Infografia: Cisco presenta primer Firewall de próxima generación enfocado en amenazas
1
001101001 110001010 000100110 Analysis was conducted on 45 days worth of samples and clustered together based on a matching set of alert criteria. This process reduced more than 1 million detailed sample reports to just over 15 thousand sample clusters that exhibit similar behavior. ‘String of Paerls’ Integrated Threat Defense – Visibility to Discover and Protect Against Socially Engineered Exploits Executable calls out to 3 external domains Dropbox selombiznet.in londonpaerl.co.uk Word launches malicious macro executable AMP determined the Dropbox hosted files provide the payload and the two domains serve as command and control servers for the exploit AMP tools were used throughout the discovery and analysis processs to expose the exploit Further analysis of the attacker’s network provides telemetry tying multiple other malware exploits to the same attacker Email phishing campaign with a malicious Word invoice attachment undetected by traditional tools Source: research data gathered and analyzed by the Cisco Talos Security Intelligence and Research Group (Talos) ©2014 Cisco and/or its affilates. All rights reserved. blogs.cisco.com/security/a-string-of-paerls/ www.cisco.com/go/asafps For further reading: Real-time monitoring of londonpaerl.co.uk and selombiznet.in domain activity, directly tied to ‘String of Paerls’ attacker I N T E G R A TE D T H R E A T D E F E N S E ‘ N E E D L E I N A H A Y S T A C K ’ DISCOVERY 1 2 3 BIG DATA ANALYSIS RETROSPECTIVE
-
Upload
felipe-lamus -
Category
Technology
-
view
120 -
download
1
description
Cisco presenta primer Firewall de próxima generación enfocado en amenazas, Infografia
Transcript of Infografia: Cisco presenta primer Firewall de próxima generación enfocado en amenazas
001101001 110001010 000100110
Analysis was conducted on 45 days worth of samples and clustered together based on a matching set of alert criteria. This process reduced more than 1 million detailed sample reports to just over 15 thousand sample clusters that exhibit similar behavior.
‘String of Paerls’Integrated Threat Defense – Visibility to Discover and Protect Against Socially Engineered Exploits
Executable calls out to 3 external domains
Dropboxselombiznet.inlondonpaerl.co.uk
Word launches malicious macro
executable
AMP determined the
Dropbox hosted files provide the payload and the two domains serve as command and control servers
for the exploit
AMP tools were used throughout the
discovery and analysis processs to expose
the exploitFurther analysis of the attacker’s network
provides telemetry tying multiple other malware exploits to the same attacker
Email phishing campaign with a
malicious Word invoice attachment undetected
by traditional tools
Source: research data gathered and analyzed by the Cisco Talos Security Intelligence and Research Group (Talos)©2014 Cisco and/or its affilates. All rights reserved.
blogs.cisco.com/security/a-string-of-paerls/www.cisco.com/go/asafps
For further reading:
Real-time monitoring of londonpaerl.co.uk and selombiznet.in
domain activity, directly tied to ‘String of Paerls’
attacker
INTEGRATED THREAT DEFEN
SE
‘N
EEDLE IN A HAYSTACK’
DISCOVERY1 2 3BIG DATA ANALYSIS RETROSPECTIVE
