While AI presents endless new opportunities — it also introduces a whole array of new threats. Generative AI allows malicious actors to create deepfakes and fake websites, send spam, and even impersonate your friends and family. This post covers how neural networks are being used for scams and phishing, and, of course, we’ll share tips on how to stay safe. For a more detailed look at AI-powered phishing schemes, check out the full report on Securelist.

Pig butchering, catfishing, and deepfakes

Scammers are using AI bots that pretend to be real people, especially in romance scams. They create fabricated personas and use them to communicate with multiple victims simultaneously to build strong emotional connections. This can go on for weeks or even months, starting with light flirting and gradually shifting to discussions about “lucrative investment opportunities”. The long-term personal connection helps dissolve any suspicions the victim might have, but the scam, of course, ends once the victim invests their money in a fraudulent project. These kinds of fraudulent schemes are known as “pig butchering”, which we covered in detail in a previous post. While they were once run by huge scam farms in Southeast Asia employing thousands of people, these scams now increasingly rely on AI.

Neural networks have made catfishing — where scammers create a fake identity or impersonate a real person — much easier. Modern generative neural networks can imitate a person’s appearance, voice, or writing style with a sufficient degree of accuracy. All a scammer needs do is gather publicly available information about a person and feed that data to the AI. And anything and everything can be useful: photos, videos, public posts and comments, information about relatives, hobbies, age, and so on.

So, if a family member or friend messages you from a new account and, say, asks to lend them money, it’s probably not really your relative or friend. In a situation like that, the best thing to do is reach out to the real person through a different channel — for example, by calling them — and ask them directly if everything’s okay. Asking a few personal questions that a scammer wouldn’t be able to find online or even in your past messages is another smart thing to do.

But convincing text impersonation is only part of the problem — audio and video deepfakes are an even bigger threat. We recently shared how scammers use deepfakes of popular bloggers and crypto investors on social media. These fake celebrities invite followers to “personal consultations” or “exclusive investment chats”, or promise cash prizes and expensive giveaways.

And why wouldn’t Jennifer Aniston be giving away a MacBook?

Social media isn’t the only place where deepfakes are being used, though. They’re also being generated for real-time video and audio calls. Earlier this year, a Florida woman lost US$15,000 after thinking she was talking to her daughter, who’d supposedly been in a car accident. The scammers used a realistic deepfake of her daughter’s voice, and even mimicked her crying.

Experts from Kaspersky’s GReAT found offers on the dark web for creating real-time video and audio deepfakes. The price of these services depends on how sophisticated and long the content needs to be — starting at just US$30 for voice deepfakes and US$50 for videos. Just a couple of years ago, these services cost a lot more — up to US$20 000 per minute — and real-time generation wasn’t an option.

The listings offer different options: real-time face swapping in video conferences or messaging apps, face swapping for identity verification, or replacing an image from a phone or virtual camera.

Scammers also offer tools for lip-syncing any text in a video — even in foreign languages, as well as voice cloning tools that can change tone and pitch to match a desired emotion.

However, our experts suspect that many of these dark-web listings might be scams themselves — designed to trick other would-be scammers into paying for services that don’t actually exist.

How to stay safe

• Don’t trust online acquaintances you’ve never met in person. Even if you’ve been chatting a while and feel like you’ve found a “kindred spirit”, be wary if they bring up crypto, investments, or any other scheme that requires you to send them money.
• Don’t fall for unexpected, appealing offers seemingly coming from celebrities or big companies on social media. Always go to their official accounts to double-check the information. Stop if at any point in a “giveaway”, you’re asked to pay a fee, tax, or shipping cost, or to enter your credit card details to receive a cash prize.
• If friends or relatives message you with unusual requests, contact them through a different channel such as telephone. To be safe, ask them about something you talked about during your latest real-life conversation. For close friends and family, it’s a good idea to agree on a code word beforehand that only the two of you know. If you share your location with each other, check it and confirm where the person is. And don’t fall for the “hurry up” manipulation — the scammer or AI might tell you the situation is urgent and they don’t have time to answer “silly” questions.
• If you have doubts during a video call, ask the person to turn their head sideways or make a complicated hand movement. Deepfakes usually can’t fulfill such requests without breaking the illusion. Also, if the person isn’t blinking, or their lip movements or facial expressions seem strange, that’s another red flag.
• Never dictate or otherwise share bank-card numbers, one-time codes, or any other confidential information.

An example of a deepfake falling apart when the head turns. Source

Automated calls

These are an efficient way to trick people without having to talk with them directly. Scammers are using AI to make fake automated calls from banks, wireless carriers, and government services. On the other end of the line is just a bot pretending to be a support agent. It feels real because many legitimate companies use automated voice assistants. However, a real company will never call you to say your account was hacked or ask for a verification code.

If you get a call like this, the key thing is to stay calm. Don’t fall for scare tactics like “a hacked account” or “stolen money”. Just hang up, and use the official number on the company’s website to call the genuine company. Keep in mind that modern scams can involve multiple people who pass you off from one to another. They might call or text from different numbers and pretend to be bank employees, government officials, or even the police.

Phishing-susceptible chatbots and AI agents

Many people now prefer to use chatbots like ChatGPT or Gemini instead of familiar search engines. What could be the risks, you might ask? Well, large language models are trained on user data, and popular chatbots have been known to suggest phishing sites to users. When they perform web searches, AI agents connect to search engines that can also contain phishing links.

In a recent experiment, researchers were able to trick the AI agent in the Comet browser by Perplexity with a fake email. The email was supposedly from an investment manager at Wells Fargo, one of the world’s largest banks. The researchers sent the email from a newly created Proton Mail account. It included a link to a real phishing page that had been active for several days but was yet to be flagged as malicious by Google Safe Browsing. While going through the user’s inbox, the AI agent marked the message as a “to-do item from the bank”. Without any further checks, it followed the phishing link, opened the fake login page, and then prompted the user to enter their credentials; it even helped fill out the form! The AI essentially vouched for the phishing page. The user never saw the suspicious sender’s email address or the phishing link itself. Instead, they were immediately taken to a password entry page given by the “helpful” AI assistant.

In the same experiment, the researchers used the AI-powered web development platform Loveable to create a fake website that mimicked a Walmart store. They then visited the site in Comet — something an unsuspecting user could easily do if they were fooled by a phishing link or ad. They asked the AI agent to buy an Apple Watch. The agent analyzed the fake site, found a “bargain”, added the watch to the cart, entered the address and bank card information stored in the browser, and completed the “purchase” without asking for any confirmation. If this had been a real fraudulent site, the user would have lost a chunk of change while they served their banking details on a silver platter to the scammers.

Unfortunately, AI agents currently behave like naive newcomers on the Web, easily falling for social engineering. We’ve talked in detail before about the risks of integrating AI into browsers and how to minimize them. But as a reminder, to avoid becoming the next victim of an overly trusting assistant, you should critically evaluate the information it provides, limit the permissions you give to AI agents, and install a reliable security solution that will block access to malicious sites.

AI-generated phishing websites

The days of sketchy, poorly designed phishing sites loaded with intrusive ads are long gone. Modern scammers do their best to create realistic fakes which use the HTTPS protocol, show user agreements and cookie consent warnings, and have reasonably good designs. AI-powered tools have made creating such websites much cheaper and faster, if not nearly instantaneous. You might find a link to one of these sites anywhere: in a text message, an email, on social media, or even in search results.

Credential input forms on scam sites imitating Tesla and Pantene

How to spot a phishing site

• Check the URL, title, and content for typos.
• Find out how long the website’s domain has been registered. You can check this here.
• Pay attention to the language. Is the site trying to scare or accuse you? Is it trying to lure you in, or rushing you to act? Any emotional manipulation is a big red flag.
• Enable the link-checking feature in any of our security solutions.
• If your browser warns you about an unsecured connection, leave the site. Legitimate sites use the HTTPS protocol.
• Search for the website name online and compare the URL you have with the one in the search results. Be careful, as search engines might show sponsored phishing links at the top of the page. Make sure there is no “Ad” or “Sponsored” label next to the link.

Read more about using AI safely:

• How Meta’s social networks became a platform for investment scams
• You’re in for a big payout again
• Trojans masquerading as DeepSeek and Grok clients
• How fraudsters bypass customer identity verification using deepfakes
• Don’t believe your ears: voice deepfakes

Kaspersky official blog – ​Read More

The misconception that “we’re too small to be a target” is becoming less common these days. The numerous supply-chain attacks in recent years have shown that you don’t have to be the attackers’ ultimate target to face a sophisticated attack — all it takes is to have a major client or partner, or simply a broad customer base. That’s why many small and mid-sized businesses (SMBs) have long since adopted EDR solutions. Fortunately, the market offers modern EDR products that are accessible even to small companies and which aren’t particularly difficult to manage.

But is EDR functionality enough for your needs — or is it time to start considering XDR? To answer that, you need to ask yourself four more questions.

Is your cybersecurity team coping with the volume of alerts?

Any cybersecurity employee using an EDR console has to process an enormous number of endpoint alerts. A single incident can trigger hundreds of similar alerts; for example, when the same malicious file is detected on a hundred different endpoints. Each of these alerts consumes the time and attention of the cybersecurity specialist. This repetitive, exhausting work is a major cause of security team burnout.

With Kaspersky Next XDR Optimum, related alerts are grouped together, allowing operators to instantly see a more complete picture of the incident. Response actions can also be applied to all similar alerts with a single click instead of handling them one by one. This reduces the team’s workload and significantly cuts incident response time.

Do your experts have enough time to investigate incidents?

Let’s say your EDR solution detects malicious activity on one of your workstations. The logical response for an EDR operator is to isolate the device and thoroughly investigate it. But this takes time, and given a serious incident, time is the one thing you don’t have. First, it may not be immediately clear at what stage the attack was detected. The attackers may have already gained access to other endpoints. Second, a huge number of today’s attacks take place because of compromised corporate credentials. The operator can’t know whether an employee inadvertently opened a malicious email attachment — or whether an outsider logged in as that employee to attack the infrastructure. And if it’s the latter, they may try to gain access with the same username and password somewhere else.

Next XDR Optimum allows you to block users directly in Active Directory right from the alert card. This helps contain the attack, limit potential damage, and buy valuable time for a more thorough investigation.

Does your cybersecurity team have enough context when responding to threats?

An EDR alert tells the operator that a malicious file has been detected on a workstation so that they can start taking defensive actions. But sometimes that’s not enough. A malicious file might be just one part of a larger attack that would require a deeper investigation to detect and counter.

Next XDR Optimum gives operators access to the Kaspersky Cloud Sandbox, where suspicious files can be uploaded to an isolated cloud environment and safely analyzed to see what they actually do. The system helps create an indicator of compromise — allowing for a quick scan of the infrastructure for the same threat on other endpoints.

Are your employees sufficiently aware of cyberthreats?

Returning to the issue of alert overload: cybersecurity specialists working with an EDR system while investigating an incident sometimes find that the cause of the alert was human error — someone opened a malicious attachment in an email, or followed a link to a phishing web page. Experience shows that raising employee awareness significantly reduces the workload on cybersecurity teams in general, and the alert volume in particular. For this purpose, a well-designed educational program is more effective than lectures and occasional reminders.

This benefit isn’t directly related to XDR functionality; however, each Kaspersky Next XDR Optimum license includes targeted Kaspersky Security Awareness training for employees most likely to cause high-impact incidents (executives, members of finance teams, privileged users, and anyone who’s previously been a victim of social engineering). But most importantly, Next XDR Optimum allows the cybersecurity specialist to assign a relevant course to a user directly from the alert card — without interrupting the incident response. Experience shows that lessons learned immediately after a fail that caused an incident are particularly memorable and useful and so help prevent the same mistake being made again in the future.

If your cybersecurity team feels overwhelmed by alerts, or needs more management tools and threat context, it’s worth considering a move over to Kaspersky XDR Optimum. Migrating from Kaspersky EDR Optimum to XDR Optimum doesn’t require additional resources for deployment or staff retraining. And the slight increase in cost is far outweighed by the significant improvement in your company’s infrastructure security.

Kaspersky official blog – ​Read More

Our blog has covered vulnerabilities in some unusual gadgets — from smart mattress covers and robot vacuums to traffic signal audio buttons, children’s toys, pet feeders, and even bicycles. But the case we’re discussing today might just be the most… exotic yet. Recently, cybersecurity researchers uncovered two extremely serious vulnerabilities in the remote control apps for… Lovense sex toys.

Everything about this story is wild: the nature of the vulnerable gadgets, the company’s intention to take 14 months (!) to fix the problems, and the scandalous details that emerged after researchers published their findings. So let’s… get stuck straight in to right into this tale, which is as absurd as it is fantastic.

The Lovense online ecosystem

The first thing that makes this story so unusual is that Lovense, a maker of intimate toys, caters to both long-distance couples and cam models (human models that use webcams) working on streaming platforms.

To control devices and enable user interaction, the company has developed an entire suite of software products tailored for a variety of scenarios:

• Lovense Remote: the main mobile app for controlling intimate devices.
• Lovense Connect: a companion app that acts as a bridge between Lovense devices and other apps or online services. It’s installed on a smartphone or computer and allows a toy to connect via Bluetooth, and then relays control commands from external sources.
• Lovense Cam Extension: a browser extension for Chrome and Edge that links Lovense devices with streaming platforms. It’s used with the Lovense Connect app and the OBS Toolset streaming software for interactive control during live broadcasts.
• Lovense Stream Master: an all-in-one app for streamers and cam models combining device control features with live streaming functionality.
• Cam101: Lovense’s online educational platform for models working on streaming sites.

Of course, this whole setup also includes APIs, SDKs, an internal platform for mini-apps, and more. In short, Lovense isn’t just about internet-connected intimate toys — it’s a full-fledged ecosystem.

UI of the Stream Master app, which combines device management and video streaming. Source

If you create an account in the Lovense infrastructure, you’re required to provide an email address. Whereas some services offer the option to sign in with Google or Apple, an email address is the primary sign-up method for a Lovense account. This detail might seem insignificant, but it’s at the core of the vulnerabilities that were discovered.

Two vulnerabilities in Lovense online products

So, how did this all unfold? In late July 2025, a researcher known as BobDaHacker published on his blog a detailed post about two vulnerabilities in Lovense’s online products. Many of the products (including Lovense Remote) have social-interaction features. These features allow users to chat, add friends, send requests and subscribe to other users, including people they don’t know.

While using the social-interaction features of one of the Lovense apps, BobDaHacker spotted the first vulnerability: when he disabled notifications from another user, the app sent an API request to the Lovense server. After examining the body of this request, BobDaHacker was surprised to find that, instead of the user’s ID, the request contained their actual email address.

When a simple action (like disabling notifications) was performed, the app would send a request to the server that included another user’s real email address. Source

Upon further investigation, the researcher found that Lovense’s API architecture was designed so that for any action that concerned another user (like disabling their notifications), the app sends a request to the server. And in this request the user’s account is always identified by the real email address they signed up with.

In practice, this meant that any user who intercepted their own network traffic could get access to the real email addresses of other people on the app. It’s important to remember that the Lovense apps have social-interaction features and allow communication with cam models. In many cases, users don’t know each other outside of the platform, and exposing the email addresses linked to their profiles could lead to deanonymization.

BobDaHacker discussed his findings with another cybersecurity researcher named Eva, and together they examined the Lovense Connect app. This led them to discover an even more serious vulnerability: generating an authentication token in the app only required the user’s email address — no password was needed.

This meant that any technically skilled person could gain access to any Lovense user’s account — as long as they knew the user’s email address. And as we just learned, that address could easily be obtained by exploiting the first vulnerability.

To generate an authentication token in the Lovense app, only the user’s email was required — without the password. Source

These tokens were used for authentication across various products in the Lovense ecosystem, including:

• Lovense Cam Extension
• Lovense Connect
• Stream Master
• Cam101

Furthermore, the researchers successfully used this method to gain access to not only regular user profiles but also accounts with administrator privileges.

Lovense’s response to vulnerability reports

In late March 2025, BobDaHacker and Eva reported the vulnerabilities they’d discovered in Lovense products through The Internet Of Dongs Project — a group dedicated to researching and improving the security of internet-connected intimate devices. The following month, in April 2025, they also posted both vulnerabilities on HackerOne, a more traditional platform for engaging with security researchers and paying bug bounties.

Lovense, the adult-toy manufacturer, acknowledged the report and even paid BobDaHacker and Eva a total of $4000 in bounties. However, in May and then again in June, the researchers noticed the vulnerabilities still hadn’t been fixed. They continued talking to Lovense, which is when the most bizarre part of the story began to unfold.

First, Lovense told the researchers that the account takeover vulnerability had been fixed on April. But BobDaHacker and Eva checked and confirmed this was false: it was still possible to get an authentication token for another user’s account without a password.

The situation with the email disclosure vulnerability was even more absurd. The company stated it’d take 14 months to fully resolve the issue. Lovense admitted they had a fix that could be implemented in just one month, but they decided against it to avoid compatibility problems and maintain support for older app versions.

The back-and-forth between the researchers and the manufacturer continued for several more months. The company would repeatedly claim the vulnerabilities were fixed, and the researchers would just as consistently prove they could still access both emails and accounts.

Finally, in late July, BobDaHacker published a detailed blogpost describing the vulnerabilities and Lovense’s inaction, but only after giving the company advance notice. Journalists from TechCrunch and other outlets contacted BobDaHacker and were able to confirm that in early August — four months after the company was first notified — the researcher could still ascertain any user’s email address.

And that was far from the end of it. The most scandalous details were revealed to BobDaHacker and Eva only after their research was published.

A history of negligence: who warned Lovense and when

BobDaHacker’s work made waves across media, blogs, and social networks. As a result, just two days after the report was published, Lovense finally patched both vulnerabilities — and this time, it seems, for real.

However, it soon came to light that this story started long before BobDaHacker’s report. Other researchers had already warned Lovense about the very same vulnerabilities for years, but their messages were either ignored or hushed up. These researchers shared their stories with BobDaHacker and the publications that covered his investigation.

To truly grasp the extent of Lovense’s indifference to user security and privacy, you just need to look at the timeline of these reports:

• 2023: a researcher known as @postypoo reported both bugs to Lovense, and was offered… two free adult toys in response, but the vulnerabilities were never fixed.
• Also2023: researchers @Krissy and @SkeletalDemise discovered the vulnerability related to account takeovers. Lovense claimed the issue had been fixed, and paid a bounty in the same month. However, @Krissy’s follow-up message stating that the vulnerability was still present went unanswered.
• 2022: a researcher named @radiantnmyheart discovered the bug that exposed emails, and reported it. The message was ignored.
• 2017: the company Pen Test Partners reported the email exposure vulnerability and the lack of chat encryption in the Lovense Body Chat app, and published its study on this. The report was ignored.
• 2016: The Internet Of Dongs Project identified three similar email exposure vulnerabilities. This all means that Lovense asked BobDaHacker to give it 14 months to patch vulnerabilities they’d known about for at least eight years!

What’s more, after BobDaHacker’s report was published, they heard not only from the ethical hackers who’d previously reported these bugs, but also from the creator of an OSINT website and their friends, who were anything but happy. These individuals had apparently been exploiting the vulnerabilities for their own purposes — specifically, harvesting user emails and subsequent deanonymization. This isn’t surprising though given that the Pen Test Partners report had been publicly available since 2017.

Protecting your privacy

Lovense’s approach to user privacy and security clearly leaves a lot to be desired — to put it mildly. Whether to continue using the brand’s devices after this — especially connecting them to the company’s online services — is a decision each user needs to make for themselves.

For our part, we offer some tips on how to protect yourself and maintain your privacy should you interact with adult online services.

• Always create a separate email address when you register for these types of services. It shouldn’t contain any information that can be used to identify you.
• Don’t use this email address for any other activities.
• When registering, don’t use your real first name, surname, age, date of birth, city of residence, or any other data that could identify you.
• Don’t upload real photos of yourself that could easily be used to recognize you.
• Protect your account with a strong password. It should contain at least 16 characters and ideally include a mix of uppercase and lowercase letters, numbers, and special characters.
• This password must be unique. Never use it for other services so you don’t put them at risk in the event of a data leak.
• To avoid forgetting the password and email address you created specifically for this service, use a reliable password manager. KPM can also help you generate a random, strong, and unique password.

And if you want to be more… boned up when it comes to choosing adult toys and relevant services, we recommend looking at specialized resources like The Internet Of Dongs Project, where you can find information about brands that interest you.

Check out our other posts on how to protect your private life from prying eyes:

• The Naked Truth
• Fifty shades of sextortion
• Watching porn safely: a guide for grown-ups
• What really goes on when your device is in repair

Kaspersky official blog – ​Read More

In today’s world, cybersecurity incidents are not a matter of if, but when and how. From ransomware attacks to data breaches exposing sensitive information, organizations face a changing threat landscape. As a result of cybersecurity attacks, organizations can experience downtime, financial losses, reputational damage and regulatory penalties. That’s when it really helps to have a team like Cisco Talos Incident Response (Talos IR) by your side. But what exactly happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with?

This blog post takes you behind the scenes of engaging an incident response (IR) firm like Talos IR. We will walk through what really happens during an IR engagement, from the moment you pick up a phone and call for help in the middle of a crisis to the long-term changes that make your organization stronger and more secure.

Why engage an IR team? 

Before diving into the process, let’s address the fundamental question: Why engage an IR firm? Cybersecurity incidents are complex, often requiring specialized skills, tools and experience that internal teams may lack. The Talos Year In Review Report highlights the rising frequency and sophistication of attacks; as a result, many security teams are struggling to address emergencies due to resource constraints or the complexity of response at scale. 

Engaging an IR firm like Talos IR brings several key advantages: 

• Speed and availability: We provide 24/7 global support, with response times often under a few hours for remote engagements and on-site support wherever needed. Engaging an IR firm is like calling in a S.W.A.T. team for a cybersecurity crisis. We bring the tools, tactics and experience to contain the threat and minimize damage while guiding the organization toward recovery and increasing future resilience. 
• Expertise: With numerous incident responders and threat intelligence analysts, all of whom have access to industry-leading Talos threat intelligence, the team has deep experience handling diverse threats, from ransomware to business email compromise (BEC). We handle it all, from “small” attacks on a single organization to a country-level threats. We don’t focus just on typical IT environments — we work with ICS/OT, cloud or mobile forensic, as well.  
• Vendor-agnostic approach: Talos IR works with customers’ existing infrastructure and tooling, whether you use Cisco products or not. We simply don’t like to wait for deployment of tools before getting our hands dirty in all the logs, consoles and forensic artifacts. At a time when you are already resource-constrained, the last thing we want to do is make you replace an existing security solution, such as endpoint detection and response (EDR), on the endpoints. 
• Comprehensive services: Beyond emergency response, Talos IR provides proactive services like Threat Hunting and IR Planning to strengthen your security posture before an incident happens or after to build up resilience.

Overview of the IR lifecycle 

The IR process typically follows a structured lifecycle, based on frameworks such as NIST SP 800-61 or the SANS Institute’s model. Talos IR aligns with these best practices, tailoring its approach to organization’s unique needs at the time of crisis and beyond. Handling incidents day in and day out has given Talos IR a deep well of experience, and we’ve built that knowledge into processes to support every organization we work with. The lifecycle of our IR typically includes: 

1. Preparation 
2. Identification 
3. Containment 
4. Eradication 
5. Recovery 
6. Lessons learned 

When you engage Talos IR, we apply this lifecycle with a blend of technical prowess, threat intelligence and collaborative teamwork. Let’s walk through each phase in detail.

Phase 1: Preparation (before the incident) 

Preparation is the foundation of effective IR. While many organizations only engage IR firms during a crisis, proactive engagement with Talos IR can significantly reduce the impact of future incidents. With a Talos IR retainer, you secure an agreement that ensures rapid response during an emergency and access to proactive services tailored to your organization’s risk profile and needs, offering: 

• Emergency response: Guaranteed access to a global team within a short time of experiencing of an incident. During major global cybersecurity events like Wannacry, Heartbleed or Log4J or others, an existing retainer can be the difference between receiving immediate help and waiting days to weeks.
• Proactive services: Access to proactive services for Threat Hunting, Tabletop Exercises or Purple Teaming
• Relationship building: Familiarity with your environment, reducing response time during a crisis

These services build trust and familiarity, ensuring Talos IR can hit the ground running during an emergency.

Phase 2: Identification (beginning of incident) 

When a cybersecurity incident occurs, the first step is identifying and confirming the threat, whether it’s a ransomware attack, phishing campaign, or data breach. This is often when organizations reach out to Talos IR. Talos IR’s emergency response team is available 24/7 and can be reached via phone or email, but phone is the fastest and most direct way to reach our dedicated IR team.  

Initial call

During the first call, Talos IR gathers critical information to help us move onto analysis as soon as possible: 

• Nature of the incident: What symptoms were observed (e.g., encrypted files, suspicious emails, new files on the webserver that were committed outside of the development lifecycle)? 
• Affected systems: Which servers, endpoints, or networks are impacted? 
• Business impact: Is the incident disrupting operations or exposing sensitive data? 
• Existing actions: What steps have been taken so far? 
• Visibility: What existing systems and tools can we access to handle the incident? Would complimentary Cisco tools help close a current gap, such as no EDR solution on a specific network? 

Triage, scoping and analysis 

Talos IR deploys a team led by an Incident Commander, who coordinates efforts and communicates with the stakeholders. The Incident Commander is supported by a skilled team of responders, threat analysts and project managers who keep everything moving and progress analysis 24/7. We typically start our work with in-depth triage of your environment which often involves: 

• Log analysis: Reviewing logs from security information and event management (SIEM) systems, EDR tools, or network devices to identify indicators of compromise (IOCs)
• Threat intelligence: Leveraging Talos global telemetry to match IOCs against known adversary tactics, techniques and procedures (TTPs)
• Digital forensics: Collecting and analyzing evidence, such as memory dumps or disk images, to understand the attack’s scope

What makes IR truly effective is having access to as much relevant data as possible from the very beginning. The earlier our team can review endpoint telemetry, network traffic, identity logs and other critical data points, the faster we can determine what happened, how far the threat spread and what needs to be done to contain the threat. We often use the triage process to understand and search for: 

• Initial access vector: Common vectors include phishing, exploited vulnerabilities (e.g., Microsoft Exchange Server flaws), or misconfigured VPN servers. You can read all about the trends we see each quarter here. 
• Adversary goals: Is the attacker after data theft, ransomware deployment, or persistent access? 
• Scope: How many systems, users, or networks are affected? 
• Persistence mechanisms: Are there backdoors, scheduled tasks, or web shells that allow re-entry? 
• Data exfiltration: Was sensitive data stolen? 

Talos IR provides an initial assessment, outlining the incident’s severity and recommended next steps, and keeps you updated daily. This phase sets the stage for containment, where speed is critical to limit damage. This analysis goes on for a number of days and typically uncovers additional information that adds to the picture during each 24-hour cycle.

Phase 3: Containment (stopping the attack) 

Containment focuses on preventing the threat from spreading further while preserving evidence for analysis. Talos IR employs a technology-agnostic approach, working with existing tools to implement short-term and long-term containment strategies while simultaneously looking to minimize business impact. 

Short-term containment 

Immediate actions to isolate the threat typically include: 

• Network segmentation: Isolating affected systems or subnets to prevent lateral movement
• Account lockdown and/or password changes: Disabling compromised accounts, changing compromised passwords, or enforcing multi-factor authentication (MFA). Talos IR frequently observes incidents where the lack of MFA enables ransomware or business email compromise (BEC) attacks. 
• Process termination: Isolating malicious processes, such as ransomware encryptors or command-and-control (C2) beacons, when identified. Reimaging devices is often a recommended step, but it depends on the extent of the breach.
• Firewall rules: Blocking malicious IPs or domains identified through Talos’ threat intelligence

Long-term security hardening 

While short-term countermeasures stop immediate damage, long-term security hardening ensures the attacker can’t regain access. By working together with an organization on emergency response, Talos IR gains a great understanding of what needs to be applied to build long term resistance. Some of these recommendations would be: 

• Patching vulnerabilities: Addressing exploited flaws, such as unpatched servers or vulnerable web applications
• Endpoint protection: Extending EDR deployments to monitor for residual threats on systems that were previously unprotected
• Strengthening resilience: Taking a long-term, strategic approach to uncover and address weaknesses in your organization’s security posture to better prepared for future threats
• Improving efficiency and consistency: Developing clear policies and procedures, while automating routine tasks such system hardening to reduce risk

Phase 4: Eradication (removing the threat) 

Once the threat is contained, Talos IR focuses on recommendations for completely removing all remnants of the adversary from the environment. Eradication is a delicate process that needs to balance business needs with recovery operations. Eradication typically involves: 

• Account remediation: Resetting passwords and revoking compromised credentials. This may sound familiar from the containment phase, but often it is necessary to do two or more credential purges during a major incident. 
• System rebuilds: In severe cases, rebuilding affected systems from clean backups to eliminate hidden threats.
• Reverting adversary changes: Some sophisticated adversaries will do things like change firewall rules, embed fileless malware in the registry, or create future scheduled tasks as “sleeper agents.” Detecting, documenting and reverting these changes can be the most difficult and important part of eradication. 

Before wrapping up this phase, Talos IR verifies eradication through: 

• Threat hunting: Scanning for residual IOCs or anomalous behavior
• Log reviews: Confirming no further malicious activity

This process minimizes the risk of the adversary returning, as seen in cases where adversaries used tools like Cobalt Strike to maintain persistence. A single overlooked persistence mechanism is enough to let the adversary back in at a later date, which is why a thorough forensic review by an experienced IR team is critical. 

Phase 5: Recovery (restoring operations) 

Recovery aims to restore systems and operations to normal while enhancing security to prevent recurrence. Talos IR collaborates with IT and business teams to ensure a smooth transition. If it is necessary to accept some risk in order to get business operations back online, the Talos IR Incident Commander will work with your organizational leadership to ensure that the risk is minimized and understood, and that compensating controls are applied.  

Key recovery recommendations often include: 

• Restoring from backups: Deploying clean backups to affected systems, ensuring they’re free of malware
• Application testing: Verifying critical applications (e.g., ERP systems) function correctly post-recovery
• User access: Gradually restoring user access with strengthened controls, such as MFA
• Alternative processes: Implementing manual or temporary workflows if systems remain offline
• Stakeholder communication: Coordinating with PR and legal teams to manage external messaging and regulatory notifications
• Employee training: Educating staff on phishing awareness or secure practices to prevent future incidents
• Logging improvements: Enhancing visibility to overcome the logging deficiencies
• Patch management: Establishing processes to prevent exploitation of known vulnerabilities

Phase 6: Lessons learned (building resilience) 

The final phase of IR involves analyzing the incident to extract lessons and improve future preparedness. Talos IR’s approach ensures that insights translate into actionable strategies. Talos IR delivers a comprehensive incident report, including: 

• Incident summary: A timeline of events, from initial detection to resolution 
• Findings: Details on the attacker’s TTPs, entry points and impact
• Recommendations: Specific actions to ensure long-term and short-term improvements

Ongoing partnership 

At Talos IR, we believe IR isn’t only a service we provide; it’s a relationship and the ultimate team sport. We’re not here just for the crisis; we’re here to support before, during and long after the incident is resolved. As many of our long-term retainer customers like Veradigm have observed, those multi-year relationships pay great dividends during incidents:  

“With the [Talos IR] retainer service we really appreciate established and met Service Level Agreements (SLAs). Plus, the knowledge of Cisco’s IR team on our unique environment, prior incidents, and their intelligence on the latest threats ensure we smoothly navigate, and balance preparation exercises and incidents based on our unique needs. Time to response in our SLA along with the unique knowledge, there isn’t a delay as one would expect. They are ready and we have ‘muscle memory’ from both tabletop scenarios and real-life situations. As a result of being in the highly regulated world of healthcare and with the constant need to consider patient safety, our circumstances can be tense from the start. They know how we need to react based on both exercises and incidents and can navigate smoothly in delicate situations/balances with our unique needs in mind,” Jeremy Maxwell, Veradigm CISO. 

This is one of many stories we observe during our engagements with different organizations. For Talos IR, once the immediate threat is handled, the real work begins. We help to strengthen your defenses through ongoing support, so your organization is better prepared for the future. We keep the defenders in the loop with up-to-date threat intelligence, and we run regular training and drills to make sure that various teams know exactly what to do if something happens again. 

It’s a partnership built on trust, experience and a shared goal: keeping your organization resilient in a constantly evolving threat landscape.

Cisco Talos Blog – ​Read More

A team of researchers at the Swiss Federal Institute of Technology in Zurich (ETH Zurich) has published a research paper demonstrating how a Spectre v2 attack can be used for a sandbox escape in a virtualized environment. With access to only a single isolated virtual machine, the researchers were able to steal valuable data normally accessible only to the server administrator. Servers based on AMD CPUs (including AMD’s newest – with Zen 5 architecture) or Intel’s Coffee Lake are susceptible to the attack.

The danger of Spectre attacks for virtual environments

We regularly write about CPU vulnerabilities that employ speculative execution, where standard hardware features are exploited to steal secrets. You can read our previous posts on this subject, which describe the general principles of these attacks in detail, here, here, and here.

Although this type of vulnerability was first discovered back in 2018, up until this paper researchers haven’t demonstrated a single realistic attack. All their efforts have culminated in the notion that, theoretically, a sophisticated and targeted Spectre-like attack is feasible. Furthermore, in most of these papers, the researchers restricted themselves to the most basic attack scenario: they’d take a computer, install malware on it, and then use the CPU hardware vulnerability to steal secrets. The drawback of this approach is that if an attacker successfully installs malware on a PC, they can steal data in numerous other, significantly simpler methods. Because of this, Spectre and similar attacks are unlikely to ever pose a threat to end-user devices. However, when it comes to cloud environments, one shouldn’t dismiss Spectre.

Imagine a provider that rents virtual servers to organizations or individuals. Each client is assigned their own virtual machine, which allows them to run any software they want. Other clients’ virtual systems can be running on the same server. Separating data-access privileges is crucial in this situation. You must prevent an attacker who has gained access to one virtual machine from reading the confidential data of an adjacent client, or compromising the provider’s infrastructure by gaining access to the host’s data. It is precisely in this scenario that Spectre attacks start appearing as a significantly more perilous threat.

VMScape: a practical look at a Spectre v2 attack

In previous research papers on the feasibility of the Spectre attack, researchers didn’t delve into a realistic attack scenario. For an academic paper, this is normal. A theoretical proof of concept for a data leak is typically enough to get CPU makers and software developers to beef up their defenses and develop countermeasures.

The authors of the new paper from ETH Zurich directly address this gap, pointing out that previously examined scenarios for attacks on virtualized environments – such as those in this paper, also by ETH Zurich – made an extremely broad assumption: that the attackers had already managed to install malware on the host. Just like with attacks on regular desktop computers, this doesn’t make much practical sense. If the server is already compromised, the damage is already done.

The new attack proposed in their paper – dubbed VMScape – uses the same branch target injection mechanism as the one found in all attacks since Spectre v2. We’ve talked about it several times before, but here’s a quick summary.

Branch target injection is a way to train a CPU’s branch prediction system, which speeds up programs by using speculative execution. This means the CPU tries to run the next set of commands before it even knows the results of the previous computations. If it guesses the right direction (branch) the software will take, the performance significantly increases. If it guesses wrong, the results are simply discarded.

Branch target injection is an attack during which an attacker can trick the CPU into accessing secret data and move it into the cache during speculative execution. The attacker then retrieves this data indirectly through a side channel.

The researchers discovered that the privilege separation between the host and guest operating systems during speculative execution is imperfect. This allows for a new version of the branch target injection attack, which they’ve named “Virtualization-based Spectre-BTI” or vBTI.

As a result, the researchers were able to read arbitrary data from the host’s memory while only having access to a virtual machine with default settings. The data reading speed was 32 bytes per second on an AMD Zen 4 CPU, with nearly 100% reliability. That’s fast enough to steal things like data encryption keys, which opens a direct path to stealing information from adjacent virtual machines.

Is VMScape a threat in the real world?

AMD CPUs with Zen architecture from the first through the latest fifth generation have proved vulnerable to this attack. This is because of the subtle differences in how these CPUs implement Spectre attack protections, as well as the unique way the authors’ vBTI primitives operate. For Intel CPUs, this attack is only possible on servers with older Coffee Lake CPUs from 2017. Newer Intel architectures have improved protections that make the current version of the VMScape attack impossible.

The researchers’ achievement was designing the first-ever Spectre v2 attack in a virtual environment that’s close to real-world conditions. It doesn’t rely on overly permissive assumptions or crutches like malicious hypervisor-level software. The VMScape attack is effective; it bypasses many standard security measures, including KASLR, and successfully steals a valuable secret: an encryption key.

Fortunately, immediately after designing the attack, the researchers also proposed a fix. The issue was assigned the vulnerability identifier CVE-2025-40300, and it was patched in the Linux kernel. This particular patch doesn’t significantly reduce computational performance, which is often a concern with software-based protections against Spectre attacks.

Methods for protecting confidential data in virtual environments have existed for a while. AMD has a technology named “Secure Encrypted Virtualization” and its subtype, SEV-SNP, while Intel has Trusted Domain Extensions (TDX). These technologies encrypt secrets, making it pointless to try to steal them directly. The researchers confirmed that SEV provides additional protection against the VMScape attack on AMD CPUs. In other words, a real-world VMScape attack against modern servers is unlikely. However, with each new study, Spectre attacks look more and more realistic.

Despite the academic nature of the research, attacks that exploit speculative execution in modern CPUs remain relevant. Operators of virtualized environments should continue to consider these vulnerabilities and potential attacks in their threat models.

Kaspersky official blog – ​Read More