Talos Takes
189 episodes - English - Latest episode: 16 days ago -Every week, host Jon Munshaw brings on a new guest from Talos or the broader Cisco Secure world to break down a complicated security topic in just five or 10 minutes. We cover everything from breaking news to attacker trends and emerging threats.
Homepage Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
How to adapt to the constant change that comes with cybersecurity
May 26, 2023 08:00 - 18 minutes - 12.8 MBHazel Burton is our special guest host this week of Talos Takes, featuring a very special guest: Talos Vice President Matt Watchinski! Matt and Hazel have a conversation for Mental Health Awareness Month, especially as it relates to the cybersecurity industry. They share tips on how to balance work and life (when it seems like cybersecurity is starting to permeate every aspect of our lives) and how to deal with failure. Join us for this incredibly candid conversation!
RA Group is just the latest example of the ransomware landscape splintering
May 19, 2023 08:00 - 8 minutes - 5.63 MBTalos researchers recently discovered a new ransomware group called "RA Group." This week, Nick Biasni joins Jon to discuss this new threat actor and the modified Babuk ransomware they've already used in attacks against a wide range of companies in the U.S. and South Korea. Nick talks about the group's use of source code that's already been leaked, where they could be headed next and what this group may signal for the larger ransomware landscape. Other helpful links: Threat Source newslet...
What makes the new Greatness phishing-as-a-service tool so great?
May 12, 2023 08:00 - 8 minutes - 5.62 MBTiago Pereira from Talos Outreach joins the show this week to talk about his recent discovery of a new phishing-as-a-service tool called "Greatness." Since everything else is "as-a-service" nowadays, it's only fitting that attackers have figured out how to monetize easy phishing tools, too. Tiago discusses what makes Greatness unique, why it's going after business targets specifically, and why it creates such convincing fake Office 365 login pages.
XL Edition: Talos Incident Response livestream on top trends from the past quarter
May 05, 2023 08:00 - 32 minutes - 22.6 MBThis week's episode is longer than usual, but we wanted to bring you the Cisco Talos Incident Response On Air livestream from last week for anyone who missed it. For anyone who prefers a video version, you can watch the recording here. In this discussion, researchers from Talos IR and the Talos Threat Intelligence and Interdiction team cover the top threats and attacker tactics they saw over the past quarter. They talk about why the use of web shells is way up, whether or not the ransomware...
Analyzing the recent takedown of popular dark web forums
April 28, 2023 08:00 - 8 minutes - 6.27 MBOn the heels of law enforcement agencies from across the globe working together to disrupt two popular cybercrime forums — Genesis Market and BreachForums — Azim Khodjibaev from Talos' Threat Intelligence & Interdiction team joins Jon to talk about these types of sites. Azim has years of experience infiltrating and investigating these types of marketplaces to learn about emerging security threats. He talks about what goes into these types of takedowns and where the sites' users are likely to...
What does the future of MFA look like?
April 21, 2023 13:00 - 12 minutes - 8.71 MBNowadays it seems like every major tech company has their own multi-factor authentication solution, whether that be a unique app, one-time passcode generation or the "classic" SMS two-factor code. Thorsten Rosendahl, the newest addition to the Cisco Talos Strategic Communications team in Europe, joins the show this week to discuss the conversations he's been having with customers in the field around MFA. He and Jon cover the news that Twitter is going to start charging for users to enroll in...
How to best prepare for, and respond to, supply chain attacks
April 14, 2023 13:00 - 9 minutes - 6.69 MBWith another major supply chain attack recently making headlines, we felt like it was a good time to refresh our advice on how to prepare for these types of cyber attacks. Adversaries are increasingly relying on users' inherent trust of the software running on their networks and devices to deliver hijacked, malicious updates that are actually malware. Craig Jackson, a senior Cisco Talos incident responder, joins the show to provide some advice on how organizations can prep for the next major...
The defensive and offensive implications of ChatGPT and AI
March 31, 2023 08:00 - 14 minutes - 9.96 MBEveryone is talking about tools like ChatGPT and other AI tools that are dominating headlines and threatening to upend every industry possible. But where do these things stand in cybersecurity? In this week's episode, Jon talks to two women who are well-versed on the topic and recently presented about the cybersecurity implications of AI at several conferences. Gergana Karadzhova of Cisco Talos Incident Response and Saskia Laura Schroer, a security consulting engineer for Cisco, discuss how ...
Talos Takes Ep. #132: Reflecting on one year of Talos' work in Ukraine
March 24, 2023 08:00 - 12 minutes - 8.37 MBIt's been just over a year since Talos formed our Ukraine-focused task force. After Russia's invasion of Ukraine, many of our teammates sprung into action to protect critical infrastructure and networks there — not to mention the Talos employees who literally had to fight back to protect their home country. In this week's episode of Talos Takes, J.J. Cummings, one of the lead organizers of this task force, joins the show to discuss the group's ongoing work. J.J. talks about where the situati...
Why does the Prometei botnet keep growing?
March 17, 2023 14:00 - 12 minutes - 8.37 MBVanja Svajcer and Andrew Windsor join the show this week to talk about their recent research into the Prometei botnet. This malware continues to evade detection and invade more machines so it can eventually hijack them to mine Monero cryptocurrency. Jon asks them about what's new with Prometei, why it's pretty generous in who it's targeting and where we could see it going next. Additional reading
There's not actually more spam during Tax Season — it's just different spam
March 10, 2023 14:00 - 10 minutes - 7.03 MBPublic perception is such that it's assumed we just get more spam in the U.S. during two major times of the year — Tax Season and Black Friday. But over the past few years, this trend has become a thing of the past. With Tax Day approaching for Americans, there won't be more spam emails coming their way than usual, it'll just be different. Eric Peterson from Talos' email detection team joins the show for Jon's triumphant return from parental leave to talk about tax-related spam. Eric talks a...
The benefits of taking an active approach to threat defense
March 03, 2023 14:00 - 10 minutes - 7.42 MBNick Biasini is back as host again to talk to Vitor Ventura about the benefits of taking an active approach to threat defense. Many organizations may just sit back and wait for something bad to happen. But as he outlined in his recent blog post, Vitor says there are many benefits to being proactive instead of reactive. Nick asks him about threat hunting as a team, scanning logs and tracking network traffic on an almost-constant basis.
Year in Review - Ransomware and Commodity Loaders
February 10, 2023 15:00 - 11 minutes - 7.87 MBWe're back with the final year in review focused episode. This time the focus is on the ever broadening ransomware landscape and the commodity malware loaders that often support it. I'll be joined by one of the researchers from the year in review report, Aliza Johnson to talk about what we saw on the ransomware landscape over the last year as well as how threats like Qakbot, IcedID, and Trickbot have changed and evolved over the last year. We'll also cover how these threats overlap and how L...
Following the LNK metadata trail
February 03, 2023 15:00 - 11 minutes - 8.13 MBIn this episode of Talos Takes I am joined by security researcher Guilherme Venere to discuss their recent research on LNK files. The usage of these files by malicious actors has exploded over the last six months as actors look to move away from macro based initial infection vectors. LNK files do have unique metadata attributes to allows for useful actor and threat tracking capabilities. We'll dig deeper on LNK files as well as the metadata you can leverage. For full details check out the bl...
Year in Review - Threat Landscape Edition
January 27, 2023 15:00 - 7 minutes - 5.11 MBWe're back with another year in review focused episode. This time the focus will be the threat landscape generally and I'll be joined by threat researcher Caitlin Huey. In this episode we'll discuss what we found in the last year, with a focus on the general threat landscape. We'll spend time discussing dual use tools, lolbins, and the surprising re-emergence of USB attacks in 2022.
XLLing and the post macro era
January 20, 2023 15:00 - 9 minutes - 6.56 MBIn this episode of Talos Takes we are joined by Vanja Svjacer to discuss his recent blog on XLL abuse. This year Microsoft finally removed support for macros from their office suite creating a vacuum in the threat landscape. Macros had been the tool of choice for adversaries for the last several years and the race to find alternatives is underway. In this episode we'll talk a bit about Office Add-Ins and how we've already seen adversaries starting to abuse XLL files in the wild.
Year in Review: APT Summary Edition
January 13, 2023 15:00 - 13 minutes - 9.25 MBIn this episode of Talos Takes we are joined by Jacob Finn to discuss the APT summary section of the larger year in review report. These state sponsored actors tend to conduct more sophisticated, targeted campaigns typically related to espionage or other information gathering activities. This episode will dive a bit deeper on what can be found in the report as well as an overview of the state sponsored activity we've observed from the last year.
Truebot and the Silence group
January 06, 2023 15:00 - 11 minutes - 7.79 MBIn this episode of Talos Takes we are joined by Tiago Periera to discuss his recent blog on truebot activity. Truebot and the silence group have been active for a number of years operating primarily financially motivated cybercrime. In this episode we will talk about the recent campaign we observed as well as the tools and tactics we uncovered. We'll also discuss the links between these groups and other threat actors, like TA505.
Year in Review & Ukraine Activities
December 16, 2022 15:00 - 9 minutes - 6.96 MBIn this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022. Our activities in Ukraine have been well documented, in this episode we'll also talk more broadly about the trends and highlight some key findings from the past year.
Update on LodaRAT and its many variants
December 02, 2022 15:00 - 8 minutes - 6 MBLodaRAT is an AutoIT based RAT that has been distributed for the last several years. Initially tied to the Kasablanka group its distribution has grown over the years. In this episode we'll be talking with the researcher, Chris Neal, to discuss LodaRAT, the campaigns we've been observing along with some key tidbits about how AutoIT is abused by adversaries. Including some fun with decompiling and recompling.
The basics of InterPlanetary File System (IPFS) and how its being abused
November 18, 2022 15:00 - 7 minutes - 5.54 MBInterPlanetary File System or IPFS has increased in prominence as a file hosting technology associated with Web 3.0. It's probably most well known for hosting NFTs, but this blockchain related technology is also being abused by bad actors. In this episode we'll be talking with Edmund Brumaghin about his recent research into IPFS and his findings. We'll also talk about the ways we've seen malicious actors abuse it and briefly touch on things organizations can do to protect themselves.
The best (and free) ways to improve your cybersecurity skills
October 28, 2022 14:00 - 12 minutes - 8.51 MBTo wrap up Cybersecurity Awareness Month, we're looking at the best, and free, ways to improve your security skills. Jason Kirkland and David Roman from Cisco Talos Incident Response join Jon to talk about the websites, YouTube channels, social media profiles and more they use to stay up-to-date on security news and polish their cybersecurity skills. Here are links to some of the resources we spoke about in this episode: @SwiftOnSecurity @CISAgov Blue Team Village Discord The Definitiv...
The basics of threat hunting
October 21, 2022 14:00 - 10 minutes - 7.17 MBTo celebrate this week's National Cybersecurity Awareness Month theme, we have a special 101 episode of Talos Takes to cover the basics of threat hunting. This is a crucial skill for any cybersecurity professional-in-training and one of the questions we get the most often. Asheer Malhotra from the Talos Outreach team joins the show to talk about where he starts finding new malware families and threat actors, what the barriers usually are that he has to overcome and what check boxes he has to...
Tips for kickstarting your cybersecurity career
October 14, 2022 14:00 - 14 minutes - 9.97 MBTo celebrate National Cybersecurity Awareness Month, two one-time "security noobs" talk about their career trajectories and how they've grown to see themselves in cyber. Sammi Seaman and Jon Munshaw talk about their previous careers in library services and journalism, respectively, and how they applied some of those skills to cybersecurity. Other talking points include: Cybersecurity "ah ha!" moments. Not being afraid to ask questions. Free ways to expand one's cybersecurity knowledge. T...
The latest on Lockbit 3.0 drama and the rest of the ransomware landscape
October 07, 2022 15:00 - 9 minutes - 6.61 MBAzim Khodjibaev joins the show once again for the latest addition of "Days of our Ransomware." Jon and Azim talk about the recent LockBit 3.0 leaks and the drama surrounding them. Will other actors try to backpack off the leaked builder? Why is LockBit switching to triple extortion tactics now? And what other trends are going on in the ransomware landscape? This is the perfect place to get caught up on all things ransomware to head into the rest of National Cybersecurity Awareness Month.
An "insider threat" doesn't always have to know they're a threat
September 30, 2022 14:00 - 7 minutes - 4.94 MBNick Biasini is back on once again to talk to Jon about Insider Threats. Nick recently wrote a post about how he and Cisco Talos Incident Response are seeing an increase in these types of attacks in the wild. And while the term "insider threat" may sound like someone actively seeking to do something bad, that's now always the case. This week's episode discusses how to prepare for Insider Threats and some of the hallmarks of the spam emails, calls and mobile notifications we're seeing in thes...
Once more into the Lazarus Pit
September 23, 2022 14:00 - 8 minutes - 5.67 MBVitor Ventura from the Talos Outreach team joins the show this week to run down Talos' recent research into the Lazarus Group. This well-known North Korean state-sponsored threat actor is well known for their ransomware and cryptocurrency-related cyber attacks, but we recently found them launching a new information-stealing trojan targeting energy companies. Vitor talks about the new trojan, MagicRAT, and how it fits into their larger plans and motivations.
Digging into Gamaredon's cave and its recent campaign against Ukraine
September 16, 2022 17:00 - 6 minutes - 4.64 MBGuilherme Venere of the Outreach team joins Jon this week to discuss the Gamaredon APT group. This Russian state-sponsored actor is infamous at this point in its life, but it keeps growing by adding new tools and malware. Recently, Guilherme helped to discover a new campaign targeting users and organizations in Ukraine, a common target of Gamaredon since the onset of Russia's invasion. They discuss what's unique about this particular attack, and why we can't just assume their activities will...
Back to school advice for teachers, students, parents, admins and everyone in between
September 09, 2022 12:00 - 12 minutes - 8.55 MBWe're headed back to school with Talos Takes again! Pierre Cadieux from Cisco Talos Incident Response joins the show to talk about advice for educational institutions. Jon asks him about common incident response advice for the education sector and we cover security advice for school admins, parents and students who have to worry about electronic devices traveling to and from school and connecting to all sorts of networks. This episode is particularly relevant this week given some recent majo...
XL Edition: Talos' update on our work in Ukraine
September 02, 2022 13:00 - 55 minutes - 38.4 MBThis week, we have the audio version of our recent livestream for Ukraine Independence Day. Talos assembled a panel of experts who have been working hands-on to defend critical Ukraine systems and its citizens from cyber threats. JJ Cummings, Ashlee Benge and Dmytro Krozhevin answer questions from Hazel Burton about the current security threats Ukraine faces, what Talos has done to hunt for threats in the region and how Cisco is supporting its employees in Ukraine.
Talos Takes Ep. #110: The kinetic and cyber threats Ukrainian agriculture faces
August 26, 2022 13:00 - 8 minutes - 5.82 MBAn underrated aspect of Russia’s invasion of Ukraine is the effect it’s had on the global food supply chain. Ukraine is a major importer and exporter of grain and other food staples, but the industry now faces kinetic and cyber threats. Joe Marshall of Talos has spent months learning all about agricultural cybersecurity and the unique position farming equipment and infrastructure is in. Joe recently wrote about these threats for the Talos blog and joins Talos Takes to talk about how importa...
Talos Takes Ep. #109: Why cybercrime is going small-time
August 19, 2022 13:00 - 8 minutes - 5.91 MBThe public traditionally thinks about cyber attacks as being from some well-funded, state-sponsored actor. But increasingly small-time criminals are turning to the internet to make their money. Increasingly, they’re not carrying out one-off robberies, and instead are working on insurance fraud scams and spam emails. Nick Biasini joins Talos Takes this week to discuss his recent research into this topic and shares what the data shows about the growth of small-time cybercrime.
Talos Takes Ep. #49: LodaRAT's connection to Android devices
August 12, 2022 16:00 - 6 minutes - 4.28 MBChris Neal from Talos Outreach has followed LodaRAT for years now. It’s gone from a fairly small threat to a full-on malware with several features that target all sorts of Android devices. Chris joins the show this week to discuss his history of researching LodaRAT and updates us on its latest TTPs. Find out how this trojan tries to trick users into downloading it on their phones and how it hunts for your banking information.
Talos Takes Ep. #4: What's the best way to manage your passwords?
August 12, 2022 16:00 - 5 minutes - 3.93 MBTalos Takes is finally back with its own feed and a new episode. Nick Biasini and Earl Carter discuss the best password practices. Should you use a password manager? What are some best practices? And what does all of this have to do with Disney Plus?
Talos Takes Ep. #50: Attackers are using Discord just as much as you are
August 12, 2022 16:00 - 7 minutes - 5.11 MBCisco Talos recently discovered a wave of attackers spreading malware via collaboration apps like Discord and Slack. On this week’s episode of Talos Takes, Nick Biasini joins the show to bring us inside his research process for this post and discuss why these attacks have been so successful. Jon brings up his Dungeons & Dragons group, too, if you’re interested in that sort of thing.
Talos Takes Ep. #51: COVID and tax scams go hand-in-hand this year
August 12, 2022 16:00 - 13 minutes - 9.23 MBWe can set our watches to tax scams every year in April. The bad guys are always looking to steal your information, promising to get you a bigger tax return or do your taxes for you. This year is a bit different because Tax Day is a bit later than usual thanks to — you guessed it — COVID. Attackers are now combining these two topics to create spam campaigns, promising to provide you new information about how COVID affects your taxes, or even promising to send you a gift in exchange for recei...
Talos Takes Ep. #52: Why not a world passwordless day?
August 12, 2022 16:00 - 9 minutes - 6.74 MBTo celebrate World Password Day this week, we’re talking about getting rid of passwords! Dave Lewis, a global advisory CISO for Cisco Secure, joins Jon to talk about all things passwordless. This is a new initiative Cisco Secure and Duo have undertaken to get network administrators to move away from using passwords in favor of other forms of authentication. Jon and Dave discuss why passwords can be dangerous, the benefits of going passwordless and how to convince longtime users to ditch trad...
Talos Takes Ep. #53: What can we learn from those air fryer vulnerabilities?
August 12, 2022 16:00 - 11 minutes - 7.65 MBEveryone had jokes when it came to the vulnerabilities we recently disclosed in a WiFi-connected air fryer. But there are actually some lessons to take away from this, such as: “Not everything needs to be connected to the internet.” Joe Marshall joins the show this week to discuss all things “smart” appliances, how to protect your network and the repercussions of these specific air fryer vulnerabilities.
Talos Takes Ep. #54: Incident response is really just the friends we made along the way
August 12, 2022 16:00 - 8 minutes - 5.76 MBWelcome to the unofficial incident response week at Talos! As part of the RSA Conference, we’ve released two new case studies detailing some malware cases Cisco Talos Incident Response helped resolve. Brad Garnett, this week’s guest, also released a new blog post where he wrote about why incident response is “the ultimate team sport.” Brad joins host Jon Munshaw this week to take a deeper dive into one of these engagements, in which an attacker tried to use Cobalt Strike to infect a target w...
Talos Takes Ep. #55: What's next for Transparent Tribe?
August 12, 2022 16:00 - 8 minutes - 5.92 MBAsheer Malhotra from Talos Outreach has followed Transparent Tribe for years now. This APT has been all over the place using all sorts of trojans. So where my they go next? Asheer joins Talos Takes this week to discuss the malware this group deploys and how they use typo-squatted domains to lure victims in.
Talos Takes Ep. #56: The first security steps when returning to the office
August 12, 2022 16:00 - 10 minutes - 7.56 MBWe started out the COVID-19 pandemic by thinking we’d be away from the office for a month — maybe two. More than 12 months later, we’re still here, working from home (at least part-time). But some businesses are starting to reopen now and welcoming workers back into the office. After so much time working out of the office, what should security professionals do once they get back? In this week’s episode, Beers with Talos’ own Craig Williams joins the show to talk about triple-checking for pa...
Talos Takes Ep. #57: What's in it for both sides of the ransomware-as-a-service model?
August 12, 2022 16:00 - 5 minutes - 3.85 MBHow much is ransomware-as-a-service like a McDonald’s franchise? More similar than you’d think! The RaaS model has entered the mainstream over the past few months with groups such as DarkSide attacking the Colonial Pipeline. In these transactions, what’s in it for the original ransomware creator? And what do the operators themselves get out of it? Nick Biasini joins Jon Munshaw this week to talk about this business model, what it means for the rise in ransomware attacks, and how you can sta...
Talos Takes Ep. #58: It's time to get serious about protecting critical infrastructure
August 12, 2022 16:00 - 8 minutes - 6.07 MBWith major cyber attacks in recent years against major U.S. critical infrastructure suppliers like Norsk Hydro and Colonial Pipeline, we’re in a new world of CI cybersecurity. New threats require new approaches to defense. And in the U.S., this is likely going to include partnerships between those who manage critical infrastructure, government and the private cybersecurity sector. Talos recently outlined what this may look like in America. One of the authors of that post, Joe Marshall, join...
Talos Takes Ep. #59: A deep dive into vulnerabilities in a home security station
August 12, 2022 16:00 - 10 minutes - 7.26 MBWe’ve spent many minutes (that’s the point of the podcast, after all) discussing internet-of-things devices on this podcast. As consumers start having more “smart” devices connected to their home network, they may want an easy solution to keeping those devices safe. But what if that device gets owned? Carl Hurd of our vulnerability research team recently discovered several vulnerabilities in Trend Micro’s Home Network Security Station. He joins the show for the first time to talk about his ...
Talos Takes Ep. #5: The evolution of ransomware
August 12, 2022 16:00 - 4 minutes - 2.99 MB2019 was a huge year for ransomware. Cities across the U.S. had their government services attacked, and adversaries changed up their techniques in the hopes of making a larger profit and infecting more users. What other changes do we see coming to the ransomware space? Are adversaries’ motivations changing at all? And will defense techniques change along with them?
Talos Takes Ep. #60 (XL Edition): Kaseya emergency show
August 12, 2022 16:00 - 21 minutes - 15 MBIn this special “XL edition” of Talos Takes, we’re bringing you the audio version of our live stream this week discussing the Kaseya supply chain attack. Nick Biasini from Talos Outreach went live with Hazel Burton, a Cisco product marketing manager, to discuss what transpired over the long Fourth of July weekend. Nick discussed the Kaseya exploit leveraged in this campaign, plus the follow-on ransomware attacks. This is the best place to get the tl;dr on what happened, what you need to be ...
Talos Takes Ep. #61: Why does SideCopy seem so familiar?
August 12, 2022 16:00 - 8 minutes - 5.92 MBThe last time Jon had Asheer Malhotra from Talos Outreach on the show, they covered the Transparent Tribe APT. Asheer joins the show again this week to talk about another threat actor that is very similar to Transparent Tribe, but is just a tad different. Asheer recently co-authored a research paper on the aptly named SideCopy actor, which borrows many TTPs from their fellow actors, including Transparent Tribe. This episode, we’ll talk about SideCopy’s methods, why they may be borrowing so m...
Talos Takes Ep. #62: There's still plenty of mileage left in BEC
August 12, 2022 16:00 - 5 minutes - 3.82 MBBusiness email compromise may seem like last decade’s threat, but it’s still just as prevalent as ever. A recent FBI report found that it cost users more than $1 billion in 2020, and attackers are now capitalizing on everything from PlayStation 5 sales to the COVID-19 pandemic to still scam people. On this week’s Talos Takes, Nick Biasini recaps his recent research into BEC and discusses why there are some reasons why this threat may never go away (hint: users).
Talos Takes Ep. #63: Shield your eyes from the Solarmarker
August 12, 2022 16:00 - 10 minutes - 7.24 MBAndrew Windsor from our malware research team joins the show for the first time to talk about Solarmarker. This is a campaign Andrew’s followed for a while that recently added new modules that make it particularly dangerous. The attackers behind Solarmarker could basically use this threat to drop whatever they want. At least for now, they’re sticking to information-stealing. But could it ever get worse than that?
Talos Takes Ep. #64: We go back to school
August 12, 2022 16:00 - 8 minutes - 6.01 MBStudents are starting to go back to school across the U.S. There are plenty of things to worry about with the “new normal” while the world still combats COVID-19, and while we can’t help students, teachers and admins with everything, we can at least provide a little security advice. Nick Biasini joins the show once again to discuss the best cybersecurity practices as schools spin back up. What should parents tell their kids about electronic devices they bring home? What will IT admins have l...