Cisco intercepts $30m a year hacking operation

In-depth data about the Angler Exploit used to prevent it from targeting thousands of users everyday

Cisco has stopped hackers using the Angler exploit malware tool targeting nearly 100,000 people per day, it has been revealed.

The company was able to dig deeper into the vulnerability via its collaboration with Level 3 Threat Research Labs. It used the expertise of one of its recent acquisitions, OpenDNS, so Cisco's Team Talos researchers could map the domains being used by malicious actors.

The company then implemented blocking and re-routing patches to navigate around the dangerous domains hackers were using to access software vulnerabilities in browsers and add-ons, such as Flash and Java, to install malware.

In addition to publishing indications of compromise (IoCs) helping companies analyse their networks to find where there could be holes for Angler exploit to operate, Cisco has also issued guidelines for vendors and other customers that could be targeted, advising them on how to protect themselves against the malware. However, security experts are sceptical this will stop the attacks.

"We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities," security expert Graham Cluley told the BBC.

Cisco has estimated the hackers were targeting 90,000 people a day, making around $30m (19.5m) using malvertising and ransomware to demand money. However, it has the potential to rob victims of more than $30m (40m) over a 12 month period.

The targets of the Angler exploit kit were customers of hosting provider Limestone Networks, which helped Cisco in its investigations.

Security expert Ken Munro said investigations like Cisco's are essential to stop threats like malware becoming more widespread.

"By analysing the data around Angler and finding critical compromised servers on the internet that the exploit needs to communicate with, it can be rendered powerless," he said.

"However, it will only temporarily disable those developing malware tools and it's a running battle that will continue in a slightly modified format."

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021