Presented at
BSides Austin 2016,
April 1, 2016, 4 p.m.
(60 minutes).
Exploit kits are a well-known threat on the Internet that effectively targets users through malvertising and compromised websites. This threat indiscriminately targets both home and work users. Cisco Talos is constantly analyzing the functionality utilized by various exploit kits using massive data feeds that give us a unique insight into the constantly evolving threat landscape. Since the Angler Exploit kit is the most prolific exploit kit in operation today, we have done extensive analysis on how it operates and the various features it has incorporated to avoid detection. During this talk, I will perform a detailed analysis on the features incorporated into Angler that we have researched over the last year as well as our collaboration with Limestone networks to research and expose the entire back-end network used to serve Angler (a campaign that was conservatively earning over 30 Million dollars a year infecting users with the Cryptowall ransomware).
Presenters:
-
Earl Carter
Earl Carter has always had a passion for solving puzzles and understanding how things operate. Mr Carter quickly learned that identifying security weaknesses is just like solving puzzles. Almost 20 years ago, he was introduced to network security when he accepted a position at the Airforce Information Warfare center in San Antonio, Texas. In 1998, Mr Carter starting working Cisco and became one of the founding members on the Security Technology Assessment Team (STAT). After spending 15 years identifying new security threats and assisting product teams in hardening their devices and software to mitigate those identified security threats, Mr Carter became a Threat Researcher for Cisco Talos. Now he spends his time hunting for new threats against live customer networks by examining various intelligence feeds and data sources. Among Mr Carter's significant contributions to Cisco are multiple security patents and authoring three Cisco Press Security Books along with co-authoring three more Cisco Press Security Books.
Links:
Similar Presentations: