Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and

Fighting the Good Fight

Agenda

What Is Talos?The Threat Landscape in a Changed World.

What Is Talos?

• Cisco’s threat intelligence and security research organization.

• Our threat intelligence underpins Cisco’s security offering,

protecting customers from threats.

• Talos is baked into everything within Cisco’s security portfolio.

The Talos Difference

Actionable Intelligence

Collective Response

Unmatched Visibility

From Unknown to Understood

ProductTelemetry

Endpoint Detection & ResponseMobile SecurityMulti-Factor Authentication

Network

Endpoint

Cloud

DataSharing

VulnerabilityDiscovery

Threat Traps

Firewall & Intrusion PreventionWeb SecuritySD-Access

Secure Internet GatewayDNS-Layer SecurityEmail Security

UnmatchedVisibility

ActionableIntelligence

CollectiveResponse

IncidentResponse

Incident Response on RetainerEmergency Incident ResponseInsights On Demand

Services

Threat Landscape

Comparing February 10 – 21 to March 9 – 20Top 20 SIDs, largest change

Attempts against Netgear DGN1000

Zeus Trojan C2

Mirai & Glupteba C2

SSH Preprocessor

Comparing February 10 – 21st to March 9 – 20SID Category Changes (excluding bottom quartile)

SQLi attack

ColdFusion API attack

web-application-attack, outboundpolicy-violation, inboundattempted-admin, inboundattempted-recon, inboundsuccessful-user, inboundprotocol-command-decode, inboundattempted-dos, inboundmisc-attack, inboundmisc-activity, outboundattempted-user, outboundattempted-user, inboundtrojan-activity, outboundmisc-activity, inboundpolicy-violation, outboundweb-application-attack, inboundtrojan-activity, inboundattempted-admin, outboundattempted-recon, outbound

Cisco Umbrella February 23 – March 24Malicious DNS look-ups per domain

23/2/20 4/3/2028/2/20 9/3/20 14/3/20 19/3/20 24/3/20

Cisco Umbrella February 23 – March 24Malicious DNS look-ups per client

23/2/20 4/3/2028/2/20 9/3/20 14/3/20 19/3/20 24/3/20

Increase in Virus/Vaccine/Coronavirus Spam Covid-19 Spam Rate

3/1/20 31/1/2017/1/20 14/2/20 28/2/20 13/3/20 27/3/20

What do we see in our data?

Since February, overall malicious email activity has

been down

New customer growth is up significantly,

correlating with an increase in

malicious blocks

No statistically relevant change

in types of observed attacks

Example – Formbook

Example - Lokibot

Example - Nanocore

Fake John Hopkins Infection Map

Same Extortion, New Twist

Remember These?

Fraud / Scam Websites

APT Decoy Documents

What To Expect Moving Forward?

• Continued increase in malicious domain registration and phishing campaigns targeting:

• Online Educational Platforms• Online Meeting / Telepresence Platforms• Stimulus Packages & Form Filing• Relief Programs• VPN and other Remote Access Credentials

• Increasing external attack surface leads to an increase in attempted abuse:

• RDP, VPN, and other remote access technologies.

What is Talos doing about COVID-19?

Continue tomonitor attacks

leveraging COVID themes

Aggressively detect and blockmalicious attacks

Share intel with law

enforcement, AEGIS partners,

and CTA

Forcing the Bad Guys to InnovateSpreading security news, updates, and other information to the public.

Talos publicly shares security information through numerous channels to help make the internet safer for everyone.

ThreatSource Newslettercs.co/TalosUpdate

Social Media PostsFacebook: TalosGroupatCisco

Twitter: @talossecurity

White papers, articles, & other information talosintelligence.com

Talos Blogblog.talosintelligence.com

Instructional Videoscs.co/talostube

Beers with Talos Podcasttalosintelligence.com/podcasts

@talossecurityblog.talosintelligence.com