Cryptominers, ransomware among top malware in IR engagements in Q4
By David Liebenberg and Kendall McKay. This summer’s most popular malware families were common and used in unsophisticated attacks, with phishing being the top infection vector, according to Cisco Talos Incident Response (CTIR) data. In addition to threat actors repeatedly deplo
10 years of virtual dynamite: A high-level retrospective of ATM malware
ATM malware has evolved to include a number of different families and different actors behind them, ranging from criminal groups to actors affiliated with nation states.
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
By Danny Adamitis, David Maynor, and Kendall McKay. Cisco Talos assesses with moderate confidence that a campaign we recently discovered called "BlackWater" is associated with suspected persistent threat actor MuddyWater. Newly associated samples from April 2019 indica
DNSpionage brings out the Karkoff
Update 4/24: The C2 section below now includes details around the XOR element of the C2 communication system. Executive summary In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that
Anatomy of a sextortion scam
While these attacks have been in the wild for months, Talos wanted to take a closer look at some of these campaigns to see why users were being tricked into sending the attackers large amounts of bitcoin despite the attackers' empty threats.
Threat Roundup Sept 28 - Oct 5
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 28 and Oct. 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats
Threat Roundup Sept 21 - 28
Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 21 and 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we
TeleGrab - Grizzly Attacks on Secure Messaging
The malware is mainly targeting Russian-speaking victims, and is intentionally avoiding IP addresses related with anonymizer services.
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
his post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg. Executive Summary The threat landscape is constantly changing; over the last few years malware threat vectors, methods and pay