Talos ThreatSource is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Welcome to this week’s ThreatSource newsletter — the perfect place to get caught up on all things Talos from the past week.
If you still haven’t gotten a chance to read about VPNFilter, which we first wrote about last week, we urge you to do so here. As a result of this campaign, the FBI is urging all internet users to reset their router.
The Beers with Talos podcast this week dives even deeper into VPNFilter, discussing why we chose to publish our research when we did, and where to go from here. There’s an in-depth overview of the malware itself. Listen to it here.
In case you missed it, we also have a new Threat Roundup now, which covers the most prevalent malware we’ve seen — outside of VPNFilter. You can read that here.
If you want to see one of our researchers out and about, be sure to check below for upcoming public engagements where Talos will be represented.
Location: CircleCityCon 5.0 in Indianapolis, Indiana
Synopsis: In today's world, online crime is currently being primarily run through extortion via ransomware. Times are changing, and the business models for these types of malware are changing along with it. The rise of ransomware has paralleled a rise in the value of cryptocurrencies. The two are not necessarily connected — but the impact has been.
Event name: Cisco Live! Location: Orange County Convention Center in Orlando, Florida
Synopsis: Join leaders from Cisco and Talos for a week of learning, new experiences and face-to-face time with our engineers. Craig Williams, the director of Talos Global Outreach, will be leading a session in the security track on the current cyber security landscape. There will also be a recording of a live Beers with Talos episode on June 12 at 4 p.m., in the main hall balcony Cisco TV studio. The Talos Threat Research Summit and Happy Hour are sold out on June 10, but you can still follow along on the Talos and Cisco Security Twitter channels.
Event name: “The Destructive Menace of Wiper Malware” Location: Security Interest Group Switzerland Technology Conference in Regensdorf, Switzerland
Synopsis: The recent Olympic Destroyer and Nyetya (NotPetya) attacks have emphasized the destructive effects of wiper malware. Organizations need to be aware of the nature of such malware, not only because they may be targeted by such attacks, but because they may become collateral damage as part of an attack against a third party. Lee will explore how wiper malware has developed over time, how attacks may meet the objectives of threat actors, and how organizations need to consider their security posture in order to detect and block such attacks.
Description: A new malware known as “Vega Stealer” is targeting saved login and credit card information on the Chrome and Firefox browsers. Vega is a variant of August Stealer, which was first discovered in December 2016.