It's been just over a year since Talos formed our Ukraine-focused task force. After Russia's invasion of Ukraine, many of our teammates sprung into action to protect critical infrastructure and networks there — not to mention the Talos employees who literally had to fight back to protect their home country. In this week's episode of Talos Takes, J.J. Cummings, one of the lead organizers of this task force, joins the show to discuss the group's ongoing work. J.J. talks about where the situation in Ukraine stands currently, how the cyber threats facing the country have evolved over the past year and much more. To further mark the one-year anniversary of the conflict, Talos has also released a graphic novel illustrating the formation of this task force. Additionally, the latest episode of ThreatWise TV from Cisco highlights the work Talos and Cisco are doing in Ukraine.
Vanja Svajcer and Andrew Windsor join the show this week to talk about their recent research into the Prometei botnet. This malware continues to evade detection and invade more machines so it can eventually hijack them to mine Monero cryptocurrency. Jon asks them about what's new with Prometei, why it's pretty generous in who it's targeting and where we could see it going next.
Additional reading
Public perception is such that it's assumed we just get more spam in the U.S. during two major times of the year — Tax Season and Black Friday. But over the past few years, this trend has become a thing of the past. With Tax Day approaching for Americans, there won't be more spam emails coming their way than usual, it'll just be different. Eric Peterson from Talos' email detection team joins the show for Jon's triumphant return from parental leave to talk about tax-related spam. Eric talks about topics he's seen so far this year and why it's a myth that spam volume changes as Tax Day approaches.
Nick Biasini is back as host again to talk to Vitor Ventura about the benefits of taking an active approach to threat defense. Many organizations may just sit back and wait for something bad to happen. But as he outlined in his recent blog post, Vitor says there are many benefits to being proactive instead of reactive. Nick asks him about threat hunting as a team, scanning logs and tracking network traffic on an almost-constant basis.
We're back with the final year in review focused episode. This time the focus is on the ever broadening ransomware landscape and the commodity malware loaders that often support it. I'll be joined by one of the researchers from the year in review report, Aliza Johnson to talk about what we saw on the ransomware landscape over the last year as well as how threats like Qakbot, IcedID, and Trickbot have changed and evolved over the last year. We'll also cover how these threats overlap and how LoLBins are yet again an area of concern.
In this episode of Talos Takes I am joined by security researcher Guilherme Venere to discuss their recent research on LNK files. The usage of these files by malicious actors has exploded over the last six months as actors look to move away from macro based initial infection vectors. LNK files do have unique metadata attributes to allows for useful actor and threat tracking capabilities. We'll dig deeper on LNK files as well as the metadata you can leverage. For full details check out the blog at https://blog.talosintelligence.com/following-the-lnk-metadata-trail/
We're back with another year in review focused episode. This time the focus will be the threat landscape generally and I'll be joined by threat researcher Caitlin Huey. In this episode we'll discuss what we found in the last year, with a focus on the general threat landscape. We'll spend time discussing dual use tools, lolbins, and the surprising re-emergence of USB attacks in 2022.
In this episode of Talos Takes we are joined by Vanja Svjacer to discuss his recent blog on XLL abuse. This year Microsoft finally removed support for macros from their office suite creating a vacuum in the threat landscape. Macros had been the tool of choice for adversaries for the last several years and the race to find alternatives is underway. In this episode we'll talk a bit about Office Add-Ins and how we've already seen adversaries starting to abuse XLL files in the wild.
In this episode of Talos Takes we are joined by Jacob Finn to discuss the APT summary section of the larger year in review report. These state sponsored actors tend to conduct more sophisticated, targeted campaigns typically related to espionage or other information gathering activities. This episode will dive a bit deeper on what can be found in the report as well as an overview of the state sponsored activity we've observed from the last year.
In this episode of Talos Takes we are joined by Tiago Periera to discuss his recent blog on truebot activity. Truebot and the silence group have been active for a number of years operating primarily financially motivated cybercrime. In this episode we will talk about the recent campaign we observed as well as the tools and tactics we uncovered. We'll also discuss the links between these groups and other threat actors, like TA505.