Talos Takes

On this week’s episode, Edmund Brumaghin joins the show again to talk about a recent blog post on Salfram. This threat actor is spreading lots and lots of spam and using it to deliver a variety of malware. Here’s why this threat specifically caught our eye and how it’s evolving over time.

In this episode of Talos Takes, content manager Jon Munshaw sits down with researcher Joe Marshall to discuss the recently discovered EKANS/SNAKE malware. This is one of the first ransomware strains to specifically target ICS systems. And Joe, who has experiencing protecting the ICS space, discusses what’s unique about this family and what it means for the future of cyber security in the infrastructure field.

With the RSA conference just days away, notable vendors such as IBM and AT&T have withdrawn from the annual event over coronavirus concerns. The fast-spreading disease has captured headlines across the globe, and adversaries are trying to strike quickly. Continuing our look at attackers’ use of current events to spread malware, Nick Biasini and Earl Carter sit down to discuss malware campaigns that are hoping to scare victims into opening malicious emails and documents on coronavirus.

With the Equifax attack back in the headlines, we take a closer look at Big Game Hunting this week on Talos Takes. Why do threat actors look at these massive targets, and what do they hope to get out of it? Is there anything smaller organizations can learn from these high-stakes campaigns?

2019 was a huge year for ransomware. Cities across the U.S. had their government services attacked, and adversaries changed up their techniques in the hopes of making a larger profit and infecting more users. What other changes do we see coming to the ransomware space? Are adversaries’ motivations changing at all? And will defense techniques change along with them?

The holidays have come and gone, and so have the sales. Maybe you got a new drone, or a home AI assistant. So what should you do to make sure those new toys don’t turn against you? Nick Biasini and Earl Carter have some tips for you.

We’ve all seen the supposed stories online that promise to give you “The one secret to weight loss doctors WON’T tell you about.” Or “You won’t believe who Kim Kardashian is talking about now.” So how harmful are these malicious ads? Why do some of them deliver malware, and others don’t? In this episode of Talos Takes, Nick Biasini and Earl Carter dive into the basics of malvertising.

We first brought you this episode in the Beers with Talos feedback in December. We’re uploading this to the Talos Takes feed for posterity now, and let’s face it, these holiday shopping reminders can apply to any time you’re shopping online.

Snort researcher and rule-writer Nick Mavis takes time out of his busy schedule to join us again this week. Nick recently published a research paper on the bevy of detection he wrote for Cobalt Strike, a tool attackers are increasingly using. Nick talks about his process of working on the paper, why Cobalt Strike has become so popular and what he learned during the research process.

This week’s episode of Talos Takes is a special extra large edition. We’ve got the audio version of our recent Cisco Talos Incident Response On Air stream where some of our responders got together to discuss the past threats of the top quarter. Liz Waddell and other team members covered everything from recent ransomware actor drama, to the importance of saving logs and other tips they picked up over the past few months.