This is a special XL edition of Talos Takes that is a replay of a live stream our amazing researchers put on earlier this week. You’ll hear Matt Olney, Amy Henderson and Vitor Ventura, all from Talos, talk about the Log4J vulnerability that is ruining the internet for everyone right now. They discussed the latest news around the vulnerability, provided advice to users who may be affected (i.e., pretty much everyone) and looked at where we go from here. If you’d like to hear more from us, you can join us LIVE on all of our social media platforms at noon ET on Friday, Dec. 17 for a special episode of Beers with Talos, where we’ll have more updates on Log4J.
We had to give Brad a few minutes to take an Incident Response victory lap after his team received two major accolades over the past two weeks. But aside from that, it’s also a perfect time to have him on ahead of the holidays. The shopping season is always a favorite time for attackers, so it’s as good a time as any to make sure your incident response plan is polished and practiced. We also take some time to look back on what Incident Response lessons Brad learned in 2021.
Emotet was about a month late for Halloween, because it’s got its zombie costume on. The long-known botnet is showing some signs of life in late 2021 after an international law enforcement takedown earlier this year. Nick Biasini joins Talos Takes this week to discuss what signs we’re seeing to indicate Emotet’s return, and provides some advice as to what we should look out for as we head into 2022.
We know, we know. We do one of these every year. But people still falling for scams, so we still have to keep reminding people how to shop safely online! This year is a bit different than past Black Fridays and Cyber Mondays because of the issues around the supply chain. Attackers are sure to try to convince you that the big gift you want this year won’t arrive on time so you have to “ACT NOW!” Plus, there’s the continued frenzy to find PlayStation 5s and XBOX Series X/S’s. Jon and Nick talk about scams you’re likely to see while shopping online over the long weekend and provide some helpful tips that anyone can use.
For the first time in Talos Takes’ history, we have a formal crossover with Beers with Talos. Mitch Neff, the host of BWT, joins the show to talk about his horror stories using public WiFi networks. He and Jon discuss the safest ways to interact with large, public network in places like libraries, parks and airports, and potential alternatives to public hotspots.
Jon took a break from listening to “Red (Taylor’s Version)” to turn this podcast around quickly to align with our recent research on the Kimsuky APT. This North Korean state-sponsored actor is in the wild again targeting South Korean organizations that house potentially sensitive information. The group set up fake Blogger sites to lure in the victims to read about news related to nuclear disarmament and relations on the Korean peninsula, but instead were hit with infostealing malware. Assheer Malhotra, who helped research and write our latest blog, joins the show to discuss this group’s motivations, what information they may have been looking for, and how Talos helped put a stop to their actions.
We have another special extra large-sized version of Talos Takes this week. Enjoy this recording of a live stream we hosted earlier this week with Martin Lee from our Talos Communications team and Paul Lee from Cisco Talos Incident Response. The Lees discuss how to build the perfect Incident Response Plan. First, Martin walks through the basics of creating, editing and iterating on an IR plan. Then, he’s joined by Paul to ask him a few questions, take some Q&A from the audience and learn about Paul’s experience from the field.
This is a double special Talos Takes episode — it’s XL-sized and continues our Cybersecurity Awareness Month theme. This is a recording of our live stream from earlier this week with Brad Garnett, the general manager of Talos Incident Response. Even if you’ve never worked with an incident response team before, or have no idea what IR is, this is a perfect place to start. We provide the tl;dr of the IR process, talk building an IR plan and answer audience questions.
We continue our special series for National Cybersecurity Awareness Month by addressing everyone’s worst nightmare: phish. Who among us hasn’t gotten the call, “We’re trying to reach out about your car’s extended warranty?” In this Talos Takes, Jaeson Schultz, Talos’ foremost spam and phish expert, breaks down spam emails, phone calls and messages for any user. We discuss new trends we’re seeing from attackers in 2021, talk about the best software solutions available and give advice to Jon’s 77-year-old grandmother.
Sorry for dropping two episodes in the feed in one day, but we also needed to find time to talk about the critical zero-day vulnerability in Apache HTTP Server. An attacker could exploit this vulnerability to perform path traversal and eventually remote code execution. Patch for this one as soon as possible, and use the Snort rule we have available now.
We are from the first (or last) people to say this, but 2021 is the year of ransomware. It’s by far the biggest story on the security landscape right now. And everything from oil pipelines, to grain co-ops, to hospitals and schools have been targeted by ransomware this year. Azim Khodjibaev joins the show for National Cybersecurity Awareness Month to wrap up everything we’ve seen on the ransomware landscape this year. Azim reflects on his interview with a LockBit operator, the research he’s done into “double extortion campaigns,” and discusses the lessons defenders can learn from the past 10 months.
Everyone loves to talk and write about how tough it is that we are all working remotely during the COVID-19 pandemic. So for once — to celebrate National Cybersecurity Awareness Month — Talos Takes wants to talk about the positives! Christopher Marshall, the head of Talos’ detection research team, joins the show to discuss how he’s kept his team’s morale up during this time. Cybersecurity is a rough industry to be in, regardless of any external factors. So it’s important for him to avoid employee burnout and turnover. He and Jon also discuss the positives of working remotely, what they’re most looking forward to when they can go back into the office and their favorite pandemic-era hobbies.
Asheer Malhotra joins the show to once again cover a cyber attack in South Asia. This time, it’s an attacker that looks and smells like an APT, but may just be a run-of-the-mill crimeware gang. Asheer discusses he and his colleagues’ research into Operation: Armor Piercer, a campaign targeted at government agencies and military contractors. Needless to say, these are high-profile targets. Find out what this group wants and why they’re aping so much from other groups like Transparent Tribe and SideCopy.
Allow Vitor Ventura to take you on a journey of discovery, threat actors and attribution. He recently assisted with an investigation into a series of malware and spam campaigns using aviation-themed lures. These include fake flight itineraries, invoices and more. Vitor joins us on this week’s Talos Takes episode to discuss what he learned during this process, including how he connected the campaigns, what he learned (and couldn’t learn) about the actor behind them, and what he’ll take away into his next research. This is a great episode for anyone who is wondering about what kinds of pitfalls are out there for a security researcher.
Fresh off of translating an entire ransomware playbook from Russian to English, Azim and Dave from the Talos Threat Intelligence & Interdiction team join Talos Takes to talk about this project. They provide some first-hand insights into what this leaked playbook tells us about the Conti ransomware-as-a-service group. Threat actors — they have feelings just like us!