Category Archives: Cisco Talos

Threat Roundup for July 24 to July 31

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between July 24 and July 31. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference

20200731-tru.json – this is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for July 24 to July 31 appeared first on Cisco Blogs.

Cisco SecureX – What’s driving our platform?

Learn about the latest innovations powering our integrated security approach

Cisco SecureX is the result of many years of developing industry-leading security technologies, and then finding ways to make them even better by enabling them to work together. It’s a careful balance of building a platform out of the capabilities of each product, which then adds to the experience of having all of those products and makes each product stronger. Sound like a lot to expect? It’s the least we can do for our customers.

“Having all of Cisco’s tools so well integrated really gives us defense-in-depth and layered protection,” said Don Bryant, CISO at The University of North Carolina at Pembroke, in our recent report, Simplify to Secure. “Having a more holistic security platform has really helped us make more progress toward our end goal in a short amount of time.”

Indeed, a platform should bring forth an already strong roster of security technologies, and then further improve upon them through integration, automation, and continued innovation. The Cisco Secure portfolio is built on a broad set of capabilities that protect your network, users and endpoints, cloud, and applications. And it’s backed by the unrivaled threat intelligence of Cisco Talos. SecureX draws from all of this to enhance collaboration among your teams, and visibility across your infrastructure, with the end goal of streamlining security operations and accelerating threat response.

And innovation continues across the products and platform. Along with the launch of Cisco SecureX came several new capabilities that help future-proof our solutions. We don’t just want to offer you a platform and call it a day. Cisco SecureX is meant to be a living, breathing entity that evolves with you as your needs change. It’s a mix of well-established and new security offerings, and it will continue to adapt as the threat landscape expands.

Our core technologies – made better

Cisco delivers unparalleled security analytics across network and cloud

When enterprise networks began to expand with the introduction of cloud and BYOD, for example, one of our core technologies, in this case providing network traffic analytics, was on the front lines. In fact, Cisco Stealthwatch was created two decades ago to provide much-needed visibility into enterprise environments. That need only grew as infrastructure extended beyond the physical walls of modern businesses. Now, Stealthwatch gives our customers the benefit of a network analytics offering that has grown up with the networks it helps secure.

As the attack surface has evolved over the years and threat actors have become more sophisticated, Stealthwatch has continued to serve as the eyes and ears of the network – delivering pervasive insight into who’s in your environment and what they’re doing – 24/7/365. Today, as much of the world’s population works from home, we find ourselves at another crossroads where there’s an unprecedented need for Stealthwatch’s in-depth, scalable analytics.

Stealthwatch is again rising to the challenge, closely monitoring organizations’ extended infrastructure for any anomalies that could signify an attack. In addition to on-premises network traffic, Stealthwatch can also monitor all major public cloud environments, as well as private clouds and endpoint data, to provide truly comprehensive visibility. And, it’s the only solution that can perform analytics on encrypted traffic without decryption.

By being a part of Cisco SecureX, Stealthwatch gains greater context into network and user behaviors from across the portfolio, and can also leverage the platform to take automated mitigation actions. Likewise, the other solutions within our portfolio can pull from Stealthwatch’s insights to increase their efficacy. This results in expedited incident investigations and remediation across the platform.

Cisco Talos brings unrivaled threat intelligence 

Cisco Talos is the largest, non-governmental threat intelligence team in the world, with over 350 professionals working around the clock to uncover emerging threats. For years, its findings have been fed into our entire security portfolio, including Stealthwatch, to strengthen our customers’ defenses.

Due to the breadth of Cisco’s security offerings and our immense volume of customers and partners, Cisco Talos has more visibility into emerging threats than any other security vendor in the world. But the team doesn’t just sit back and wait for intelligence to flow in. Every day, Talos researchers are proactively hunting for vulnerabilities and other issues that could impact global security. And when issues are discovered, coverage is pushed to all of our security products as fast as possible to ensure customers are protected.

If you think about Cisco SecureX as a car, with the various components of our portfolio working together to make it run smoothly, you can view Cisco Talos as the fuel powering the whole vehicle onwards.

What’s new?   

Making threat hunting more accessible

Despite all of the various defenses organizations have in place today to catch threats, some remain hidden and difficult to detect. The practice of threat hunting has emerged to try to combat these more covert security issues. However, threat hunting still remains challenging for many organizations due to a shortage of skilled professionals and advanced tools.

With the launch of SecureX, we unveiled SecureX Threat Hunting, fueled by Cisco Talos. SecureX Threat Hunting assists security teams by helping to uncover hidden threats and providing recommended next steps for further investigation and remediation. Offered as part of our endpoint protection, it allows organizations to take a more proactive approach to security. 

You’ve got (secure) mail

Email remains the number one threat vector for launching cyberattacks on today’s organizations. However, many security solutions are still missing effective email protection. The need for comprehensive email security has risen even further as more companies have transitioned from traditional email systems to cloud-based email solutions such as Office 365, and have found that they lack advanced security with those platforms.

Gartner expects that by 2021, 70% of public and private companies will be using cloud email services. Building off of our proven, multi-layered email security solutions, we’ve recently launched Cisco Cloud Mailbox Defense to address this transition to the cloud.

Cisco Cloud Mailbox Defense is a cloud-native email security platform that provides insight into inbound, outbound, and internal messages, as well as easy attack remediation. Like Cisco SecureX, it is built on the principles of visibility, simplicity, and integration. Being part of a larger security platform further enhances email security by increasing context and enabling a more efficient, coordinated response to email-based attacks.

Helping you embrace the cloud  

The cloud is being widely adopted not just for email, but for many other technologies – especially as employees work from home and demand more flexible, convenient access to business applications. We want to make sure that customers can embrace the many benefits of the cloud while still keeping their assets and data secure.

That is why we’ve collaborated with Amazon Web Services (AWS) to develop solutions that help Cisco customers accelerate their adoption of AWS cloud services, while maintaining a consistent security posture across their environment – from on-prem to cloud. We want to ensure that key security concepts including visibility, segmentation, threat protection, and identity and access management are carried over as customers transition to AWS.

At the end of the day, Cisco SecureX is not just about us. It’s not just about making our own products work with one another. We want them to work with your other technologies as well – from security products to major infrastructure – so you can have all hands on deck when it comes to protecting your organization.

Protecting what’s now and what’s next

According to ESG, “Enterprise-class cybersecurity technology vendors can do a lot of the grunt work by tightly integrating their best-of-breed products into scalable and interoperable technology architectures.” That is our goal with Cisco SecureX. The solutions highlighted above represent just a few examples of how we’re helping customers secure what’s now and what’s next – by pairing long-time, industry-leading technologies with new, innovative solutions.

Whether you’re new to Cisco Secure, or you already use many of our technologies, you can begin benefiting from the integration and automation delivered by Cisco SecureX today. Get started now.

 

The post Cisco SecureX – What’s driving our platform? appeared first on Cisco Blogs.

Adversarial use of current events as lures

By Nick Biasini.

The goal of malicious activity is to compromise the system to install some unauthorized software. Increasingly that goal is tied to one thing: the user. Over the past several years, we as an industry improved exploit mitigation and the value of working exploits has increased accordingly. Together, these changes have had an impact on the threat landscape. We still see large amounts of active exploitation, but enterprises are getting better at defending against them. 

This has left adversaries with a couple of options, develop or buy a working exploit that will defeat today’s protections, which can be costly, or pivot to enticing a user to help you. In today’s threat landscape, adversaries are always trying to develop and implement the most effective lures to try and draw users into their infection path. They’ve tried a multitude of different tactics in this space, but one always stands out — current events.

In today’s world, everyone’s thoughts immediately go to COVID-19 and Black Lives Matter, since both stories have dominated the threat landscape over the last several months, but this is something that organically happens frequently on the threat landscape. So much so that organizations should include it in their threat hunting activities. This blog is going to walk through the why and how.

Read More >>

The post Adversarial use of current events as lures appeared first on Cisco Blogs.