IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cisco intercepts $30m a year hacking operation

In-depth data about the Angler Exploit used to prevent it from targeting thousands of users everyday

Cisco has stopped hackers using the Angler exploit malware tool targeting nearly 100,000 people per day, it has been revealed.

The company was able to dig deeper into the vulnerability via its collaboration with Level 3 Threat Research Labs. It used the expertise of one of its recent acquisitions, OpenDNS, so Cisco's Team Talos researchers could map the domains being used by malicious actors.

The company then implemented blocking and re-routing patches to navigate around the dangerous domains hackers were using to access software vulnerabilities in browsers and add-ons, such as Flash and Java, to install malware.

In addition to publishing indications of compromise (IoCs) helping companies analyse their networks to find where there could be holes for Angler exploit to operate, Cisco has also issued guidelines for vendors and other customers that could be targeted, advising them on how to protect themselves against the malware. However, security experts are sceptical this will stop the attacks.

"We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities," security expert Graham Cluley told the BBC.

Cisco has estimated the hackers were targeting 90,000 people a day, making around $30m (19.5m) using malvertising and ransomware to demand money. However, it has the potential to rob victims of more than $30m (40m) over a 12 month period.

The targets of the Angler exploit kit were customers of hosting provider Limestone Networks, which helped Cisco in its investigations.

Security expert Ken Munro said investigations like Cisco's are essential to stop threats like malware becoming more widespread.

"By analysing the data around Angler and finding critical compromised servers on the internet that the exploit needs to communicate with, it can be rendered powerless," he said.

"However, it will only temporarily disable those developing malware tools and it's a running battle that will continue in a slightly modified format."

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022