Archiv für die Kategorie: RSS Feeds

By Jeff Reed At a time when cybercrime costs three times more than natural disasters globally1, the demands on security are constantly growing. Whether you’re asked to protect a workforce that roams anywhere, a workplace that is digitized, or workloads that run wherever, your disparate security solutions are creating discord and an untenable level of complexity.
At Cisco, we’ve been on a quest to change that, and we believe we’re uniquely positioned to redefine security. As you’re innovating to build your future, we’re innovating to keep it secure — by creating a comprehensive platform approach and continuously evolving our security technologies.
That’s why I’m excited today to share some of the recent innovations across our security portfolio. With a cloud-powered platform approach in mind, these enhancements are designed to break down silos between SecOps, NetOps, and ITOps and free up your time by:
Simplifying your firewalling experience with more consistent policy management with cloud-native environments and cloud-based logging.
Accelerating your cloud adoption with new secure web gateway and firewall services in the cloud, deployed through a single IPsec tunnel.
Future-proofing your security with an industry-validated zero-trust approach for your workforce, workloads, and workplace, while integrating threat context.
Simplifying your breach defense experience with more visibility and actions for threat response, plus new services delivered by Cisco experts to help augment your team.

Experience the future of firewalling
As you’re moving applications into the cloud, the NetOps‘ job is expanding to include cloud-native firewalls. Securing all control points across this multicloud environment should not feel like reinventing the wheel. We’re simplifying the experience and enabling NetOps to maintain consistent policies across firewalls, and into the cloud, starting with support for AWS, with more cloud providers roadmapped. Additionally, to help you easily maintain consistent policies as you’re adopting SD-WAN, we’ve simplified policy management for Meraki MX, one of our SD-WAN solutions. Just a few clicks, that’s all it takes to seamlessly harmonize policies across your hybrid environment.
We’re also improving visibility and making compliance easier with cloud-based logging for our NGFWs. This new capability aggregates and centralizes the on-prem and cloud logs so you can search, filter, and sort them, accelerating investigations while ensuring your organization complies with industry regulations.
The increased user connectivity to the cloud creates new demands for faster speeds, so we’re raising the bar with our appliances as well. The latest models of our NGFWs offer a 3X performance boost over previous appliances and optimize the performance-to-price ratio to keep your network — and business — running smoothly and securely.
Accelerate cloud adoption securely
To help you transition to the cloud successfully— and protect any user, anywhere they connect to the internet — while saving a considerable amount of resources, we’ve consolidated a broad range of security services into a single, cloud-delivered security solution and dashboard. Alongside DNS-layer security, CASB, and interactive threat intelligence services, we’ve added secure web gateway and firewall services to our cloud security solution to deliver deeper visibility and control over all ports and protocols, even encrypted web traffic.
The secure web gateway (full proxy) provides complete web traffic visibility, control, and protection — with capabilities like decrypting and scanning files on any site, filtering out inappropriate or malicious URLs, sandboxing unknown files, and blocking applications or app functions.
With this comprehensive set of functionalities, you can rely on us for the full security stack at smaller branches as you adopt SD-WAN. A single configuration in our networking product dashboards deploys DNS-layer security across hundreds of network devices, including SD-WAN. Additionally, a single IPsec tunnel deploys secure web gateway and firewall from any network device, including SD-WAN. Our integrated approach and Anycast routing can efficiently protect your branch users, connected devices, and application usage from all internet breakouts with 100% business uptime.
Secure access with a zero-trust approach
We have been working over the past year to create a more comprehensive zero-trust framework. Based on customer feedback, we focused on securing three key pillars: workforce, workloads, and workplace. We are thrilled that Forrester recognized our strides and named Cisco a leader in the recently released Forrester Wave among Zero Trust eXtended Ecosystem Platform Providers. As the analyst report noted, “Cisco excels in zero trust with a renewed and targeted focus … and is well-positioned as a prominent zero-trust player.”
We continue to innovate in this space and are reducing risks based on device trust by integrating our threat-detection capabilities with multi-factor authentication. The majority of breaches originate on the endpoint, but what if ITOps could establish trust in a user device before it’s allowed any access to sensitive resources? By safeguarding against vulnerable or compromised endpoints and blocking their access, you’ll be able to better detect and respond to malware threats as well as prevent data breaches.
Adopt breach defense everywhere
Taking endpoint defense one step farther, we added the ability to isolate an endpoint, which stops malware from spreading while giving SecOps time to remediate without losing forensics data, or simply giving ITOps time to troubleshoot an unknown issue. Making breach defense less overwhelming, endpoint isolation empowers incident investigators to uncover endpoint data that wasn’t available before — using advanced search with more than 300 query parameters, such as listing applications with high memory utilization.
Malware is also a growing problem at the network level because adversaries have learned to hide behind encrypted traffic. We’ve extended the capability to analyze encrypted traffic behavior into the cloud, providing higher fidelity of threat protection and enabling cryptographic compliance. At the same time, we’re simplifying investigations, giving you deeper visibility at multiple layers, and helping you respond quicker across different vectors by integrating network security analytics with our unified threat response application.
If you need help preparing for and responding to attacks, you can augment your team with our incident response services, now part of Talos. You know Talos as the team who’s constantly researching new threats on your behalf, and now they can integrate that intel even faster across our entire portfolio — benefitting not only retainer customers but everyone. For even leaner teams that need next-level support, we’re adding managed threat detection and response services to help you leverage your Cisco Security investments 24x7x365.
Several of these innovations are industry firsts, and we’re excited to offer customers new ways to better manage their growing business demands. I encourage you to take a closer look at these enhancements and discover how they can make your security an enabler rather than a barrier.
Get Started
Ready to experience for yourself how Cisco can simplify your experience, accelerate your success, and secure your future?
Simplify security and respond to threats with a few clicks using the free Cisco Threat Response application, available for all our solutions as part of our platform approach.
Experience the future of firewalling — see how easy it is to harmonize firewall policies with a free trial to Cisco Defense Orchestrator and learn more about the new Firepower Next-Generation Firewall.
Accelerate your cloud adoption, starting with a free trial of Umbrella, our comprehensive cloud-security solution.
Start with securing your workforce with a zero-trust approach using a Duo free trial.
Enable SecOps to detect, investigate, and respond to threats more efficiently with a free trial to Advanced Malware Protection (AMP) for Endpoints, and get better visibility into encrypted traffic with a free trial to Stealthwatch, our network traffic security analytics solution.
Augment your team and improve your readiness for attacks with Talos Incident Response and our managed security

Source:
1Allianz Risk Barometer, 2019

The post Securing Your Future by Innovating Today appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct 25 and Nov 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU11012019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

By Ben Nahorney You’re working for a high-profile technology company, close to releasing a market-changing product to the public. It’s a highly contested space, with many competitors, both domestic and international. There’s also a lot of buzz in the media and online speculation on the scope and impact your new product will have. And it goes without question that customers are keen to know more about the upcoming game-changer.
Your goal is to keep the secrets under wraps until the public announcement. Unfortunately, your surprise is about to be spoiled. It happens sometimes, as much as we work to prevent it—from accidental embargo slips to insider leaks. But in this case, it’s arguably the worst-case scenario: Your company has been breached and information about the product was stolen.
It’s unfortunate, but such breaches are not an uncommon occurrence—it’s something security professionals are far too familiar with. They occur across sectors, yet the way the data is stolen often includes familiar patterns. There are plenty of possible suspects, and untangling their motives is difficult. But in this cybersecurity game of “Clue,” we’re less concerned if it were Mrs. Peacock or Professor Plum. We want to know what the weapon was and how to prevent future murders.
There are a variety of useful weapons in an attacker’s arsenal. Downloaders, administration tools, and infostealers all often play a part in such an attack. But the go-to tool in many scenarios like this today are remote access trojans, often referred to as a “RATs.”
The anatomy of a RAT
A RAT is a swiss army knife of sorts. Distributed through familiar vectors, such as malicious downloads and email attachments, many RATs include all the weapons mention above, and more, making it easier for an attacker to leverage each component when carrying out an attack. In short, a RAT consolidates a number of tools into one package.
There is a lot of variation from RAT to RAT. Some are generalist tools, meant to be used across a variety of attack scenarios. Others are highly tailored to a specific attack. Some RATs use predetermined proxies to help mask an attacker’s ultimate location. Other RATs may leverage command-and-control (C2) infrastructure to do the same.

While the functionality and infrastructure used by a given RAT will differ, what follows are common features found within many RATs. To illustrate an attack, let’s take it back to our tech company breach, showing how an attacker can leverage a RAT to gain access to, and steal, sensitive files on your upcoming product.
Gather system information
The attacker managed to breach the defenses in your company using a phishing email that included a link to the RAT. However, that doesn’t mean that they will immediately know where they are on the network. They’ll naturally want to learn more about the computer they compromised. Is it an administrative assistant’s desktop, a laptop belonging to finance, or a web server? Performing reconnaissance on the system helps the attacker learn how deep into an organization they have penetrated, if they need to move laterally, or if they’re reached their intended target. Some reconnaissance tools even allow an attacker to scan other systems, gathering information about them.
Steal usernames and passwords
The attacker got onto one machine, but it wasn’t the intended target. They’d compromised a computer belonging to someone in the engineering group, but the materials they were after resided on a shared server. To move laterally, they may want to try searching for login credentials on the system they’ve already compromised. Many RATs include the ability to scrape saved and cached passwords, and once the usernames and passwords are in hand, the attacker can attempt to log into the shared server.
Log keystrokes
The attacker scanned the compromised computer looking for the login credentials, but no luck. Good news? Yes, but it’s only a minor setback. Many RATs include information-stealing components like keyloggers, meaning all the attacker has to do is enable it, and wait for the user of the compromised system to log into the shared server. When they enter login credentials, the attacker can capture them, and later attempt to log into the server themselves.
Download further malware
The attacker was able to obtain login credentials; however, their attempt to log in failed. (Perhaps your company uses multi-factor authentication?) To get to that shared engineering server, the attacker is going to have to call in reinforcements. They’ve identified a vulnerability on the shared server, and they need an attack toolkit to exploit it and gain access. Given how networks vary widely, many RATS include the ability to download further tools to assist them in gaining further access. In this case, the RAT operates like a downloader, pulling down an attack toolkit that allows the attacker to progress.
Accessing and uploading files
The attacker managed to gain access to the shared server, traversed its directory structure, and located documents that outline your new product’s features. The next step is to exfiltrate those files. Most RATs contain the ability to upload files to a predetermined location. This is often done with help of a proxy or through a C2 infrastructure, thus covering the attacker’s tracks as they steal the documents in question.
Recording audio, video, and taking screenshots
There may be times that an attacker isn’t satisfied with simply stealing design docs. Perhaps they obtained a slide deck, but it lacks context in certain slides. In order to learn more, they might want to return their attention to the initially compromised computer and have the RAT to record audio and/or video. The RAT might overhear the engineer speaking to a coworker or capture a video of a presentation meeting that discusses the product. RATs can often take screenshots as well, capturing critical documents on display.
Other uses
This is just one scenario where a RAT could be used end-to-end in an attack. RATs can be used in other situations as well. For instance, what if an attacker is hoping to exfiltrate financial data? A RAT can be leveraged to scrape banking details from a compromised computer or collect credit card numbers using a keylogger.
What’s important to highlight is that most RATs provide command line access to the systems that have been compromised. If adequate administrative rights are gained on these computers, an attacker can use a RAT to do just about anything that he or she desires.
Notable RATs
RATs have been around for a long time, and many prominent RATs have come and gone. Some recent RATs that have been prevalent on the threat landscape include Orcus RAT and RevengeRAT, which have been used by a variety of threat actors. Another commonly seen RAT is ExileRAT, which has been used in attacks with possible espionage-related motives, and shares a C2 infrastructure with the LuckyCat family of threats.
Not all RATs are built from the ground up either. Some are semi-legitimate tools, repurposed or reconfigured for malicious use. Two such examples include Imminent RAT and Remcos.
There are a number of attack groups monitored by Talos Intelligence that use RATs in their malicious campaigns. The SWEED threat actor often used Agent Tesla, the Panda threat actor has been seen dropping Gh0st RAT, and the Tortoiseshell group, who was recently caught scamming veterans, uses a RAT called IvizTech.
To catch a RAT
So the attacker managed to get into your network and obtain your product plans this time. How do you prevent them from doing it next time?
Fortunately, there isn’t anything particularly special about the way a RAT gets onto a system. They’re distributed in much the same way as other types of malware: they’re sent by email, dropped by droppers, set up as the payloads for exploit kits, along with other common attack vectors. Consider the following:
A good endpoint protection application is very useful in protecting against RATs. AMP for Endpoints blocks malware at point of entry, then detects, contains, and remediates advanced threats.
Monitoring network traffic for unauthorized activity is also important. Cisco Stealthwatch is the most comprehensive visibility and network traffic security analytics solution that uses enterprise telemetry from the existing network infrastructure.
Many RATs encrypt their traffic, as we discussed in last month’s Threat of the Month blog, so be sure you can monitor such traffic as well. Encrypted Traffic Analytics provides insight into threats in encrypted traffic, without the need for decryption, using network analytics and machine learning.
Being able to connect to C2 domains is vital for many RATs to function. Blocking known malicious domains can go a long way in stopping a RAT in its tracks. Cisco Umbrella uses DNS to stop threats over all ports and protocols—even direct-to-IP connections—preventing connections to attacker’s servers.
Multi-factor authentication products can prevent an attacker from logging into a system if they manage to obtain login credentials. Verify users‘ identities with applications such as Cisco Duo.
A good email security solution, as well as a strong network perimeter, will help to ensure that RATs are blocked outright. Cisco Email Security is your best defense against such attacks via email, while Cisco’s Next-Generation Firewall can stop attacks at the network boundaries.
A web security appliance with data loss prevention (DLP) features will also assist in cases where a RAT gets in and is attempting to steal sensitive information through the network. The Cisco and Digital Guardian DLP solution is a high-performance, comprehensive security solution for data in motion.
Enjoyed reading this Threat of the Month? Subscribe to the Threat of the Month blog series and get alerted when new blogs are published.

Source:: Cisco Security Notice

By Harvey Jang Privacy is an evolving topic with diverse perspectives on how best to balance the rights and interests of consumers and companies. As allegations of data mishandling fill headlines, privacy is now front and center on everyone’s minds. While data has been the lifeblood of innovation and economic growth, there has also been excessive data collection, lax security, and undisclosed sharing. Public opinion and new laws are starting to curtail some of this bad behavior – creating both compliance challenges and business/brand opportunities.
Respecting privacy is a balancing act between the companies collecting data and the consumers providing it. To earn and preserve (or in some cases regain) trust, companies must be transparent, fair, and accountable.
“Meaningful transparency” is a bit elusive, but certainly requires more than just a “legally compliant”, lengthy privacy notice. Transparency requires being open and honest about what data is collected, why it’s needed, how it’s used, the benefits to consumers and businesses, data sharing/sale, and how data protected throughout its lifecycle.
In turn, transparency drives fairness — the market (consumers, regulators, and plaintiffs‘ lawyers) will judge if a company’s practices are appropriate. It has become increasingly apparent that consumers do care about privacy and are taking action to protect it (e.g., switching vendors, calling for legislative action, lodging complaints with regulators, initiating legal action, etc.) — making privacy both a compliance obligation and a business imperative.
Accountability is about having the governance and controls in place to operationalize and demonstrate that the promises made about data processing activities are followed. Essentially, it’s making sure companies say what they do and do what they say (and no more).
At Cisco, we have both the legally required, comprehensive privacy statement published at www.cisco.com and Privacy Data Sheets with accompanying infographics providing more detail around the data in play when using specific products and services. These documents offer a plain language, visual representation of who, what, where, when, why, and how we protect privacy throughout the data lifecycle. These public documents are designed to eliminate surprise and give users comfort that their data is safe when using Cisco products and services.
While companies must respect and protect privacy, consumers also have an important role to play. There is no “one size fits all”. When it comes to sharing personal information, there’s a wide range in comfort level. Without being too paranoid, people must recognize the more they publish online, the more fodder is available for bad actors to exploit. Before we post things publicly, we need to think about both the intended use and how that same data may be misused (inadvertently or nefariously).
Here are some tips on keeping your family safe online. Download.

Source:: Cisco Security Notice