StrongPity is not deterred despite being exposed multiple times over the past four years. * They continue to expand their victimology and attack seemingly non related countries. *
Vulnerability Spotlight: Denial-of-service vulnerability in NVIDIA driver
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Executive summary The NVWGF2UMX_CFG.DLL driver contains a denial-of-service vulnerability that an attacker could use to disrupt processes over a virtual machine. An adversary could exploit this bug
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike
By Asheer Malhotra. * Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents (maldocs) to spread Cobalt Strike beacons containing full-fledged RAT capabilities. * These maldocs use malicious macros to deliver a multist