Talos Takes

Talos’ spin on security news

Join Talos researchers and analysts as they address the top news and trends in cyber security. The rotating cast of hosts and guests will cover everything from breaking news, to attacker trends and emerging threats.

Subscribe
  • Talos Takes : Episode 68
    2021-09-17

    Talos Takes Ep. #68: It's a bird, it's a plane, it's some rats!

    Allow Vitor Ventura to take you on a journey of discovery, threat actors and attribution. He recently assisted with an investigation into a series of malware and spam campaigns using aviation-themed lures. These include fake flight itineraries, invoices and more. Vitor joins us on this week’s Talos Takes episode to discuss what he learned during this process, including how he connected the campaigns, what he learned (and couldn’t learn) about the actor behind them, and what he’ll take away into his next research. This is a great episode for anyone who is wondering about what kinds of pitfalls are out there for a security researcher.

    Hosted By:
    Jon Munshaw
    Featuring:
    Vitor Ventura@_vventura
    Download
    Run Time: 6:17

    Keywords
    • malware
    • spam
    • email

  • Talos Takes : Episode 67
    2021-09-10

    Talos Takes Ep. #67: Why are ransomware groups getting so emotional?

    Fresh off of translating an entire ransomware playbook from Russian to English, Azim and Dave from the Talos Threat Intelligence & Interdiction team join Talos Takes to talk about this project. They provide some first-hand insights into what this leaked playbook tells us about the Conti ransomware-as-a-service group. Threat actors — they have feelings just like us!

    Hosted By:
    Jon Munshaw
    Featuring:
    Azim Khodjibaev@AShukuhi and David Liebenberg
    Download
    Run Time: 8:20

    Keywords
    • Conti
    • ransomware
    • APTs

  • Talos Takes : Episode 66
    2021-09-03

    Talos Takes Ep. #66: Dude, where's my bandwidth?

    “Proxyware” sounds like a complicated topic that you’re too afraid to ask about. But really, it’s just software that allows users to sell off a portion of their internet bandwidth for a small profit. Problem is, attackers are swooping in on this popular software to spread malware and steal users’ money. Edmund Brumaghin joins the show this week to discuss his recent research into proxyware applications and how malware is hiding in plain sight. Edmund discusses why these types of apps are potentially unwanted applications, and what the threat is for enterprise users with remote workers, as well as personal PC users.

    Hosted By:
    Jon Munshaw
    Featuring:
    Edmund Brumaghin
    Download
    Run Time: 7:09

    Keywords
    • proxyware
    • malware
    • spam
    • scams

  • Talos Takes : Episode 65
    2021-08-26

    Talos Takes Ep. #65: We're all excited to travel again, but so are attackers

    As more people around the world start to get vaccinated against COVID-19, travel is becoming easier, especially during these summer months. But as much as you may be excited to travel, so are threat actors. Asheer Malhotra was part of a team that looked into a series of campaigns targeting users in Latin America, specifically using social engineering tactics centered around travel. Some of the lure documents, in this case, include fake travel itineraries, coupons for flights and hotel reservation confirmations. Asheer joins the show this week to discuss the throughline between all these attacks and their potential connections to the Aggah crimeware group.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 7:50

    Keywords
    • Aggah
    • malspam
    • social engineering
    • COVID-19
    • spam
    • RATs

  • Talos Takes : Episode 64
    2021-08-12

    Talos Takes Ep. #64: We go back to school

    Students are starting to go back to school across the U.S. There are plenty of things to worry about with the “new normal” while the world still combats COVID-19, and while we can’t help students, teachers and admins with everything, we can at least provide a little security advice. Nick Biasini joins the show once again to discuss the best cybersecurity practices as schools spin back up. What should parents tell their kids about electronic devices they bring home? What will IT admins have learned over the past year and a half plus? And how should we deal with the new norm of hybrid learning?

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 8:36

    Keywords
    • school
    • remote learning
    • cheating
    • education
    • COVID-19
    • hybrid

  • Talos Takes : Episode 63
    2021-08-06

    Talos Takes Ep. #63: Shield your eyes from the Solarmarker

    Andrew Windsor from our malware research team joins the show for the first time to talk about Solarmarker. This is a campaign Andrew’s followed for a while that recently added new modules that make it particularly dangerous. The attackers behind Solarmarker could basically use this threat to drop whatever they want. At least for now, they’re sticking to information-stealing. But could it ever get worse than that?

    Hosted By:
    Jon Munshaw
    Featuring:
    Andrew Windsor@hostiledata
    Download
    Run Time: 10:24

    Keywords
    • malware
    • Solarmarker
    • dropper
    • Uranus
    • Mars

  • Talos Takes : Episode 62
    2021-07-20

    Talos Takes Ep. #62: There's still plenty of mileage left in BEC

    Business email compromise may seem like last decade’s threat, but it’s still just as prevalent as ever. A recent FBI report found that it cost users more than $1 billion in 2020, and attackers are now capitalizing on everything from PlayStation 5 sales to the COVID-19 pandemic to still scam people. On this week’s Talos Takes, Nick Biasini recaps his recent research into BEC and discusses why there are some reasons why this threat may never go away (hint: users).

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 5:25

    Keywords
    • business email compromise
    • spam
    • phishing
    • email

  • Talos Takes : Episode 61
    2021-07-16

    Talos Takes Ep. #61: Why does SideCopy seem so familiar?

    The last time Jon had Asheer Malhotra from Talos Outreach on the show, they covered the Transparent Tribe APT. Asheer joins the show again this week to talk about another threat actor that is very similar to Transparent Tribe, but is just a tad different. Asheer recently co-authored a research paper on the aptly named SideCopy actor, which borrows many TTPs from their fellow actors, including Transparent Tribe. This episode, we’ll talk about SideCopy’s methods, why they may be borrowing so much from those around them and where they could go from here.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 8:28

    Keywords
    • APTs
    • SideCopy
    • RATs
    • trojans
    • spam
    • phishing

  • Talos Takes : Episode 60
    2021-07-09

    Talos Takes Ep. #60 (XL Edition): Kaseya emergency show

    In this special “XL edition” of Talos Takes, we’re bringing you the audio version of our live stream this week discussing the Kaseya supply chain attack. Nick Biasini from Talos Outreach went live with Hazel Burton, a Cisco product marketing manager, to discuss what transpired over the long Fourth of July weekend.
    Nick discussed the Kaseya exploit leveraged in this campaign, plus the follow-on ransomware attacks. This is the best place to get the tl;dr on what happened, what you need to be doing now, and what Cisco Secure solutions can keep you protected.

    Hosted By:
    Nick Biasini@InfoSec_Nick
    Featuring:
    Hazel Burton@HazeBurton
    Download
    Run Time: 21:41

    Keywords
    • Kaseya
    • supply chain
    • ransomware
    • REvil

  • Talos Takes : Episode 59
    2021-07-02

    Talos Takes Ep. #59: A deep dive into vulnerabilities in a home security station

    We’ve spent many minutes (that’s the point of the podcast, after all) discussing internet-of-things devices on this podcast. As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned?

    Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Micro’s Home Network Security Station. He joins the show for the first time to talk about his research, the pros and cons of these all-in-one home network security devices, and how an attacker could exploit these issues to spy on your devices.

    Hosted By:
    Jon Munshaw
    Featuring:
    Carl Hurd
    Download
    Run Time: 10:25

    Keywords
    • vulnerabilities
    • IoT
    • home security

  • Talos Takes : Episode 58
    2021-06-25

    Talos Takes Ep. #58: It's time to get serious about protecting critical infrastructure

    With major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we’re in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to include partnerships between those who manage critical infrastructure, government and the private cybersecurity sector.

    Talos recently outlined what this may look like in America. One of the authors of that post, Joe Marshall, joins Jon Munshaw this week on Talos Takes to talk about public-private partnerships to defend critical infrastructure.

    Hosted By:
    Jon Munshaw
    Featuring:
    Joe Marshall@ImmortanJo3
    Download
    Run Time: 8:41

    Keywords
    • critical infrastructure
    • oil and natural gas
    • ransomware
    • operational technology

  • Talos Takes : Episode 57
    2021-06-17

    Talos Takes Ep. #57: What's in it for both sides of the ransomware-as-a-service model?

    How much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has entered the mainstream over the past few months with groups such as DarkSide attacking the Colonial Pipeline.

    In these transactions, what’s in it for the original ransomware creator? And what do the operators themselves get out of it? Nick Biasini joins Jon Munshaw this week to talk about this business model, what it means for the rise in ransomware attacks, and how you can stay protected.

    Hosted By:
    Jon Munshaw
    Featuring:
    Nick Biasini@InfoSec_Nick
    Download
    Run Time: 5:28

    Keywords
    • ransomware
    • ransomware-as-a-service
    • OT
    • critical infrastructure

  • Talos Takes : Episode 56
    2021-06-11

    Talos Takes Ep. #56: The first security steps when returning to the office

    We started out the COVID-19 pandemic by thinking we’d be away from the office for a month — maybe two. More than 12 months later, we’re still here, working from home (at least part-time).

    But some businesses are starting to reopen now and welcoming workers back into the office. After so much time working out of the office, what should security professionals do once they get back? In this week’s episode, Beers with Talos’ own Craig Williams joins the show to talk about triple-checking for patches, changing passwords and more. Plus, how should you handle the new hybrid worker?

    Hosted By:
    Jon Munshaw
    Featuring:
    Craig Williams@security_craig
    Download
    Run Time: 10:52

    Keywords
    • work from home
    • COVID
    • patching

  • Talos Takes : Episode 55
    2021-05-28

    Talos Takes Ep. #55: What's next for Transparent Tribe?

    Asheer Malhotra from Talos Outreach has followed Transparent Tribe for years now. This APT has been all over the place using all sorts of trojans. So where my they go next? Asheer joins Talos Takes this week to discuss the malware this group deploys and how they use typo-squatted domains to lure victims in.

    Hosted By:
    Jon Munshaw
    Featuring:
    Asheer Malhotra@asheermalhotra
    Download
    Run Time: 8:28

    Keywords
    • malware
    • trojans
    • APTs
    • threats

  • Talos Takes : Episode 54
    2021-05-21

    Talos Takes Ep. #54: Incident response is really just the friends we made along the way

    Welcome to the unofficial incident response week at Talos! As part of the RSA Conference, we’ve released two new case studies detailing some malware cases Cisco Talos Incident Response helped resolve. Brad Garnett, this week’s guest, also released a new blog post where he wrote about why incident response is “the ultimate team sport.” Brad joins host Jon Munshaw this week to take a deeper dive into one of these engagements, in which an attacker tried to use Cobalt Strike to infect a target with ransomware (hint: this would have been really bad!) Brad talks about how the strong personal relationships CTIR built with the customer in question set everyone up for success.

    Hosted By:
    Jon Munshaw
    Featuring:
    Brad Garnett@brgarnett
    Download
    Run Time: 8:15

    Keywords
    • incident response
    • Cobalt Strike
    • ransomware