UK white hats blacklisted by Cisco Talos after smart security code stumbles
UK security training company Hacker House briefly had its site blocked after being mistaken for malware by Cisco’s security wing Talos’ smart “threat intelligence” software.
Hacker House runs training classes on ethical hacking and defense techniques, as well as its own business security services in areas like penetration testing or network analysis. But on Wednesday morning things started to go awry.
The company’s training programs include things like security sandboxes and hands-on with code samples. This, apparently, triggered the Talos service to label the site as malicious and block it for customers.
Hacker House co-founder Matthew ‘Hacker Fantastic’ Hickey told The Register the issue began when some of his customers had reported being unable to access his site.
“They categorised our website as malware, or rather their machine learning did, and blocked access to our website, we only found out when our customers complained they couldn’t reach our site due to it being labelled as malware,” Hickey explained.
“Obviously that can harm our business and everything that we try to do.”
Fortunately, word of the block made its way to Talos within a few hours and the Cisco-owned security outfit was able to resolve the matter.
Fixed. Unblocked.
— Warren Mercer (@SecurityBeard) December 12, 2018
A Cisco spokesperson later confirmed this and said Hacker House would not be charged for any service related to lifting the block.
“Cisco Talos tracks 1.5 billion instances of malware daily, and helps stop more than 7.2 trillion attacks each year. Occasionally, there is a false positive reading, which can be addressed by submitting a ticket. There is no charge for submission,” the spokesperson told El Reg
“This matter has been resolved and no fee was charged as is consistent with Cisco Talos’ policy.”
While this case had a happy ending, the story does point to a potential problem on the horizon as security training, machine learning, and antimalware services all see their usage skyrocketing.
Without a close eye being kept by all parties, legitimate research and training tools can inadvertently get swept up by automated detection and users can end up being blocked from legitimate sites and services that could keep them safe. ®
Sponsored: Five steps to dealing with the insider threat
READ MORE HERE