Angler Lurking in the Domain Shadows
-
Upload
cisco-security -
Category
Technology
-
view
603 -
download
2
Transcript of Angler Lurking in the Domain Shadows
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2014 Cisco and/or its affiliates. All rights reserved.
Angler Lurking in the Domain Shadows
Evasion Evolution Exploit Kit Evolution
• Static IP Address • Reg istered Domains
• Fast Flux DNS • Dynamic DNS
Fast Flux DNS
A1.2.3.4
34.1
• Domain Shadowing 1.2
bad.domain.corn 4.1.2.3
4.3.2.2
cJecg
doj!Ul(l
s.JbOornalns
hpec:aDaJ nu£
IJIUW-.t:lf411,1UIIUI I
TaLOS Domain Shadowing
Hijacke Legit Domain II'
1 _ 176 .3L156.152 .-::: I[ ._,. 17fi 51
Protecting the customer
• Cisco AMP & Network Security IDS & NGFW detected and blocked immediately
• Defense-in-Depth is still best approach to protect your environment
• Expect this technique to increase in popularity
• For more information and posts visit
htt ://blo s.cisco.com/talos
'
TaLOS
Product • • • AMP cws ESA N/A
Netwo Security
WSA