Talos researchers recently discovered a new ransomware group called "RA Group." This week, Nick Biasni joins Jon to discuss this new threat actor and the modified Babuk ransomware they've already used in attacks against a wide range of companies in the U.S. and South Korea. Nick talks about the group's use of source code that's already been leaked, where they could be headed next and what this group may signal for the larger ransomware landscape.
Other helpful links:
Tiago Pereira from Talos Outreach joins the show this week to talk about his recent discovery of a new phishing-as-a-service tool called "Greatness." Since everything else is "as-a-service" nowadays, it's only fitting that attackers have figured out how to monetize easy phishing tools, too. Tiago discusses what makes Greatness unique, why it's going after business targets specifically, and why it creates such convincing fake Office 365 login pages.
This week's episode is longer than usual, but we wanted to bring you the Cisco Talos Incident Response On Air livestream from last week for anyone who missed it. For anyone who prefers a video version, you can watch the recording here.
In this discussion, researchers from Talos IR and the Talos Threat Intelligence and Interdiction team cover the top threats and attacker tactics they saw over the past quarter. They talk about why the use of web shells is way up, whether or not the ransomware decline is real and how multi-factor authentication could have stopped many of the threats they worked on in the first quarter of 2023. For more, read the latest Talos IR Quarterly Trends report.
On the heels of law enforcement agencies from across the globe working together to disrupt two popular cybercrime forums — Genesis Market and BreachForums — Azim Khodjibaev from Talos' Threat Intelligence & Interdiction team joins Jon to talk about these types of sites. Azim has years of experience infiltrating and investigating these types of marketplaces to learn about emerging security threats. He talks about what goes into these types of takedowns and where the sites' users are likely to go from here.
Suggested reading:
Nowadays it seems like every major tech company has their own multi-factor authentication solution, whether that be a unique app, one-time passcode generation or the "classic" SMS two-factor code. Thorsten Rosendahl, the newest addition to the Cisco Talos Strategic Communications team in Europe, joins the show this week to discuss the conversations he's been having with customers in the field around MFA. He and Jon cover the news that Twitter is going to start charging for users to enroll in SMS-based MFA, the challenge of having too many authenticator apps on their personal devices and how we can get closer to a passwordless future.
Other suggested reading:
With another major supply chain attack recently making headlines, we felt like it was a good time to refresh our advice on how to prepare for these types of cyber attacks. Adversaries are increasingly relying on users' inherent trust of the software running on their networks and devices to deliver hijacked, malicious updates that are actually malware. Craig Jackson, a senior Cisco Talos incident responder, joins the show to provide some advice on how organizations can prep for the next major supply chain attack. We also discuss the current, ongoing 3CX situation and how anyone potentially affected could respond now.
Other suggested reading:
Everyone is talking about tools like ChatGPT and other AI tools that are dominating headlines and threatening to upend every industry possible. But where do these things stand in cybersecurity? In this week's episode, Jon talks to two women who are well-versed on the topic and recently presented about the cybersecurity implications of AI at several conferences. Gergana Karadzhova of Cisco Talos Incident Response and Saskia Laura Schroer, a security consulting engineer for Cisco, discuss how AI is currently influencing attackers and defenders. Are attackers already using these tools? Does it give them superpowers? And what questions are still left unanswered about this emerging technology?
It's been just over a year since Talos formed our Ukraine-focused task force. After Russia's invasion of Ukraine, many of our teammates sprung into action to protect critical infrastructure and networks there — not to mention the Talos employees who literally had to fight back to protect their home country. In this week's episode of Talos Takes, J.J. Cummings, one of the lead organizers of this task force, joins the show to discuss the group's ongoing work. J.J. talks about where the situation in Ukraine stands currently, how the cyber threats facing the country have evolved over the past year and much more. To further mark the one-year anniversary of the conflict, Talos has also released a graphic novel illustrating the formation of this task force. Additionally, the latest episode of ThreatWise TV from Cisco highlights the work Talos and Cisco are doing in Ukraine.
Vanja Svajcer and Andrew Windsor join the show this week to talk about their recent research into the Prometei botnet. This malware continues to evade detection and invade more machines so it can eventually hijack them to mine Monero cryptocurrency. Jon asks them about what's new with Prometei, why it's pretty generous in who it's targeting and where we could see it going next.
Additional reading
Public perception is such that it's assumed we just get more spam in the U.S. during two major times of the year — Tax Season and Black Friday. But over the past few years, this trend has become a thing of the past. With Tax Day approaching for Americans, there won't be more spam emails coming their way than usual, it'll just be different. Eric Peterson from Talos' email detection team joins the show for Jon's triumphant return from parental leave to talk about tax-related spam. Eric talks about topics he's seen so far this year and why it's a myth that spam volume changes as Tax Day approaches.