Cisco intercepts $30m a year hacking operation
In-depth data about the Angler Exploit used to prevent it from targeting thousands of users everyday
Cisco has stopped hackers using the Angler exploit malware tool targeting nearly 100,000 people per day, it has been revealed.
The company was able to dig deeper into the vulnerability via its collaboration with Level 3 Threat Research Labs. It used the expertise of one of its recent acquisitions, OpenDNS, so Cisco's Team Talos researchers could map the domains being used by malicious actors.
The company then implemented blocking and re-routing patches to navigate around the dangerous domains hackers were using to access software vulnerabilities in browsers and add-ons, such as Flash and Java, to install malware.
In addition to publishing indications of compromise (IoCs) helping companies analyse their networks to find where there could be holes for Angler exploit to operate, Cisco has also issued guidelines for vendors and other customers that could be targeted, advising them on how to protect themselves against the malware. However, security experts are sceptical this will stop the attacks.
"We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities," security expert Graham Cluley told the BBC.
Cisco has estimated the hackers were targeting 90,000 people a day, making around $30m (19.5m) using malvertising and ransomware to demand money. However, it has the potential to rob victims of more than $30m (40m) over a 12 month period.
The targets of the Angler exploit kit were customers of hosting provider Limestone Networks, which helped Cisco in its investigations.
Security expert Ken Munro said investigations like Cisco's are essential to stop threats like malware becoming more widespread.
"By analysing the data around Angler and finding critical compromised servers on the internet that the exploit needs to communicate with, it can be rendered powerless," he said.
"However, it will only temporarily disable those developing malware tools and it's a running battle that will continue in a slightly modified format."
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now