Tag: cisco
-
VB2018 paper: Who wasn’t responsible for Olympic Destroyer?
It may be hard to believe, but it was only eight months ago that the 2018 PyeongChang Winter Olympic Games were targeted by malware named Olympic Destroyer. Though not the first time the Olympic Games had been the target of malware, Olympic Destroyer, as its name suggests, did appear to be destructive in nature. Cisco…
-
VB2018 paper: Who wasn’t responsible for Olympic Destroyer?
It may be hard to believe, but it was only eight months ago that the 2018 PyeongChang Winter Olympic Games were targeted by malware named Olympic Destroyer. Though not the first time the Olympic Games had been the target of malware, Olympic Destroyer, as its name suggests, did appear to be destructive in nature. Cisco…
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
VB2017 preview: Beyond lexical and PDNS (guest blog)
In this special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday. In the past decade, detection of DGA (Domain Generation Algorithm) domains has relied primarily on lexical analysis of domain names, tracking of NX (non-resolving) domains, and malware…
-
VB2017 preview: Beyond lexical and PDNS (guest blog)
In this special guest blog post, VB2017 Silver sponsor Cisco Umbrella writes about a paper that researchers Dhia Mahjoub and David Rodriguez will present at the conference this Friday. In the past decade, detection of DGA (Domain Generation Algorithm) domains has relied primarily on lexical analysis of domain names, tracking of NX (non-resolving) domains, and malware…
-
Malicious CCleaner update points to a major weakness in our infrastructure
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…
-
Malicious CCleaner update points to a major weakness in our infrastructure
For the security community, 2017 might well be called the year of the update: two of the biggest security stories – the WannaCry outbreak and the Equifax breach – involved organizations being hit badly as a consequence of not having installed (security) updates, while another major story, that of (Not)Petya , concerned a threat that…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…
-
Research paper shows it may be possible to distinguish malware traffic using TLS
Researchers at Cisco have published a paper ( PDF ) describing how it may be possible to use machine learning to distinguish malware command-and-control (C&C) traffic using TLS from regular enterprise traffic, and to classify malware families based on their encrypted C&C traffic. The need for malware to communicate with its operators, so that it…