Beers with Talos Podcast

Recorded May 11, 2020 – Craig wins MVP of the podcast for his attempts to avoid discussing… something. Anyway, we went a little long on this podcast, but stick with us as we wind through the recent Executive Order on cybersecurity, and then discuss another… interesting take on how we should then combat these new threats. I feel almost obligated to let you know before you listen, it’s a letter of marque take, and oddly, we all agreed on something.Full show notes on the Talos blog

You’re not going to believe this, but everyone actually agreed on something in this episode. And no, it’s not regarding the best flavor of beef jerky. In this episode, we discuss a new category of threat actors that we’re choosing to call privateers. The guys discuss why this classification is much needed in the security community, the previous research on this topic, and the ways private security firms can partner with public intelligence agencies to protect against this type of threat. You can find complete show notes and links over on the Talos blog.

This is our first episode sans-Craig, but we didn’t wait long to find his replacement! Tune in as we add a new host to the crew. Then, we talk about drama on the ransomware landscape among as-a-service groups. Please note, we recorded this episode before everything dropped on Log4J. We are recording an emergency episode as we speak on this and will be releasing it later this week.

We mainly spend this episode doing some catching up because it’s been a while since we recorded. But on the actual, helpful, front, we discuss a recently released list of the vulnerabilities that are most often exploited in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency.It’s particularly interesting to compare the lists from 2020 and 2021 to see how threat actors have changed up their tactics and parse through all the information to tell you what you need to know. It’s also important to question these types of reports and how helpful they are to defenders.This is also a great episode for any Snort fans out there who are interested in the old days of writing rules for some Y2K-era malware.

We’re dropping two episodes today. This is undoubtedly the less serious of the two, as it was recorded prior to the invasion of Ukraine. Check out Ep. #118 for more on that situation. In this episode, though, we got to talk about Talos’ involvement at the Super Bowl. Mitch welcomes on Brett Ellis, who was at SoFi Stadium in Los Angeles to help defend “The Big Game,” of Talos Incident Response to discuss his experience. He, JJ and Liz talk about what goes into securing these major global events and talk about what it’s like to have to come in and handle someone else’s networking equipment and then parachute out. If you want to learn more about Talos and Cisco Secure at the Super Bowl, you can read Cisco’s announcement.

We wanted to start off the new year by reflecting on 2021 with Talos Incident Response. The one thing many cyber attacks had in common? People.There are issues that arise any time humans are involved, whether it’s being tempted by a phish or someone making simple human errors. So, Matt, Mitch and Liz discuss how logs are crucial during the worst-case scenario and look at how to remove human error as much as possible from the equation.Outside of initial infection vectors, there are plenty of other lessons learned from 2021 that we can take into incident response this year.

Our rotation of special guests continues on with Nate Pors from Talos Incident Response. Nate has been following several different attacks in which attackers bypassed multi-factor authentication with “prompt bombing” and other techniques. The crew discusses what the security community can do to make MFA safer and how to improve user education about using the technology. Plus, Matt gets an opportunity to eat some humble pie regarding the FBI and the removal of wireless router malware, so that’s always exciting.

Summer hacking, happened so fast….We’ve been trying to enjoy our summer, but supply chain attacks just had to go and ruin the fun. So Mitch got back from fishing and decided to pull the guys together to discuss the Kaseya supply chain attack. We cover this major event BWT-style, and talk phony patches, mitigation strategies, and unsolicited advice for Kaseya’s CISO. For more, you can also watch our recent live stream with Nick Biasini covering everything you need to know about this attack.Also, if you want more Beers with Talos (and you’re listening to this the day it’s released) join us over on the Cisco Twitter account on Thursday, Aug. 5 for a #TalosTakeover. We can’t believe they’re letting us do this, either.

We’re all still pretty exhausted from our work in Ukraine. But that hasn’t slowed down any of the threat actors, unfortunately. So we enlisted special guest Nick Biasini to dive into the BlackCat ransomware group to discuss how it potentially is or isn’t connected to BlackMatter/DarkSide. These ransomware-as-a-service groups surprisingly run like regular companies, and even have the same problems with employee retention! Plus, Matt and Liz provide updates on their work in helping to defend Ukrainian networks and organizations.Other talking points:- How to pronounce the company “Nike”- Surprisingly safe-for-work videos on Omegle- Avoiding burnout when everything is on fire

Log4j was a big enough deal that we finally decided to host a live show. Mitch, Matt, Liz and special guest JJ Cummings from our Threat Intel team got together to update everyone on where things stand with this critical vulnerabilities. It’s not all doom and gloom though, Matt at least brought some memes!