cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

Cognitive Release Note, July 2019: Usability Improvements, and new Confirmed Threat types

444
Views
0
Helpful
0
Comments
Cisco Employee

User Experience Enhancements

Expansion of Activity Descriptions

Activity Descriptions provide more context and help with understanding and security implications of suspicious Activities. With this update, we are expanding the coverage to a vast majority of Activities in our catalog.activity descriptions.png

 

New Confirmed Threats

In July, Cognitive Intelligence in cooperation with Cisco Talos focused on high-risk threats observable in our telemetry. Thanks to the improvement made to our Machine Learning Cybersecurity Platform (see Machine Learning Backend Improved) we have added 8 net-new Confirmed Threat types (see the list below) and increased coverage for a bigger variety of previously existing Confirmed Threats.

CTAL0155.png

Sample finding of Ponystealer trojan (Confirmed Threat ID CTAL0155)

List of new Confirmed Threat types in July:

Confirmed Threat ID Name Category Risk Description
CTAL0059 Neutrino banking trojan High Neutrino malware targets point of sale (PoS) terminals. This family is known for using anti-sandbox techniques to hinder automatic analysis.
CTAL0097 Trickbot banking trojan High Trickbot (aka Trickster) banking Trojan targeting sensitive information for select financial institutions, frequently distributed through malicious spam campaigns.
CTAL0155 Ponystealer information stealer High Ponystealer Trojan which is known to be able to steal credentials from over 100 different applications and may also install other malware such as a remote access trojan (RAT).
CTAL0051 Unsafe trojan High Unsafe that is a Windows trojan. Collects system information, downloads/uploads files and drops additional payload.
CTAL0056 Quackbot information stealer High Qakbot Trojan malware family which targets Windows OS, may have rootkit capability, can spread through network shared drives and removable storage devices. Threat may open a backdoor to track user activity, steal data and device information, or download malicious code.
CTAL0042 MSILPerseus information stealer High MSILPerseus Trojan steals information and passwords from infected devices, has backdoor capabilities, and can deliver additional malware.
CTAL0041 Khalesi information stealer High Khalesi is capable of stealing credentials stored in common browsers, cryptocurrency wallets and data from messaging apps (such as Skype and Telegram). Usually delivered through exploit kits and spam emails.

 

Miscellaneous Improvements

Auto-cleanup of incomplete incidents

We have identified a usability problem in the life cycle of Incidents. It could happen that due to the timeout of key suspicious activities that form an Incident, some Incidents could become obsolete yet still displayed in the user interface but missing the proof points in the form of suspicious activities. The incidents with expired anomalous activities are now automatically cleared.


Leveraging Cognitive Intelligence

Cognitive Intelligence capabilities are available to AMP customers with a compatible web proxy such as the Cisco Web Security Appliance, and all Stealthwatch Enterprise customers. Reach out to your account executive to learn how to turbocharge your existing cybersecurity investment with Cognitive.