Talos Takes

We’ve all seen the supposed stories online that promise to give you “The one secret to weight loss doctors WON’T tell you about.” Or “You won’t believe who Kim Kardashian is talking about now.” So how harmful are these malicious ads? Why do some of them deliver malware, and others don’t? In this episode of Talos Takes, Nick Biasini and Earl Carter dive into the basics of malvertising.

We first brought you this episode in the Beers with Talos feedback in December. We’re uploading this to the Talos Takes feed for posterity now, and let’s face it, these holiday shopping reminders can apply to any time you’re shopping online.

Snort researcher and rule-writer Nick Mavis takes time out of his busy schedule to join us again this week. Nick recently published a research paper on the bevy of detection he wrote for Cobalt Strike, a tool attackers are increasingly using. Nick talks about his process of working on the paper, why Cobalt Strike has become so popular and what he learned during the research process.

This week’s episode of Talos Takes is a special extra large edition. We’ve got the audio version of our recent Cisco Talos Incident Response On Air stream where some of our responders got together to discuss the past threats of the top quarter. Liz Waddell and other team members covered everything from recent ransomware actor drama, to the importance of saving logs and other tips they picked up over the past few months.

It’s been a while since we re-visited our Malware 101 series. So we’re going back to class to learn about information-stealers. Aliza Johnson from the Talos Threat Intelligence & Interdiction team joins the show to talk about her recent research into and overview of infostealers. Although the name is pretty self-explanatory, this type of malware comes in many shapes and sizes for many purposes.

Nate Pors joins the show this week to recap the recently released Cisco Talos Incident Response Quarterly Report. He and Jon recap the top attacker trends from the past quarter, including highlighting which types of attacks CTIR saw in the field and what new techniques adversaries are using. Topics discussed include the increased targeting of telecommunications companies, a decline in ransomware attacks and more business email compromise.

Yes, this is the third time we’ve talked about Transparent Tribe on Talos Takes, you’re not going crazy. But they keep giving us reasons to bring them up! This time, Nick Biasini joins the show to discuss the latest evolution of this threat actor: The targeting of higher education institutions in India. Jon and Nick discuss why colleges are always a high-priority target and what this could mean for the evolution of the actor.

We go back to college this week with a Psychology 101 class. And today, we’re covering multi-factor authentication. Jon has Dave Lewis, one of Cisco Duo’s advisory CISOs, on the show to talk about the psychology behind using these apps and talking to users about implementing it across their environments. They discuss moving around the accept and reject buttons in the UI, how we communicate the benefits of MFA to administrators and the recent wave of brute-force attacks.

Chris Neal from Talos Outreach recently dove into a recent AvosLocker ransomware attack in the wild. This week, he joins the show to recap his major takeaways from this attack that other potential targets can learn from. He and Jon talk about the current ransomware-as-a-service landscape, the use of living-off-the-land binaries and other calling cards from this actor to keep an eye out for.

Paul Eubanks joins this week’s episode of Talos Takes to look at his recent blog post on de-anonymizing ransomware groups on the whispers dark web. Paul and his team recently used several tactics to unmask several threat actors and disclosure their tactics to stay hidden. Jon interviews Paul about ransomware actors’ usual operations on the dark web, the specific tools and tactics he used and the pros and cons of calling out actors for their opsec failures.