Talos is Cisco’s threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services. We are a proven, global team with industry-leading expertise across the attack chain, including an incident response team that offers trusted proactive and reactive services.
5.1K
349.2K
137
2.6K
Joe and Craig join Hazel to discuss the biggest takeaways from Cisco Talos Incident Response's latest Quarterly Trends report. This time the spotlight is on web shells and targeted web applications – both have seen large increases. There’s a brand new ransomware actor on the scene – we’ll talk about the new Interlock ransomware and how we’ve seen this group show up this quarter. Plus, Talos IR observed threat actors using remote tooling in 100% of ransomware incidents this quarter – that’s a significant uptick. For the full report head to blog.talosintelligence.com/talos-ir-trends-q4-2024/
Hazel sits down with Vanja Svajcer from Talos' threat research team. Vanja is a prolific malware hunter and this time he's here to talk about vulnerable Windows drivers. We've been covering these drivers quite a bit on the Talos blog over the last year, and during our research we investigated classes of vulnerabilities typically exploited by threat actors as well as the payloads they typically deploy post-exploitation. The attacks in which attackers are deliberately installing known vulnerable drivers only to later exploit them is a technique referred to as Bring Your Own Vulnerable Driver (BYOVD).
If you're curious about this topic and the recommendations our team has to help you address vulnerable drivers in your environment, then this episode is for you.
The full research can be found at https://blog.talosintelligence.com/exploring-vulnerable-windows-drivers/
Ransomware is 35 years old this month, which isn't exactly something to celebrate. But in any case, do join Hazel and special guest Martin Lee to discuss what happened in the very first ransomware incident in December 1989 and why IT "wasn't ready".
They then discuss how ransomware evolved to become the criminal entity it is today, which involves looking back on the likes of SamSam, Maze and the emergence of crypto currencies. Plus, learn why Martin says we shouldn't feel powerless in the face of ransomware.
For more, check out this Cisco Newsroom article with Martin https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2024/m12/from-floppy-discs-to-global-scourge-the-story-of-ransomware.html
Which threats do you prioritize? In this episode, we try to help you answer that question by using the MITRE ATT&CK framework. Splunk's SURGe team, including Ryan Fetterman and Tamara Chacon, explore 2024's key attacker concentration areas and behaviors, and the top techniques which dominate various tactics. We also discuss how these trends have evolved over the past five years.
SURGe blogs:
https://www.splunk.com/en_us/blog/security/macro-att-ck-for-a-ttp-snack.html
https://www.splunk.com/en_us/blog/security/macro-att-ck-2024-a-five-year-perspective.html
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. Read the full analysis at https://blog.talosintelligence.com/malicious_qr_codes/
Quick summary of the analysis by Cisco Talos Incident Response on the relatively new Interlock ransomware. Interlock first appeared in public reporting in September 2024 and has been observed launching big-game hunting and double extortion attacks. For the full details head to https://blog.talosintelligence.com/emerging-interlock-ransomware/
How do we balance the ethical dilemma of pursuing technological innovation, with the moral responsibility to prevent misuse? In this episode our guest Artsiom Holub discusses how bad actors are starting to take advantage of the rapid growth in generative AI software, including tools being sold in underground marketplaces, disinformation, deep fakes, and sextortion scams (content warning: we talk about the nature of these scams, how they target teenagers, and their effect on victims). And finally we speak about the necessary security guardrails that companies should be introducing if they are exploring implementing AI into their products and services.
The Talos IR Quarterly Trends Q3 2024 is out now! In this video we discuss three big themes: new ransomware players, the 'Bring Your Own Vulnerable Driver' trend, and why password spray attacks are making a comeback.
Check out the full report at https://blog.talosintelligence.com/incident-response-trends-q3-2024/
Quick summary of our just published researched on the evolving nature of the Akira ransomware group - including details on its latest encryptor, vulnerability exploits, and potential future activity. Read the full research at https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/
Yves Younan joins Hazel to discuss how his team hunt for previously undiscovered vulnerabilities. He also lists three of his team's most significant findings this year, including a close look at their offensive LLM research.
Blogs mentioned:
https://blog.talosintelligence.com/talos-releases-new-macos-fuzzer/
https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-1/
Get notified instantly when Cisco Talos Intelligence Group mentions your brand, topic, or keyword in their videos.
