Cisco intercepts $30m a year hacking operation
In-depth data about the Angler Exploit used to prevent it from targeting thousands of users everyday
Cisco has stopped hackers using the Angler exploit malware tool targeting nearly 100,000 people per day, it has been revealed.
The company was able to dig deeper into the vulnerability via its collaboration with Level 3 Threat Research Labs. It used the expertise of one of its recent acquisitions, OpenDNS, so Cisco's Team Talos researchers could map the domains being used by malicious actors.
The company then implemented blocking and re-routing patches to navigate around the dangerous domains hackers were using to access software vulnerabilities in browsers and add-ons, such as Flash and Java, to install malware.
In addition to publishing indications of compromise (IoCs) helping companies analyse their networks to find where there could be holes for Angler exploit to operate, Cisco has also issued guidelines for vendors and other customers that could be targeted, advising them on how to protect themselves against the malware. However, security experts are sceptical this will stop the attacks.
"We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities," security expert Graham Cluley told the BBC.
Cisco has estimated the hackers were targeting 90,000 people a day, making around $30m (19.5m) using malvertising and ransomware to demand money. However, it has the potential to rob victims of more than $30m (40m) over a 12 month period.
The targets of the Angler exploit kit were customers of hosting provider Limestone Networks, which helped Cisco in its investigations.
Security expert Ken Munro said investigations like Cisco's are essential to stop threats like malware becoming more widespread.
"By analysing the data around Angler and finding critical compromised servers on the internet that the exploit needs to communicate with, it can be rendered powerless," he said.
"However, it will only temporarily disable those developing malware tools and it's a running battle that will continue in a slightly modified format."
B2B under quarantine
Key B2C e-commerce features B2B need to adopt to surviveDownload now
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service managementDownload now
The five essentials from your endpoint security partner
Empower your MSP business to operate efficientlyDownload now
How fashion retailers are redesigning their digital future
Fashion retail guideDownload now