Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way, Mitch, Liz, Matt and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.
At the onset of Russia’s invasion of Ukraine, many experts and government officials expected there to be two fronts of the war — one on the ground in Ukraine and one in cyberspace. But all things considered, we haven’t seen as much offensive cyber warfare come from either side of this conflict this year. J.J. Cummings from Talos Threat Intelligence and Interdiction joins the show again to share his experience from working hands-on with networks in Ukraine. He, Lurene, Mitch and Matt discuss why there haven’t been as many offensive attacks as we were expecting, or if they’re just happening in the background and no one’s talking about it.
Other suggested talking points include:
Some helpful links:
We’re excited to add to the growing Beers with Talos family with the addition of Lurene Grenier to the squad. Lurene joins her first episode and hits the ground running talking about her current role within Talos. She, Mitch and Matt talk about the major differences between exploit development and vulnerability discovery, and how Lurene started her career in exploit development. While exploit development might sound like the stereotypical thing a “basement hacker” does, it’s actually very important to the security arena and something a hobbyist can easily turn into a career.
Other talking points:
We’ve all heard that popular refrain by now: “Well I have nothing to hide so I don’t care if the government sees my data.” This week, we tell these people they are completely wrong. Ashlee Benge joins the show to discuss her upcoming BlackHat talk on the types of data and personal information health apps track. This has taken on special importance in the overturning of Roe vs. Wade in the U.S, making many forms of abortion illegal in many states. Ashlee talks about how women’s health apps may be compelled to cooperate with law enforcement agencies now after the Supreme Court ruling. We also have a complete rundown of all things Talos happening at BlackHat next week.
Also, this is unfortunately Liz’s last episode with Beers with Talos. Please bear with us as we figure out the next chapter of the show. Don’t worry though, we’re not going anywhere!
Re-uploaded on July 22, 2022 to fix audio issues —
We’re back from RSA, Cisco Live and COVID breaks (yes, those things are all absolutely related). Paul Eubanks joins the show to talk about his recent blog post on unmasking ransomware actors on the dark web. He’ll go over several different tactics he and his team use to remove actors’ anonymity that’s so important when actors are working on these websites. Liz provides her take on this from an Incident Response perspective, and Matt semi-pays attention as he ponders how much he hates The Carpenters.
We recorded this special episode live and actually in person last week at the RSA Conference, and we have a special treat for the listeners. The ever-elusive Matt Watchinski, Talos’ fearless leader, joins the show. We mainly spend some time talking about Talos’ work defending Ukraine during the invasion of Russia. Tomorrow, be on the lookout for a more laid-back podcast in the Security Stories feed, because the BWT crew stuck around to record a special episode with them, too.
We wanted to prep for the RSA/Cisco Live stretch of June by looking back on security conferences past. Mitch, Matt and Liz got together to talk about their best and worst conference memories. Plus, Mitch has an overview of everything Talos is doing at RSA and Cisco Live, including a LIVE episode of Beers with Talos next week at RSA. There is a little security talk at least, as we also cover the latest goings on between the Conti ransomware group and Costa Rica’s government.
Our rotation of special guests continues on with Nate Pors from Talos Incident Response. Nate has been following several different attacks in which attackers bypassed multi-factor authentication with “prompt bombing” and other techniques. The crew discusses what the security community can do to make MFA safer and how to improve user education about using the technology. Plus, Matt gets an opportunity to eat some humble pie regarding the FBI and the removal of wireless router malware, so that’s always exciting.
We’re all still pretty exhausted from our work in Ukraine. But that hasn’t slowed down any of the threat actors, unfortunately. So we enlisted special guest Nick Biasini to dive into the BlackCat ransomware group to discuss how it potentially is or isn’t connected to BlackMatter/DarkSide. These ransomware-as-a-service groups surprisingly run like regular companies, and even have the same problems with employee retention! Plus, Matt and Liz provide updates on their work in helping to defend Ukrainian networks and organizations.
Other talking points: - How to pronounce the company “Nike” - Surprisingly safe-for-work videos on Omegle - Avoiding burnout when everything is on fire
This was admittedly a tough one to record. In the middle of us trying to respond to the situation in Ukraine, we felt it was important to let our listeners in a bit. Matt, JJ and Liz discuss the work they and their teams are doing in Ukraine to protect critical systems there and keep users online. We also talk about the human side of things, and why it’s important for folks in cybersecurity to think about self care during this time.
If you want to stay up to date on Talos’ work in Ukraine and our ongoing research about cybersecurity concerns in the region, continually check cs.co/TalosUA. Here are some additional links to Talos research and Cisco announcements:
We’re dropping two episodes today. This is undoubtedly the less serious of the two, as it was recorded prior to the invasion of Ukraine. Check out Ep. #118 for more on that situation. In this episode, though, we got to talk about Talos’ involvement at the Super Bowl. Mitch welcomes on Brett Ellis, who was at SoFi Stadium in Los Angeles to help defend “The Big Game,” of Talos Incident Response to discuss his experience. He, JJ and Liz talk about what goes into securing these major global events and talk about what it’s like to have to come in and handle someone else’s networking equipment and then parachute out. If you want to learn more about Talos and Cisco Secure at the Super Bowl, you can read Cisco’s announcement.
Most people would expect us to approach the Winter Olympics from a security perspective. Why are athletes using burner phones? Are we worried about any state-sponsored attacks? Not this year, folks! Instead, we rank each country’s curling uniforms, discuss the origins of ski jumping and debate which events would be the most difficult to compete in.
On the actual cybersecurity front, we did carve out some time to discuss two state-sponsored threat actors Talos has written about recently: AridViper and MuddyWater. We look at the maldocs involved in these campaigns and their targets. Matt also expounds on his multiple Twitter threads around the current situation in Ukraine.
We wanted to start off the new year by reflecting on 2021 with Talos Incident Response. The one thing many cyber attacks had in common? People.
There are issues that arise any time humans are involved, whether it’s being tempted by a phish or someone making simple human errors. So, Matt, Mitch and Liz discuss how logs are crucial during the worst-case scenario and look at how to remove human error as much as possible from the equation.
Outside of initial infection vectors, there are plenty of other lessons learned from 2021 that we can take into incident response this year.
(Uploaded again, this time with the correct music!) The OG Beers with Talos folks are dropping like flies, because now we also have to say goodbye to Joel! We know this has been quite the roller coaster for listeners, but we appreciate you all sticking with us through all these changes. We take some time in Joel’s farewell to discuss “Rent,” as only BWT could, and burnout in cybersecurity.
Log4j was a big enough deal that we finally decided to host a live show. Mitch, Matt, Liz and special guest JJ Cummings from our Threat Intel team got together to update everyone on where things stand with this critical vulnerabilities. It’s not all doom and gloom though, Matt at least brought some memes!
This is our first episode sans-Craig, but we didn’t wait long to find his replacement! Tune in as we add a new host to the crew. Then, we talk about drama on the ransomware landscape among as-a-service groups. Please note, we recorded this episode before everything dropped on Log4J. We are recording an emergency episode as we speak on this and will be releasing it later this week.