fighting the good fight - cisco.com · fighting the good fight. agenda what is talos? the threat...
TRANSCRIPT
Fighting the Good Fight
Agenda
What Is Talos?The Threat Landscape in a Changed World.
What Is Talos?
• Cisco’s threat intelligence and security research organization.
• Our threat intelligence underpins Cisco’s security offering,
protecting customers from threats.
• Talos is baked into everything within Cisco’s security portfolio.
The Talos Difference
Actionable Intelligence
Collective Response
Unmatched Visibility
From Unknown to Understood
ProductTelemetry
Endpoint Detection & ResponseMobile SecurityMulti-Factor Authentication
Network
Endpoint
Cloud
DataSharing
VulnerabilityDiscovery
Threat Traps
Firewall & Intrusion PreventionWeb SecuritySD-Access
Secure Internet GatewayDNS-Layer SecurityEmail Security
UnmatchedVisibility
ActionableIntelligence
CollectiveResponse
IncidentResponse
Incident Response on RetainerEmergency Incident ResponseInsights On Demand
Services
Threat Landscape
Comparing February 10 – 21 to March 9 – 20Top 20 SIDs, largest change
Attempts against Netgear DGN1000
Zeus Trojan C2
Mirai & Glupteba C2
SSH Preprocessor
Comparing February 10 – 21st to March 9 – 20SID Category Changes (excluding bottom quartile)
SQLi attack
ColdFusion API attack
web-application-attack, outboundpolicy-violation, inboundattempted-admin, inboundattempted-recon, inboundsuccessful-user, inboundprotocol-command-decode, inboundattempted-dos, inboundmisc-attack, inboundmisc-activity, outboundattempted-user, outboundattempted-user, inboundtrojan-activity, outboundmisc-activity, inboundpolicy-violation, outboundweb-application-attack, inboundtrojan-activity, inboundattempted-admin, outboundattempted-recon, outbound
Cisco Umbrella February 23 – March 24Malicious DNS look-ups per domain
23/2/20 4/3/2028/2/20 9/3/20 14/3/20 19/3/20 24/3/20
Cisco Umbrella February 23 – March 24Malicious DNS look-ups per client
23/2/20 4/3/2028/2/20 9/3/20 14/3/20 19/3/20 24/3/20
Increase in Virus/Vaccine/Coronavirus Spam Covid-19 Spam Rate
3/1/20 31/1/2017/1/20 14/2/20 28/2/20 13/3/20 27/3/20
What do we see in our data?
Since February, overall malicious email activity has
been down
New customer growth is up significantly,
correlating with an increase in
malicious blocks
No statistically relevant change
in types of observed attacks
Example – Formbook
Example - Lokibot
Example - Nanocore
Fake John Hopkins Infection Map
Same Extortion, New Twist
Remember These?
Fraud / Scam Websites
APT Decoy Documents
What To Expect Moving Forward?
• Continued increase in malicious domain registration and phishing campaigns targeting:
• Online Educational Platforms• Online Meeting / Telepresence Platforms• Stimulus Packages & Form Filing• Relief Programs• VPN and other Remote Access Credentials
• Increasing external attack surface leads to an increase in attempted abuse:
• RDP, VPN, and other remote access technologies.
What is Talos doing about COVID-19?
Continue tomonitor attacks
leveraging COVID themes
Aggressively detect and blockmalicious attacks
Share intel with law
enforcement, AEGIS partners,
and CTA
Forcing the Bad Guys to InnovateSpreading security news, updates, and other information to the public.
Talos publicly shares security information through numerous channels to help make the internet safer for everyone.
ThreatSource Newslettercs.co/TalosUpdate
Social Media PostsFacebook: TalosGroupatCisco
Twitter: @talossecurity
White papers, articles, & other information talosintelligence.com
Talos Blogblog.talosintelligence.com
Instructional Videoscs.co/talostube
Beers with Talos Podcasttalosintelligence.com/podcasts
@talossecurityblog.talosintelligence.com