Cisco offers free help to rid hosting providers of major malware stores

In the war against cyber attackers, Cisco Systems is offering service providers a new weapon: Free help.

For a small number of Internet hosting providers whose physical or virtual servers are being unwittingly used to host massive malware attacks the company’s Talos security group will help them purge systems.

Called Project Aspis — an aspis is a wood shield used by Greek soldiers — Talos staff will share expertise and resources including network and systems forensics, reverse engineering, threat intelligence sharing and, if necessary a dedicated research engineer.

Providers don’t have to be Cisco customers.

The project has already had one success, ridding Limestone Networks, a Dallas-based cloud hosting service of someone using its servers to distribute the Angler ransomware exploit kit.

The threat actor was costing Limestone about $10,000 USD a month in fraudulent charges, plus wasted engineering time and the overhead of managing the abuse tickets, Cisco said — not to mention the mess caused to victims.

Talos and Limestone were able to rapidly identify and terminate servers being used, and eventually the person behind the scheme gave up there.

“The problem we had is that providers will unknowingly sell a box (server) to a bad guy, who will inevitably end up not paying, or buy the box with a stolen credit card,” Craig Williams, a Talos senior technical leader said in an interview. “Meanwhile our customers are attacked from the provider. We can go to the provider, who will then turn the box off and act responsibly, but the goal of Project Aspis is to take that to the next level — to help us find the providers that have been targeted by these organized threat actors and take down those networks faster.”

Williams made it clear that providers who are eligible for help under the project have to show their service is inadvertently hosting more than just an exploit kit or two. This is meant to take down the biggest of the bad.

“Obviously we have a limited amount of resources, so we want to  make sure we get the biggest benefit to our customers on the rest of the Internet.”

The program is “really a prototype to see if we can start knocking down these servers faster than we were before,” he said. “If you’re suffering high monetary impact and causing high monetary impact to other people we want to help you. At the end of the day we want to cripple the ability of the bad guys to make money off our customers and other victims on the Internet.”

However, the world is a big place. The threat actor that used Limestone had more than one outlet. Williams said making it uncomfortable for them at Limestone merely cut their activity by 50 per cent. But Cisco [Nasdaq: CSCO] is sharing its intel with others.

“I’m optimistic that by the end of the month using all the data that we published other providers and the rest of the Internet will make a significant dent in the rest of the traffic.”

Providers wanting to apply to Project Aspis should email project-aspis@external.cisco.com and include contact information, a description of the situation including any forensic information and indicators of compromise.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now