Talos Takes

With the RSA conference just days away, notable vendors such as IBM and AT&T have withdrawn from the annual event over coronavirus concerns. The fast-spreading disease has captured headlines across the globe, and adversaries are trying to strike quickly. Continuing our look at attackers’ use of current events to spread malware, Nick Biasini and Earl Carter sit down to discuss malware campaigns that are hoping to scare victims into opening malicious emails and documents on coronavirus.

With the Equifax attack back in the headlines, we take a closer look at Big Game Hunting this week on Talos Takes. Why do threat actors look at these massive targets, and what do they hope to get out of it? Is there anything smaller organizations can learn from these high-stakes campaigns?

2019 was a huge year for ransomware. Cities across the U.S. had their government services attacked, and adversaries changed up their techniques in the hopes of making a larger profit and infecting more users. What other changes do we see coming to the ransomware space? Are adversaries’ motivations changing at all? And will defense techniques change along with them?

The holidays have come and gone, and so have the sales. Maybe you got a new drone, or a home AI assistant. So what should you do to make sure those new toys don’t turn against you? Nick Biasini and Earl Carter have some tips for you.

We’ve all seen the supposed stories online that promise to give you “The one secret to weight loss doctors WON’T tell you about.” Or “You won’t believe who Kim Kardashian is talking about now.” So how harmful are these malicious ads? Why do some of them deliver malware, and others don’t? In this episode of Talos Takes, Nick Biasini and Earl Carter dive into the basics of malvertising.

We first brought you this episode in the Beers with Talos feedback in December. We’re uploading this to the Talos Takes feed for posterity now, and let’s face it, these holiday shopping reminders can apply to any time you’re shopping online.

Snort researcher and rule-writer Nick Mavis takes time out of his busy schedule to join us again this week. Nick recently published a research paper on the bevy of detection he wrote for Cobalt Strike, a tool attackers are increasingly using. Nick talks about his process of working on the paper, why Cobalt Strike has become so popular and what he learned during the research process.

This week’s episode of Talos Takes is a special extra large edition. We’ve got the audio version of our recent Cisco Talos Incident Response On Air stream where some of our responders got together to discuss the past threats of the top quarter. Liz Waddell and other team members covered everything from recent ransomware actor drama, to the importance of saving logs and other tips they picked up over the past few months.

It’s been a while since we re-visited our Malware 101 series. So we’re going back to class to learn about information-stealers. Aliza Johnson from the Talos Threat Intelligence & Interdiction team joins the show to talk about her recent research into and overview of infostealers. Although the name is pretty self-explanatory, this type of malware comes in many shapes and sizes for many purposes.

Nate Pors joins the show this week to recap the recently released Cisco Talos Incident Response Quarterly Report. He and Jon recap the top attacker trends from the past quarter, including highlighting which types of attacks CTIR saw in the field and what new techniques adversaries are using. Topics discussed include the increased targeting of telecommunications companies, a decline in ransomware attacks and more business email compromise.