Cisco Talos and the World’s Largest Hub of Cyber Crime Intelligence


May 3, 2016

We often marvel at the speed of innovation in the technology industry. A mere ten years ago, video on a cell phone was brand new. Today, it is a standard feature. Ten years from now, the all flash storage and cloud computing potential that so excites us will be refined, developed, and perhaps even replaced by a more effective solution.

The dynamic that is often overlooked is that the hacking industry is just as innovative and advances just as quickly as the rest of the technology world. One serious difference, however, is that for every security professional working to safeguard our data there are between three and five hackers working to exploit it.

Here are just a few startling facts about the security industry:


In this cat and mouse climate where no single product or strategy will completely protect an environment, the only way to combat these threats is through constant intelligence gathering. Security professionals need a window into who is making these attacks and how they are carried out. Only with that information, can we seriously work to stop it.

Cisco formed Talos to collect and analyze a pool of data on a massive scale to give security developers a new weapon to combat cyber-attacks.


Cisco Talos:
The Center of the Security Ecosystem

Cisco Talos is the world’s largest and most accurate hub of global threat intelligence. It is staffed by a team of leading threat researchers and supported by advanced analytical technology. Talos gathers information after cyber-attacks, surveys a large swath of the public internet to learn how these threats operate, and thereby develop solutions to prevent them in the future.

The scale of this operation cannot be overstated. It is literally an awesome enterprise with a noble purpose.

  • 1.36 Million Global Sensors
  • 100TB of Data Received Per Day
  • >150 Million Deployed Endpoints
  • >600 Engineers, Technicians, and Researchers
  • 35% of the World’s Email Traffic Surveyed
  • 13 Billion Web Requests
  • 24x7x365 Operations
  • >40 Languages


“Cisco is completely committed to the Security space. I mean, we are driving to be the number one IT vendor, and to do that, we need to be the number one security vendor. “
—     David Goeckeler, SVP & GM
Security Business Group


Talos in Action:
SamSam Ransomware Attacks

Cisco publishes a regular blog that showcases the observations and achievements of the Talos team to raise awareness of current security threats. Often, they will report on specific attack strategies they have uncovered.

Recently, the Talos Blog reported on the SamSam ransomware campaign. Ransomware is a kind of attack which will lock, block, or obstruct portions of an infected computer until a certain amount of money is paid. Normally, these attacks begin with a phishing attempt or by using the preloaded codes to breach networks found in an exploit kit—SamSam differentiates itself from other ransomware attacks by moving throughout the system in an alternative way. This ransomare first infects a single server then uses that server as a basecamp to move laterally throughout the environment and lock any other machine it can access.

Recently, Talos received information from the Cisco Incident Response (IR) team that lead to a discovery. Vectors in the JBoss application servers of a client environment were used as the initial point of entry for an attack, but as Talos continued to dig, they found that problem goes deeper.

  • Talos scanned the internet for other machines potentially vulnerable to this attack
    • They found approximately 3.2 Million machines
  • Next, Talos scanned for machines that were already infected and awaiting the ransomware attack.
    • They found 2,100 backdoors in over 1,600 IP addresses
    • That list included schools, governments, aviation companies, and more

Since then, Talos has been working to contact and notify each infected organization and derive ways to close these different backdoors.


Follett “Destiny” Software

One commonality among many of the infected environments was the Follett “Destiny” software, a Library Management application that tracks school library books or other assets. After Talos contacted Follett, the two groups worked together to address the problem. Follett released a patch for versions 9.0 – 13.5 which would close this loophole and eliminate the vulnerability.


Knowledge is Power

There is a saying in the security industry, “A security developer needs to be right 100% of the time, but a hacker only needs to be right once.” As our culture becomes more integrated with our digital systems, the stakes are only going to increase. Talos is a step in the right direction. We have developed the tools to analyze huge swaths of data all at once. If we can use that information to learn from our mistakes and avert the next breach, we can strengthen our community as a whole.


Download our Guide to Security in the Cloud

To protect the cloud, you need a solution designed for the cloud. On-prem legacy security is not an ideal strategy to protect your cloud-hosted data and applications. Learn how Security as a Service in our free guide, “Security in the Cloud: Protecting Your Environment Beyond the Edge.”

Like what you read? 


About Mindsight

Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.

Contact Us

For Further Reading:

Talos Confirms NotPetya Was Built for Destruction

Related Articles

View All Blog Posts

Contact Us
close slider


Fill out the form below to get the answers you need from one of Mindsight's experts.

hbspt.forms.create({ portalId: "99242", formId: "dfd06c5c-0392-4cbf-b2cb-d7fb4e636b7f" });