Public perception is such that it's assumed we just get more spam in the U.S. during two major times of the year — Tax Season and Black Friday. But over the past few years, this trend has become a thing of the past. With Tax Day approaching for Americans, there won't be more spam emails coming their way than usual, it'll just be different. Eric Peterson from Talos' email detection team joins the show for Jon's triumphant return from parental leave to talk about tax-related spam. Eric talks about topics he's seen so far this year and why it's a myth that spam volume changes as Tax Day approaches.
Nick Biasini is back as host again to talk to Vitor Ventura about the benefits of taking an active approach to threat defense. Many organizations may just sit back and wait for something bad to happen. But as he outlined in his recent blog post, Vitor says there are many benefits to being proactive instead of reactive. Nick asks him about threat hunting as a team, scanning logs and tracking network traffic on an almost-constant basis.
We're back with the final year in review focused episode. This time the focus is on the ever broadening ransomware landscape and the commodity malware loaders that often support it. I'll be joined by one of the researchers from the year in review report, Aliza Johnson to talk about what we saw on the ransomware landscape over the last year as well as how threats like Qakbot, IcedID, and Trickbot have changed and evolved over the last year. We'll also cover how these threats overlap and how LoLBins are yet again an area of concern.
In this episode of Talos Takes I am joined by security researcher Guilherme Venere to discuss their recent research on LNK files. The usage of these files by malicious actors has exploded over the last six months as actors look to move away from macro based initial infection vectors. LNK files do have unique metadata attributes to allows for useful actor and threat tracking capabilities. We'll dig deeper on LNK files as well as the metadata you can leverage. For full details check out the blog at https://blog.talosintelligence.com/following-the-lnk-metadata-trail/
We're back with another year in review focused episode. This time the focus will be the threat landscape generally and I'll be joined by threat researcher Caitlin Huey. In this episode we'll discuss what we found in the last year, with a focus on the general threat landscape. We'll spend time discussing dual use tools, lolbins, and the surprising re-emergence of USB attacks in 2022.
In this episode of Talos Takes we are joined by Vanja Svjacer to discuss his recent blog on XLL abuse. This year Microsoft finally removed support for macros from their office suite creating a vacuum in the threat landscape. Macros had been the tool of choice for adversaries for the last several years and the race to find alternatives is underway. In this episode we'll talk a bit about Office Add-Ins and how we've already seen adversaries starting to abuse XLL files in the wild.
In this episode of Talos Takes we are joined by Jacob Finn to discuss the APT summary section of the larger year in review report. These state sponsored actors tend to conduct more sophisticated, targeted campaigns typically related to espionage or other information gathering activities. This episode will dive a bit deeper on what can be found in the report as well as an overview of the state sponsored activity we've observed from the last year.
In this episode of Talos Takes we are joined by Tiago Periera to discuss his recent blog on truebot activity. Truebot and the silence group have been active for a number of years operating primarily financially motivated cybercrime. In this episode we will talk about the recent campaign we observed as well as the tools and tactics we uncovered. We'll also discuss the links between these groups and other threat actors, like TA505.
In this episode of Talos Takes we are joined by Kendall McKay to discuss the recently released year in review report and dig deep on our activities in Ukraine. The year in review covers a vast amount of data and intel sources to identify some of the key trends we observed in 2022. Our activities in Ukraine have been well documented, in this episode we'll also talk more broadly about the trends and highlight some key findings from the past year.
LodaRAT is an AutoIT based RAT that has been distributed for the last several years. Initially tied to the Kasablanka group its distribution has grown over the years. In this episode we'll be talking with the researcher, Chris Neal, to discuss LodaRAT, the campaigns we've been observing along with some key tidbits about how AutoIT is abused by adversaries. Including some fun with decompiling and recompling.