fighting the good fight - cisco.com · fighting the good fight. agenda what is talos? the threat...
TRANSCRIPT
![Page 1: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/1.jpg)
Fighting the Good Fight
![Page 2: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/2.jpg)
Agenda
What Is Talos?The Threat Landscape in a Changed World.
![Page 3: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/3.jpg)
What Is Talos?
• Cisco’s threat intelligence and security research organization.
• Our threat intelligence underpins Cisco’s security offering,
protecting customers from threats.
• Talos is baked into everything within Cisco’s security portfolio.
![Page 4: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/4.jpg)
The Talos Difference
Actionable Intelligence
Collective Response
Unmatched Visibility
![Page 5: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/5.jpg)
From Unknown to Understood
ProductTelemetry
Endpoint Detection & ResponseMobile SecurityMulti-Factor Authentication
Network
Endpoint
Cloud
DataSharing
VulnerabilityDiscovery
Threat Traps
Firewall & Intrusion PreventionWeb SecuritySD-Access
Secure Internet GatewayDNS-Layer SecurityEmail Security
UnmatchedVisibility
ActionableIntelligence
CollectiveResponse
IncidentResponse
Incident Response on RetainerEmergency Incident ResponseInsights On Demand
Services
![Page 6: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/6.jpg)
Threat Landscape
![Page 7: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/7.jpg)
Comparing February 10 – 21 to March 9 – 20Top 20 SIDs, largest change
Attempts against Netgear DGN1000
Zeus Trojan C2
Mirai & Glupteba C2
SSH Preprocessor
![Page 8: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/8.jpg)
Comparing February 10 – 21st to March 9 – 20SID Category Changes (excluding bottom quartile)
SQLi attack
ColdFusion API attack
web-application-attack, outboundpolicy-violation, inboundattempted-admin, inboundattempted-recon, inboundsuccessful-user, inboundprotocol-command-decode, inboundattempted-dos, inboundmisc-attack, inboundmisc-activity, outboundattempted-user, outboundattempted-user, inboundtrojan-activity, outboundmisc-activity, inboundpolicy-violation, outboundweb-application-attack, inboundtrojan-activity, inboundattempted-admin, outboundattempted-recon, outbound
![Page 9: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/9.jpg)
Cisco Umbrella February 23 – March 24Malicious DNS look-ups per domain
23/2/20 4/3/2028/2/20 9/3/20 14/3/20 19/3/20 24/3/20
![Page 10: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/10.jpg)
Cisco Umbrella February 23 – March 24Malicious DNS look-ups per client
23/2/20 4/3/2028/2/20 9/3/20 14/3/20 19/3/20 24/3/20
![Page 11: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/11.jpg)
Increase in Virus/Vaccine/Coronavirus Spam Covid-19 Spam Rate
3/1/20 31/1/2017/1/20 14/2/20 28/2/20 13/3/20 27/3/20
![Page 12: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/12.jpg)
What do we see in our data?
Since February, overall malicious email activity has
been down
New customer growth is up significantly,
correlating with an increase in
malicious blocks
No statistically relevant change
in types of observed attacks
![Page 13: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/13.jpg)
Example – Formbook
![Page 14: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/14.jpg)
Example - Lokibot
![Page 15: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/15.jpg)
Example - Nanocore
![Page 16: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/16.jpg)
Fake John Hopkins Infection Map
![Page 17: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/17.jpg)
Same Extortion, New Twist
![Page 18: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/18.jpg)
Remember These?
![Page 19: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/19.jpg)
Fraud / Scam Websites
![Page 20: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/20.jpg)
APT Decoy Documents
![Page 21: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/21.jpg)
What To Expect Moving Forward?
• Continued increase in malicious domain registration and phishing campaigns targeting:
• Online Educational Platforms• Online Meeting / Telepresence Platforms• Stimulus Packages & Form Filing• Relief Programs• VPN and other Remote Access Credentials
• Increasing external attack surface leads to an increase in attempted abuse:
• RDP, VPN, and other remote access technologies.
![Page 22: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/22.jpg)
What is Talos doing about COVID-19?
Continue tomonitor attacks
leveraging COVID themes
Aggressively detect and blockmalicious attacks
Share intel with law
enforcement, AEGIS partners,
and CTA
![Page 23: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/23.jpg)
Forcing the Bad Guys to InnovateSpreading security news, updates, and other information to the public.
Talos publicly shares security information through numerous channels to help make the internet safer for everyone.
ThreatSource Newslettercs.co/TalosUpdate
Social Media PostsFacebook: TalosGroupatCisco
Twitter: @talossecurity
White papers, articles, & other information talosintelligence.com
Talos Blogblog.talosintelligence.com
Instructional Videoscs.co/talostube
Beers with Talos Podcasttalosintelligence.com/podcasts
![Page 24: Fighting the Good Fight - cisco.com · Fighting the Good Fight. Agenda What Is Talos? The Threat Landscape in a Changed World. What Is Talos? •Cisco’s threat intelligence and](https://reader034.vdocuments.site/reader034/viewer/2022042323/5f0d16387e708231d4389d31/html5/thumbnails/24.jpg)
@talossecurityblog.talosintelligence.com