BRKSEC-2010: Emerging Threats – The State of Cyber Security
Presenter: Craig Williams (@security_craig) – Sr Technical Leader / Security Outreach Manager, Cisco TALOS
I’m from Talos. We love to stop bad guys.
- 1.1 million incoming malware samples per day
- 1.5 billion Sender Base reputation queries per day
Talos has a serious amount of data. For serious.
Data is key. It allows generation of real threat intel.
We basically have a bottomless pit of data
Talos vuln dev team:
- Looking for ways to programmatically find 0-days
- Takes this research and feeds it back into Cisco to a) make Cisco products more secure and b) generate sigs and threat intel to protect customers
With ransomware, you’re basically funding the malware underground.
Malvertizing:
- Malicious ads which redirect user to malware and then infects them
- Kyle & Stan campaign dynamically generated a new .exe every time it was downloaded; prevented matching on the file hash; Cisco AMP can stay on the bleeding edge of this
- blogs.cisco.com/security/talos/kyle-and-stan
Destructive/Wiper Malware:
- Targets your data
- Not just file data, but also seen targetting network devices and wiping their configs
- Cryptolocker 2.0: uses TOR for C&C; encrypted binary to avoid hash fingerprinting; anti-VM check
- Cryptolocker 3.0: still Continue reading