Quarterly Report: Incident Response Trends in Q4 2022January 26, 2023 04:01
Syncro, a remote management and monitoring tool, emerges as an increasingly common tool for adversaries. By Caitlin Huey. Ransomware continued to be a top threat Cisco Talos Incident Response (Talos IR) responded to this quarter, with appearances from both previously seen and newly observed ransomware families. However, IR also observed
Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issuesSeptember 7, 2022 11:09
Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.
De-anonymizing ransomware domains on the dark webJune 28, 2022 08:06
* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify the public internet IPs involved matching threat actors’ TLS certificate serial numbers