Paul Eubanks joins this week’s episode of Talos Takes to look at his recent blog post on de-anonymizing ransomware groups on the whispers dark web. Paul and his team recently used several tactics to unmask several threat actors and disclosure their tactics to stay hidden. Jon interviews Paul about ransomware actors’ usual operations on the dark web, the specific tools and tactics he used and the pros and cons of calling out actors for their opsec failures.
Jon reports live from the floor of Cisco Live U.S. this week. He interviewed several Talos speakers about their talks at Cisco Live and some of the major takeaways from conversations with users and customers this week.
Get ready for Cisco Live next week in Vegas with a quick primer on everything Talos has going on at the conference. We’re excited to be back in person interacting with customers and users. Jon has a complete rundown of the Talos space at the conference, some talk highlights and other things you should know before you go. For a complete agenda, check out the Cisco Live Session Catalog.
We’re doing something a bit different this week — it’s just Jon for a few minutes talking about Talos’ plans at the RSA Conference coming up next week. Catch up on our plans for the week and here about some special events we have planned. To stay up-to-date on the latest, follow us on Twitter. And if you prefer a written preview, read this week’s Threat Source newsletter.
The recently disclosed vulnerability in F5 BIG-IP took security Twitter by storm two weeks ago, and continues to make headlines now. It immediately prompted warnings from CISA and security researchers everywhere warning users to patch as soon as possible. Of course, it’s important to patch. But maybe we started panicking a little too early that this was going to be the next PrintNightmare. On this week’s episode of Talos Takes, Jon is joined by Jerry Gamblin from Kenna Security to talk about the ins and outs of this vulnerability and while it is serious, it’s incredibly unlikely that an attacker can or would exploit it in the wild.
See people, this is what happens when you finally let a panda drive a sports car! This week’s episode of Talos Takes covers the basics of MustangPanda, a Chinese state-sponsored actor we wrote about recently. Asheer Maholtra joins the show to go over his research into this group. Mainly, we discuss why this actor, despite being aligned with China, is targeting Russian government entities and organizations. Though the two countries seem to be allies, all is fair in love and cyber espionage.
Kendall McKay joins Jon this week to discuss the Hive and Conti ransomware chats she and her colleagues recently reviewed. We obtained some leaked chats between these ransomware groups and some of their victims, showing us what communicating with an attacker is really like. Jon and Kendall discuss the negotiation process over a ransom payment and what else we learned from these chat logs.
On this week’s episode of Talos Takes, we’re bringing you the recording of last week’s live stream with Cisco Talos Incident Response. Beers with Talos’ own Liz Waddell hosted the first in our new “On Air” series with CTIR, where she and her fellow Talosians recapped the previous quarter’s top threats. They run through the malware families CTIR saw most in the field and discussed other trends that threat actors are starting to adapt.
BlackCat, BlackMatter, DarkSide, BlackByte…it’s too hard to keep up with all these ransomware group names these days. So we’re here to break down one of these groups, BlackCat, for you so you can figure out what makes them actually memorable. Aliza Berk from our Talos Threat Intelligence & Interdiction team joins Jon Munshaw this week to talk about BlackCat and their ransomware that’s recently become a major player on the malware landscape. Aliza recently compiled our latest Threat Assessment Report on this group and assisted in our research around the group. Jon and Aliza discuss how the use of the Rust programming language and using triple extortion tactics make this group a threat.
Continuing the “Kenna 101” series over at Talos Takes, Ed Bellis re-joins the show to talk about patching and mitigation strategies. So far, we’ve talked about how to tell when you should take a CVE seriously. But what if there’s no patch for it? Or what if you have to patch 50 vulnerabilities in the same product? We talk about how Kenna can help security teams of all sizes prioritize their patching strategies and create mitigation strategies in the worst-case scenario. For the other entries in our Kenna 101 series, listen here and here.
Continuing our “Kenna 101” series, Jon is joined this week by Jerry Gamblin, Kenna’s director of security research. Jerry is an expert at all things CVE’s, so we reflect on reading vulnerability reports and analyzing specific CVEs. We discuss if “severity” scores even really mean anything, and how to interpret a maximum 10/10 score versus an attacker vector or type of vulnerability.
It’s tax season! You know what that means — sadness, frustration and scams. Host Jon Munshaw sat down with Nick Biasini from the Talos Outreach team to talk about common tactics adversaries use around this “holiday” to try and spread malware, steal personal information and take users’ money. We talk about free security tools you can deploy to block these types of threats, common spam tactics to keep an eye out for and other services that can help you prepare for a worst-case scenario.
We’re kicking off a new series of episodes called “Kenna 101” highlighting Cisco’s newest partner, Kenna Security. Kenna is a risk management platform for vulnerabilities that allows users to view what vulnerabilities exist in their environment and helps them create a plan for patching and mitigation. We’re starting things off with the CTO of Kenna, Ed Bellis, to talk about the basics of Kenna and its risk scores.
When most people think of the “Metaverse,” they may first think of the company Meta — the recently rebranded Facebook. After all, what other company would really want everyone taking meetings virtually using avatars while you share your cryptocurrency wallets and personal information with them? The Metaverse is actually much larger than this, though. So in this Talos Takes episode, we’re trying to demystify the Metaverse and look at what it is, exactly. Researcher Jaeson Schultz recaps his recent blog post on the matter, and then he and Jon talk about the potential security pitfalls that could arise from adopting the Metaverse.
Jon and Nick sit down for a few minutes to talk about U.S. President Joe Biden’s recent Executive Order on more heavily regulating cryptocurrency. For a primer on this episode, you can read a quick overview here. This episode pretty much sums it up as being a good thing for anyone who uses cryptocurrency legitimately, and bad for anyone who uses crypto to do anything illegal. We discuss how greater regulation could affect ransomware operators who rely on virtual currency for ransom payments and illegitimate miners, and why no one using Bitcoin legitimately should be worried.