Cisco intercepts $30m a year hacking operation
In-depth data about the Angler Exploit used to prevent it from targeting thousands of users everyday
Cisco has stopped hackers using the Angler exploit malware tool targeting nearly 100,000 people per day, it has been revealed.
The company was able to dig deeper into the vulnerability via its collaboration with Level 3 Threat Research Labs. It used the expertise of one of its recent acquisitions, OpenDNS, so Cisco's Team Talos researchers could map the domains being used by malicious actors.
The company then implemented blocking and re-routing patches to navigate around the dangerous domains hackers were using to access software vulnerabilities in browsers and add-ons, such as Flash and Java, to install malware.
In addition to publishing indications of compromise (IoCs) helping companies analyse their networks to find where there could be holes for Angler exploit to operate, Cisco has also issued guidelines for vendors and other customers that could be targeted, advising them on how to protect themselves against the malware. However, security experts are sceptical this will stop the attacks.
"We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities," security expert Graham Cluley told the BBC.
Cisco has estimated the hackers were targeting 90,000 people a day, making around $30m (19.5m) using malvertising and ransomware to demand money. However, it has the potential to rob victims of more than $30m (40m) over a 12 month period.
The targets of the Angler exploit kit were customers of hosting provider Limestone Networks, which helped Cisco in its investigations.
Security expert Ken Munro said investigations like Cisco's are essential to stop threats like malware becoming more widespread.
"By analysing the data around Angler and finding critical compromised servers on the internet that the exploit needs to communicate with, it can be rendered powerless," he said.
"However, it will only temporarily disable those developing malware tools and it's a running battle that will continue in a slightly modified format."
The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks
Business benefits and cost savings enabled by IBM Turbonomic Application Resource ManagementFree Download
The Total Economic Impact™ of IBM Watson Assistant
Cost savings and business benefits enabled by Watson AssistantFree Download
The field guide to application modernisation
Moving forward with your enterprise application portfolioFree Download
AI for customer service
Discover the industry-leading AI platform that customers and employees want to useFree Download