This new year of 2016 is a new year for cyber-security too, Terry Greer-King, director of cyber-security for UK and Ireland at Cisco, told SCMagazineUK.com.
Speaking about the release of Cisco's new Annual Security Report, Greer-King told SC of a number of interesting developments which feature in this year's edition.
Collaboration within the industry, perhaps strange for such a competitive place, seems to be going strong. Greer-King told SC, “We're collaborating with lots of people across the whole industry – some might be viewed as competitors. There is information being shared across police authorities, across other business users, across consulting practices. It seems that there are lot of people collaborating to protect us good guys against the bad guys.”
Cisco's report points to two of its own examples in 2015. Together with Level 3 Threat Research Labs, Cisco successfully weakened SSH Psychos, also known as Group 93, one of the largest DDoS botnets around. Perhaps the larger example is Cisco's ‘sidelining' of the infamous Angler Exploit kit, a feat it might not have been able to pull off without the assistance of colleagues and competitors.
The Angler Exploit Kit, well document by SC and carrying a reputation that keeps CISOs awake late into the night, has caused plenty of havoc and pain for enterprises as well as Joe Public in the past year. In short, it's one of the most effective, easy to use and lucrative exploit kits around, with novice cyber-criminals being able to purchase software like this off the shelf.
One particular campaign that Cisco spotted, the largest of its type in the United States, could have been raking in £42 million annually. This campaign, as it happened, was running its scams through servers operated by legitimate hosts like Limestone Networks and Hetzner. These two hosts, without their knowledge, operated servers that accounted for 75 percent of Angler related traffic in July 2015.
As it happens, Limestone had been dealing with an inordinate amount of credit card chargebacks because scammers were using false credit cards and identities to purchase the servers which they ran the Angler EK through, so Limestone Networks was more than happy to help.
The Angler campaign had spread through these servers far and wide. The report notes: “Researchers observed popular websites redirecting users to the Angler exploit kit through malvertising.”
The false ads were found on hundreds of high traffic sites including news, real estate and popular culture websites. There was even Angler malvertising spread to an obituary in a small town's newspaper in the rural United States which researchers believe was an attempt to ensnare elderly people in the Angler's trap. Ultimately, Cisco and collaborators found more than 15,000 unique sites redirecting people to the Angler EK.
By partnering with Limestone and Level 3 Threat Research Labs, Cisco managed to cull much of the malvertising by not only figuring out how the Angler campaign worked but by monitoring new servers. The effort resulted not only in the Angler Kit adversaries fleeing from Limestone Networks servers but a worldwide decrease in Angler activity.
The report notes, “Industry collaboration was a critical component in Cisco's ability to investigate the Angler exploit kit activity. Ultimately, it helped stop redirects to the Angler proxy servers on a US service provider and bring awareness to a highly sophisticated cyber-crime operation that was affecting thousands of users every day.”